Misconfigured and Exposed: Container Services

The blog highlights the results from Unit 42’s research into misconfigured containers, methods for identifying services exposed to the public, and mitigation steps to secure container services. In this blog, we identify common misconfigurations in container services. This allows our readers to deploy their container platform structures in a more secure and private fashion, avoiding the methods of data gathering that we outline in this blog.

Making Containers More Isolated: An Overview of Sandboxed Container Technologies

Currently available container-based infrastructure has limitations because containers are not truly sandboxed and share the host OS kernel. The root of the problem is the weak separation between containers when the host OS creates a virtualized userland for each container. This blog covers four unique projects from IBM, Google, Amazon, and OpenStack, respectively, that use different techniques to achieve the same goal, creating stronger isolation for containers. The overview in this blog of state of the art research should help readers prepare for the upcoming transformation.

Unit 42 Discovers Vulnerabilities in Adobe Acrobat and Reader and Foxit Reader, Shares Threat Research at Microsoft BlueHat Shanghai 2019

As part of ongoing threat research, Palo Alto Networks Unit 42 threat researchers have discovered 28 new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their May Adobe Security Bulletin APSB19-18 and five Foxit Reader vulnerabilities addressed by Foxit Software as part of their recent security update releases. The Adobe vulnerabilities discovered included 19 Critical and 9 Important rated vulnerabilities.

Emissary Panda Attacks Middle East Government Sharepoint Servers

Our latest research shows attacks against Middle East government Sharepoint servers using a newly patched vulnerability. In our blog, we provide details of the tools and tactics, explain how we believe these connect to the Emissary Panda threat group, correlate our findings with those of the Saudi Arabian National Cyber Security Center and the Canadian Center for Cyber Security, and provide indicators of compromise (IoCs) from our research.

SilverTerrier – 2018 Nigerian Business Email Compromise

Our latest ongoing research into the Silver Terrier Nigerian threat actors shows that attacks increased by 54 percent in 2018 as targeting of high-tech firms and manufacturers surged.
We also show how attackers are using more sophisticated tools like information stealers, remote access tools and obfuscating malware so that it’s only detected 58% of the time. Unit 42 has observed
1.1 million attacks with more than 51,000 malware samples over the four years we have been monitoring this threat actor.

Behind the Scenes with OilRig

Unit 42 digs into the recent OilRig data dump and finds new information on the breadth of attacks and OilRig’s toolset. Our analysis show OilRig attacks are broader than previously thought: 97 organizations in 27 countries, including the Middle East and China and 18 industries – including government, technology, telecommunications and transportation.

BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat

In February 2019, Unit 42 published a blog about the BabyShark malware family and the associated spear phishing campaigns targeting U.S. national think tanks. Since that publication, malicious attacks leveraging BabyShark have continued through March and April 2019. The attackers expanded targeting to the cryptocurrency industry, showing that those behind these attacks also have interests in financial gain.

Don’t Panic Podcast – Watering Hole Attacks

Unit 42 leaders Ryan Olson and Rick Howard present another another episode of their “Don’t Panic” podcast, where they break down the big issues in cyber security and tell you why you don’t need to panic. This week’s episode is about Watering Hole attacks. This technique involves compromising specific websites to target their readers with malware.

Takedowns and Adventures in Deceptive Affiliate Marketing

At Palo Alto Networks, Unit 42 analyzes threats across the spectrum – from nation state all the way down to Florida state. In this blog, I’ll be covering two aspects of multi-year affiliate marketing spam campaigns designed to deceive individuals, scam, and profit off of people’s desire to change their lives.First, I’ll provide an overview of a spam campaign sent to some customers that led me down this more than two year rabbit hole, and then dig into the inner workings. This blog covers a number of topics: data collection, analysis, and enumeration of infrastructure. These efforts allowed us to map out thousands of compromised servers and abused domains and hundreds of compromised accounts, resulting in a collaborative effort with GoDaddy to take down over 15,000 subdomains being used across these campaigns.

Sorry, no results were found.
loader gif