Intelligent CISO Issue 57 | Page 24

threat updates
Research from Secureworks Counter Threat Unit ( CTU ) has exposed the inner workings of a new custom malware , Drokbk . The malware is associated with a subgroup of Iranian COBALT MIRAGE – known as Cluster B – which is thought to be sponsored by the Islamic Revolutionary Guard Corps ( IRGC ), a branch of the Iranian Armed Forces .
Mirroring traditional spy tradecraft , Cluster B has been using Github as a ‘ dead drop resolver ’. The group packages up command and control server location instructions , which it then stores in a Github repository . These instructions are then collected by its ‘ agent ’ on the inside – Drokbk – telling the malware which server to talk to next . The use of Github enables the attackers to evade detection more easily .
The group conducts broad scan-and-exploit activity against IP address ranges in the US and Israel but otherwise appear to be opportunistic , hitting a wide variety of organisations , from financial services to education-related companies .
Automotive giant , Uber , has once again confirmed it has been the victim of a data hack – the second attack to target the company – by third-party vendor , Teqtivity .
Rick Jones , CEO and Co-founder , DigitalXRAID , commented on the news : “ This latest Uber breach is a reminder of the threat of the supply chain . To mitigate against this growing threat , a Security Operations Centre ( SOC ) is crucial to ensure 24 / 7 threat detection , monitoring and remediation before a successful breach occurs .”
24 www . intelligentciso . com