2021 was a wild ride when it came to the cybersecurity sector. Loads of interesting news (and one big one) kept us busy in December. Read on for what our team has found interesting this month.
Log4Shell: RCE 0-Day Exploit Found in Log4J
This regularly updated post is a great place to find information on the latest vulnerability to rock the sector, the log4j vulnerability. The post includes an Updated Mitigation Guide, including an automated scanning tool. Follow the timeline in the post starting from Thursday (December 9th), when a 0-day exploit in the popular Java logging library log4j (version 2) that results in Remote Code Execution (RCE) by logging a certain string was discovered . According to The Record, more than 35,000 Java packages have been impacted by Log4j vulnerabilities.
“This post by open source data security platform LunaSec is about the vulnerability that rocked the internet this month. It is a good blueprint for dealing with the vulnerability, although the only thing that’s certain is we will see lots of cybersecurity incidents related to log4j in the future.” —David, Founder & CEO
Source: LunaSec, December 19
Former Defense Contractor Arrested for Attempted Espionage
A former defense contractor in South Dakota man was arrested for alleged espionage attempts. He attempted to provide classified national defense information to the Russian government after serving 40 years as a test engineer for multiple cleared defense contractors. After committing a number of security violations and revealing a fervent interest in Russian affairs, including whether he could obtain a security clearance from the Russian government, Rowe was identified as a potential insider threat and terminated from employment, whereupon he was busted by an undercover FBI agent.
“This news piece shows that espionage still exists, and that it will be punished. Access to information should be controlled, and insider threat is real.” — A member of our threat intel team
Source: US DoJ, December 16
Crypto Exchanges Keep Getting Hacked
There have been more than 20 hacks this year where a digital robber stole at least $10 million in digital currencies from a crypto exchange or project. In six of those cases, hackers stole more than $100 million. This trend is here to stay, as the bitcoin boom and rise in cryptocurrency exchanges has created some enticing prizes for unethical hackers. Not bad when bank robberies net an average of less than $5,000 per heist.
“Cryptocurrency is always a hot topic. It has never been easy to steal money from banks—stealing millions from an online bank is almost impossible because wire transfers of big amounts of money are easy to track. So cyber crooks who are after money are now targeting crypto exchanges as cryptocurrency is much harder to recover.” — Fernando, Founder
Source: NBC News, December 17
Active Defense: Cyber Deception in the Active Directory
This is a post that gives a great overview of deception in the Active Directory. According to the article, deception is “novel but with roots in hundred-year-old foundations.” It gives a nice background on deception before going into detail about how to protect the Active Directory using deception techniques. We particularly enjoyed the part on Mitre ATT&CK, which shows how to take advantage of adversary vulnerabilities when using active defense techniques.
“This is a good place to start for a comprehensive, contextual piece on deception. In this article, Marta de la Cruz, Deception Specialist & Threat Hunter, talks on modern cyber deception, putting the cherry on top of a great explanation.” — a member of the development team
Source: Security Garage, December 15
A Deep Dive into an NSO Zero-Click iMessage Exploit
This two-part blog post series describes (for the first time) how an in-the-wild zero-click iMessage exploit works. The post goes into detail about one of the most technically sophisticated exploits ever seen. It focuses on capabilities provided by NSO Group, one of the highest-profile providers of “access-as-a-service”, which expands the number of nations with sophisticated cyber capabilities. Citizen Lab and Apple’s Security Engineering and Architecture (SEAR) collaborated on this post about the iMessage exploit, which shows that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.
“Although this was a bit overshadowed by the log4j RCE, this Pegasus Zero-Click exploit is an incredible piece of news. This post by Google’s Project Zero describes one of the most technically sophisticated exploits ever seen. It’s an intriguing look into how an in-the-wild zero-click iMessage exploit works.” — David, Founder & CEO
Source: Google ProjectZero, December 15