Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK
Internet Download Manager (IDM)

Internet Download Manager (IDM)

Push your Internet connection to the limits and cleverly organize or synchronize download processes with this powerful application

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Soni Typing Tutor

Soni Typing Tutor

Improve your typing speed with the help of this approachable application that provides you with a host of exercises as well as tests

FULL VERSION + CRACK

IT News

Jun 19
The social media powerhouse plans to launch a blockchain-based financial network and cryptocurrency in 2020 that will allow users to make purchases or transfer funds with just a couple taps on an app.
Jun 18
MongoDB aims to prevent exposed data stores by encrypting data in a way that makes it useless if compromised.
Jun 18
State of CSS 2019 report details which CSS features and tools developers use, which they don't use, and which they prefer
Jun 18
VMware punched up its data center network virtualization capabilities by announcing it would buy Avi Networks load balancing, analytics and application delivery technology
Jun 18
Report: Mirai tries to hook its tentacles into SD-WAN
Palo Alto Networks' security team says an update of the infamous IoT-focused Mirai software targets enterprise-grade SD-WAN appliances
Jun 14
For years we've been flailing around in the dark after bad patches wreaked havoc on Windows PCs. It often took days, or weeks, to identify bugs based on sporadic reports. The last two months have seen improvement, but there's still a...
Jun 13
Many believe the ban on exporting U.S. technology to Chinese company Huawei could hurt American tech vendors and do little to mitigate supply chain threats.

Categories

Cisco Talos details exceptionally dangerous DNS hijacking attack

Security experts at Cisco Talos have released a report detailing what it calls the "first known case of a domain name registry organization that was compromised for cyber espionage operations."

Talos calls ongoing cyber threat campaign "Sea Turtle" and said that state-sponsored attackers are abusing DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS, Talos stated.

By obtaining control of victims' DNS, the attackers can change or falsify any data on the Internet, illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reported. 

DNS, routinely known as the Internet's phonebook, is part of the global internet infrastructure that translates between familiar names and the numbers computers need to access a website or send an email.

Threat to DNS could spread

At this point Talos says Sea Turtle isn't compromising organizations in the U.S.

"While this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the consequences of this specific campaign, we are concerned that the success of this operation will lead to actors more broadly attacking the global DNS system," Talos stated.  

Talos reports that the ongoing operation likely began as early as January 2017 and has continued through the first quarter of 2019. "Our investigation revealed that approximately 40 different organizations across 13 different countries were compromised during this campaign," Talos stated.  "We assess with high confidence that this activity is being carried out by an advanced, state-sponsored actor that seeks to obtain persistent access to sensitive networks and systems."

Talos says the attackers directing the Sea Turtle campaign show signs of being highly sophisticated and have continued their attacks despite public reports of their activities. In most cases, threat actors typically stop or slow down their activities once their campaigns are publicly revealed suggesting the Sea Turtle actors are unusually brazen and may be difficult to deter going forward, Talos stated.

In January the Departmentn of Homeland Security (DHS) issued an alert about this activity, warning that an attacker could redirect user traffic and obtain valid encryption certificates for an organization's domain names.

At that time the DHS's  Cybersecurity and Infrastructure Security Agency said in its Emergency Directive that it was tracking a series of incidents targeting DNS infrastructure. CISA wrote that it "is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them."

DNS hijacking

CISA said that attackers have managed to intercept and redirect web and mail traffic and could target other networked services. The agency said the attacks start with compromising user credentials of an account that can make changes to DNS records.  Then the attacker alters DNS records, like Address, Mail Exchanger, or Name Server records, replacing the legitimate address of the services with an address the attacker controls.

To achieve their nefarious goals, Talos stated the Sea Turtle accomplices:

Such actions also distinguish Sea Turtle from an earlier DNS exploit known as DNSpionage, which Talos ​reported​ on in November 2018.

Talos noted "with high confidence" that these operations are distinctly different and independent from the operations performed by DNSpionage. 

In that report, Talos said a DNSpionage campaign utilized two fake, malicious websites containing job postings that were used to compromise targets via malicious Microsoft Office documents with embedded macros. The malware supported HTTP and DNS communication with the attackers.

In a separate DNSpionage campaign, the attackers used the same IP address to redirect the DNS of legitimate .gov and private company domains. During each DNS compromise, the actor carefully generated Let's Encrypt certificates for the redirected domains. These certificates provide X.509 certificates for Transport Layer Security (TLS) free of charge to the user, Talos said.

The Sea Turtle campaign gained initial access either by exploiting known vulnerabilities or by sending spear-phishing emails. Talos said it believes the attackers have exploited multiple known common vulnerabilities and exposures (CVEs) to either gain initial access or to move laterally within an affected organization. Talos research further shows the following known exploits of Sea Turtle include:

"As with any initial access involving a sophisticated actor, we believe this list of CVEs to be incomplete," Talos stated. "The actor in question can leverage known vulnerabilities as they encounter a new threat surface. This list only represents the observed behavior of the actor, not their complete capabilities."

Talos says that  the Sea Turtle campaign continues to be highly successful for several reasons. "First, the actors employ a unique approach to gain access to the targeted networks. Most traditional security products such as IDS and IPS systems are not designed to monitor and log DNS requests," Talos stated.  "The threat actors were able to achieve this level of success because the DNS domain space system added security into the equation as an afterthought. Had more ccTLDs implemented security features such as registrar locks, attackers would be unable to redirect the targeted domains."

Talos said the attackers also used previously undisclosed techniques such as certificate impersonation. "This technique was successful in part because the SSL certificates were created to provide confidentiality, not integrity. The attackers stole organizations' SSL certificates associated with security appliances such as [Cisco's Adaptive Security Appliance] to obtain VPN credentials, allowing the actors to gain access to the targeted network, and have long-term persistent  access, Talos stated. 

Cisco Talos DNS attack mitigation strategy

To protect against Sea Turtle, Cisco recommends:

This story, "Cisco Talos details exceptionally dangerous DNS hijacking attack" was originally published by Network World.