THE TIBERIUM BLOG - recent events, threats, and all things cyber

We need to talk about Kevin

Unusual to use the first person in a blog, in fact this might be the first, and hopefully last, time. I am very thrilled to have joined Tiberium as Chief Research Officer and will be delivering these weekly missives for the foreseeable.

There is no point. That’s the point.

Those that have read my prior blogs (seven or so years worth) will know what to expect. I try to be engaging, interesting, sometimes humorous (at least I think so) and current, with analysis in a human-readable form together with recommended actions. Oh, and cheesy music references, lots of them.

At Tiberium, we love feedback, suggestions, requests for explanations and even a well-reasoned rant. Please contact us at [email protected].

Last week we saw some pretty heavy-duty and coordinated takedowns by law enforcement agencies around the globe. 

The first to be reported was the dismantling of some (or perhaps all) of the highly prolific Emotet trojan infrastructure by the feds from no fewer than eight countries.

Originally a banking and credential-stealing nasty, Emotet infects via spam email and then send further emails as the infected users to all contacts and furthermore spread to machines connected locally using common password lists. 

Receiving commands from command and control servers, the Emotet Trojan is very powerful and has been repurposed for many nefarious activities including, of course, ransomware and the deployment of Qakbot or Trickbot.

The monies generated by Emotet are serious – $10.5 million over two years on one crypto-currency platform alone, as indeed are the running costs of at least $250,000 a year.

It can only be good news that the 700 servers running the demon (selling deliberate geek types) are now down. However, with only two pimply ops (surprisingly Ukranian) youths arrested and that amount of, errr, demon investment , you can bet it won’t be long before the next iteration, maybe Gothtet, hits the streets.

Not to be outdone, the USA and Bulgarian authorities also concluded a long-term investigation with the Netwalker ransomware group’s takedown, who it is alleged to have received a staggering $46 meeellion since 2019.

As is the Modus Operandi of the FBI and, in our opinion, a Very Good Thing, a senior figure from the group, one Canadian national named Sebastien Vachon-Desjardins was charged and will hopefully be tending the cactus in his cell presently.

In other news, Apple rushed out an iOS patch because it appears that some vulnerabilities have been used ‘in the wild’ to spy on iPhone and iPad users presumably to get the early low down on forthcoming TikTok memes and get practising.

Seriously, you should ensure that your hallowed tablets and rap-rods are running the latest software ASAP.

Our favourite bug of the week was the announcement, together with a cool video, by the Qualys research team of a buffer overflow attack against the ‘super user do’ sudo command in place on most Unix systems. Really, most if not all.

Obviously, patches are running out of the door as fast as the handles can be cranked. However, we understand that patching live systems takes time, planning and of course, everyone’s favourite – Change Control. Some mitigations are outlined here. If you are running *nix, best get on with it!

So that brings us to the end of Kevin’s first official blog for Tiberium. Kevin joined Tiberium to help us develop our managed security service platforms that have been in development for some time and are about to hatch.

Thank you for reading.

Share on: