TWINN #114 MQTT now being used maliciously
MQTT is in the news this week. A widely-used, lightweight publish/subscribe protocol for IoT messaging has a method of de-coupling clients from servers. Like many productive innovations on the Internet, the design principles and organizations didn’t intend for it to be hijacked by criminals, but here we are today. Brand new threats, not based on any existing github code are using publicly-available MQTT brokers for Command-and-Control (C2) connections:
Table of Contents
The 5 Top Cyber Security Stories Of The Week – March 06, 2023
1. Chinese Hackers Targeting European Entities with New MQsTTang Backdoor.
This highlights that the threats are continuously evolving and that Zero Trust connectivity remains the key mitigation strategy, even prior to knowing about net new threats.
2. CISA red-teamed a ‘large critical infrastructure organization’ and didn’t get caught.
What we learn here is that collectively we still have technology and security debt. Lots of catching up to do. First to be proactively secure, secondly to detect and recover.
3. A bootkit bypasses UEFI Secure Boot on patched Windows 11.
“The developers of the BlackLotus UEFI bootkit have improved the malware with Secure Boot bypass capabilities that allow it to infect even fully patched Windows 11 systems.”
4. The role of cyber weapons in Russia’s war on Ukraine.
This 6-minute clip is worth listening to (or reading the script). For example:
‘BRAD SMITH: The interesting thing about a cyberattack is it’s invisible to the naked eye. If it succeeds, everybody reads about it because a network stopped operating. But when we detect it and when we disrupt it, when we stop it, it’s invisible to the world.”
5. FBI bust international DoppelPaymer cybercrime gang.
Woohoo for law enforcement. While this is worth celebrating, history tells us that people involved with a cybercrime gang that aren’t locked up just put on new masks and start again. Cybercrime is just too lucrative for criminals without a moral compass to turn from.
Did you know?
An iPad Pro with an external display is as close as Apple has ever gotten to making it a laptop replacement. The Stage Manager features in iOS 16.4, currently in beta, are the most impressive yet. Given that Cellular is available on an iPad, but not on any macOS product, it makes it very compelling now. Strongly recommended for a wide range of use cases where having the security, convenience of an iPad with all the connectivity options you need.
Sorry for no video today. A weekend incident kept me from being able to do so. Planning a return to normal for next week.