Members

Blog Posts

Winning with a Process Lottery Methods and Pc software

Posted by Khalid Shaikh on November 5, 2024 at 6:53am 0 Comments

Lottery, a game title of opportunity that has captivated the creativity of men and women for ages, is just a fascinating and complicated phenomenon. At their core, the lottery presents a distinctive mixture of wish, prospect, and uncertainty. Participants, enticed by the prospect of life-changing riches, buy passes bearing mathematical combinations that contain the offer of economic liberation. As the chances of earning are notoriously slim, the desire of defying those chances keeps thousands… Continue
The estimated number of published OT vulnerabilities that are actuality exploitable varies. A survey by researchers from Virginia Tech and other research institutes estimating that “5.5% of all 100,000+ vulnerabilities contained in the National Vulnerability Database have been exploited in the wild. Ttp Tactics Techniques and Procedures

The European Union Agency for Cybersecurity (ENISA) claims that “at least 8.65% of vulnerabilities are exploitable… this number is expected to be higher due to zero-day exploits and the incompleteness of the datasets”. It should be noted that this figure refers to both OT and IT vulnerabilities.

Tactics Techniques and Procedures

Many 2019 reports point out a rise in masquerading. This is done, for example, to steal log-on IDs and passwords or find security gaps in programs. In addition, we’ve also observed a rise in the use of SMB protocol exploitation.

According to Crowdstrike’s report, there has been a rise in malware-free attacks. Malware-free attacks are attacks where the initial tactic did not result in a file or file fragment being written to disk, for example attacks where code executes from memory or where stolen credentials are used for remote login using known tools.

“Hands-on-keyboard” techniques have also been on the rise, including command-line interface attacks, PowerShell and credential theft, credential dumping, and account discovery.

The hacking “industry” is transitioning to an outsourced service model. This model includes Ransomware-as-a-service (RaaS) (e.g. LockerGoga that attacked ICS manufacturing facilities), Malware-as-a-service (MaaS), and Download-as-a-Service (DaaS).

Finally, there has been a prolific use of network shell commands, RDP, RATs, Active directory scanners, network protocol vulnerability exploitation, non-secure DNS manipulation (DNS tunneling, Anchoring), and RCE remote code execution.

2019 OT Advisories and Increase in Attacks

All the 2019 reports I have read were unequivocal about the rise of attacks on the ICS sector. Moreover, in a recent survey of OT leaders, 77% of respondents said they had experienced a malware intrusion in the past year, and half experienced between three and ten.  Maritime Cyber Security

The Tactics, Techniques and Procedures (TTP’s) aimed at the ICS environment that made the headlines were BitPaymer, Ryuk, and LockerGoga.

BitPaymer – BitPaymer is a Ransomware that collects data such as Active Directory (AD) credentials, private user data and lists of all computers on the network. BitPaymer uses the PowerShell Empire tool for lateral movement in the network.

Ryuk – Ryuk is a ransomware that resembles and is probably somewhat based on BitPaymer. It uses TrickBot modules (e.g. pwgrab) to execute credentials theft, and PowerShell Empire traffic for reconnaissance and lateral movement.

LockerGoga – uses the PsExec (a sys-admin tool) to perform reconnaissance and lateral movement in the network. Since LockerGoga neither gives the victims a chance to recover the files nor specifically asks for payment, it is likely intended to disrupt operations.

Views: 5

Comment

You need to be a member of On Feet Nation to add comments!

Join On Feet Nation

© 2024   Created by PH the vintage.   Powered by

Badges  |  Report an Issue  |  Terms of Service