Connect with us

GRTech

Sophos Uncovers Backdoors Attackers Leverage to Attack VMware Horizon servers, Sophos Finds

Sophos Finds Three Backdoors, Possibly Delivered by Initial Access Brokers, and Four Cryptominers Targeting Unpatched VMware Horizon Servers, reports SANDRA ANI

Published

on

Log4J

Sophos, a global leader in next-generation cybersecurity, today released findings on how attackers are using the Log4Shell vulnerability to deliver backdoors and profiling scripts to unpatched VMware Horizon servers, paving the way for persistent access and future ransomware attacks.

A new technical paper, “Horde of Miner Bots and Backdoors Leveraged Log4J to Attack VMware Horizon Servers,” details the tools and techniques used to compromise the servers and deliver three different backdoors and four cryptominers. The backdoors are possibly delivered by Initial Access Brokers.

Log4Shell is a remote code execution vulnerability in the Java logging component, Apache Log4J, which is embedded in hundreds of software products. It was reported and patched in December 2021.

“Widely used applications such as VMware Horizon that are exposed to the internet and need to be manually updated, are particularly vulnerable to exploitation at scale,” said Sean Gallagher, senior security researcher at Sophos. “Sophos detections reveal waves of attacks targeting Horizon servers, starting in January, and delivering a range of backdoors and cryptominers to unpatched servers, as well as scripts to collect some device information. Sophos believes that some of the backdoors may be delivered by Initial Access Brokers looking to secure persistent remote access to a high value target that they can sell on to other attackers, such as ransomware operators.”

Cybersecurity by Sophos

Cybersecurity by Sophos

The multiple attack payloads Sophos detected using Log4Shell to target vulnerable Horizon servers include:

  • Two legitimate remote monitoring and management tools, Atera agent and Splashtop Streamer, likely intended for malicious use as backdoors
  • The malicious Sliver backdoor
  • The cryptominers z0Miner, JavaX miner, Jin and Mimu
  • Several PowerShell-based reverse shells that collect device and backup information

Sophos’ analysis revealed that Sliver is sometimes delivered together with Atera and PowerShell profiling scripts and is used to deliver the Jin and Mimu variants of the XMrig Monero miner botnet.

According to Sophos, the attackers are using several different approaches to infect targets. While some of the earlier attacks used Cobalt Strike to stage and execute the cryptominer payloads, the largest wave of attacks that began in mid-January 2022, executed the cryptominer installer script directly from the Apache Tomcat component of the VMware Horizon server. This wave of attacks is ongoing.

“Sophos’ findings suggest that multiple adversaries are implementing these attacks, so the most important protective step is to upgrade all devices and applications that include Log4J with the patched version of the software. This includes patched versions of VMware Horizon if organizations use the application in their network,” said Gallagher. “Log4J is installed in hundreds of software products and many organizations may be unaware of the vulnerability lurking within their infrastructure, particularly in commercial, open-source or custom software that doesn’t have regular security support. And while patching is vital, it won’t be enough if attackers have already been able to install a web shell or backdoor in the network. Defense in depth and acting upon any detection of miners and other anomalous activity is critical to avoid falling victim to such attacks.”

For further information read the article “Horde of Miner Bots and Backdoors Leveraged Log4J to Attack VMware Horizon Servers” on Sophos News.

Sophos has closely monitored attack activity related to the Log4Shell vulnerability and has published a number of in depth technical and advisory reports, including  Log4Shell Hell – Anatomy of an Exploit Outbreak, Log4Shell Response and Mitigation Recommendations, Inside the Code: How the Log4Shell Exploit Works, and Log4Shell: No Mass Abuse, But No Respite, What Happened?

GrassRoots.ng is on a critical mission; to objectively and honestly represent the voice of ‘grassrooters’ in International, Federal, State and Local Government fora; heralding the achievements of political and other leaders and investors alike, without discrimination. This daily, digital news publication platform serves as the leading source of up-to-date information on how people and events reflect on the global community. The pragmatic articles reflect on the life of the community people, covering news/current affairs, business, technology, culture and fashion, entertainment, sports, State, National and International issues that directly impact the locals.

Continue Reading

GRTech

It’s Cybersecurity Awareness Month and Sophos has Some Tips for You!

In the mood of Cybersecurity Awareness Month, Christopher Budd, Director Sophos X-Ops, has compiled some tips for staying secure online.

Published

on

Christopher Budd - Sophos
Christopher Budd - Sophos
Sophos Cybersecurity Awareness Month
Sophos Cybersecurity Awareness Month

Cybersecurity Pro Tips:

  • Face Scans and Fingerprints are Safer Than Passcodes: Use features like Face ID or fingerprint scans for your devices as much as possible. These are safer than passcodes and devices have good built-in protections for this sensitive information.
  • Use Multi-Factor Authentication: Use multi-factor authentication (MFA) whenever possible. This gives an important extra layer of security that makes it harder for cybercriminals to access your accounts. If you can’t use something more secure like secure authenticator applications or physical hardware security keys, use your phone number — it’s safer than using nothing. If you use MFA for only one thing, use it for your email: that’s what attackers want the most.
  • Think Before You Share Publicly: Think twice before sharing any information publicly –cybercriminals can use it to access your accounts or to convince someone that they’re you.
    • Think about those cute surveys on Facebook with questions about your first car, city you were born in: these are the same kinds of info cybercriminals can use to pretend they’re you and log into and take over your accounts.
  • You Don’t Always Need (to keep)  the App: Don’t feel pressured to download an app every time: you can often use the service’s website just as well. Apps collect much more data than websites, including your location, your contact list and other info you might not want to share.If you do download an app, think about deleting it when you’re done using it: you can always reinstall it next time you need it.
  • Apps from app stores and websites that aren’t the official big names ones like Google Play, Apple’s App Store, Samsung’s Galaxy Store can be very risky. The official stores have security and privacy standards that can identify malicious activity. Always stick to official sources for downloading apps or, if they’re not on the official app stores, download the app from the developer’s official website or use the app’s web version.
  • Be On Your Guard for Unexpected Emails and Text Messages: Phishing continues to be one of the most effective tactics cybercriminals use to compromise consumers. If you get an unexpected email or text message, ignore it or at least don’t interact with it (don’t open attachments, don’t click on links). If you think it might be legitimate, reach out directly to who you think sent it and check with them.
  • Question Urgency in Emails and Calls: Cybercriminals use urgency to get you to let your guard down and make bad decisions. If someone contacts you saying they’re from a trusted organization like the IRS, police or your bank and need you to take action quickly or something bad will happen, stop and question it. Go to the trusted source like the number on the back of your credit card to independently validate the request.
  • Practice Good Password Security: Every account should have its own unique complex password. A strong password is at least 12 characters long with a mix of numbers, upper- and lower-case letters, and punctuation characters. Passwords should not be based on any personal information, and the best ones use a phrase rather than single words. If these passwords are too tough to juggle, try a password manager to stay organized.
  • Keep Everything Updated and Run Security Tools. Make sure all your apps and devices are always fully updated. Be sure to have some sort of security software on all of your phones and computers (even if you have a Mac).
  • Get Rid of End-of-Life Devices and Software: Everything from operating systems to services to Wi-Fi routers “go stale” and must be replaced eventually. For example, it might surprise you, but your internet router is typically only supported with patches and updates for a few years after you get it. Attackers love out-of-date devices. When something is “out of support” it’s stale: get rid of it and replace it with something fresh.
  • Back Up Your Data: While ransomware groups are mostly after businesses that can pay higher ransoms, they still go after people at home. It’s still important to have your data backed up so that you don’t have to consider paying a ransom.

Put Your Mind at Ease Regarding These Cybersecurity Concerns

Part of staying secure requires being able to filter out the noise and prioritize the security actions that matter. Here are things notto worry about. Focus your energy on real risks, not exaggerated threats.

  • Public Wi-Fi is Safer Than You Think: Contrary to outdated advice, public Wi-Fi is generally safe due to encryption used by most websites and apps. Use it freely at airports or coffee shops, but avoid sensitive activities.
  • Beware of Fearmongering Around New Tech Features: Not every new technology is as risky as it’s made out to be. For example, Apple’s NameDrop feature is generally safe and requires specific conditions to function. However, if you’re concerned, you can easily turn it off in settings.

Stop Stressing Over Public Chargers: The risk of “juice jacking” (data theft from public chargers) is extremely low. Don’t worry about using public phone chargers — just focus on real, more prevalent threats.

Continue Reading

GRTech

eSocialMint (eSM)) Wants to Disrupt Virtual Interactions

Reporter: Sandra Ani

Published

on

Unveiling of eSocialMint app

eSocialMint Inc., a tech startup based in Houston, is hoping to revolutionize social and professional events with its innovative new app.

Scheduled for launch in Nigeria at the end of the year, eSocialMint (eSM) offers a comprehensive platform that integrates features from popular apps like Facebook, TikTok, Zoom, WhatsApp, and Snapchat.

Designed to transform how events are conducted and experienced, eSM combines social media technology with advanced features such as virtual hologram technology.

Developed by IT architect Fisayo Olamigoke, eSM is available on both web and mobile devices. It offers a range of functionalities, including team events, social events, advertising, an eStore, and the unique “eSprayMe” feature.

This feature allows users to virtually spray money at events, replicating a popular Nigerian cultural practice while adhering to legal regulations.

Targeted at professionals, personal users, public institutions, and governmental bodies, eSM aims to save time and money by reducing the need for physical travel. With its cutting-edge technology and user-friendly interface, eSocialMint is poised to redefine the future of virtual interactions.

Continue Reading

GRTech

Blockchain, Tokenisation will Enhance Asset Management – DG NITDA

By Sandra Ani

Published

on

Tokenisation
DG NITDA Kashif Inuwa represented by the Director, e-Government and Digital Economy Development Department, Engr Salisu Kaka, delivering the keynote address at the Tokenized Economy 2024, Real-World Assets Tokenization conference

Kashifu Inuwa, the director general of the National Information Technology Development Agency (NITDA), has called for a concerted effort among industry players, government officials and experts to explore the transformative potential of Blockchain technology in asset management and economic development of the country.

The DG made this appeal at the Tokenised Economic Conference and Exhibitions themed; Tokenised Economy 2024; Real-World Assets Tokenisation, organised by Cyberchain in collaboration with the BAZE University and NITDA.

Recognising technology as an enabler for the nation’s GDP growth, the conference was a platform for industry professionals to share ideas and expertise in exploring opportunities in digital assets finance, capital markets, commodities, mortgage, bonds and real estate fractional ownership.

Giving his keynote address at the event, Inuwa outlined the benefits of tokenising physical and digital assets through Blockchain technology and emphasized its capacity to revolutionise asset management, exchange and security.

The DG who was represented at the event by the Director of e-Government and Digital Economy Development department, Engr. Salisu Kaka described tokenisation as converting traditional physical or digital assets into digital tokens recorded on a blockchain.

While explaining that tokens serve as digital representations of real assets, Inuwa mentioned that “when assets are tokenised, a Blockchain token is issued as a digital and legal representation of the real asset which allows assets to be sold, held and traded in a digital format, enhancing liquidity and accessibility.”

He further emphasised that the process of tokenisation involves choosing the asset to be tokenised, complying with legal and regulatory requirements, establishing secure custody solutions and blockchain networks and distributing tokens to potential investors through secure payment channels.

Laying reference to real estate investment markets which are plagued by inefficient transfer and record-keeping processes, Inuwa averred that tokenisation would mitigate the challenges by automating these processes.

“It offers several advantages over traditional real estate financing, such as automating processes, increasing liquidity, lowering investment barriers, and improving transparency. As a result, it is considered a promising development for the future of real estate markets,” he stated.

While stressing the need for Nigeria to position itself as the lead nation in the tokenised economy in Africa, he lauded the Lagos State’s plan to tokenise real estate and described it as a bold move that could set an example for other states to follow.

He added that tokenising other key sectors, including agriculture, oil and gas, securities, bonds and derivatives could further accelerate wealth creation and economic growth in the country.

Inuwa however noted that it was essential to establish a clear regulatory framework that would boost the confidence of investors as well as develop strong infrastructures that would support the tokenised economy.

He disclosed that since the launch of the National Blockchain Policy (NBP) and the inauguration of its steering committee, NITDA has been at the forefront of promoting the use of emerging technologies particularly blockchain technology by working closely with the blockchain ecosystem in promoting the adoption of the blockchain technology across all sectors of the country.

“Real-world asset tokenisation would offer a promising avenue for Nigeria to unlock its economic potential and improve the lives of its citizens. Nigeria has the potential to become a leader in the tokenised economy in Africa. By investing in infrastructure, education, and a supportive regulatory environment, Nigeria can unlock the full potential of tokenisation and drive economic growth.” he concluded.

In his remark, the Director General of the Securities and Exchange Commission (SEC), Dr. Emomotimi Agama spoke on how tokenisation breaks down traditional barriers and makes investments in areas like real estate and art accessible to a wider range of people, regardless of their financial status.

He stated that the shift would allow for the diversification of investments and would encourage more people to participate in previously exclusive markets.

Noting that tokenisation is a process that converts real-world assets into digital tokens, he said “Through tokenisation, these highly qualified assets become more accessible to a broader audience, democratizing wealth and enabling more inclusive financial participation.”

Continue Reading

Trending