From malware developers targeting child exploiters with ransomware, to major cloud services exposing credentials, learn how digital vigilantes and technological oversights shape online security. Featuring insights on the United Nations’ latest ransomware dilemma, uncover the intricate web of cybersecurity challenges faced globally.
URLs for Reference:
- Malware Dev lures child exploiters into honeytrap to extort them
- AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs
- United Nations agency investigates ransomware attack, data theft
Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/
Logo Design by https://www.zackgraber.com/
Tags: cybersecurity, ransomware, malware, cloud security, digital threats, cyber vigilantes, tech giants, United Nations, cyber attack, data theft, CryptVPN, AWS, Google Cloud, Azure, CLI tools, BleepingComputer, The Hacker News
Search Phrases:
- Cyber vigilante justice malware extortion
- Cloud CLI tools security vulnerabilities
- United Nations cyberattack investigation
- CryptVPN ransomware against child exploiters
- AWS, Google, and Azure CLI tools leaking credentials
- Impact of ransomware on global organizations
- Cybersecurity threats in cloud computing
- Cybersecurity tactics against illegal online activities
- Data breach at United Nations agency
- New trends in cyber threats and digital security
Transcript:
Apr22
Malware developers are now targeting individuals seeking child exploitation material, employing cryptVPN ransomware to extort them by locking their systems and demanding payment, as revealed by Bleeping Computer. What methods are these developers using, and why do I want them to succeed?
Leaky CLI, a vulnerability discovered by Orca in AWS, Google, and Azure CLI tools, is exposing sensitive credentials in build logs, putting countless organizations at risk of cyber attacks. What measures can organizations take to prevent sensitive credentials from being exposed by build logs?
Finally, hackers have infiltrated the United Nations Development Program’s IT systems, stealing sensitive human resources data from its global network dedicated to fighting poverty and inequality.
You’re listening to the Daily Decrypt.
Malware developers are now turning their tactics against individuals seeking child exploitation material, specifically targeting them with ransomware designed to extort money by feigning legal action. This new strain of malware, dubbed CryptVPN, was recently analyzed by Bleeping Computer after a sample was shared with the cybersecurity researcher MalwareHunterTeam.
CryptVPN tricks users into downloading a seemingly harmless software, which then locks the user’s desktop and changes their wallpaper to a menacing ransom note.
The ploy begins with a decoy website that impersonates. Usenet Club, a purported subscription service offering uncensored access to downloadable content from Usenet, which is an established network used for various discussions, which unfortunately also includes illegal content. The site offers several subscription tiers, but the trap is set with the free tier, which requires the installation of the CryptVPN software to access the supposed free content.
Now to be honest, I feel like I don’t even want to give away these clues to any child predators that may be listening. So
I’m going to stop there as far as how the attack works, but
I’m really glad that attackers have found this vector because people who are partaking in illegal activities have a lot to lose and are often pretty scared, you know, unless they’re complete psychopaths. And and so if someone’s able to get
the information or lure people into these websites You know, this reminds me of something that happened to me back in my single days.
And those of you who know me personally can validate the authenticity of this story, but it might sound a little crazy to just an average listener. But swiping on Tinder, matched with someone, they didn’t really want to chat too much, they just wanted to start sending nude photographs.
And I personally, it’s not my thing, but let’s just say I’m not going to unmatch this person for offering. And so nude photographs came through, there was no exchange, but they did ask for photographs of myself, which I was not interested in sending.
And in fact, I wasn’t really interested in pursuing anyone who would just jump in and send nude photographs. So I stopped talking to them. And about a couple of days later, I got a phone call from a Someone claiming to be the police department, saying that they had gotten my number from this girl’s dad, and she’s underage, and now they have
proof that I’ve been sending nude photographs to this underage person. Well, I don’t know. They accused me of that and that never happened. So immediately I knew it was a scan. But let’s just say hypothetically that I had sent pictures to this person. I would be pretty scared receiving this threat. Because my whole life would change, right? If I became a child predator or a sexual predator or whatever it’s called, then like a lot of stuff changes. And at the time I was in the military, so that was the end of my military career or whatever.
So it’s a very similar to that. If you’re doing something wrong. And you get caught in a trap, you’re very likely to pay the ransom. So first of all, don’t mess around with children online. Don’t do illegal sexual things. And you have nothing to worry about with this scam. So please stop doing that. Don’t do that.
And you’ve got nothing to worry about,
it’s been recently unveiled that command line interface tools from the tech giants such as Amazon Web Services and Google Cloud are susceptible to exposing sensitive credentials in the build logs, presenting a substantial security hazard to enterprises. This vulnerability is a Which the cloud security firm Orca has dubbed Leaky CLI, involves certain commands on the Azure CLI, AWS CLI, and Google Cloud CLI that could reveal environment variables. Roy Nizmi, a prominent security researcher, highlights in a report to the Hacker News that, quote, some commands can expose sensitive information in the form of environment variables, which can be collected by adversaries when published by tools such as GitHub Actions.
In response, Microsoft has proactively addressed this security lapse in its November 2023 update, designating it with the CVE identifier 2023 36052, which carries a critical CVSS score of 8.
6 out of 10. Conversely, Amazon and Google view the exposure of environment variables as an anticipated behavior, advising organizations to refrain from storing secrets within these variables. Instead, they recommend using specialized services like AWS Secrets Manager or Google Cloud Secret Manager, which is a great recommendation.
Furthermore, Google has advised users of its CLI tools to employ the dash dash no dash user output enabled option, which prevents the printing of command output to the terminal, thereby mitigating the risk of data leaks. Orca has also identified several instances on GitHub where projects inadvertently leaked access tokens and other sensitive data through continuous integration and deployment tools, including GitHub actions, CircleCI, TravisCI, and CloudBuild, which is always going to be a problem.
Take those. Pull request reviews, seriously.
Nimzy warns, if bad actors get their hands on these environment variables, this could potentially lead to view sensitive information, including credentials, such as passwords, usernames, and keys, which could allow them to access any resources that the repository owners can. He added that CLI commands are by default assumed to be running in a secure environment.
But coupled with CICD pipelines or continuous integration, continuous development, they may pose a security threat. This ongoing issue underscores the critical need for heightened security measures within cloud computing environments. Go out there, get you a new cloud job, my guys.
Finally, the United Nations Development Program, or UNDP, has launched an investigation into a significant cyber attack where intruders compromised its IT systems, resulting in the theft of critical human resources data. So, human resources data sounds It’s pretty benign to me, like, the way that that’s framed seems like nothing, but think about what the data Human Resources has.
It’s the crown jewels. They’ve got your social security number for your W 2 form, they’ve got your previous jobs, they’ve got your address, they’ve got your email address, they’ve got everything. So Human Resources data is nothing to bat an eye at. The agency, which is a cornerstone of the United Nations efforts to combat poverty and inequality worldwide.
Confirmed the breach occurred in late March within the local IT infrastructure for the United Nations.
Following the detection of the breach on March 27th, thanks to a threat intelligence alert, UNDP acted swiftly.
Quote, actions were immediately taken to identify a potential source and contain the effective server as well. As to determine the specifics of the exposed data and who was impacted. The ongoing investigation seeks to fully understand the incident’s nature and scope, as well as its impact on individuals whose information was compromised, but to further complicate some matters, the eight base ransomware gang, a group known for its broad attacks on various industries, claimed responsibility for the data theft.
On the same day as the breach, they added a new entry for UNDP on their dark web leak site. The documents leaked, according to the attackers, contain a huge amount of confidential information, ranging from personal data to financial records and employment contracts. This cyberattack is not the first the United Nations has suffered.
Previous breaches have struck the United Nations Environmental Program and key United Nations networks in Geneva and Vienna, showcasing ongoing vulnerabilities within UNIT systems. Meanwhile, the 8Base group, which claims to target companies neglecting data privacy, continues its surge of attacks, having listed over 350 victims on its data leak site to date.
So if you’re listening and you know your company
is rejecting some data privacy protocols, maybe use this story as incentive to get them to pay more attention to this.
That’s all we got for you today. Happy Monday. Thanks so much for listening. Please head over to our social media accounts, Instagram, Twitter, Twitter. com. Youtube Give us a follow, give us a like, and send us a comment. We’d love to talk.
And we’ll be back tomorrow with some more news.