The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday released an account of six cyberattacks on industrial control systems that occurred between 2011 and 2016, suggesting that more such attacks may be in the offing. The history is interesting in its specific attribution of the attacks to nation-states: one each to China and Iran, the remaining four to Russia. CISA also updated its alert on a Chinese cyber campaign that targeted pipelines between 2011 and 2013.
Several reports this morning describe research into attack vectors and malicious techniques:
- Intezer describes its detection of a new attack vector hitting Kubernetes clusters through misconfigured Argo Workflows instances.
- Zscaler looks at Joker malware and outlines some of the techniques its operators have used to insinuate their code into apps that make it into the Google Play store and from there infect victims who install the malicious apps. The techniques include using url shorteners, string obfuscation key changes, and abusing the notification process. Joker steals sensitive information from infected devices and typically enrolls users in expensive and unwanted services.
- ReversingLabs describes how an NPM package can be used to introduce vulnerabilities into software supply chains.
- Bitdefender has seen a spike in the wild of a new malware strain, "MosaicLoader," a downloader that can deliver a range of payloads to targets. MosaicLoader propagates by advertising and representing itself as cracked software. Its victims are typically would-be users of pirated software.
Investigation into the Pegasus intercept tool continues with the Guardian's account of alleged corrupt use.