February 7, 2022
David Redekop

TWINN Security News February 7

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

Let’s talk about Trickbot today. For over 5 years now, Trickbot has been part of the toolchain used in so many cyberattacks on businesses small and large, so it is probably a good thing we know a little about it. The tool clearly has a co-ordinated development team behind it as it is responsible for such a wide range of uses, including the initial access that comes via a URL or email attachment. A simple attachment asking the user to enable Macros, or a URL that downloads such a dropper. From there it can execute programs of its choice but most importantly for the attacker, it establishes persistence. It means even if the computer is rebooted, it restarts with it. It also has the ability to run as administrator without prompting the user, and it can turn off Windows defender. The capacity to capture credentials from memory is another capability as well as moving laterally from one computer in your network to another. Furthermore, it collects sensitive data and keeps a connection to the Command & Control (C2) infrastructure while exfiltrating to other destinations. It literally is the world’s most advanced Swiss Army Knife for the cyber criminals that own this tool.

For us, the defenders, this reality is what keeps us up at night.

Trickbot: still alive and adapting, and not your average hat trick. Great illustrations in this article on how Trickbot operates and we’re wise to be aware so we can secure our posture accordingly. For those wondering, yes, Zero Trust Connectivity is what it takes to positively mitigate Trickbot.

iPhone flaw exploited by second Israeli spy firm-sources. Just because iOS 15.3 has patched previously-known vulnerabilities, clearly there are more zero day exploits being used to spy on iPhone users, at least those that aren’t enjoying a layer of protection.

Mac malware spreading for ~14 months installs backdoor on infected systems. The walled garden of Apple’s AppStore is actually your safe space here. If you don’t get any apps any other way, you’re unlikely to get this malware. However, if you do use any other installation sources, additional protection is essential.

Cyberattack on News Corp, Believed Linked to China, Targeted Emails of Journalists, Others. A significant amount of conscious thought and fear in the mind of a journalist revolves around having sources, contacts, details leaked. 

How $323M in crypto was stolen from a blockchain bridge called Wormhole. Blockchain tech is here to stay, but in the time, criminals take advantage of its mystery and complexity. Be careful with your Crypto!

Did you know?

Blockchain-based DNS is a double-edged sword. Traditional government authorities can ultimately seize most top level domains, especially a dotcom, for example. However, they cannot seize blockchain-based domains: How Cybercriminals Are Using Blockchain DNS: From The Market To The .Bazar.

For a video version of this see https://youtu.be/mPg9uHPZJcg