The month of December has been eventful in terms of developments in the cyber security space. The big news relates to the Log4J vulnerability and potential risks and opportunities it presents. Another major sea change is the resurgence of botnets including the Marai botnet. Finally, we are seeing signs that the US Cyber Command and other Western cyber entities are starting to get off the sidelines and actually fight back against the open cyber assaults against Western commercial interests.
The Log4J vulnerabilities will be the gift that keeps on giving for the next year or more due to the fact that the hack is so versatile and the targets are often clueless to the fact that they even have the code running in their systems. Log4J is an open source, logging module that is included in everything from smart devices to enterprise software packages. It can be used to log anything and if the thing it logs can be manipulated by a hacker, then the system, if vulnerable, can typically, be taken over by the hacker. We have already added this powerful tool to our arsenal and are looking at continuing to improve our ways to detect it for both exploitation and defensive purposes.
Botnets seem to be entering a new phase of attack as a service as previously decimated botnets experience recent resurgence. For example, Emotet was famously taken down in coordinated raids to sever its command and control (C2) infrastructure, but in December it has made an impressive comeback. This comeback seems to be enabled by the TrickBot malware indicating cooperation among the major botnet players. Botnet resurgence is a precursor to ever larger waves of ransomware infection.
CYBER COMMAND, ET. AL.
U.S. Cyber Command and other Western agencies appear to be steadily increasing their willingness to hack back and interdict in ways that were rare in the past. Cyber Command played a role in recent botnet take downs including those against TrickBot and Emotet. In December, General Paul M. Nakasone, the head of Cyber Command, said, “a new cross-functional effort has been gathering intelligence to combat criminal groups targeting U.S. infrastructure”. Word from our sources is that the attacks against the US pipeline, food manufacturers and health organizations has finally risen to the level or a red line and may have started a new phase in the status of cyber conflict.