The month of January has had a couple of interesting developments in the world of cyber security. The first item is a new vulnerability present in every version of Linux going back for over a decade. Russia has crushed the REvil Ransomware Group as a bargaining move in their high stakes competition over Ukraine. Finally, there has been an increase in signs that malware is doing more to thwart reverse engineers.
LINUX POLICY KIT (POLKIT) VULNERABILITY
This vulnerability is not as dramatic as Log4J, which delivers external access to systems. Instead, it is a privilege escalation exploit that allows an attacker who already has gained a foothold on a target system to increase their privilege level from low access user to high access or even admin. These are two sides of the hacking coin, the vast majority of the time, the initial access to a system usually results in low privilege access and the attacker must figure out how to escalate and truly break free inside the system. Sometime that is not possible and the breach is contained, but Linux PolKit makes that much less likely on a Linux system that is not patched.
RUSSIA TURNS ON REVIL RANSOMWARE GROUP
In a surprise move, Russia has moved to decapitate the REvil Ransomware Group. This is likely simply a maneuver to entice the US to negotiate, but if the situation in Ukraine resolves in such a way as to induce Russia to continue clamping down that would be very good. Odds are this kind of things will be rare. This also happened shortly after the NSA, FBI and CISA all posted a joint advisory warning that Russian hackers are increasingly targeting more critical infrastructure. The Cyber War is seeming to become more overt no matter which way this turns.
TRICKBOT, ET. AL., THWARTING RESERVE ENGINEERS
The Trickbot malware system has been seen in the wild taking overt steps to preventreverse engineering by security firms hoping to understand how it is communicating with its Command and Control (C2) systems. This makes sense since in the last year the Trickbot C2 was taken out in a major takedown operation.