time table

The FBI Declaws Russian Fancy Bear Botnet

According to the report, the FBI has disrupted the network of half a million routers exposed during the 2016 elections by a group of Russian hackers who infiltrated the Democratic National Committee and Hillary Clinton's campaign.

The hackers group, known as "fancy beer", called "VPN filters" to forgive small routers produced by home routers and linkages, Mikrotic, Netgear and TP-Link, as well as QNAP-connected storage devices. Uses malware.

Neutralize malware

The Daily Beast reported that the Federal Bureau of Investigation (FBI) on Tuesday received a court order from a federal magistrate in Pittsburgh to control the Internet domain used by Russian hackers to manage malware.

The office, which has been studying malware since August, has discovered a significant weakness in the program, according to the report. If you restart the router, the malicious code remains on the device, but all the small apps required for the malicious behavior disappear.

After rebooting, the malware is designed to access the Internet and reload all bad add-ons. By controlling the area where the bad guys are, the FBI neutralized the malware.

According to the Daily Beast, the Federal Bureau of Investigation (FBI) collects the IP addresses of infected routers so that it can clean up infections globally.

Promising strategy

The strategy used by the FBI - inhibiting the ability of robots to reactivate by seizing their domains - shows up as a promise to deal with global threat actors.

However, law enforcement can end the threat without seizing the malicious resources that exist in a foreign country. The seizure of these resources can be a major challenge for police agencies.

"Unless the risk of non-use of DNS arises, which is highly unlikely, the same mitigation strategy will succeed and can be used consistently," Beyond Triasto CTO Mori Haber told TechNewsWorld.

Good luck

Luckily the Kremlin was in favor of law enforcement with the criminals at this time, according to Leo Tadeo, CISO's CISO and a former special agent for special operations at the FBI's New York office.

"If the hacking group uses a Russian registrar, the court order is likely to be delayed or ignored," he said.

Using a Russian domain name is risky, which is why hackers are not.

"Routers that routinely call WO domains after a reboot may be marked as a risk by ISPs or other companies that analyze outbound traffic," Tadio said.

"In the next round, hackers may be able to reconnect the router so that the server of command and control can be registered outside the US jurisdiction. This is difficult to detect as such." "This will make the FBI's job very difficult."

What consumers can do

Consumers can filter the VPN filter only by restarting their router. However, even after the reboot, the remnants of the malware will remain, warned Munir Hahd, the head of Danger Lab on Juniper Networks.

Haber advised consumers to enable automatic firmware updates, noting that "most new routers support it."

In addition, they have to make sure to update the firmware in their router, and that their router is not orphaned.

"If the router is out of date, consider replacing it." This is because any security issues detected after the manufacturer ends product support will not be fixed.

Router maker

The routers have come due to a growing attack by hackers, causing the industry to start taking security more seriously.

"Routers are building more security in their routers, and we hope that attacks of this type will be banned in the future," Gartner security analyst Aviva Linton told TechNewsWorld.

The router said that router manufacturers are concerned about vulnerabilities that have been exposed and are doing their best to provide improvements.

"They are moving away from the practice of providing usernames and default passwords to all units sold."

Miami, October 30, 2019 - Sixtera Technologies, a secure infrastructure company, today announced that leading global research and consulting firm, Forrester Research, as a strong performer in its report The Forester Wave ™: ZX Trust Accted (ZTX) Ranked Sixtera. Ecosystem Provider, Fourth Quarter 2019. "

In the report, Forrester says, "If your organization wants to better protect data centers and large cloud infrastructure, Cyxtera is a street vendor," explaining in advance, "[Cyxtera] demonstrated a sound understanding of cloud infrastructure For leadership offerings and services that strategically focus on the large cloud and provide security for major federal agencies, S speaks of the legitimacy of Cyctera's approach to space. "

Cyxtera has the highest possible scores in network security, workload security, ZTX advocacy and market approach standards.

Manual d. Medina, President and CEO of Cyxtera: "It is essential that companies deploy Zero Trust's security strategy in today's complex threat landscape." “AppGate SDP accelerates the journey for zero trust and allows organizations to segment and secure network access in a hybrid IT environment and eliminate the terms of the underlying trust. We are proud that the Wex report lists Cyxtera as a strong performer as we believe this increases the legitimacy of our efforts to help organizations achieve zero. "

No comments:

Post a comment

whatsapp chat tricks: know who chat more with you

whatsapp chat tricks: know who chat more with you