Cyber Security News 13 September 2019

DHS Warns of North Korean Malware – Wikipedia DDos Attack -Cyber Security in High Demand

Craigslist founder Craig Newmark donated two-million USD to Wikipedia so the site may improve its cyber security defenses. Wikipedia suffered a DDos attack last weekend which caused outages for readers from most of Europe including Italy, Norway, the UK, Germany, Egypt, Belarus, Russia, Greece. Parts of the Middle East were also unable to access the site. The outage began around 19:00 BST on Friday 06 September as hackers pummeled the sites with bot traffic. The cyber attack spiked around 21:00 and again on Saturday morning. A DDos cyber attack is one that overloads servers by swamping it with web traffic and requests for services so quickly that it can no longer function normally and respond to legitimate web traffic.

Heimdel Malware Protection
Heimdel Malware Protection

DHS, FBI, and DoD Warn of North Korean Malware

The US Department of Homeland Security (DHS), the Federal Bureau of Investigations (FBI), and the US Department of Defense (DoD) distributed several Malware Analysis Reports (MAR) warning of malware variants. The MARS warn of three cyber attacks vectors deployed by North Korean Advanced Persistent Threat Group (APT) HIDDENCOBRA and its malicious cyber activities. Malware reports on ELECTRICFISH and BADCALL malwares.

Hacking tools and technical details of North Korean sponsored APT Group HIDDENCOBRA cyber attack vectors are contained in:

    Malware Analysis Report (10135536-21) – North Korean Tunneling Tool: ELECTRICFISH
    Malware Analysis Report (10135536-10) – North Korean Trojan: BADCALL

DHS, FBI, and DoD identified proxy malware variant used by HIDDENCOBRA referred to as ELECTRICFISH. The malware is a malicious Windows 32-bit executable file and is a command-line utility. The goal of ELECTRICFISH is to tunnel traffic between two IP addresses.

DDoS Attack Explained
DDoS Attack Explained

North Korean HIDDEN COBRA hackers are using Trojan malware in conjunction with proxy servers to maintain a connection on compromised networks. Malware Analysis Report (MAR-10135536-10) details a malware variant known as BADCALL.
MAR-10135536-10 provides technical details and analysis for four malicious files. Three files are Windows executables that work as proxy servers using a Fake TLS method like MAR-10135536-B. BADCALL malware collects information about the compromised system including the computer and attached adapters.

An IT career salary report on sates that cyber security research forms are projecting a shortage of one to three million professionals. Cyber security jobs in major cities fetch generous six-figure salaries. Private firms are luring government workers to fil the gap but are challenged to keep up with the shortage of workers.