X-Industry

All Articles (154)

Prepared by:  Nicholas Dessanti, UNH Cyber Student Intern

Password security has been a major topic of discussion for all computer and web site users.  Today, hackers are exploiting vulnerabilities within user passwords in many ways.  Brute force attacks are the most common way hackers use to find passwords.  Another common method is called a dictionary attack.  Both brute force and dictionary attacks systematically check all possible passwords until the correct one is…

3320219466?profile=RESIZE_710xMasked demonstrators in Hong Kong; the sign says “Carrie Lam is not my mother”

Hong Kong protests in June 2019 brought as many as two million demonstrators onto the streets to fight a planned extradition law that would allow mainland China’s government to pull dissenters from Hong Kong for charging in Beijing.  These mass…

Figure 1. AS-12/AS-31 Losharik tentative schema.

On 1 July 2019, fourteen Russian sailors died in a fire during the testing of a secret Russian military submarine.   The type of vessel is believed to be an AS-12/AS-31 “Losharik” deep-diving nuclear sub.  While the Russian government insists, they were just surveying the ocean floor for science, the high military ranks of the participating sailors show that the spy capabilities to include taping and severing undersea communication…

In July 2019, Wapack Labs identified a large email campaign using malicious word documents to deliver a variety of malware.  The emails are presumed related by way of similar social engineering, the same URL shortening tactic and shared office exploit for CVE-2018-11882.  In several cases, the emails were sent from legitimate organizations indicating a prior infection was leveraged as a launching point to attack additional entities.…

3193233386?profile=RESIZE_710xThe Hong Kong government’s attempt to enact an extradition agreement with mainland China sparked mass demonstrations in Hong Kong in June 2019.  Protesters took to the streets in record numbers, with as many as two million protesters reported at the peak of the demonstrations.  By 23 June, Hong Kong’s Chief Executive had suspended action on the extradition bill.

The mainland…

3177143787?profile=RESIZE_710xMany liberal leaning foundations in the US overtly support political causes in the name of “philanthropy,” and spend tens of millions of dollars each year pushing an environmentalist agenda; often with the goal of carbon credit taxation.  One of these “green” mega-funders stands out and pushes millions in funds from the relative obscurity of its headquarters in Switzerland; far from…

3049916660?profile=RESIZE_710xSUMMARY

Russian President Vladimir Putin and Chinese President Xi Jinping have met twice already in 2019 for summits on economic cooperation.  A series of agreements has been concluded at these meetings, mostly focused on Russian cooperation on China’s Belt and Road infrastructure construction. Putin had initially been hesitant to join in these…

Beginning in April 2019, Wapack Labs SOC observed an uptick in alerts for inbound PHP exploit attempts affecting multiple clients. These alerts indicate attacks on vulnerable systems through the use of malicious PHP code in HTTP requests. If these attacks are successful, they can result in data exfiltration as well as remote control of victim servers.

Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These are often obtained through phishing campaigns intended to trick users into entering their personal data. In June 2019, Wapack Labs identified one such campaign that is leveraging a large infrastructure and a phishing kit dubbed ‘Allantibots’. Allantibots is a sophisticated phishing package and is characterized by its ability to spoof the Apple…

2743271172?profile=RESIZE_710xThe Cyberspace Administration of China (CAC) issued a new draft cybersecurity regulation on 21 May 2019.  This draft is a planned extension of the Cybersecurity Law issued in 2017 that placed greater restrictions on foreign firms operating in China.  The new regulation creates the requirement for review of imported network equipment to determine…

2649401126?profile=RESIZE_710x

Mirai is a self-propagating malware that infects networked devices and turns them into remotely controlled bots.  Targets include devices in the Internet of Things (IoT) such as IP cameras and home routers and access is achieved with either software exploits or via authentication with factory default credentials. Mirai is frequently updated to…

 

On 1 May 2019, Russian President Vladimir Putin signed “Internet sovereignty” bill.  New requirements to use ISPs to track traffic origin will likely force traffic decryption and support of internal censorship efforts.  In the future, Russia will develop its own DNS system to conduct special Internet controls.  Currently, LinkedIn is banned in Russia.  Russian national payment system, Mir, was developed after several Russian banks were denied services by US-based Visa and…

Beware of Evil Clippy! Evil Clippy (EC) is a malicious tool that modifies Microsoft Office documents at the file format level. EC generates malicious versions of documents that are able to evade antivirus engines that use static analysis and manual inspection of macro scripts for detection. EC does this by taking advantage of undocumented features, unclear specifications, and deviations from intended implementations.

2405230492?profile=RESIZE_180x180Research Overview

Background: The detonation of a nuclear weapon at high altitude or in space (~30 km or more above the earth’s surface) can generate an intense electromagnetic pulse (EMP) referred to as a high-altitude EMP or HEMP. HEMP can propagate to the earth and impact various ground-based technological…

RDPwrap is a very popular open source third-party Windows Remote Desktop Protocol (RDP) tool offered by Stas’M’Corp from Moscow, Russia. Wapack Labs discovered that RDPWrap creates a local Denial-of-Service (DoS) vulnerability on Windows 10 systems, which could allow an attacker on the system to terminate users RDP sessions. By allowing the attacker to terminate RDP sessions without warning, it is particularly dangerous if the attacker notices an administrator on the system via RDP;and does…