bleepingcomputer.com – The Copper Mountain Mining Corporation (CMMC), a Canadian copper mining company in British Columbia, has announced it has become the target of a ransomware attack that impacted its operations.
Tweeted by @allaboutclait https://twitter.com/allaboutclait/status/1609174889524596737
The vendor only said that the flaw is a pre-authentication buffer overflow vulnerability and urged customers to address the firmware of their devices as soon as possible. An attacker can exploit this vulnerability without requiring permissions or user interaction.
Threat actors often exploit this kind of issue to trigger a DoS condition or to execute arbitrary code on vulnerable devices.
“NETGEAR has released fixes for a pre-authentication buffer overflow security vulnerability” reads the advisory published by the company. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.”
Below is the list of fixes released by the company for the specific product models:
RAX40 fixed in firmware version 188.8.131.52
RAX35 fixed in firmware version 184.108.40.206
R6400v2 fixed in firmware version 220.127.116.11
R6700v3 fixed in firmware version 18.104.22.168
R6900P fixed in firmware version 22.214.171.124
R7000P fixed in firmware version 126.96.36.199
R7000 fixed in firmware version 188.8.131.52
R7960P fixed in firmware version 184.108.40.206
R8000P fixed in firmware version 220.127.116.11
Below are step-by-step instructions to download the latest firmware for impacted router models:
Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears. If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model.
Under Current Versions, select the download whose title begins with Firmware Version.
Follow the instructions in your product’s user manual, firmware release notes, or product support page to install the new firmware.
“The pre-authentication buffer overflow vulnerability remains if you do not complete all recommended steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.” concludes the advisory.
The vendor did don reveal if the flaw has been actively exploited in attacks in the wild.
Experts warn of a new Malvertising Campaign abusing Google Ads that targets users searching for popular software.
Guardio Labs researchers uncovered a malvertising campaign, tracked as MasquerAds and attributed to a threat actor known as Vermux, that is abusing Google Ads to target users that are searching for popular software.
The campaign aims at delivering tainted versions of popular software that deploy malicious payloads on the user’s machine, including info-stealing malware such as Raccoon Stealer and Vidar.
The threat actors behind this campaign used domains with typosquatted names that appeared on top of Google search results.
The attacker used a set of benign sites, which were designed to trick visitors into clicking on them, and then redirect them to rogue sites.
“The trick is simple — creating a benign site to be promoted with the wanted keyword and keeping it valid and safe in the eyes of the policy enforcer.” reads the analysis published by Guardio Labs. “Yet, the moment those “disguised” sites are being visited by targeted visitors (those who actually click on the promoted search result) the server immediately redirects them to the rogue site and from there to the malicious payload — usually also hiding inside reputable file sharing and code hosting servers like GitHub, dropbox, discord’s CDN, etc.”
Some of the software that was impersonated by the threat actors are Grammarly, Malwarebytes, Afterburner, Zoom, Slack, Brave, and Tor.
Threat actors put a significant effort into the malicious payload employed in the campaign, for example, they employed stealers that are able to avoid defense solutions.
“Even for Virus-Total, it took several days since our submission to get more than a few heuristic detections” continues the report.
Vermux deployed hundreds of domains and its servers were located mostly in Russia, while the rogue ads mainly targeted users in USA and Canada.
“This “masquerAd” concept is simple yet does exactly what those actors need — abuse the trust we sometimes blindly give to Google and their promoted search results. Adding to the above, the abuse of reputable file-sharing services as well as well-known software brands make them evade even the most advanced EDRs on the market. It’s inevitable to apply a more behavioral and unbiased protection level — even for the plainest and most common action like googling something up…” concludes the report, which also includes Indicators of Compromise. “Don’t get fooled by misspelled domain names, and always double-check where you download your files from!”
The upcoming year seems to be the time security and technology professionals think artificial intelligence and machine learning will have mass application for security and detection.
But just as the industry embraces the technology’s potential, bad actors will look to capitalize on the new capabilities that could be unlocked for deception techniques such as deepfakes and disinformation.
The economy and how it might affect security budgets weighed heavily on the minds of those who submitted predictions this year, and technology was no exception as some predict new tech and services will be driven by budget-conscious decisions in mind.
AI will completely transform security, risk and fraud, says Ashok Srivastava, senior vice president and chief data officer at Intuit:
We’re seeing AI and powerful data capabilities redefine the security models and capabilities for companies. Security practitioners and the industry as a whole will have much better tools and much faster information at their disposal, and they should be able to isolate security risks with much greater precision. They’ll also be using more marketing-like techniques to understand anomalous behavior and bad actions. In due time, we may very well see parties using AI to infiltrate systems, attempt to take over software assets through ransomware and take advantage of the cryptocurrency markets.
The powers of AI and machine learning to improve workflows and alleviate resource constraints, says Rodman Ramezanian, the global cloud threat lead at Skyhigh Security:
At a time when organizations face constant waves of sophisticated threats across multiple vectors, cloud security will increasingly harness AI and machine learning capabilities to not only alleviate skills shortages and resourcing challenges, but also automate powerful workflows to help enterprises stay ahead of attackers.
AI will power phishing, says Cyril Noel-Tagoe, principal security researcher at Netacea:
Machine learning and artificial intelligence have quickly become key technologies in the fight against cyber threats, for example, helping businesses to detect attacks by monitoring network patterns and analyzing anomalies or malicious behaviors. However, as AI has become more advanced and accessible, it has also been adopted by cybercriminals.
AI adoption in identity will accelerate, says Peter Barker, CPO at ForgeRock:
The integration of AI has been growing in cybersecurity and can we expect to see further adoption in the identity and access management space in 2023. The massive transformation to digital engagement, paired with the remote nature of our working lives, has opened the door for new and more relentless types of attacks, like account takeovers, inappropriate access and fraud. Alongside the widening skills gap facing the cybersecurity industry, and the increasing sophistication of threat actors, enterprises need to transform their solutions to stay ahead.
AI and machine learning will move beyond detection to prediction, says Jeetu Patel, EVP and GM of security and collaboration at Cisco:
Threat actors are getting more sophisticated. With rapidly maturing hacker “toolkits” featuring modular malware and lowering the skill required to pull off an attack; many are increasingly focusing these advanced tools and tricks on workers instead of systems. These tactics are designed to manipulate employees into unknowingly allowing hackers to sidestep effective defenses like two-factor authentication. So, in 2023, we will move beyond the age of simple malware. Because simply detecting malicious code won’t be enough. The next evolution of security is about sensing anomalies and behavior patterns. All of which can indicate — and thereby predict — a breach. Advances in AI and machine learning will make it possible, and smart organizations will get ahead of this trend.
Deepfake technology will play a more prominent role in cyberattacks, says Lucia Milica, resident CISO at Proofpoint:
Deepfake technology is becoming more accessible to the masses. Thanks to AI generators trained on huge image databases, anyone can generate deep fakes with little technical savvy. While the output of the state-of-the-art model has its flaws, the technology is constantly improving, and cybercriminals will start using it to create irresistible narratives.
Deepfakes have traditionally involved fraud and business email compromise schemes, but we expect usage to spread far beyond these deceptions. Imagine the chaos to the financial market when a deepfake CEO or CFO of a major company makes a bold statement that sends shares into a sharp drop or rise. Or consider how malefactors could leverage the combination of biometric authentication and deepfakes for identity fraud or account takeover. These are just a few examples, and we all know cybercriminals can be highly creative.
AI on the offense, says Scott Register, VP of security solutions at Keysight Technologies:
Deepfake technology to date has resulted in political confusion, internet chatter, and some amusing mashup videos, but expect this to change in the near term. Security experts have warned for years about the possibility of social engineering attacks with deepfakes, and the technology has matured enough for 2023 to see hackers successfully leverage it. We will see an increase in image generation, generated audio, and conversations that appear realistic, designed to trick recipients into sharing personal data or other sensitive information. The deepfake threat isn’t relegated solely to consumers; we’ll likely see threat actors spoof a Fortune 100 CEO in an attempt to defraud or otherwise damage the organization.
AI chatbots are here, says McAfee’s Steve Grobman, senior vice president and chief technology officer at McAfee:
The recent launch of conversational AI chatbot, ChatGPT, highlights two of our main concerns for the year ahead: AI and the potential for disinformation. AI signals the next generation of content creation becoming available to the masses. So just as advances in desktop publishing and consumer printing allowed criminals to create better counterfeits and more realistic manipulation of images, these tools will be used by a range of bad actors, from cybercriminals to those seeking to falsely influence public opinion, to take their craft to the next level with more realistic results.
Look for automation in the cloud, says Mike Larami, associate CTO of security at SADA:
[Security] teams are going to look to implement automation across the cloud security portfolio. We should see a push in teams adopting Infrastructure as Code (IaC) and Policy as Code (PaC) methodologies in their cloud environments to help prevent misconfigurations from the start. I believe we’ll also see greater adoption of Security Orchestration Automation and Response (SOAR) as no-code/low-code platforms like Torq and Tines make these capabilities easier for teams to implement. Google’s integration of Siemplify into Chronicle Security Operations also gives customers an incredibly easy on-ramp into this space.
Next year we’ll see an increased focus on multi-cloud and resiliency, says Or Azarzar, CTO at Lightspin:
Two-thirds of organizations will have adopted at least two cloud providers by the end of 2023. This will prevent organizations from becoming too tied into one ecosystem. As organizations are more mindful of investments, we’ll see more emphasis on use-cases, and prioritization of the “right cloud for the job.”
Cloud-native technologies application development will modernize enterprises, says Sean Mahoney, vice president at Ensono Digital:
Cloud-native technologies such as containers and serverless models have become more popular across the public cloud in recent years, allowing for faster application development and deployment at scale. For enterprises looking to innovate quickly or overhaul their cloud infrastructure without major costs in 2023, cloud-native application development might be the answer to their modernization goals. New developments in edge computing and 5G are expected to further boost cloud-native adoption and innovation in the industry in the coming year, providing a bigger opportunity for organizations to quickly scale up their data in the cloud and gain access to new capabilities with their software.
Organizations will turn to subscription and managed services to better manage security, says Charles Talley, senior director of services at LogRythm:
Developing an IT budget has grown increasingly complex over the last few years – amplified by the industry’s skill shortage – and 2023 looks to be no different. General feelings of economic uncertainty have swept through nearly every sector, leaving executives with a bevy of difficult budgeting decisions. Ultimately, organizations will be looking to do more with less in 2023 – or more with the same, in many instances. One way organizations are hoping to accomplish this is through the prioritization of subscription and managed services in their security budgets. Lean IT teams will turn towards these services to fill internal skill gaps and help achieve organizational security goals, like improving maturity, unlocking 24×7 visibility and optimizing threat detection and response.
Productivity suite security will supplant email security in 2023, says Adrien Gendre, chief tech and product officer, and cofounder at Vade
As attacks grow in number and sophistication, SMBs and MSPs will need technology that tightly integrates with modern productivity suites such as Microsoft 365 or Google Workspace and provides comprehensive threat intelligence. Unlike secure email gateways (SEGs) that separate email security from internal networks, API-based alternatives are the future of email security. Organizations need to be able to leverage the threat intelligence from email to protect file sharing applications and other collaborative tools like instant messaging. They also need to be able to leverage information such as user profiles, contacts, and communication patterns to defend against highly targeted attacks, such as those we’re seeing with supply-chain attacks. SMBs and MSPs don’t have the resources to be managing different products from different companies that are managing different servers simultaneously.
Connected devices will require more robust security, says Darren Guccione, CEO and co-founder of Keeper Security:
The number of connected IoT devices has been rising for years, with no signs of slowing down. In the past three years, the number of IoT devices increased exponentially, due to accelerated digital transformation from COVID-19 and the proliferation of cloud-based computing. In 2022, the market for IoT is expected to grow by 18% to 14.4 billion active connections. As more consumers and businesses rely on connected devices, these connected solutions become more vulnerable to cyberattacks. With this, the billions of devices shipped by original equipment manufacturers (OEMs) will require greater out-of-the-box security to mitigate the risk of malware intrusions and their contribution to Distributed Denial of Service (DDoS) attacks. To prevent and mitigate devastating attacks, manufacturers, and suppliers of OEMs must design security within the devices, embedding it in every layer of a connected device.
Touchless fingerprinting will emerge as the top authentication method, says Chace Hatcher, vice president of technology and innovation at Telos Corp:
Mobile device ubiquity has increased the activities performed in a remote capacity, particularly in high-stakes markets like financial services. However, with this comes increased risk and complexity around user identity. In 2023, organizations with pre-existing fingerprint database infrastructure will increasingly turn to touchless fingerprinting to perform remote biometric identity verification, allowing them to secure activities like financial account opening and transaction verification. Touchless fingerprint technology will allow organizations and governments to extend their existing fingerprint infrastructure without investing in expensive hardware or solving infrastructure hurdles. Further, we will begin to see the adoption of touchless fingerprinting in law enforcement to solve remote field identification in high-risk situations, leading to increased officer safety and criminal apprehension.
In 2023 and beyond, more transactions will be done with digital identity than a credit card, says Robert Prigge, Jumio CEO
The financial services industry is at a turning point, where the global economy is shifting to authorizing purchases and other transactions based on user identity rather than credit card numbers. Consumers are increasingly leveraging biometric authentication to access their saved credit card information, banking apps and digital payment methods, like Apple Pay. As consumers increasingly use their identity to access and complete transactions in 2023, it’s likely we’ll see the number of transactions completed with digital identities surpass those of credit cards.
The death of ‘the password,’ says John Engates, field CTO at Cloudflare:
2022’s wave of sophisticated email phishing attacks breached hundreds of companies and proved that simple alphanumeric passwords have no place in 2023. FIDO2-compliant security keys and credentials take the burden of security responsibility off of the end user, proving a passwordless (and more secure) future is within reach.
The browser, the gateway to an organization’s endpoint, becomes the main target for threat actors, says Avihay Cohen, CTO and co-founder of Seraphic Security:
Browsers power just about everything we do and are undoubtedly the most used applications, especially as more applications like CRM tools migrate from native applications to existing fully in the browser. Because so much of our daily work and personal activities live in the browser, it’s the perfect gateway for threat actors to reach an organization’s core. As browsers become more complex with new features and uses, threat actors will heavily target browser bugs and vulnerabilities in 2023 to breach organizations and access sensitive data.
Endpoint security applied to browsers, says Tal Zamir, CTO of Perception Point:
In the past, EDR products focused primarily on executable and document-borne malware. We are now seeing a strong trend of putting endpoint security controls that run in and around the browser, providing visibility, governance, detection, prevention, and isolation for the browser, not as an afterthought, but rather by design.
The SOAR market isn’t shrinking but integrating with other platforms, says George Gerchow, CSO and senior vice president of IT at Sumo Logic:
Security orchestration, automation and response (SOAR) will continue to exist but will be increasingly absorbed into other security platforms and the term will die out as it becomes baked into overall security. SOAR will converge with security information and event management (SIEM) and acquisitions will continue to contribute to vendor consolidation.
APM isn’t dead, just different, says Erez Barak, VP of product development for observability at Sumo Logic:
Application performance monitoring (APM) is dead or dying in its current state and as a stand-alone market, but it’s still useful and necessary as a practice. While observability is the goal, APM is still a necessary part of the big picture. APM grew from an on-premise environment, so with mobile applications running everywhere, observability can be considered the new APM.
Rise in data protection regulations will open up new opportunities for tech innovation to solve privacy challenges, says Elise Houlik, chief privacy officer at Intuit
As the rise of data protection regulations continues globally, companies are being challenged to unlock the full potential of the data they possess in a safer, responsible, and compliant way. This will spur opportunities for privacy-enhancing technology (PET) innovation. New methods of employing cryptography on data sets, or masking or otherwise transforming information to include less personally identifiable data will enable more collaboration and analysis, more protective data sharing, and will foster a privacy-by-design approach to product development. We’ll see a rise in investment in this technology as it evolves, enabling companies to harness the power of information for consumers in a safer, more trustworthy way.
Quantum hybrid computing will move from ideation to practical application, says Matt Watts, chief evangelist at NetApp:
Problems such as elements of AI will be broken out and passed over to quantum systems for processing, we’ll start to see a blend of traditional HPC and quantum to solve some of these most complex issues. This will also force us to better address cybersecurity. Companies need to think about data encryption now more than ever. Bad actors are increasingly sophisticated, and companies need to be equally sophisticated when it comes to their security measures. While this won’t happen overnight, the wheels have been set in motion for quantum to be a threat to encryption on sensitive data. For example, imagine designing and building a military fighter jet, which can take more than a decade.
Businesses that deploy chaos engineering for data security will gain an edge, says Adrian Moir, technology strategist and principal engineer at Quest
Over the next year, businesses will refine their testing process for data security, increasingly deploying chaos engineering to shore up enterprise resilience. Originally built for developer testing, chaos engineering has the power to help IT teams test not just recovery operations, but the applications and pipelines data moves through. By testing each part of the business’s data protection apparatus regularly, teams will be able to confirm that recovery techniques, from immutable data stores to replicability, work effectively. Expect businesses to make this part of their regular data protection operations as the C-Suite makes resilience and risk reduction a higher priority in light of ransomware, natural disasters and other business disruptors.
Modern approaches to security will center on security fabrics, says Erkang Zheng, founder and CEO of JupiterOne:
The majority of security frameworks will continue to fail in 2023 because they’re overly complex, involving layering hundreds of controls across dozens of domains. In its place, we’ll see an increase in the adoption of the “security fabric” approach, which is far more powerful — and yet straightforward when it comes to developing an effective cybersecurity program. By having the underlying foundational components built on a modern cybersecurity approach that is cloud-native, virtual, and available in a non-data center-focused environment, all security functions can be interconnected through a security fabric. Security teams would only need to focus on knowing what assets exist in their organization’s environment — that is, its structural awareness — and what events or activities are happening in the environment. Security teams can then collect and analyze data to produce meaningful and actionable data outputs. Building the foundation for visibility and understanding into a security fabric, along with the organization’s expectations and requirements for security, enables a continuous security state. The security fabric connects the dots within the cybersecurity architecture and acts as a knowledge base. It also improves the organization’s security maturity by treating its security strategy as a data problem with an engineering solution.
It will be the year that SASE really takes off, says Jason Clark, chief strategy officer at Netskope:
Gartner, which coined the SASE term in 2019, sees 60% of enterprises as having a SASE strategy in place by 2025. Wall Street has also taken notice, especially in how a converged infrastructure that implies efficiency, business value, and cost savings will help modern enterprises get and stay competitive and profitable. SASE was set to grow anyway, but the reason it will accelerate in 2023 and beyond is because we’re now at another moment in time that technology leaders — especially CIOs and cybersecurity buyers — have not previously encountered. Security leaders in particular have had healthy budgets and growing teams for over a decade. Now, not so much. As every company grapples with inflation, supply chain and demand issues, and the potential for recession, many CISOs in particular are being asked to hold the line, or to “find budget” to fund anything new. Their marching orders are to get more efficient with their technology spend.
It will be the year of enhanced internet, says James Karimi, the CISO/CIO at GTT Communications:
Enhanced internet services gained popularity in the last few years as an offering that improves the reliability and performance of internet-based traffic. First defined by Gartner, it includes features such as telemetry-based routing and performance optimization.
Tier 1 internet service providers, with their ability to see the IP traffic trends before anybody else, will formulate algorithms to start looking at traffic flows, providing clients with continuous reports on potentially malicious traffic from certain destinations to their IP ports that require investigation without the need of additional security functionality.
Service providers will also offer clients full vulnerability scans of their IP space on a timely basis to provide visibility into risks. As organizations grow, they often end up with shadow systems with vulnerabilities that aren’t noticed as these systems are quickly forgotten. Scans can easily reveal dozens of vulnerabilities on an organization’s public websites in seconds, just by checking a couple of IP addresses they own.