Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label espionage. Show all posts

Hackers Can Now Intercept HDMI Signals Using Deep Learning

Hackers Can Now Intercept HDMI Signals Using Deep Learning

Secretly intercepting video signals is a very traditional way to do electronic spying, but experts have found a new that puts a frightening twist to it.

A team of experts from Uruguay has found that it's possible to hack electromagnetic radiation from HDMI cables and process the video via AI.

Using deep learning to trace HDMI signals

University of the Republic experts in Montevideo posted their findings on Cornell's ArXiv service. As per the findings, you can train an AI model to interpret minute fluctuations in electromagnetic radiation released from an HDMI cable. “In this work, we address the problem of eavesdropping on digital video displays by analyzing the electromagnetic waves that unintentionally emanate from the cables and connectors, particularly HDMI,” the researchers said.  Despite being a wired standard and digitally encrypted, abundant electromagnetic signals are released from these cables to track without needing direct access.

Detecting and decoding are different, but the experts also found that by pairing an AI model with text recognition software, one can "read" the wireless recorded EM radiation with a surprising 70% accuracy.

It is still distant from a traditional recording, but there's still a 60 percent improvement compared to earlier methods, making it capable of stealing passwords and other sensitive info. One can also do it wirelessly without physical access to attack a computer, from outside a building in real-life situations.

A new method for surveillance

Skimming from wireless electromagnetic signals for spying purposes isn't a new thing. It is a vulnerability called TEMPEST (Transient ElectroMagnetic Pulse Emanation Standard, a very awkward backronym) having links to espionage dating back to World War 2. 

However, because HDMI connections are digital transmissions with some kind of encryption utilizing the HDCP standard, they were not thought to be particularly vulnerable to it. The researchers' AI algorithm-assisted technique of assault (dubbed "Deep-TEMPEST") raises some troubling possibilities.

State-sponsored attacks

According to experts, the system and its related alternatives, are already in use by state-sponsored hackers and industrial espionage threat actors. The advanced nature of the methods and the need to be around the target systems suggest that they won’t cause harm to regular users. However, large businesses or government agencies should be on the lookout, to protect their sensitive data, they should consider EM-shielding measures- especially for the employees and stakeholders working from home. 

“The proposed system is based on widely available Software Defined Radio and is fully open-source, seamlessly integrated into the popular GNU Radio framework. We also share the dataset we generated for training, which comprises both simulated and over 1000 real captures. Finally, we discuss some countermeasures to minimize the potential risk of being eavesdropped by systems designed based on similar principles,” concluded experts in the report.

Surge in Cyber Attacks on German Businesses Costs Billions of Euros

 

Around 80% of targeted firms have fallen victim to data theft, espionage, or sabotage, according to the German digital industry association Bitkom. Cybercrime is on the rise in Germany, with damages estimated to cost the economy €148 billion annually.

Data released by German authorities on Monday indicated a 28% increase in cyberattacks by foreign organizations in 2023, with significant activity from Russia and China.

German Interior Minister Nancy Faeser highlighted the high threat level in cybersecurity while presenting the national report on cybercrime. Bitkom managing director Bernhard Rohleder added that cyberattacks from Russia had doubled in the past two years, and those from China had increased by 50%.

Rohleder also noted that 80% of German companies targeted experienced data theft, espionage, or sabotage, causing financial damages amounting to €148 billion per year. Most of these attacks were attributed to criminal gangs or foreign intelligence services, targeting key infrastructures such as energy supplies, transport, and hospitals.

The motivations behind these cyberattacks vary. Some cybercriminals seek financial gain, while others, including private individuals, are driven by the desire to cause disruption or simply for amusement.

The report’s release comes amidst heightened concerns ahead of the European Parliament elections in June. Earlier this month, Germany accused Russia of launching cyberattacks against its defense and aerospace sectors, as well as members of the Social Democratic Party, in response to Germany's support for Ukraine.

Interior Minister Faeser emphasized Germany’s resilience, stating, "We will not be intimidated by the Russian regime. We will continue to do everything to protect our democracy from Russian cyber actions and we will continue to support Ukraine."

The Mask: A Resilient Espionage Group Returns After a Decade


An APT group that has been missing for over a decade has reappeared in a cyber-espionage campaign aimed at organizations in Latin America and Central Africa.

The Mask’s history

  1. Origins: The Mask first appeared in 2007, operating with stealth and sophistication.
  2. Vanishing Act: In 2013, the group seemingly vanished, leaving behind a trail of cyber-espionage campaigns.
  3. Unique Victims: Over the years, they targeted around 380 unique victims across 31 countries, including major players like the US, UK, France, Germany, China, and Brazil.

About Careto aka The Mask

The gang "Careto" or "The Mask" began operations in 2007 and suddenly vanished in 2013. During that time, the Spanish-speaking threat actor claimed around 380 unique victims in 31 countries, including the United States, the United Kingdom, France, Germany, China, and Brazil.

Kaspersky researchers, who monitored Careto ten years ago and recently discovered new attacks, classified Careto's former victims as government organizations, diplomatic offices and embassies, energy, oil and gas corporations, research institutions, and private equity firms.

Sophisticated Tailored Methods

According to Kaspersky, Careto group actors use specialized tactics to sneak into both victim environments, maintain persistence, and harvest information.

In both attacks, for example, it appears that the attackers got early access using the organization's MDaemon email server, a software that many small and medium-sized enterprises use. According to Kaspersky, the attackers planted a backdoor on the server, giving them control of the network. They used a driver connected with the HitmanPro Alert malware scanner to sustain persistence.

Careto distributed four multi-modular implants on workstations across each victim's network as part of the attack chain, exploiting a previously undisclosed weakness in a security product utilized by both. Kaspersky's analysis did not specify the security product or weakness that Careto is exploiting in its latest operation. However, the company stated that it has provided comprehensive details about Careto's recent attacks, including tactics, strategies, and procedures, in a private APT report for customers.

The implant

The implants, named "FakeHMP," "Careto2," "Goreto," and the "MDaemon implant," allowed the attackers to carry out a variety of harmful acts in the victim environments. According to Kucherin, the MDaemon implant permitted threat actors to conduct initial reconnaissance, extract system configuration information, and execute commands for lateral movement. 

He emphasizes that threat actors use FakeHMP to record microphones and keyloggers and steal confidential papers and login information. Both Careto2 and Goreto perform keylogging and screenshot capture. Careto2 also facilitates file theft, according to Georgy Kucherin, security researcher at Kaspersky.

Implications and lessons

  1. Vigilance Matters: Organizations must remain vigilant even when APTs go silent. The Mask’s resurgence underscores the need for continuous monitoring.
  2. Advanced Techniques: The group’s ability to exploit zero-day vulnerabilities highlights the importance of robust security measures.
  3. Global Reach: The Mask’s diverse victim pool emphasizes that cyber threats transcend borders.

China Caught Deploying Remote Access Trojan Tailored for FortiGate Devices

 

The Military Intelligence and Security Service (MIVD) of the Netherlands has issued a warning regarding the discovery of a new strain of malware believed to be orchestrated by the Chinese government. Named "Coathanger," this persistent and highly elusive malware has been identified as part of a broader political espionage agenda, targeting vulnerabilities in FortiGate devices.

In a recent advisory, MIVD disclosed that Coathanger was employed in espionage activities aimed at the Dutch Ministry of Defense (MOD) in 2023. Investigations into the breach revealed that the malware exploited a known flaw in FortiGate devices, specifically CVE-2022-42475.
Coathanger operates as a second-stage malware and does not exploit any novel vulnerabilities. 
Unlike some malware that relies on new, undisclosed vulnerabilities (zero-day exploits), Coathanger operates as a second-stage malware and does not exploit any novel vulnerabilities. However, the advisory emphasizes that it could potentially be used in conjunction with future vulnerabilities in FortiGate devices.

Described as stealthy and resilient, Coathanger evades detection by concealing itself through sophisticated methods, such as hooking system calls to evade detection. It possesses the capability to survive system reboots and firmware upgrades, making it particularly challenging to eradicate.

According to Dutch authorities, Coathanger is just one component of a larger-scale cyber espionage campaign orchestrated by Chinese state-sponsored threat actors. These actors target various internet-facing edge devices, including firewalls, VPN servers, and email servers.

The advisory issued by Dutch intelligence underscores the aggressive scanning tactics employed by Chinese threat actors, who actively seek out both disclosed and undisclosed vulnerabilities in edge devices. It warns of their rapid exploitation of vulnerabilities, sometimes within the same day they are made public.

Given the popularity of Fortinet devices as cyberattack targets, businesses are urged to prioritize patch management. Recent reports from Fortinet highlighted the discovery of two critical vulnerabilities in its FortiSIEM solution, emphasizing the importance of prompt patching.

To mitigate the risk posed by Coathanger and similar threats, intelligence analysts recommend conducting regular risk assessments on edge devices, restricting internet access on these devices, implementing scheduled logging analysis, and replacing any hardware that is no longer supported.

The Dark Web: A Hidden Menace for Businesses

 

In recent months, the Indian capital's remote region of Nuh has garnered unwanted attention for its transformation into a cybercrime hub, mirroring the notorious Jamtara region. With over 28,000 cybercrime cases spearheaded by unemployed social engineers, Nuh has firmly entrenched itself in the dark web's criminal ecosystem.

Earlier this year, James Roland Jones, a SpaceX engineer operating under the alias "MillionaireMike," admitted to discreetly purchasing personal information and selling insider tips of an anonymous company on the dark web. This incident highlights the pervasiveness of illicit activities on the dark web, a concealed realm of the internet frequently linked to anonymous crimes.

Unlike the conventional web, the dark web evades search engine indexing and remains inaccessible to standard web browsers. Instead, users employ specialized software like Tor (The Onion Router) to navigate its encrypted pathways. Initially developed by the U.S. government for secure communication, the dark web has since morphed into a haven for criminal enterprises.

The 2019 study "Into the Web of Profit" by criminology professor Dr. Michael McGuire from the University of Surrey revealed that cybercrime has evolved into a thriving economy, generating an annual turnover of $1.5 trillion. Alarmingly, the study also uncovered a 20% surge in harmful dark web listings since 2016. Among these listings, a staggering 60% pose a direct threat to businesses. Dr. McGuire identified 12 domains where enterprises face the risk of compromised data or network breaches.

Common Threats Posed by the Dark Web

1. Illicit Data Trade: The dark web serves as a marketplace for stolen personal data, including login credentials, intellectual property, credit card details, and other confidential information. This stolen data fuels malicious activities and identity theft, often sold to the highest bidder.

2. Competitive Intelligence and Espionage: The clandestine nature of the dark web provides a fertile ground for competitors to gather intelligence on each other, often through industrial espionage, where trade secrets and confidential data are illicitly acquired.

3. nsider Threats:The dark web can entice insiders within organizations with financial rewards to reveal confidential information or aid in cyberattacks.

4. Hacking Services: The dark web offers a vast array of hacking services, ranging from customized malware to phishing kits, empowering attackers to execute sophisticated cyberattacks.

5. Operational Data, Network Access Tools, Tutorials, and Keyloggers: These resources are readily available on the dark web, enabling attackers to gather sensitive information, gain unauthorized access to networks, and monitor user activity.

Protecting Your Business from the Dark Web's Shadows

1. Stay Informed: Familiarize yourself with the latest dark web trends and threats to proactively identify potential risks.

2. Implement Robust Cybersecurity Measures: Employ strong passwords, multi-factor authentication, and network security solutions to safeguard your organization's data and systems.

3. Educate Employees: Train employees on cybersecurity best practices, including recognizing phishing attempts and handling sensitive data with care.

4. Engage Cybersecurity Experts: Collaborate with experienced IT professionals to assess your business requirements and develop tailored cybersecurity strategies.

5. Monitor Dark Web Activity: Utilize specialized tools and services to monitor the dark web for mentions of your organization or stolen data related to your business.

By staying vigilant, implementing robust cybersecurity measures, and educating employees, businesses can effectively mitigate the risks posed by the dark web and protect their valuable assets. Remember, knowledge is your shield in the digital realm.