Kaspersky says the group used an HTML-based exploit that’s almost impossible to detect
Following a trail of suspicious digital crumbs left in cloud-based systems across South Asia, Kaspersky Lab’s security researchers have uncovered a steganography-based attack carried out by a cyberespionage group called Platinum. The attack targeted government, military, and diplomatic entities in the region.
Platinum was active years ago, but was since believed to have been disarmed. Kaspersky’s cyber-sleuths, however, now suspect that Platinum might have been operating covertly since 2012, through an “elaborate and thoroughly crafted” campaign that allowed it to go undetected for a long time.
The group’s latest campaign harnessed a classic hacking tool known as steganography. “Steganography is the art of concealing a file of any format or communication in another file in order to deceive unwanted people from discovering the existence of [the hidden] initial file or message,” says Somdip Dey, a U.K.-based computer scientist with a special interest in steganography at the University of Essex and the Samsung R&D Institute.
Post Syndicated from Payal Dhar original https://spectrum.ieee.org/tech-talk/telecom/security/digital-doppelgngers-fool-advanced-antifraud-tech
With traces of a user’s browsing history and online behavior, hackers can build a fake virtual “twin” and use it to log in to a victim’s accounts
As new security technologies shield us from cybercrime, a slew of adversarial technologies match them, step for step. The latest such advance is the rise of digital doppelgängers—virtual entities that mimic real user behaviors authentic enough to fool advanced anti-fraud algorithms.
In February, Kaspersky Lab’s fraud-detection teams busted a darknet marketplace called Genesis that was selling digital identities starting from US $5 and going up to US $200. The price depended on the value of the purchased profile—for example, a digital mask that included a full user profile with bank login information would cost more than just a browser fingerprint.
The masks purchased at Genesis could be used through a browser and proxy connection to mimic a real user’s activity. Coupled with stolen (legitimate) user accounts, the attacker was then free to make new, trusted transactions in their name—including with credit cards.
Kaspersky security researchers described how hackers used software updates to push malware onto victims’ computers
When security researchers at Kaspersky Lab disclosed Operation ShadowHammer in March, they described how attackers tampered with software updates from PC-maker ASUSTeK Computer to install malware on victims’ computers. Now, new details revealed last week indicate the operation was even more insidious—it sabotaged developer tools, an approach that could spread malware much faster and more discreetly than conventional methods.
In ShadowHammer, a sophisticated group of attackers modified an old version of the ASUS Live Update Utility software and pushed out the tampered copy to ASUS computers around the world, said Kaspersky Lab. The Live Update Utility, which comes preinstalled in most new ASUS computers, automatically updates the set of firmware instructions that control the computer’s input and output operations, hardware drivers, and applications. The modified tool, signed with legitimate ASUSTeK certificates and stored on official servers, looked like the real thing. But once it was planted, it gave the attackers the ability to control the computer through a remote server and install additional malware.
ShadowHammer is an “example of how sophisticated and dangerous a smart supply chain attack can be,” said Vitaly Kamluk, Kaspersky’s director of the global research and analysis team.