Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
iMyFone LockWiper

iMyFone LockWiper

Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it again

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK
Internet Download Manager (IDM)

Internet Download Manager (IDM)

Push your Internet connection to the limits and cleverly organize or synchronize download processes with this powerful application

FULL VERSION + CRACK

IT News

Sep 23
Under regulatory pressure, a large number of pharmaceutical manufacturers, shippers and wholesalers are adopting blockchain to track and trace prescription drugs.
Sep 23
Autonomous Linux, digital assistants, and closer work with Microsoft, VMware and others were among the highlights from this year's conference.
Sep 23
The senator believes Chinese companies will be required to aid surveillance of the US, especially as 5G networks roll out.
Sep 20
Decommissioning a data center is lot more complicated than shutting down servers and switches. Here's what you should keep in mind.
Sep 20
The world's fourth-largest bank said cryptocurrency will allow near real-time money movement and cut out settlement middlemen, thus reducing costs from fees.
Sep 20
Researchers gained access to a Smominru command-and-control server to get details on compromised devices and scope of the attack.
Sep 19
Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.

Categories

Cisco Talos details exceptionally dangerous DNS hijacking attack

Security experts at Cisco Talos have released a report detailing what it calls the "first known case of a domain name registry organization that was compromised for cyber espionage operations."

Talos calls ongoing cyber threat campaign "Sea Turtle" and said that state-sponsored attackers are abusing DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS, Talos stated.

By obtaining control of victims' DNS, the attackers can change or falsify any data on the Internet, illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reported. 

DNS, routinely known as the Internet's phonebook, is part of the global internet infrastructure that translates between familiar names and the numbers computers need to access a website or send an email.

Threat to DNS could spread

At this point Talos says Sea Turtle isn't compromising organizations in the U.S.

"While this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the consequences of this specific campaign, we are concerned that the success of this operation will lead to actors more broadly attacking the global DNS system," Talos stated.  

Talos reports that the ongoing operation likely began as early as January 2017 and has continued through the first quarter of 2019. "Our investigation revealed that approximately 40 different organizations across 13 different countries were compromised during this campaign," Talos stated.  "We assess with high confidence that this activity is being carried out by an advanced, state-sponsored actor that seeks to obtain persistent access to sensitive networks and systems."

Talos says the attackers directing the Sea Turtle campaign show signs of being highly sophisticated and have continued their attacks despite public reports of their activities. In most cases, threat actors typically stop or slow down their activities once their campaigns are publicly revealed suggesting the Sea Turtle actors are unusually brazen and may be difficult to deter going forward, Talos stated.

In January the Departmentn of Homeland Security (DHS) issued an alert about this activity, warning that an attacker could redirect user traffic and obtain valid encryption certificates for an organization's domain names.

At that time the DHS's  Cybersecurity and Infrastructure Security Agency said in its Emergency Directive that it was tracking a series of incidents targeting DNS infrastructure. CISA wrote that it "is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them."

DNS hijacking

CISA said that attackers have managed to intercept and redirect web and mail traffic and could target other networked services. The agency said the attacks start with compromising user credentials of an account that can make changes to DNS records.  Then the attacker alters DNS records, like Address, Mail Exchanger, or Name Server records, replacing the legitimate address of the services with an address the attacker controls.

To achieve their nefarious goals, Talos stated the Sea Turtle accomplices:

Such actions also distinguish Sea Turtle from an earlier DNS exploit known as DNSpionage, which Talos ​reported​ on in November 2018.

Talos noted "with high confidence" that these operations are distinctly different and independent from the operations performed by DNSpionage. 

In that report, Talos said a DNSpionage campaign utilized two fake, malicious websites containing job postings that were used to compromise targets via malicious Microsoft Office documents with embedded macros. The malware supported HTTP and DNS communication with the attackers.

In a separate DNSpionage campaign, the attackers used the same IP address to redirect the DNS of legitimate .gov and private company domains. During each DNS compromise, the actor carefully generated Let's Encrypt certificates for the redirected domains. These certificates provide X.509 certificates for Transport Layer Security (TLS) free of charge to the user, Talos said.

The Sea Turtle campaign gained initial access either by exploiting known vulnerabilities or by sending spear-phishing emails. Talos said it believes the attackers have exploited multiple known common vulnerabilities and exposures (CVEs) to either gain initial access or to move laterally within an affected organization. Talos research further shows the following known exploits of Sea Turtle include:

"As with any initial access involving a sophisticated actor, we believe this list of CVEs to be incomplete," Talos stated. "The actor in question can leverage known vulnerabilities as they encounter a new threat surface. This list only represents the observed behavior of the actor, not their complete capabilities."

Talos says that  the Sea Turtle campaign continues to be highly successful for several reasons. "First, the actors employ a unique approach to gain access to the targeted networks. Most traditional security products such as IDS and IPS systems are not designed to monitor and log DNS requests," Talos stated.  "The threat actors were able to achieve this level of success because the DNS domain space system added security into the equation as an afterthought. Had more ccTLDs implemented security features such as registrar locks, attackers would be unable to redirect the targeted domains."

Talos said the attackers also used previously undisclosed techniques such as certificate impersonation. "This technique was successful in part because the SSL certificates were created to provide confidentiality, not integrity. The attackers stole organizations' SSL certificates associated with security appliances such as [Cisco's Adaptive Security Appliance] to obtain VPN credentials, allowing the actors to gain access to the targeted network, and have long-term persistent  access, Talos stated. 

Cisco Talos DNS attack mitigation strategy

To protect against Sea Turtle, Cisco recommends:

This story, "Cisco Talos details exceptionally dangerous DNS hijacking attack" was originally published by Network World.