Ransomware victims are paying ransoms less often, but 2024 is still on track to be a record year for ransomware payment sizes, according to new research by Chainalysis. The findings indicate that, amid an “evolving sentiment” for companies against paying a ransom, threat groups are prioritizing large organizations or critical infrastructure entities that are more likely to pay bigger ransoms.

Researchers with Chainalysis, which analyze the blockchain to scope out illicit payment activity such as ransomware payments, collected payment data across different “severity strains” of ransomware groups. This ranged from “very high severity strains” that received a maximum payment exceeding $1 million in a given year, down to “low severity strains” that received a maximum payment of less than $1,000 in a given year. They found that the median ransom payments for the most severe ransomware strains have increased from under $200,000 in early 2023 to $1.5 million in mid-June 2024.

Several massive ransom payments reported over the past eight months have supported this spike, from Change Healthcare’s $22 million payment to a record-breaking $75 million payment made by an unnamed Fortune 50 company to the Dark Angels ransomware group. Researchers said ransomware groups appear to be sniffing out organizations like these that are more likely to pay high ransoms “due to their deep pockets and systemic importance.”

“The growing sophistication of the threat actors (e.g., double extortion, etc.) and the size of the targeted entities, be they critical infrastructure, businesses, or government agencies, are what is inevitably driving higher ransom payment sizes,” said Eric Jardine, cybercrimes research lead with Chainalysis.

Evolving threat actor tactics also impact how much ransomware groups get paid. Attackers are rarely relying on simple infiltration and encryption methods now because encryption and exfiltration - paired with double or triple extortion tactics - pays better, said Jardine. Overall, the amount of money that ransomware groups have earned so far this year has increased by 2 percent over last year, from $449.1 million in 2023 to $459.8 million in 2024.

“An Evolving Sentiment”

Still, while ransomware attacks are becoming more frequent and the maximum sizes of ransom payments are increasing, victims are paying ransoms less frequently overall, Chainalysis found in May.

“The ongoing decrease in ransom payments, despite a reported increase in the number of attacks, reflects the growing reluctance of victims to comply with the demands of cybercriminals,” said researchers. “Sanctions and a broader aversion among organizations to fund criminal activities speaks to an evolving sentiment where paying ransoms is increasingly seen as unacceptable or unnecessary.”

Rick Holland, CISO with ReliaQuest, said that anecdotally he’s seen this shifting attitude with other CISOs. This change may be partly influenced by last year’s ransomware attack on MGM Resorts International where the organization did not pay, said Holland. However, another factor is that CISOs are trying to build better containment efforts into their strategies so that they don’t need to get to the point of decision about a ransom payment at all, he said.

“I think MGM changed a lot, it’s one of the most significant ransomware attacks that we’ve had to date,” said Holland. “One, because they refused to pay. Two, [there’s been a] desire post MGM to do more containment. The desire I’m seeing is ‘we want to eliminate this conversation of do we pay the ransom or not… so can we do more containment, can we lean forward, can we do stuff across the network, the endpoint and identity, to contain this faster.'”

A More Fragmented Landscape

Behind a “major escalation” in the frequency, scope and volume of ransomware attacks, the ransomware ecosystem itself appears to be shifting based on Chainalysis’ findings. “Very high severity strains” (versus “high severity strains”) are still underperforming their 2023 year-to-date totals, for instance, potentially indicating that the law enforcement disruptions of larger players, like BlackCat and LockBit, have had some sort of impact.

While it’s difficult to track the long-term impacts of law enforcement operations on the overall ransomware threat landscape, some security researchers have looked at total ransomware payments and their year-over-year difference as a potential benchmark.

Researchers found that in the wake of the BlackCat and LockBit disruptions, “the ecosystem became more fragmented and affiliates migrated to less effective strains or launched their own.”

Overall, Jardine noted that ransomware strains categorized as less severe have been much more active in 2024 so far than they were in 2023. For instance, “high severity strains” (versus “very high severity strains”), which are categorized as ransomware families that received a maximum payment between $100,000 to $1 million in a given year, increased their year-to-date activity by 104.8 percent.

“It is not the case that these strains are behind the biggest payments we have seen this year, but cumulatively their effect on the global ecosystem is very significant,” said Jardine.

An Iranian government-backed threat actor has been sending phishing messages to current and former government officials, political campaign workers, diplomats and employees at think tanks, non-government organizations and academic institutions in the U.S. and Israel.

The known Iranian state-sponsored group, APT42, has launched dozens of confirmed operations against various non-profit, education and government targets globally since 2015. Most recently, researchers on Wednesday said the group has launched an “aggressive, multi-pronged effort to quickly alter its operational focus in support of Iran’s political and military priorities.” These campaigns also leveraged phishing tools like the GCollection/LCollection/YCollection credential harvesting tool and DWP browser-in-the-browser phishing kit.

“In the past six months, the U.S. and Israel accounted for roughly 60% of APT42’s known geographic targeting, including the likes of former senior Israeli military officials and individuals affiliated with both U.S. presidential campaigns,” according to Google’s Threat Analysis Group on Wednesday.

APT42 has used many different tactics in their phishing campaigns over the years, with the end goal of harvesting credentials for personal and corporate email accounts in order to steal documents, research and information pertinent to Iran. One of these tactics, as seen in its most recent campaigns against entities in the U.S. and Israel, is the abuse of services like Google Drive, Gmail, Dropbox or OneDrive in order to host malware or create phishing pages. Google has worked to stomp out some of the infrastructure abusing its own sites and services, saying that over the course of six months it has disrupted attacker-created Google Sites in more than 50 campaigns.

“In the course of our work to disrupt APT42, TAG reset any compromised accounts, sent government-backed attacker warnings to the targeted users, updated detections, disrupted malicious Google Sites pages, and added malicious domains and URLs to the Safe Browsing blocklist — dismantling the group’s infrastructure,” researchers said.

“As hostilities between Iran and Israel intensify, we can expect to see increased campaigns there from APT42.”

As part of this campaign, APT42 has more intensely targeted users in Israel. In April, the group specifically started to seek out people with connections to Israel’s military and defense sectors. For example, Google said it took down multiple attacker-created Google Sites pages pretending to be a petition from the Jewish Agency for Israel, a legitimate non-profit entity, which included URLs that would redirect users to phishing pages. In another attack, the threat group pretended to be a journalist and used social engineering tactics to attempt to gain the trust of former Israel military officials and an aerospace executive.

“The emails were sent from accounts hosted by a variety of email service providers, and did not contain malicious content,” said researchers. “These emails were likely meant to elicit engagement from the recipients before APT42 attempted to compromise the targets. Google suspended identified Gmail accounts associated with APT42.”

In other attacks, the threat group targeted accounts associated with both the Biden and Trump presidential campaigns. As recently reported, this campaign successfully breached accounts across multiple email providers, including the compromise of a personal Gmail account for a high-profile political consultant. However, these targeted attacks are part of a broader wave of campaigns against U.S. targets, including ones against U.S. military members that used typosquatting methods (leveraging the domain understandingthewar[.]org to impersonate the legitimate Institute for the Study of War, for instance).

Looking ahead, researchers said that APT42 shows “no signs of stopping their attempts to target users and deploy novel tactics.”

“This spring and summer, they have shown the ability to run numerous simultaneous phishing campaigns, particularly focused on Israel and the U.S.,” said researchers. “As hostilities between Iran and Israel intensify, we can expect to see increased campaigns there from APT42.”

Microsoft has released patches for six flaws that are being actively exploited as part of its regularly scheduled patch Tuesday releases.

The flaws exist in Microsoft’s Project management software and various Windows products, from Windows Scripting Engine to the Windows Power Dependency Coordinator component responsible for managing system power usage. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which added the flaws to its Known Exploited Vulnerability catalog and gave federal government agencies a three week deadline for applying the patches, it is “unknown” whether the flaws are being used in ransomware campaigns. Microsoft also did not specify the exploitation activities surrounding these flaws.

“Microsoft released security updates to address vulnerabilities in multiple products,” according to CISA on Tuesday. “A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.”

One of the more serious flaws is an important-severity Microsoft Project vulnerability (CVE-2024-38189), which ranks 8.8 out of 10 on the CVSS scale and could enable remote code execution. According to Microsoft’s security advisory, in order to exploit the flaw an attacker would need to convince a target to open a malicious file, either via a phishing email or an attacker-controlled website.

“Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution,” according to Microsoft.

Microsoft also patched an important-severity memory corruption Scripting Engine flaw (CVE-2024-38178), which could allow unauthenticated attackers to remotely execute code. In order to exploit the flaw, the attacker would need authenticated clients to click a specially crafted URL, and they would need to use Edge in Internet Explorer mode, according to Microsoft. Notably, Microsoft credited the National Cyber Security Center for the Republic of Korea (in addition to AhnLab) with reporting the bug.

Several actively exploited Windows flaws were also fixed, including an elevation-of-privilege bug (CVE-2024-38193) in the Windows Ancillary Function Driver for WinSock, which if exploited successfully could give an attacker SYSTEM privileges. Another elevation-of-privilege bug (CVE-2024-38107), which exists in the Windows Power Dependency Coordinator, could also grant SYSTEM privileges.

Microsoft said it fixed an actively exploited elevation-of-privilege flaw in Windows Kernel (CVE-2024-38106). According to Microsoft, “successful exploitation of this vulnerability requires an attacker to win a race condition.” Finally, a moderate-severity flaw (CVE-2024-38213) in a security feature of Windows Mark of the Web, Microsoft's identifier for potentially unsafe files, was fixed.

For the latter issue, “an attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience,” according to Microsoft. “An attacker must send the user a malicious file and convince them to open it.”

Overall, Microsoft fixed dozens of vulnerabilities in its August patch Tuesday updates. Outside of the six actively exploited bugs, these included other serious vulnerabilities, like a remote code execution flaw in Windows TCP/IP (CVE-2024-38063). According to Microsoft, if unauthenticated attackers repeatedly send IPv6 packets (with specially crafted packets) to a Windows machine, the vulnerability could enable remote code execution.

Ivanti has fixed a critical-severity flaw in its Virtual Traffic Manager (vTM), which if exploited could enable attackers to bypass authentication and create a user with administrator privileges.

The company said in a security advisory this week that it’s not aware of exploitation efforts against the flaw (CVE-2024-7593), but warned that a proof-of-concept exploit is publicly available.

Ivanti is urging customers to update to a fixed version for Ivanti vTM, which is its software-based application delivery controller. Currently, fixes are available for versions 22.2 (resolved with 22.2R1) and 22.7R1 (resolved with 22.7R2). Fixes for vTM versions 22.3, 22.3R2, 22.5R1 and 22.6R1 will be available the week of Aug. 19, said Ivanti.

“Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel,” according to Ivanti’s advisory.

Ivanti said that customers with a management interface “bound to an internal network or private IP address have significantly reduced their attack surface.”

“Upgrade to the available patch 22.2R1 (released 26 March 2024) or 22.7R2 (released 20 May 2024),” according to Ivanti. “Customers who have pointed their management interface to a private IP and restricted access can patch at their earliest convenience.”

On Tuesday, Ivanti also released fixes for its Neurons for IT Service Management (ITSM) software, including a critical information disclosure flaw (CVE-2024-7569) in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier, and a high-severity bug (CVE-2024-7570) stemming from improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier. The latter flaw could allow remote attackers to craft tokens that could allow access to ITSM as any user, said Ivanti.

Finally, the company on Tuesday also released fixes for five high-severity flaws (CVE-2024-38652, CVE-2024-38653, CVE-2024-36136, CVE-2024-37399, CVE-2024-37373) in Ivanti Avalanche, its enterprise mobility and management tool, which if exploited could enable a range of malicious activities, from denial of service to remote code execution. The flaws are patched in Ivanti Avalanche version 6.4.4.

“We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure,” said Ivanti. “These vulnerabilities were disclosed through our responsible disclosure program.”

I grew up tempting fate.

When I was about 12, we moved into a subdivision that was still under construction. Our house was in a cul-de-sac near the front of the development and the surrounding streets had dozens of houses that were in various stages of construction. I quickly met some other boys around my age and those houses became our playgrounds.

One summer day, three of us went to a neighbor's house across the street from mine and went up to the second floor and climbed out onto the roof above the front porch. We sat there for a while, talking about nothing I can remember. When we decided it was time to go, my two friends, Tony and Chris, climbed back through the window and went down the stairs. I stood up and looked at the pile of red clay below the roof in the front yard--our neighbors were doing some landscaping--and decided to take the express route. I jumped and landed on my knees, dusted myself off and then walked down the side of the dirt pile to where my friends were standing in the driveway.

My friend Tony pointed at my leg and started shaking his head. I looked down and saw a non-trivial chunk of bluestone sticking out of my knee. Without really thinking, I pulled the rock out of my knee and then watched as a waterfall of blood covered my shin and flooded my Adidas Sambas. I have a vague memory of Tony and Chris walking me up the lawn to my house and ringing the doorbell, which seems dumb since we all lived in each other’s houses. My mom came out, looked at my knee, and then went inside and got her purse and drove me to the hospital where they put about 15 stitches in my knee. (I later took the stitches out myself.)

“What were you thinking?” my mom asked on the way home.

I don’t remember what I actually said, but it was probably some version of, I wasn’t. It just seemed fun. I hadn’t thought about the risks.

About 20 years later I was running my second Boston Marathon. I had recently been diagnosed with a really fun form of rheumatoid arthritis called ankylosing spondylitis and was on some pretty potent anti-inflammatories. They were keeping my symptoms in check and I was in good shape and planning to run somewhere around 3:20 that day. But one thing about anti-inflammatories is they tend to dehydrate you. That day was weirdly warm for Boston in April, in the high 70s, and I knew that it would be tough, so I took it relatively easy for the first eight to 10 miles. I was hydrating, but by about the halfway mark I started getting the kind of leg cramps you get at night that make you want to scream. I knew I was in real trouble, but I kept running. No matter how much water or Gatorade I took in, it didn’t matter. The cramps got worse.

"The lesson, in the broadest sense, is that humans are bad at assessing risk. Even, or maybe especially, when it comes to our own lives."

I eventually found a medical station around the 15 mile mark and the EMT noticed I wasn’t sweating at all. You need to drop out, she said. I asked if she was going to force me to stop. She said that wasn’t her job. I kept going. Spoiler alert: Things got much, much worse. To the point that I had to ask a spectator to borrow his phone to call my wife and let her know I’d be an hour or so later than she expected. I made it to the finish, in about 4:40, and drank a bottle of water and immediately threw it up. An EMT standing nearby told me I needed to go to the ER immediately. My kidneys had shut down, he said. I’m sure I heard him, but instead of going to one of 10 hospitals in Boston, I got in my father-in-law’s car and we drove back to Plymouth, an hour away. I remember telling him to just take me home and I’d be fine after a nap. He kept saying sure, and drove me right to the hospital in our town.

Not surprisingly, the ER doctor (who I knew slightly) did some tests and confirmed that my kidneys weren’t working so well. Or at all. They gave me several (4?) bags of IV fluids in a few hours and I felt great! I was ready to go home, I told the doc. Sure, he said. In about two days. Turns out, had I actually gone home after the race and gone to sleep, as I wanted to, I wouldn’t have woken up. My stupid kidneys went on strike somewhere in the middle of the race and hadn’t processed anything in quite a long time. I was in the ER for three days, wearing my finisher medal the entire time, like an idiot. When I was finally released, one of the ER nurses tapped the medal and said, Was it worth it? I nodded. In the years since, I’ve seen that nurse around town at restaurants and stores and she will always smile and shake her head at me. Again, I hadn't really considered the risks of what I was doing.

What did I learn from these incidents? Hard to say. Probably not much back then. Between the two incidents described above, I tore my knee to shreds in a high school soccer game but kept playing because we were undefeated and I was the captain and was going to play in college the next year. That turned out poorly, as you might imagine.

The lesson, in the broadest sense, is that humans are bad at assessing risk. Even, or maybe especially, when it comes to our own lives. We see a thing we want or a thing we want to do and go toward that, consequences be damned. This is the basic trait that attackers exploit in various ways--phishing, social engineering, etc. Identifying risks and determining what the consequences of any given action might be is not easy, so a lot of us just look at the benefits and ignore the risks. And that impulse is the most difficult thing to defend against because it requires amending human nature.

That’s a fool’s errand, of course, but if you find a way to do it, let me know. I’ll be sitting on the roof.

(Note: An hour before this piece was published, I went out to take down a wasp's nest in my front yard that I thought was empty after a heavy dose of wasp spray a couple days earlier. Reader, it was not empty.)

The FBI has disrupted a ransomware group called Radar/Dispossessor, announcing on Monday that it had dismantled several domains and servers worldwide belonging to the operation.

Radar/Dispossessor, which has been around since August 2023 and is led by someone using the online moniker “Brain,” has targeted small and mid-sized businesses across a range of sectors globally, including development, education, healthcare, financial services and transportation. The FBI’s Cleveland office on Monday said that it had dismantled three U.S. servers, three UK servers and 18 German servers for the group, as well as eight U.S.-based criminal domains and one German-based criminal domain.

“Originally focused on entities in the United States, the investigation discovered 43 companies as victims of the attacks, from countries including Argentina, Australia, Belgium, Brazil, Honduras, India, Canada, Croatia, Peru, Poland, the United Kingdom, the United Arab Emirates, and Germany,” according to the FBI’s Monday release. “During its investigation, the FBI identified a multitude of websites associated with Brain and his team.”

The ransomware group targeted weak passwords with a lack of two-factor authentication for initial access to victim organizations. After gaining initial access, the group then would obtain administrator rights and file access, before deploying ransomware. The group also leveraged dual extortion tactics, both holding victim data hostage and threatening to contact others if a ransom was not paid.

According to an analysis by SentinelOne researchers, Dispossessor has also advertised the availability of previously leaked data for sale on BreachForums and XSS, and has listed at least a dozen victims that have been previously listed by other groups.

“Dispossessor initially announced the renewed availability of the data from some 330 LockBit victims,” said Jim Walter with SentinelOne in an April analysis that looked at how ransomware affiliates are re-monetizing stolen data outside of their RaaS agreements. “This was claimed to be reposted data from previously available LockBit victims, now hosted on Dispossessor's network and thus not subject to LockBit's availability restrictions. Dispossessor appears to be reposting data previously associated with other operations with examples ranging from Cl0p , Hunters International , and 8base.”

The FBI urged other victims, and people with further information about the group, to contact its Internet Crime Complaint Center.

“As ransomware can have many variants, such as this case, the total number of businesses and organizations affected is yet to be determined,” said the FBI.

The investigation and takedown was the result of a collaboration between the U.K.'s National Crime Agency, Bamberg Public Prosecutor’s Office, Bavarian State Criminal Police Office and U.S. Attorney’s Office for the Northern District of Ohio. This type of international collaboration has been critical for crackdown efforts on cybercriminals, and over the past year law enforcement agencies worldwide worked together to disrupt the BlackCat ransomware group, the Qakbot malware, the Ragnar Locker ransomware gang, and to dismantle a global network of computers infected by the Snake malware.

Dennis Fisher and Lindsey O'Donnell-Welch reflect on their week in Las Vegas at Black Hat and discuss the talks they liked, including Moxie Marlinspike's keynote and the Google Project Zero retrospective, and the other topics they found interesting, including vulnerability exploitation versus social engineering and the AI ecosystem.

Many of the discussions during the conference centered on the changing threat landscape and the ways in which threat actors are adapting to defenders' tactics. For example, many cybercrime groups focus their efforts on social engineering campaigns rather than exploiting vulnerabilities, as it requires less technical knowledge. Vulnerabilities still matter, as Natalie Silvanovich of Google's Project Zero demonstrated, but there are other ways in.

LAS VEGAS - In the 10 years since Google’s Project Zero security research team was formed, progress has been made in the group’s motto of “making zero day hard” in some areas - but the fact that in-the-wild exploits still exist highlights the fact that the industry still has a ways to go.

Many of the same main issues shaping the zero-day landscape that existed in 2014 still remain today, including challenges around the quality of software, patching, transparency and mitigations. Vendors have an important part in improving these problems, said Natalie Silvanovich, team lead and security engineer with Google.

“It’s becoming increasingly apparent that security research is not enough to end the era of zero days,” said Silvanovich at a session here at Black Hat USA. “We’re not in the place to make the next big changes that need to happen to protect users from zero days. Vendors are. This is not an easy task, and many vendors have made a lot of progress since we started. But there is so much left to do.”

The fundamental understanding of zero days, how they are used and how organizations can prevent them was very different 10 years ago. Organizations didn’t understand underlying security problems in their software and lacked technical information. Patching was slower, and there were no clear protocols around patching and disclosure. Conversations around security incidents were less transparent, and relationships with researchers in some cases were hostile.

The researcher community has played a pivotal role in moving the needle on several of these challenges, said Silvanovich. For example, a number of zero days found in Adobe Flash between 2014 and 2015 - fueled in part by more researcher reports, the 2015 Pwn2Own competition and a leak of confidential material for spyware vendor Hacking Team that showed it had access to an unpatched Flash bug - led up to Flash being deprecated in 2020.

“It’s becoming increasingly apparent that security research is not enough to end the era of zero days."

Another win is the work that researchers have done in developing disclosure timelines for zero days. Google Project Zero’s 90-day disclosure policy - though unpopular with organizations at the start - did eventually light a fire under companies to be better about patching their zero days. Between 2019 and 2021, up to 93.4 percent of the issues reported by Project Zero to vendors were fixed under its standard 90-day deadline.

However, challenges in these areas remain. Researchers still see inconsistent patching habits with Android and the surrounding OEM community, including GPU and other third-party components, said Silvanovich. Another issue is that up to 40 percent of in-the-wild zero days flaws are variants of existing flaws, meaning that they are similar to flaws already fixed in software. This could indicate that vendors are rushing into fixes for their zero days as a result of pressure and time constants. As a result, they are producing incomplete fixes and aren’t addressing the root cause issue behind the flaw.

A new issue has cropped up over the recent years, as well: A security gap between the “best we see and the worst we see is large and growing,” she said. The worst offending companies in this area appear to be “middle-ware,” or firmware and software sold to upstream vendors, and attackers appear to be increasingly targeting these areas, said Silvanovich.

Vendors developing security programs should understand first and foremost, that bugs are the root causes of zero days and companies should fix all vulnerabilities in their software quickly and completely. They should also acknowledge that mitigations are not a substitute for a fix. And finally, vendors need to understand the importance of transparency, said Silvanovich.

“Project Zero plans to keep pushing, expanding our understanding of zero days, keeping vendors transparent and putting pressure on industry moving forward,” said Silvanovich. “But we need others to act. It will take all of us to end the era of zero days.”

LAS VEGAS–The past couple of decades have seen a tremendous wave of technical innovation that has made powerful computing resources and devices available virtually everywhere on the planet. But underneath all of the shiny exteriors lies an ever more complex pile of software that is increasingly difficult to understand, let alone secure.

This has rarely been more evident than in the last couple of weeks, as cloud outages and cascading failures have demonstrated just how interconnected and fragile the global ecosystem is. Stack upon stack upon stack of software has made it difficult for even the smartest folks in the technology community to understand exactly how a given system or service actually works and what all of the dependencies and potential weaknesses might be.

Moxie Marlinspike, the creator of Signal and a renowned security researcher and cryptographer, said in his keynote speech at the Black Hat conference here Thursday that one of the downsides of the massive software boom is that quality has decreased over time.

“We see a lot more stuff over time but a lot of it is mediocre or schlock. In complex ecosystems like computing there seems to be some ongoing relationship between the quality of the tools we use and the quality of the output we create. The better we understand stuff, the cooler stuff we can make with that stuff,” he said.

“Engineering organizations have ballooned in size but even with all of those people sitting in front of computers eight hours a day, every day, forever, these organizations don’t exactly have a reputation for high velocity output. Vision and engineering are entwined and both of them need to inform one another.”

"Without knowing it, the people in this room have inherited the earth."

One line of thinking in the early days of the web and the tech boom was that some of the new tools companies were building would bridge the gap between people who understood computers and those who didn’t. Things didn’t quite work that way.

“We imagined that we were going to develop these powerful tools and then teach everyone to be like us. That didn’t happen,” Marlinspike said.

While the ever-increasing complexity of software and systems over time isn’t necessarily great for reliability or usability, it presents an opportunity for people in the security community who have spent their lives working to understand how those systems work on the deepest levels and looking for ways in which they might break. Understanding those potential failure modes and anticipating how they may affect users and other systems is a special skill set that can only be acquired through long experience. And it’s one that is needed more than ever.

“Understanding is at the foundation of all security research. Security research is almost the inverse of what I’ve been talking about. It’s the process of looking through abstractions and trying to understand them even better than the people who built them,” Marlinspike said.

“We look for ways those systems can yield unexpected outcomes. Without knowing it, the people in this room have inherited the earth. You all are the ones who have been sitting in the library learning the spells to understand how the world works. Look at the things you understand really deeply and the world around you and see how they can be applied to that world.”

LAS VEGAS - Researchers are detailing several now-fixed vulnerabilities across six AWS services, which range in impact from remote code execution to full account takeover.

The flaws were reported to AWS in February by Aqua Security, and all final fixes were confirmed on June 26. However, the details of the vulnerabilities haven’t been revealed until a session by Aqua Security’s Team Nautilus research group on Wednesday, here at Black Hat USA.

The uncovered flaws impact AWS CloudFormation, which allows users to manage infrastructure resources, the Glue serverless data integration service, Elastic MapReduce (EMR), the SageMaker machine learning platform and the ServiceCatalog central cloud management platform development service.

The issue stems from how services are created in new regions for the first time. During this process, S3 buckets are automatically created, which are online storage containers used for managing files and in some cases storing necessary operational data. Aqua Security researchers called these “shadow resources” due to the fact that these assets are automatically created, sometimes without the knowledge of the AWS account owner.

“Aqua Nautilus uncovered how attackers can discover the buckets’ names or guess predictable parts of the bucket name,” said Yakir Kadkoda, lead researcher at Aqua Security in an analysis released at Black Hat alongside the session. “Subsequently, using a method dubbed ‘Bucket Monopoly,’ the attackers can create these buckets in advance in all available regions, essentially performing a landgrab, then store malicious code in the bucket.”

An S3 bucket is automatically created with a specific name, which consists of a prefix, a 12-character hash, and the name of the region where the service is being utilized. While the region names for particular accounts vary, the bucket name consisting of the prefix and hash remains the same, meaning that the name could potentially be discoverable, said the researchers. One caveat to this attack is that researchers haven’t figured out how to specifically calculate the hash in the S3 bucket name, which is unique to each account and impossible to simply guess or brute force. However, researchers said they have identified numerous hashes used for AWS accounts by using GitHub regex searches or Sourcegraph, or other vectors that expose the hashes.

Kadkoda said that during Aqua Security’s research, hundreds of hashes from popular organizations were discovered, making this a “feasible” attack vector.

“In our research, we found that many examples of popular companies have CloudFormation hashes in their open-source repositories or in open issues, etc,” said Kadkoda. “Although the hash cannot be easily guessed for a specific organization and is more secure than an AWS account ID, it can still be considered secret data. Since the hash is unique per account and remains the same across all regions, an attacker only needs to find one bucket name of the victim’s CloudFormation to attack the victim in other regions… If the victim somehow exposes this bucket name, they become vulnerable to this attack vector.”

If an attacker was able to uncover the hash using these methods, researchers found that it is possible for them to set up buckets in AWS regions where the service hasn’t been used yet, and wait for a victim to leverage the AWS CloudFormation service in a new region. Then, attackers could use the attacker-controlled S3 buckets as part of the CloudFormation service.

“When the targeted organization enables the service in a new region for the first time, the malicious code will be unknowingly executed by the targeted organization, potentially resulting in the creation of an admin user in the targeted organization granting control to the attackers,” said researchers.

Through using these techniques, researchers found various impacts to different services, such as the ability to achieve remote code execution in Glue, leak or manipulate data in SageMaker and launch a denial of service attack in CloudFormation.

While AWS has mitigated the vulnerabilities reported by Aqua Security, researchers said that the attack vector might apply to other AWS services or open-source projects, and end users can take several mitigations to prevent an attack, including defining a policy for the role that’s used or assumed by the service in order to prevent users from accessing buckets, or adding verification steps.

“AWS is aware of this research," according to an AWS spokesperson. "We can confirm that we have fixed this issue, all services are operating as expected, and no customer action is required.”

This story was updated on Aug. 8 with a statement from AWS.

AI and machine learning security expert Gary McGraw joins Dennis Fisher to discuss the concept of data feudalism in LLM foundation models, what the security implications of it are, and whether narrowly focused models may help address these issues.

Threat actors were able to successfully compromise an unnamed internet service provider, poison the DNS responses for targeted organizations and infect their macOS and Windows systems with malware, according to new research from Volexity.

The Chinese espionage group behind the attacks (tracked by various researchers as StormBamboo, Daggerfly or Storm Cloud) is a “highly skilled and aggressive” actor. Researchers with Volexity said they observed several incidents starting in mid-2023 with malware linked back to the threat group. The infection vector in these attacks appeared to be the result of a DNS poisoning attack at the ISP level.

“Volexity determined that StormBamboo was altering DNS query responses for specific domains tied to automatic software update mechanisms,” said Ankur Saini, Paul Rascagneres, Steven Adair and Thomas Lancaster, researchers with Volexity in an analysis on Friday. “StormBamboo appeared to target software that used insecure update mechanisms, such as HTTP, and did not properly validate digital signatures of installers.”

When applications retrieved their updates, malware would be installed. Researchers observed these attacks deploying the previously discovered Macma MacOS backdoor, which has various features like screen capture, audio recording, device fingerprinting and keylogging. Researchers also found MgBot (which they tracked as Pocostick) being spread in the attacks, which is another malware family that the threat group has used in previous attacks. MgBot is a modular framework with various plugins enabling network scanning, information stealing abilities for browsers like Chrome and Firefox and for the QQ chat tool, keylogging, password dumping and other espionage capabilities.

Researchers also observed various post-compromise activities, including the threat group deploying a malicious Google Chrome extension called RELOADEXT. The extension was installed via a custom binary, developed by the attacker, and exfiltrated browser cookies to a threat actor-controlled Google Drive account.

“The variety of malware employed in various campaigns by this threat actor indicates significant effort is invested, with actively supported payloads for not only macOS and Windows, but also network appliances," said researchers.

The attack illustrates how threat actors can leverage DNS poisoning to abuse automatic update methods utilizing HTTP (instead of HTTPS). Another China-based threat actor, called DriftingBamboo, was also seen in 2022 using DNS poisoning attacks after exploiting zero-day flaws in Sophos firewalls (CVE-2022-1040).

StormBamboo has been around for at least a decade and was previously discovered targeting a telecommunications organization in Africa in a 2023 campaign that leveraged the MgBot malware. Most recently, the espionage group has updated its toolset in a number of recent attacks against organizations in Taiwan, as well as a U.S. non-governmental organization in China.

Researchers are warning of an ongoing phishing campaign that leverages Cloudflare Tunnels in order to deliver the Xworm malware. The attack has so far targeted thousands of organizations in the past five months, but it does require “significant” victim interaction in order to be successful.

Attackers delivering malware have previously utilized the Cloudflare Tunnel feature, which is a way to "connect resources to Cloudflare without a publicly routable IP address." TryCloudflare, Cloudflare's free-tier service, allows attackers to create a one-time tunnel without creating an account, and gives them more flexibility in handling their infrastructure and avoiding defenders during attacks.

“The use of Cloudflare tunnels provide the threat actors a way to use temporary infrastructure to scale their operations providing flexibility to build and take down instances in a timely manner,” said Joe Wise and Selena Larson with Proofpoint’s threat research team in a Thursday analysis. “This makes it harder for defenders and traditional security measures such as relying on static blocklists. Temporary Cloudflare instances allow attackers a low-cost method to stage attacks with helper scripts, with limited exposure for detection and takedown efforts.”

The campaign was first seen in February 2024, and researchers said the activity peaked in May through July, with campaign message volumes ranging from hundreds to tens of thousands. Thousands of organizations globally have been targeted, with message lures using the English, French, Spanish and German languages.

The campaign has delivered a number of malware families, including AsyncRAT, VenomRAT, GuLoader and Remcos, but in recent months attackers have almost exclusively delivered Xworm, a RAT with functionalities that range from keylogging to delivering ransomware. Researchers have not yet attributed the campaign to a threat group.

“Threat actor abuse of TryCloudflare tunnels became popular in 2023 and appears to be increasing among cybercriminal threat actors."

The attack starts with messages with URLs or attachments that lead to .URL files. Researchers said that the themes of the lures used in campaign messages have involved business-related topics, including invoices, document requests, package deliveries and taxes. Once executed, the .URL file starts off the attack chain that involves LNK or VBS files, a BAT or CMD file and finally a Python installer package and series of Python scripts leading to the malware execution. The good news is that this attack involves “significant” user interaction in order to be successful: Victims must click on the malicious link, click on multiple files and unzip compressed scripts.

Still, the attack’s use of Cloudflare Tunnels is part of an overall increase in malware delivery via this vector, said researchers.

“Threat actor abuse of TryCloudflare tunnels became popular in 2023 and appears to be increasing among cybercriminal threat actors,” said researchers. “Each use of TryCloudflare Tunnels will generate a random subdomain on trycloudflare[.]com, for example ride-fatal-italic-information[.]trycloudflare[.]com. Traffic to the subdomains is proxied through Cloudflare to the operators’ local server.”

Another notable aspect of the attack is the threat actors’ use of Python scripts, and researchers said that threat actors have bundled the Python libraries and installer with the Python scripts so that the malware can run on hosts that don’t have Python installed.

“Organizations should restrict the use of Python if it is not required for individuals’ job functions,” said researchers. This is not the first-time researchers have observed software packages delivered alongside malware files. In recent months Proofpoint has observed campaigns delivering Java-based malware that bundle a JAR and the Java Runtime Environment (JRE) inside a ZIP to ensure the correct software is installed before executing the downloader or dropper.”

Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch are joined by Brian Donohue to dissect the Black Hat talks they're looking forward to, including sessions with H D Moore, Sherrod DeGrippo, and Moxie Marlinspike, and some talks they can't quite figure out from the titles. Watch a video of the conversation above or listen to the podcast version (MP3 direct download) here.

The APT41 Chinese group has launched a spate of attacks against multiple organizations across various sectors over the past year, and its latest uncovered victim is a Taiwanese government-affiliated research institute, according to new research from Cisco Talos.

The targeted research institute in Taiwan, which was not named in Talos’ Thursday analysis, specializes in computing, and researchers said that “the nature of research and development work carried out by the entity makes it a valuable target for threat actors dedicated to obtaining proprietary and sensitive technologies of interest to them.”

“The activity conducted on the victim endpoint matches the hacking group APT41, alleged by the U.S. government to be comprised of Chinese nationals,” said Joey Chen, Ashley Shen and Vitor Ventura with Cisco Talos in the Thursday post. “Talos assesses with medium confidence that the combined usage of malware, open-source tools and projects, procedures and post-compromise activity matches this group’s usual methods of operation.”

APT41 is known for both state-sponsored espionage activity and financially motivated cybercriminal attacks, making it a somewhat unique group in the broader China-based threat landscape. Researchers with Mandiant recently uncovered a widespread and sustained campaign by the group targeting 10 organizations across the shipping and logistics, media, technology and automotive sectors that were located in Italy, Spain, Taiwan, Thailand, Turkey and the United Kingdom. The slew of attacks is notable because APT41 was able to maintain prolonged access to these organizations since 2023, giving them the ability to steal sensitive data over an extended time.

This latest attack disclosed by Talos researchers also involved prolonged access, and started as early as July 2023. The threat group likely used tools like Cobalt Strike as well as ShadowPad, a modular RAT that is a successor to the PlugX malware and has been leveraged by other Chinese threat groups like Mustang Panda.

“Although there is no new backdoor or hacking tools in this attack, we did find some interesting malware loaders,” said Chen, Shen and Venture. “The threat actor leverages two major backdoors into their infection chains in this campaign, including both shadowPad and Cobalt Strike malware. Those two major backdoors were installed via webshell, reverse shell and RDP by the attacker themselves.”

The attackers also leveraged two other tools in their attacks, including malware called Unmarshal.exe, which targeted a remote code execution flaw (CVE-2018-0824) in Microsoft COM for Windows in order to achieve privilege escalation. The threat group also used Mimikatz to harvest hashes and WebBrowserPassView to scoop up web browser credentials.

“Beside running commands to discover the network, we also observed the ShadowPad sample perform lightweight network scanning to collect the hosts in the network,” said researchers. “To exfiltrate a large number of files from multiple compromised machines, we observed threat actors using 7zip to compress and encrypt the files into an archive and later using backdoors to send the archive to the control and command server.”

APT41 has been notable over the years for other various attacks. In 2022, the group targeted several U.S. state government networks by exploiting the Log4j flaw, for instance. And in 2020, APT41 hit several companies in the banking, defense, technology, and other sectors in at least 20 countries. The group is also known for launching software supply-chain attacks and using compromised digital certificates.

Google is making a significant change to the way that Chrome handles sensitive data on Windows, introducing app-bound encryption in Chrome 127, which enables the browser to encrypt data tied to an application identity.

The move is designed to help break one of the methods that malware such as infostealers and others uses to gain access to sensitive data such as cookies, passwords, and payment data. When present on a system, infostealers often run with the privileges of the logged in user, which allows the malware the opportunity to access sensitive information that user has the right to access. With the change in Chrome 127, this method won’t work because the data will be encrypted through the app-bound encryption method, which ties the ability to decrypt it to the app, rather than the user.

“In Chrome 127 we are introducing a new protection on Windows that improves on the DPAPI by providing Application-Bound (App-Bound) Encryption primitives. Rather than allowing any app running as the logged in user to access this data, Chrome can now encrypt data tied to app identity, similar to how the Keychain operates on macOS,” Will Harris of the Chrome security team said.

“App-Bound Encryption relies on a privileged service to verify the identity of the requesting application. During encryption, the App-Bound Encryption service encodes the app's identity into the encrypted data, and then verifies this is valid when decryption is attempted. If another app on the system tries to decrypt the same data, it will fail.”

This change only applies to cookies in Chrome 127, but Google plans to extend it to other sensitive data in later versions. Passwords, payment data, and other information will gain the same protection in the near future. Even just the protection of cookies in this way is a major step forward for Chrome and a win for users. Cookie theft is a very common problem and a serious risk for users. Right now, Chrome on Windows uses the Windows data protection API to protect sensitive data at rest, but malicious apps running with the user’s privileges can still get to that information.

“Because the App-Bound service is running with system privileges, attackers need to do more than just coax a user into running a malicious app. Now, the malware has to gain system privileges, or inject code into Chrome, something that legitimate software shouldn't be doing. This makes their actions more suspicious to antivirus software – and more likely to be detected,” Harris said.

The encryption key is also bound to the specific machine, so the key can’t be stolen and used in other places.

App-bound encryption is enabled in Chrome 127 for Windows, which is available now.

Microsoft said that a global outage of several Azure and Microsoft 365 services on Tuesday was exacerbated in part by “an error” in its response to a distributed denial-of-service (DDoS) attack.

The company said that the outage impacted a number of Microsoft services, including Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, the Azure portal and Microsoft 365 and Microsoft Purview services. The outage lasted from 11:45 UTC to 19:43 UTC on Tuesday.

While an unspecified “subset of customers” were impacted, the outage was global and reportedly affected a range of industries, from water utilities like Cambridge Water to the HM Courts and Tribunals Service, the UK Ministry of Justice executive agency.

“While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it,” according to Microsoft on its Azure status history page.

The incident led to an unexpected usage spike that “resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, leading to intermittent errors, timeout, and latency spikes,” Microsoft said.

Once the company scoped out the nature of the usage spike, it implemented networking configuration changes that helped mitigate the majority of the impact, and also used a failover process for alternate networking paths.

“We proceeded with an updated mitigation approach, first rolling this out across regions in Asia Pacific and Europe,” according to Microsoft. “After validating that this revised approach successfully eliminated the side effect impacts of the initial mitigation, we rolled it out to regions in the Americas.”

The company said it would complete an internal investigation to better understand the incident, which would be published within 72 hours to share more details.

The incident came almost two weeks after the major global outage, which stemmed from an issue with an update for versions of CrowdStrike’s Falcon EDR product and made Windows machines fail and go into a boot loop state. That outage caused widespread outages for companies and services across the Internet, including banks, airlines, media companies.

UNC4393, which is a threat group primarily known for infecting targets with the Basta ransomware, has over the past year made a major switch in how it gains initial access to victims.

Previously, the threat group almost exclusively relied on existing Qakbot infections for initial access, which were delivered through phishing attacks. However, after the U.S. law enforcement takedown of the Qakbot infrastructure last year, the threat group briefly switched to the DarkGate malware as an initial access loader, before this year turning to a backdoor tracked as SilentNight.

“This most recent surge of SILENTNIGHT activity, beginning earlier this year, has been primarily delivered via malvertising,” said Josh Murchie, Ashley Pearson, Joseph Pisano, Jake Nicastro, Joshua Shilko and Raymond Leong, researchers with Mandiant in a Monday analysis. “This marked a notable shift away from phishing as UNC4393's only known means of initial access.”

Outside of SilentNight, the group has expanded its initial access tactics in other ways. In recent February campaigns, UNC4393 was also seen using stolen credentials and brute-force methods in attacks that both aimed to deploy ransomware or conduct data theft extortion.

SilentNight includes a plug-in framework enabling flexible functionality for attacks, such as screenshot capture capabilities, keylogging, cryptocurrency wallet access and browser manipulation that could allow attackers to target credentials. The backdoor was initially seen in 2019, and then briefly in 2021 for a few months.

Qakbot Takedown Impact

The changes in UNC4393’s initial access vectors show the long-term impacts of the August 2023 takedown of the Qakbot botnet. Qakbot acted as a dropper or installer for many other pieces of malware and ransomware, including ones beyond Basta (also known as Black Basta) like REvil and Conti, and the takedown has had various influences across the threat landscape.

In a report from earlier this year that looked at the impacts of several threat group law enforcement disruptions, for instance, Chainalysis found that the Qakbot takedown did lead to “substantial operational friction” on ransomware group activities, but that they eventually adapted by switching to new malware families. The report found a steep decline in Black Basta ransomware payments around the timeframe of the Qakbot takedown. However, activity appeared to pick up again months later, indicating that threat groups behind Black Basta had pivoted to new malware. Meanwhile, Mandiant researchers said that this year they have seen the victim count for Basta steadily decline between March through July, and “it is plausible that this decline reflects difficulties in obtaining a reliable stream of initial access.”

Genevieve Stark, Mandiant manager of cyber crime analysis for Google Cloud, said that overall, "the professionalization and commoditization of cyber crime underground communities has created resilience, allowing threat actors to seamlessly replace one service/partner with another."

"Since the August 2023 law enforcement takedown, threat actors that have previously distributed QAKBOT have largely shifted to using other malware families or discontinued operations," said Stark. "For example, while we observed limited UNC2500 QAKBOT activity in early 2024, the threat actor has most frequently been deploying PIKABOT. UNC2500 may also be diversifying their operations, given that we have observed May campaigns leading to credential phishing sites and February activity designed to harvest NTLMv2 hashes. Further, while UNC2500 remains active, the volume of their activity has declined. UNC2633, a QAKBOT distribution cluster that was closely affiliated with UNC2500, has seemingly been inactive since the takedown."

Changes to UNC4393 TTPs

Beyond the initial access shifts, UNC4393's changes this year to its tactics, techniques and procedures (TTPs) show the group's adaptability within the cyber crime landscape. The group has transitioned toward more custom malware development as opposed to its previous reliances on publicly available tools, for instance. Overall, Mandiant researchers said they responded to over 40 separate UNC4393 intrusions across 20 industry verticals since 2022 - which is still a small amount of the overall number of victims - 500 - that the ransomware group claims on its leak site to have hit.

“While UNC4393's TTPs and monetization methods remain relatively consistent from previous operations, the group appears to be diversifying its initial access sources,” according to researchers. “Its evolution from opportunistic QAKBOT infections to strategic partnerships with initial access brokers demonstrates a willingness to diversify and optimize its operations.”