FOREVER For many years, the Korean businessman of the Lazarus Group, plundering the Internet, cheating and feeding digital devices around the world for the purpose, benefits and sabotage. . One of their best weapons is a bootloader, which lets them secretly control various types of malware on Macs with little or no effort. But Lazar didn't make the bootloader per se. The group found this to be found on the Internet and used it again to boost its attack.
The ease of reuse is unknown. The NSA is being shown to be abusing criminals, as well as international terrorists enlisted from China, North Korea, Russia and other countries. But at the RSA Security Summit in San Francisco on Tuesday, National Security Agency supporter and Jamf researcher Patrick Wardle presented a powerful example for widespread use and development of re-use of malware, even on Macs, and having a great deal to download is a huge problem.
"You take other bad actions by someone else, analyze it, and then repeat it so you can give it back," Wardle says. "Why do you want to develop something new when the three departments create letters with other groups, a real problem that is very often tried, tested and tested many times in in the forest? "
"Lazarus Group planners have either passed or seen a show about it."
Patrick Wardle, silent
Researchers found that the Lazarus Group used bootloader vulnerabilities in 2016 and 2018, while hardware and growth continued. Lazarus contends the suspect had been involved in bootloader - usually with phishing or other deception - and would have fired the gun at the attacker. In response, the issuer offers encryption systems to filter and control the subscriber.
The bootloader that Wardle viewed was so attractive that it was designed to run any "useful data" or malware that would be stored in your computer's memory instead of plugging into your hard drive. It is known to attack a free computer, so it can be difficult to watch an interruption or a subsequent inspection as the damage is not left behind in any system installed on the system. Wardle points out that bootloader, a stand-alone attack tool, is a separate payment mechanism, which means you can use it to launch the two-way attack you want use of the target system. But Lazar himself was not confronted by all this deception.
"All of the pointers made by the bootloader in memory were taken from the Cylance blog and the GitHub project, where they released an open source as part of the study," Wardle says . Cylance is an antivirus firm that conducts surveillance research. "When I analyzed the Lazaro store, I found the right game. It's interesting that the creators of Lazarus Group, or google, found out about something related to Infiltrate in 2017. or something like that. "
This use also shows the benefits to the attackers in dispatching information from the public - from intelligence agencies or from open source. The Windows EternalBlue robbery tool, developed by the NSA to end the theft and by the end of 2017, has been used by all attacks from various groups, from China and Russia to criminals. But recycling is a well-known loophole, Wardle says knowing just that is not enough. He argues that professionals need to be aware of the mechanics of the work so that they can avoid weaknesses in security and human error.
Remove the shading that works by carefully tapping the finger and row. Antivirus attackers and malicious programmers who use signatures cannot identify those who have been abused, with minor changes to a new hacker to change the "sign" of the program.
Malware often has the problem of registering online using a remote server - so-called "admin and administrator" - to figure out what to do thereafter. In some cases, criminals need to be careful about the culprits found to reuse, but in most cases, like the case of the Lazarus bootloader, they can make minor changes, such as changing the address of the command and authority to reach their own candidate rather than the original Player. Professional supervision should continue to ensure that malicious authors do not create a way to bring back the malicious code to the original server, but only when they are certain that they have removed the first, they can handle it. ,
"This is why I have been critical of behavior-based discovery," said Wardle, who introduced the new macOS-behavior-based approach to RSA last year. "In terms of behavior, malware repurposing looks and acts like its predecessor. In essence, we must encourage the developer community to move more and more of the brand's vision. -because it is not recommended to continue when it appears to be reusing malware. Don't worry about the second problem. "
Using the bad guys can lead to a weakening of the deficit, as Russia's nuclear weapons are sure to do. If an enterprise creates problems for the market, it can be said that all of the functions that use the tool are in the same project team.
This misunderstanding is of great benefit to hackers, and is one of many that come with the use of malware This is why Wardle is frustrating the need to keep an eye on such a process for a long time.
"I think the Lazarus Group's first rock band is the perfect example," Wardle said. "This is to say, with the ability to replicate, that the average hacker can use advanced computer systems for their purposes - and capture digital signage without catching it."
0 Comments
We love comments! We appreciate your queries but to protect from being spammed, all comments will be moderated by our human moderators. Read our full comment policy here.
Let's enjoy a happy and meaningful conversation ahead!