This blog post summarizes our findings from studying internet traffic going in and out of North Korea. It reviews its small IP space of 1024 routable IP addresses. It will also cover spam waves that originate in part from spambots in the country, DDoS attacks against North Korean websites and their relation to real-world events, as well as recurring watering hole attacks on North Korean websites.Read More
A couple of common questions that arise whenever cyberpropaganda and hacktivism issues come up: who engages in it? Where do the people acquire the tools, skills, and techniques used? As it turns out, in at least one case, it comes from the traditional world of cybercrime. We’ve come across a case where a cybercriminal based in Libya turned from cybercrime to cyberpropaganda. This highlights how the cybercrime underground in the Middle East/North African region (covered in our paper titled Digital Souks: A Glimpse into the Middle Eastern and North African Underground) can expand their activity into areas beyond their original area of expertise.Read More
Microsoft’s Patch Tuesday for October addresses 62 vulnerabilities, 27 of which are critical and 35 important in terms of severity; many of these flaws can lead to remote code execution (RCE). Microsoft’s fixes are patches for features in the Windows operating system (OS) and Microsoft Office (including Office Web Apps), Skype for Business, Edge, Internet Explorer (including the Chakra Core browser engine), Exchange Server, and .NET development framework, among others. As per Microsoft’s previous advisories, this month’s Patch Tuesday also marks the end of support and patches/updates for Office 2007 and Outlook 2007.
Of note is Microsoft’s fix for CVE-2017-11826, a memory corruption vulnerability in Microsoft Office that was publicly disclosed and reported to be actively exploited in the wild.Read More
For $50, one could purportedly get a lifetime license to upgradeable variants of WannaCry. We saw this advertisement in an Arabic-speaking underground forum on May 14, two days after WannaCry’s outbreak. Indeed, a threat that left a trail of significant damage in its wake was objectified into a commodity, and even a starting point for others to launch their own cybercriminal businesses.
WannaCry’s relatively low price also reflects another unique aspect of the Middle Eastern and North African underground: a sense of brotherhood. Unlike marketplaces in Russia and North America, for instance, where its players aim to make a profit, the Middle East and North Africa’s underground scene is an ironic juncture where culture, ideology, and cybercrime meet.Read More
Dnsmasq is the de-facto tool for meeting the DNS/DHCP requirements of small servers and embedded devices. Recently, Google Security researchers identified seven vulnerabilities that can allow a remote attacker to execute code on, leak information from, or crash a device running a Dnsmasq version earlier than 2.78, if configured with certain options.Read More