January 17, 2022
David Redekop

TWINN Security News January 17

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to.

Today our focus is on RATs, or Remote Access Trojans. RATs are one of the most powerful tools in a cyber criminals bag of tricks. They’ve existed since the dawn of the internet and this week, researchers found out about one particular one that’s been active for six months and is only discovered now. RATs represent the ultimate command & control environment. If you were infected, you may have no tell-tale signs whatsoever, and yet the criminal has full capability to launch any type of attack from the victim’s computer while it’s online. This newly-discovered one, dubbed SysJoker is built for Windows, macOS and Linux. 

Backdoor RAT for Windows, macOS, and Linux went undetected until now. What makes it nearly impossible to detect or block is that it uses a Google Doc as a sort of recipe to determine which domain to use to “phone home”. This researcher found it changed phone home domains 3 times during his observation. So the idea of blocking a known threat, ie blocklisting, makes this one impossible to block. Fortunately, Zero Trust Connectivity once again to the rescue.

Russia arrests 14 alleged members of REvil ransomware gang, including hacker U.S. says conducted Colonial Pipeline attack. “The arrests also set an important precedent with Moscow admitting for the first time that “major ransomware criminals reside in Russia”

New Chrome security measure aims to curtail an entire class of Web attack. Since browsers have been used as a beachhead for internal attacks since forever, this is a good move. It will require developers to test their legitimate internal resources, though, and make sure they remain functional.

Feds’ spending on facial recognition tech expands, despite privacy concerns. I’m including this today so we’re all aware that there’s no escaping this. None of us like it, but facial recognition usage is here to stay, and as long as we are afraid of real-world criminals, there will be justification for this.

Moxie Marlinspike is leaving Signal as CEO. His reasons for leaving appear legitimate and we are grateful for the great work he’s left behind, allowing end-to-end encryption in messaging to exist with verifiable open source access.

Did you know? 

2G cellular protocol will be able to be turned off at the modem level on new Android phones. 2G is the protocol required for Stingrays to intercept cellular communications. Being able to switch that capability OFF is wonderful news. Good move for Android, here’s hoping that Apple follows suit quickly.

For a video version of this see: https://youtu.be/HoxtLzSRCmo