Cybersecurity Comes under Scanner as Google Chrome Users Hit by Spyware Campaign

Google | June 19, 2020

  • A newly discovered spyware effort attacked users through 32-million downloads of extensions to Google’s market-leading Chrome web browser.

  • Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.

  • The extensions were designed to avoid detection by antivirus companies or security software that evaluates the reputations of web domains.


A newly discovered spyware effort attacked users through 32-million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security said, highlighting the tech industry’s failure to protect browsers as they are used more for e-mail, payroll and other sensitive functions. Alphabet’s Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers in May.


When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses, Google spokesperson Scott Westover said. Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.



Read more: 65% OF PHISHING THREATS FACING REMOTE WORKERS IMPERSONATE GOOGLE-BRANDED WEBSITES

When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.

~ Google spokesperson Scott Westover said


Based on the number of downloads, it was the most far-reaching malicious Chrome store campaign to date, said Awake co-founder and chief scientist Gary Golomb. Google declined to discuss how the latest spyware compared with prior campaigns, the breadth of the damage, or why it did not detect and remove the bad extensions on its own despite past promises to supervise offerings more closely.


It is unclear who was behind the effort to distribute the malware. Awake said the developers supplied fake contact information when they submitted the extensions to Google.“Anything that gets you into somebody’s browser or e-mail or other sensitive areas would be a target for national espionage as well as organised crime,” said former National Security Agency engineer Ben Johnson, who founded security companies Carbon Black and Obsidian Security.


We do regular sweeps to find extensions using similar techniques, code and behaviours,” Google’s Westover said, in identical language to what Google gave out after Duo’s report.


The extensions were designed to avoid detection by antivirus companies or security software that evaluates the reputations of web domains, Golomb said. If someone used the browser to surf the web on a home computer, it would connect to a series of websites and transmit information, the researchers found. Anyone using a corporate network, which would include security services, would not transmit the sensitive information or even reach the malicious versions of the websites. All of the domains in question, more than 15,000 linked to each other in total, were bought from a small registrar in Israel, Galcomm, known formally as CommuniGal Communication.


In an e-mail exchange, Galcomm owner Moshe Fogel told Reuters his company had done nothing wrong. “Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel wrote. “You can say exactly the opposite, we co-operate with law enforcement and security bodies to prevent as much as we can.” Fogel said there was no record of the inquiries Golomb said he made in April and again in May to the company’s e-mail address for reporting abusive behaviour, and he asked for a list of suspect domains. Reuters sent him that list three times without getting a substantive response. The Internet Corp for Assigned Names and Numbers, which oversees registrars, said it had received few complaints about Galcomm over the years, and none about malware.


Read more: LEVERAGING THREAT INTELLIGENCE TO TACKLE CYBERTHREATS IN TIMES OF COVID-19

Spotlight

For media companies, the over-the-top (OTT) content opportunity is larger than ever and is projected to continue its rapid growth in the coming years as more viewers are “cutting the cord” and consuming their TV over the Internet. These organizations have the opportunity to not only replace traditional TV, but to provide a better-than-TV experience through personalization and other online-based innovations. In order to take advantage of this tremendous opportunity, broadcasters and OTT providers need to deliver flawless, uninterrupted viewing experiences to each and every one of their viewers. A key part of delivering that viewer experience will be securing it; not only the content itself, but perhaps more importantly, your applications, sites, and data, as the amount of cyber-attacks continues to grow.

Spotlight

For media companies, the over-the-top (OTT) content opportunity is larger than ever and is projected to continue its rapid growth in the coming years as more viewers are “cutting the cord” and consuming their TV over the Internet. These organizations have the opportunity to not only replace traditional TV, but to provide a better-than-TV experience through personalization and other online-based innovations. In order to take advantage of this tremendous opportunity, broadcasters and OTT providers need to deliver flawless, uninterrupted viewing experiences to each and every one of their viewers. A key part of delivering that viewer experience will be securing it; not only the content itself, but perhaps more importantly, your applications, sites, and data, as the amount of cyber-attacks continues to grow.

Related News

PLATFORM SECURITY

ReliaQuest GreyMatter joins Microsoft Intelligent Security Association

ReliaQuest | June 17, 2022

ReliaQuest, a security operations force enhancer, announced today that it has joined the Microsoft Intelligent Security Association (MISA). MISA is an ecosystem of independent software manufacturers and managed security service providers that have linked their products to better guard against an ever-increasing number of threats. "With digital transformation driving migration to Microsoft Azure, it becomes even more critical to have a unified view across an organization’s security infrastructure. Now, with added support for Microsoft Sentinel, Microsoft 365 and Microsoft Defender for Endpoint, ReliaQuest GreyMatter extends visibility across the Microsoft ecosystem. GreyMatter unifies detection, investigation and response to drive security effectiveness and cyber resilience, while allowing the customer to integrate Microsoft Security products at the pace that best suits their organization.” Brian Foster, ReliaQuest Chief Product Officer This partnership makes it simple for Microsoft clients to ingest data and automate activities across any vendor solution, whether on-premises or in one or more clouds. GreyMatter, in conjunction with extensive security operations knowledge, accelerates threat detection and response. This improves the efficiency of current investments, such as the correlation capabilities of Microsoft Sentinel and Microsoft Defender for Endpoint. GreyMatter contextualizes threat research, aggregate customer knowledge, more than 40 open source and commercial security data sources to build a complete, actionable picture of present and upcoming risks. ReliaQuest will continue investing in GreyMatter's integration capabilities with the Microsoft 365 security suite, extending the ReliaQuest aim to "Make Security Possible." Rob Lefferts, Corporate Vice President, Microsoft Defender said that, “Microsoft Intelligent Security Association members, like ReliaQuest, leverage Microsoft’s security products to better defend against cyber security threats with identity and access management, threat protection, information protection and security management.”

Read More

PLATFORM SECURITY

Uptycs Unveils Advanced Container and Kubernetes Capabilities

Uptycs | May 27, 2022

Uptycs, the first cloud-native security analytics platform that enables both cloud and endpoint security from a single platform, today unveiled expanded container and Kubernetes security posture management (KSPM) features for its cloud workload protection platform (CWPP). These features enable real-time identification of containerized workloads, proactive scanning of container images in the CI/CD pipeline, constant compliance monitoring, and Kubernetes security policy audit and enforcement. According to Gartner, by 2026, over 90% of the world's enterprises will be operating containerized apps in production, up from less than 40% currently. Businesses, on the other hand, struggle to manage and maintain these transitory assets. Misconfigurations in the control plane and insecure policies at the single container layer are used by attackers to escalate permissions, conduct container escapes, and compromise nodes for executing code. "Organizations are rapidly scaling their Kubernetes environments and seeing tremendous gains in optimization, availability, and developer productivity, but too often Security teams are left playing catch up. With telemetry from Kubernetes systems supported by our analytics platform, Security teams know immediately what resources they have and the security posture of those resources—across public and private clouds, scaling to tens of thousands of pods. Combined with our industry-leading container security capabilities, this gives Security teams confidence that they have the proper controls in place to minimize risk while enabling innovation." Ganesh Pai, CEO and Co-founder of Uptycs Uptycs offers both fully managed (AWS EKS, Azure AKS, Google GKE) and self-managed Kubernetes environments, such as VMware Tanzu and Google Anthos. Uptycs contains a range of container runtimes (Docker, containerd, CRI-O). The latest KSPM capabilities offered by the Uptycs platform are now readily accessible and will be shown at the 2022 RSA Conference (booth #435) from June 6-9. Learn more about the Uptycs container and Kubernetes security service by visiting the Uptycs blog.

Read More

NETWORK THREAT DETECTION

JMP Securities Recognizes Contrast Security as an Elite 80 Cybersecurity Company

Contrast Security | June 20, 2022

Contrast Security announced that it has been recognized for the fourth year to the JMP Securities Elite 80, a list of the hottest, most fascinating, most strategically positioned privately-owned cybersecurity and IT infrastructure firms. The eighth annual JMP Securities Elite 80 study includes not just technological industry leaders but also the future giants of the cybersecurity and IT infrastructure industries. Contrast was recognized as an Elite 80 company for its Contrast Secure Code Platform, accelerating innovation speed. It moves secure code across the application development pipeline and constantly safeguards applications throughout the entire software lifecycle. As a result, Contrast is relied upon by many of the world's foremost corporate and public companies to secure their apps in development and extend protection to the cloud and on-premises applications in production. "Being named a JMP Elite 80 company for the fourth consecutive year is validation that our technology is very unique and in high demand. Our platform provides actionable findings that developers can use to find code vulnerabilities, remediate them quickly and then ship business critical software that is safe from ongoing cyber attacks." Alan Naumann, Chief Executive Officer at Contrast Security The JMP Elite 80 report states, "One clear data point validating our thesis that now is the time for new vendors to emerge is the funding environment, as venture capital and private equity investors dramatically stepped up their investing in 2021. More specifically, the companies in our Elite 80 report raised almost $7 billion in 2021, whereas the Elite 80 raised $3 billion in 2020, which was the prior record. Those vendors that are astute enough to recognize the opportunity at hand and that can capitalize on differentiated technologies not only position themselves to survive the pandemic but are in position to become dominant market leaders." It is time to cease distributing software with significant security flaws. The Contrast Protect Code Platform provides 10x quicker scan times, 3x more accurate results, and 45x faster defect resolution, enabling developers to secure their code as they write it.

Read More