Elasticsearch Crypto-Miner Sinkholes the Competition

Infosecurity Magazine | March 14, 2019

Elasticsearch Crypto-Miner Sinkholes the Competition
Researchers have discovered a new crypto-mining campaign targeting Elasticsearch instances which contains sinkholing capabilities to squash any competing miners. The aptly named “CryptoSink” malware campaign exploits an Elasticsearch vulnerability from 2014 (CVE-2014-3120) to mine cryptocurrency in Windows and Linux environments, according to F5’s Andrey Shalnev and Maxim Zavodchik. At the time of the research, just one of the three hard-coded C&C domains was operational, resolving to a server located in China. However, most interesting was the way it finds and kills any competing crypto-mining malware on the same host. Typically, attackers do this by scanning running processes to find known malware names, or else looking to see which processes are consuming the most CPU. In this case, the malware dropper introduces a more sophisticated tactic to paralyze competitors who survive the initial purge. We’ve called it ‘CryptoSink’ because it sinkholes the outgoing traffic that is normally directed at popular cryptocurrency pools and redirects it to localhost (127.0.0.1) instead,” F5 explained.

Spotlight

Cyber criminals can steal your personal information by tricking you with fraudulent emails. Security Awareness.

Related News

DATA SECURITY

Aviation ISAC to Partner with Cyware for Expanding Automated Response Capabilities and Threat Intelligence Sharing

Cyware | June 28, 2021

Cyware, the well-known and the only Virtual Cyber Fusion Platform provider of the industry, has announced their strategic partnership with A-ISAC (Aviation Information and Analysis Center) to make them and its members timely respond to threat intelligence. This partnership will enable members of A-ISAC to run end-to-end security automation, incident response programs, and threat hunting more efficiently leveraging Cyware’s Cyber Fusion platform. A-ISAC, the global consortium for cybersecurity information, shares cybersecurity information across the aviation sector. It was founded by seven global aviation companies in 2014. It was established itself for the global aviation community as the trusted point of coordination related cyber threats. In the aviation industry, A-ISAC can get help from Cyware for collecting and sharing alerts on the changing threat intelligence and landscape around specific attacks. With Threat Intelligence Exchange (CTIX) and Situation Awareness Platform (CSAP) of Cyware, members of A-ISAC can automatically share threat intelligence such as malware alerts, indicators of compromise (IOCs), security incidents, phishing, vulnerability advisories, and spear phishing attacks among its global aviation community. About Cyware Cyware is a company that helps enterprise cybersecurity teams for building various platform-agnostic virtual cyber fusion centers. Security operations are transformed by Cyware is using the only Virtual Cyber Fusion Center Platform of cybersecurity industry with next-generation security orchestration, automation, and response (SOAR) technology. It help organizations increase accuracy and speed. About the Aviation ISAC The Aviation ISAC, a worldwide, non-profit membership association, was created to help the timely exchange of susceptibilities, best practices, and threat intelligence to decrease operational hazards and offer the resources for reliable sharing and qualified exchange. It has members on five continents. Vision of ISAC is an efficient, safe, secure, and resilient international air transportation system.

Read More

DATA SECURITY

Upstream Security Recognized by Frost & Sullivan for Its Contribution to the Automobile Industry

Upstream | August 12, 2021

Upstream Security, provider of a cloud-based mobility cybersecurity and data analytics platform, which is purpose-built for connected vehicles and smart mobility services, announced today that it was selected to receive the 2021 Europe Technology Innovation Leadership Award from leading research group Frost & Sullivan. Following a rigorous process of analysis, consisting of multiple vendor evaluations across various criteria, Frost & Sullivan acknowledged Upstream Security for its visionary outlook and outstanding achievements in developing growth strategies that effectively address new challenges and opportunities in the connected vehicle analytics and cybersecurity space. In its detailed report, Frost & Sullivan noted that Upstream's ability to leverage data, analytics, and cybersecurity technologies helps customers achieve best-in-class vehicle security, higher reliability, and substantial financial savings. Specifically, the following are some of Upstream's values highlighted in the report: ● Unparalleled cybersecurity: Equips original equipment manufacturers (OEMs) with a powerful combination of intrusion prevention and detection systems for automotive telematics protocols, coupled with machine learning algorithms accustomed to fleet and driver behavior. ● Vehicle Security Operations Center (VSOC) integration: Enables both automotive cybersecurity detection and additional non-cyber smart-mobility use cases for deep, contextually rich investigation of automotive related incidents. ● Regulatory compliance: Ensures compliance with UNECE WP.29 (R155). ● Full visibility and flexibility: Provides fleet-wide visibility through analytical tools and real-time actionable insights into fleet health and vehicle activities. ● User-friendly and customizable: Offers a dashboard with crucial insights that enable clients to identify cyber risks in real time, in addition to both pre-built and customizable security policies. Tonya Fowler, Global Research Vice President of Best Practices Recognition at Frost & Sullivan, summarized the company's key contributions to the industry: "Upstream Security has quickly developed an excellent reputation by developing an industry leading cloud-based centralized cybersecurity platform that enables clients to safeguard the technologies and applications of connected and autonomous vehicles via application of big data and Machine Learning." Oded Yarkoni, VP Marketing at Upstream Security, explained the visionary strategy that helped the company clinch this prestigious award: "With vehicles becoming more connected and autonomous, the automotive industry must continually evolve and outpace new risks previously only experienced by the IT industry. At the same time, there is a huge opportunity for car manufacturers, insurers, and the whole industry to better serve and protect drivers while improving operational excellence and financial performance. Upstream Security is at the forefront of this new world, enabling its customers to harness the wealth of information to deliver better results. "We are proud to be recognized for this leadership by Frost & Sullivan, and to continue our mission to become the provider of choice for cybersecurity and data analytics to the connected vehicle industry." More insights about the award selection process and Upstream Security's technology are detailed in the report published by Frost & Sullivan. About Upstream Security Upstream unlocks the value of mobility data through a purpose-built, cloud-based cybersecurity and data analytics platform. The Upstream platform and its pre-built and customizable applications leverage existing mobility data feeds for multiple use cases, including cybersecurity, predictive maintenance, insurance, business intelligence, data quality validation and more. Utilizing data normalization and cleansing; digital twin profiling; artificial intelligence (AI)-powered anomaly detection; and built-in mobility intelligence from AutoThreat® Intelligence, the industry's first mobility-specific threat intelligence and risk assessment solution, Upstream provides unparalleled cybersecurity and data-driven actionable insights that are readily available and seamlessly integrated into the customer's environment. Upstream is privately funded by Mitsui Sumitomo Insurance, Alliance Ventures (Renault, Nissan, and Mitsubishi), Volvo Group, Hyundai, Nationwide Insurance, Salesforce Ventures, CRV, Glilot Capital Partners, and Maniv Mobility. About Frost & Sullivan Frost & Sullivan, the Growth Partnership Company, collaborates with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today's market participants. For more than 50 years, Frost & Sullivan has been developing growth strategies for the Global 1000, emerging businesses, the public sector, and the investment community.

Read More

NETWORK THREAT DETECTION

BlackCloak Unveils New Deception Technology to Catch Cyberattacks Targeting Executives & High-Profile Individuals

BlackCloak | November 16, 2021

BlackCloak, Inc., the first Concierge Cybersecurity & Privacy™ Protection Platform for Executives and High-Profile Individuals, today officially unveiled proprietary deception technology to catch adversaries' brazen attempts to exploit a member's privacy, personal devices, or home networks. Commonly referred to as a honeypot, BlackCloak's deception technology lures attackers interacting with a service by simulating a real-world home network. Cybercriminals and advanced attackers will then be enticed by the potential data that appears within their reach. Once the attack is detected, BlackCloak's deception technology automatically alerts the company's Security Operations Center (SOC) to investigate and intervene before damage is done. "Our members are increasingly exposed to sophisticated cyberattacks. Hackers are diversifying their preferred attack vectors beyond corporations and supply chain partners to include executives, high-net-worth individuals and high-profile individuals, many of whom have easily exploitable vulnerabilities in their personal digital lives,Advanced deception technology increases our ability to proactively detect, mitigate, and respond to threats before they manifest. It is the perfect complement to BlackCloak's other concierge cybersecurity and privacy services." Dr. Chris Pierson, BlackCloak Founder & CEO BlackCloak's deception engine, which has been live with existing customers since earlier this year, has already spotted suspicious activity within home environments. The leader in digital executive protection is the first cybersecurity and privacy company to deliver enterprise-grade honeypot technology to consumers. "BlackCloak's design and implementation of deception technology into the personal lives of corporate executives further strengthens their concierge platform," said Bob Ackerman, Co-Founder of DataTribe. "The ability to know an adversary might be lurking inside the footprint of their digital home independent of other common controls is game changing." BlackCloak is a leader in digital executive protection on a mission to protect digital lives. To do so, the company is engineering a holistic, SaaS-based cybersecurity & privacy platform with a concierge experience. BlackCloak works with real people to safeguard their personal and corporate reputation, finances, and information using technology that secures their homes, devices, and online presence. Focusing on high-profile individuals with limited time and a lot to lose, BlackCloak makes sure everything they do is frictionless and discreet. About BlackCloak BlackCloak protects corporate executives and high-profile individuals from cybersecurity, privacy, financial, and other reputational risks. Used by Fortune 500 companies across all industries, the BlackCloak Concierge Cybersecurity & Privacy™ Platform is a holistic solution including mobile and desktop apps as well as concierge support. Executives and high-profile individuals get peace of mind knowing their family, reputation, and finances are secured. Companies rest assured that their brand, intellectual property, data, and finances are protected against threats coming through executives without having to invade their personal lives.

Read More

Spotlight

Cyber criminals can steal your personal information by tricking you with fraudulent emails. Security Awareness.