Apr 30, 2024NewsroomDocker Hub / Supply Chain Attack

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious “imageless” containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks.

“Over four million of the repositories in Docker Hub are imageless and have no content except for the repository documentation,” JFrog security researcher Andrey Polkovnichenko said in a report shared with The Hacker News.

What’s more, the documentation has no connection whatsoever to the container. Instead, it’s a web page that’s designed to lure users into visiting phishing or malware-hosting websites.

Of the 4.79 million imageless Docker Hub repositories uncovered, 3.2 million of them are said to have been used as landing pages to redirect unsuspecting users to fraudulent sites as part of three broad campaigns –

• Downloader (repositories created in the first half of 2021 and September 2023), which advertises links to purported pirated content or cheats for video games but either directly links to malicious sources or a legitimate one that, in turn, contains JavaScript code that redirects to the malicious payload after 500 milliseconds.

• E-book phishing (repositories created in mid-2021), which redirects users searching for e-books to a website (“rd.lesac.ru”) that, in turn, urges them to enter their financial information to download the e-book.

• Website (thousands of repositories created daily from April 2021 to October 2023), which contains a link to an online diary-hosting service called Penzu in some cases.

The payload delivered as part of the downloader campaign is designed to contact a command-and-control (C2) server and transmit system metadata, following which the server responds with a link to cracked software.

On the other hand, the exact goal of the website cluster is currently unclear, with the campaign also propagated on sites that have a lax content moderation policy.

“The most concerning aspect of these three campaigns is that there is not a lot that users can do to protect themselves at the outset, other than exercising caution,” Shachar Menashe, senior director of security research at JFrog, said in a statement shared with The Hacker News.

“We’re essentially looking at a malware playground that in some cases has been three years in the making. These threat actors are highly motivated and are hiding behind the credibility of the Docker Hub name to lure victims.”

With threat actors taking painstaking efforts to poison well known utilities, as evidenced in the case of the XZ Utils compromise, it’s imperative that developers exercise caution when it comes to downloading packages from open-source ecosystems/

“As Murphy’s Law suggests, if something can be exploited by malware developers, it inevitably will be, so we expect that these campaigns can be found in more repositories than just Docker Hub,” Menashe said.

Apr 30, 2024NewsroomMachine Learning / National Security

The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats.

“These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems,” the Department of Homeland Security (DHS) said Monday.

In addition, the agency said it’s working to facilitate safe, responsible, and trustworthy use of the technology in a manner that does not infringe on individuals’ privacy, civil rights, and civil liberties.

The new guidance concerns the use of AI to augment and scale attacks on critical infrastructure, adversarial manipulation of AI systems, and shortcomings in such tools that could result in unintended consequences, necessitating the need for transparency and secure by design practices to evaluate and mitigate AI risks.

Specifically, this spans four different functions such as govern, map, measure, and manage all through the AI lifecycle –

• Establish an organizational culture of AI risk management
• Understand your individual AI use context and risk profile
• Develop systems to assess, analyze, and track AI risks
• Prioritize and act upon AI risks to safety and security

“Critical infrastructure owners and operators should account for their own sector-specific and context-specific use of AI when assessing AI risks and selecting appropriate mitigations,” the agency said.

“Critical infrastructure owners and operators should understand where these dependencies on AI vendors exist and work to share and delineate mitigation responsibilities accordingly.”

The development arrives weeks after the Five Eyes (FVEY) intelligence alliance comprising Australia, Canada, New Zealand, the U.K., and the U.S. released a cybersecurity information sheet noting the careful setup and configuration required for deploying AI systems.

“The rapid adoption, deployment, and use of AI capabilities can make them highly valuable targets for malicious cyber actors,” the governments said.

“Actors, who have historically used data theft of sensitive information and intellectual property to advance their interests, may seek to co-opt deployed AI systems and apply them to malicious ends.”

The recommended best practices include taking steps to secure the deployment environment, review the source of AI models and supply chain security, ensure a robust deployment environment architecture, harden deployment environment configurations, validate the AI system to ensure its integrity, protect model weights, enforce strict access controls, conduct external audits, and implement robust logging.

Earlier this month, the CERT Coordination Center (CERT/CC) detailed a shortcoming in the Keras 2 neural network library that could be exploited by an attacker to trojanize a popular AI model and redistribute it, effectively poisoning the supply chain of dependent applications.

Recent research has found AI systems to be vulnerable to a wide range of prompt injection attacks that induce the AI model to circumvent safety mechanisms and produce harmful outputs.

“Prompt injection attacks through poisoned content are a major security risk because an attacker who does this can potentially issue commands to the AI system as if they were the user,” Microsoft noted in a recent report.

One such technique, dubbed Crescendo, has been described as a multiturn large language model (LLM) jailbreak, which, like Anthropic’s many-shot jailbreaking, tricks the model into generating malicious content by “asking carefully crafted questions or prompts that gradually lead the LLM to a desired outcome, rather than asking for the goal all at once.”

LLM jailbreak prompts have become popular among cybercriminals looking to craft effective phishing lures, even as nation-state actors have begun weaponizing generative AI to orchestrate espionage and influence operations.

Even more concerningly, studies from the University of Illinois Urbana-Champaign has discovered that LLM agents can be put to use to autonomously exploit one-day vulnerabilities in real-world systems simply using their CVE descriptions and “hack websites, performing tasks as complex as blind database schema extraction and SQL injections without human feedback.”

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019.

Cloud security firm Infoblox described the threat actor as likely affiliated with the People’s Republic of China (PRC) with the ability to control the Great Firewall (GFW), which censors access to foreign websites and manipulates internet traffic to and from the country.

The moniker is reference to the “bewildering” nature of their operations and the actor’s abuse of DNS open resolvers – which are DNS servers that accept recursive queries from all IP addresses – to send queries from the Chinese IP space.

“Muddling Meerkat demonstrates a sophisticated understanding of DNS that is uncommon among threat actors today – clearly pointing out that DNS is a powerful weapon leveraged by adversaries,” the company said in a report shared with The Hacker News.

More specifically, it entails triggering DNS queries for mail exchange (MX) and other record types to domains not owned by the actor but which reside under well-known top-level domains such as .com and .org.

Infoblox, which discovered the threat actor from anomalous DNS MX record requests that were sent to its recursive resolvers by customer devices, said it detected over 20 such domains –

4u[.]com, kb[.]com, oao[.]com, od[.]com, boxi[.]com, zc[.]com, s8[.]com, f4[.]com, b6[.]com, p3z[.]com, ob[.]com, eg[.]com, kok[.]com, gogo[.]com, aoa[.]com, gogo[.]com, zbo6[.]com, id[.]com, mv[.]com, nef[.]com, ntl[.]com, tv[.]com, 7ee[.]com, gb[.]com, tunk[.]org, q29[.]org, ni[.]com, tt[.]com, pr[.]com, dec[.]com

“Muddling Meerkat elicits a special kind of fake DNS MX record from the Great Firewall which has never been seen before,” Dr. Renée Burton, vice president of threat intelligence for Infoblox, told The Hacker News. “For this to happen, Muddling Meerkat must have a relationship with the GFW operators.”

“The target domains are the domain used in the queries, so it is not necessarily the target of an attack. It is the domain used to carry out the probe attack. These domains are not owned by Muddling Meerkat.”

It’s known that the GFW relies on what’s called DNS spoofing and tampering to inject fake DNS responses containing random real IP addresses when a request matches a banned keyword or a blocked domain.

In other words, when a user attempts to search for a blocked keyword or phrase, the GFW blocks or redirects the website query in a manner that will prevent the user from accessing the requested information. This is achieved via techniques like DNS cache poisoning or IP address blocking.

This also means that if the GFW detects a query to a blocked website, the sophisticated tool injects a bogus DNS reply with an invalid IP address, or an IP address to a different domain, effectively corrupting the cache of recursive DNS servers located within its borders.

“The most remarkable feature of Muddling Meerkat is the presence of false MX record responses from Chinese IP addresses,” Burton said. “This behavior […] differs from the standard behavior of the GFW.”

“These resolutions are sourced from Chinese IP addresses that do not host DNS services and contain false answers, consistent with the GFW. However, unlike the known behavior of the GFW, Muddling Meerkat MX responses include not IPv4 addresses but properly formatted MX resource records instead.”

The exact motivation behind the multi-year activity is unclear, although it raised the possibility that it may be undertaken as part of an internet mapping effort or research of some kind.

“Muddling Meerkat is a Chinese nation-state actor performing deliberate and highly skilled DNS operations against global networks on an almost daily basis – and the full scope of their operation can not be seen in any one location,” Burton said.

“Malware is easier than DNS in this sense – once you locate the malware, it is straightforward to understand it. Here, we know something is happening, but don’t understand it fully. CISA, the FBI, and other agencies continue to warn of Chinese prepositioning operations that are undetected. We should be worried about anything we can’t fully see or understand.”

Apr 29, 2024NewsroomMobile Security / Hacking

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year.

The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations.

“In 2023, we prevented 2.28 million policy-violating apps from being published on Google Play in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes,” Google’s Steve Kafka, Khawaja Shams, and Mohet Saxena said.

“To help safeguard user privacy at scale, we partnered with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over 31 SDKs impacting 790K+ apps.”

In comparison, Google fended off 1.43 million bad apps from being published to the Play Store in 2022, alongside banning 173,000 bad accounts over the same time period.

In addition, the Mountain View-based firm said it strengthened its developer onboarding and review processes, requiring them to furnish more identity information and complete a verification process when setting up their Play Console developer accounts.

This, the company noted, enables it to better understand the developer community and root out bad actors from gaming the system to propagate malicious apps.

The development comes as Google is taking a series of steps to secure the Android ecosystem. Last November, it moved the App Defense Alliance (ADA), which it launched in November 2019, under the Linux Foundation umbrella, with Meta and Microsoft joining as the founding steering members.

Around the same time, the company also rolled out real-time scanning at the code level to tackle novel Android malware and an “Independent security review” badge in the Play Store’s Data safety section for VPN apps that have undergone a Mobile Application Security Assessment (MASA) audit.

On the user-facing side of things, Google has also taken the step of taking down approximately 1.5 million applications from the Play Store that do not target the most recent APIs.

Google’s ongoing fight to tackle malicious actors on Android coincides with a lawsuit filed by the company in the U.S. against two China-based fraudsters who are alleged to have engaged in an international online consumer investment fraud scheme and tricked users into downloading fake apps from the Play Store and other sources and ultimately stealing their funds.

Apr 28, 2024NewsroomCredential Stuffing / Data Breach

Identity and access management (IAM) services provider Okta has warned of a spike in the “frequency and scale” of credential stuffing attacks aimed at online services.

These unprecedented attacks, observed over the last month, are said to be facilitated by “the broad availability of residential proxy services, lists of previously stolen credentials (‘combo lists’), and scripting tools,” the company said in an alert published Saturday.

The findings build on a recent advisory from Cisco, which cautioned of a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024.

“These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies,” Talos noted at the time, adding targets of the attacks comprise VPN appliances from Cisco, Check Point, Fortinet, SonicWall, as well as routers from Draytek, MikroTik, and Ubiquiti.

Okta said its Identity Threat Research detected an uptick in credential stuffing activity against user accounts from April 19 to April 26, 2024, from likely similar infrastructure.

Credential stuffing is a type of cyber attack in which credentials obtained from a data breach on one service are used to attempt to sign in to another unrelated service.

Alternatively, such credentials could be extracted via phishing attacks that redirect victims to credential harvesting pages or through malware campaigns that install information stealers on compromised systems.

“All recent attacks we have observed share one feature in common: they rely on requests being routed through anonymizing services such as TOR,” Okta said.

“Millions of the requests were also routed through a variety of residential proxies including NSOCKS, Luminati, and DataImpulse.”

Residential proxies (RESIPs) refer to networks of legitimate user devices that are misused to route traffic on behalf of paying subscribers without their knowledge or consent, thereby allowing threat actors to conceal their malicious traffic.

This is typically achieved by installing proxyware tools on computers, mobile phones, or routers, effectively enrolling them into a botnet that’s then rented to customers of the service who desire to anonymize the source of their traffic.

“Sometimes a user device is enrolled in a proxy network because the user consciously chooses to download ‘proxyware’ into their device in exchange for payment or something else of value,” Okta explained.

“At other times, a user device is infected with malware without the user’s knowledge and becomes enrolled in what we would typically describe as a botnet.”

Last month, HUMAN’s Satori Threat Intelligence team revealed over two dozen malicious Android VPN apps that turn mobile devices into RESIPs by means of an embedded software development kit (SDK) that included the proxyware functionality.

“The net sum of this activity is that most of the traffic in these credential stuffing attacks appear to originate from the mobile devices and browsers of everyday users, rather than from the IP space of VPS providers,” Okta said.

To mitigate the risk of account takeovers, the company is recommending that organizations enforce users to switch to strong passwords, enable two-factor authentication (2FA), deny requests originating from locations where they don’t operate and IP addresses with poor reputation, and add support for passkeys.