Connect with us

Technology

GAMDIAS unveiled new products at COMPUTEX 2018

Published

on

GAMDIAS, the leading gaming brand, revealed its latest components, gaming gears, and gaming chair at 2018 COMPUTEX TAIPEI. As many brands showed their own style, GAMDIAS showed the power in game through Greek Gods style and names. This year, the booth was designed to Greek temple to reveal Gods’ spirit and to stand out among all the brands. The creative temple-like booth has attracted visitors and guests all over the world to take a glimpse of the latest products. In 2018, GAMDIAS focusing on PC components and brand new PC case, the CYCLOPS and ASTRAPE RGB power supply series and TALOS PC cases.

CLOPS and ASTRAPE RGB Power Supply full series: From 550w brown to 1200w platinum, GAMDIAS launched the full series of power supply and other corresponded components for gamers to choose and mod their own PC case easily.

TALOS PC case series: TALOS PC case comes with E1 and M1. TALOS series features the latest tempered glass technology, for users to open the case easily and smoothly to modify the interior. With RGB lighting fans, liquid cooler and power supply. Especially with switchable IO port, user can swap the position of the IO port with GAMDIAS LOGO plate.

CHIONE Liquid Cooler and AEOLUS PC fan packs: Depending on different sizes of PC case the users have, GAMDIAS offers users more choices in gaming components. For all series of AEOLUS fans, the remote control has been included for users to change the lighting effects and fans speed very easily. Not only focusing on PC components, GAMDIAS also released new gaming gears with the latest wireless technology and “QI” charging system.

HADES P1 RGB wired/ wireless gaming mouse and NYX P2 RGB mouse mat: To play the game freely, HADES P1 wired/wireless gaming mouse can make the gaming experience freer and easier. With two side panels, user could change the gripping style freely. Supplied with “QI” charging, playing the game with NYX P2 RGB mouse mat can fast charge in the wireless charging zone. For different games, NYX P2 RGB mouse mat supplies two sides of mouse mat, Speed texture and Control texture, to play in different scenarios.

HERMES P4 RGB wired/ wireless mechanical gaming keyboard: HERMES P4 RGB gaming keyboard comes with wired/wireless playing modes, gamers can unplug the keyboard and play games freely. RGB lighting supported by HERA software, over100 types of lighting effects to customize the style by gamers themselves.

HEBE P1A RGB gaming headset: HEBE P1A comes with HEBE series’ popular oversized ear cup, to block the noise and focus on gaming and music sounds. 7.1 surrounded sound and vibration mode keeps gamer feeling the reality in games. Control panel has been added RGB lighting changing click for gamers to change style anytime.

APHRODITE P1 gaming chair: The conceptual design of APHRODITE gaming chair features racing car style, apply new PU leather makes gaming chair more comfortable, available for long-time gaming.

Continue Reading

News

The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”

Published

on

Voldemort malware

In August 2024, Proofpoint researchers identified an unusual campaign using a novel attack chain to deliver custom malware. The threat actor named the malware “Voldemort” based on internal filenames and strings used in the malware. 

The attack chain comprises multiple techniques currently popular within the threat landscape as well as uncommon methods for command and control (C2), like the use of Google Sheets. Its combination of tactics, techniques, and procedures (TTPs), lure themes impersonating government agencies of various countries, and odd file naming and passwords like “test” are notable. Researchers initially suspected the activity may be a red team. However, the large volume of messages and analysis of the malware very quickly indicated it was a threat actor.  

Proofpoint assesses with moderate confidence this is likely an advanced persistent threat (APT) actor with the objective of intelligence gathering. However, Proofpoint does not have enough data to attribute with high confidence to a specific named threat actor (TA). Despite the widespread targeting and characteristics more typically aligned with cybercriminal activity, the nature of the activity and capabilities of the malware show more interest in espionage rather than financial gain at this time. 

Voldemort is a custom backdoor written in C. It has capabilities for information gathering and to drop additional payloads. Proofpoint observed Cobalt Strike hosted on the actor’s infrastructure, and it is likely that is one of the payloads that would be delivered.  

Beginning on 5 August 2024, the malicious activity included over 20,000 messages impacting over 70 organizations globally. The first wave of messages included a few hundred daily but then spiked on 17 August with nearly 6,000 total messages.  

Messages purported to be from various tax authorities notifying recipients about changes to their tax filings. Throughout the campaign, the actor impersonated tax agencies in the U.S. (Internal Revenue Service), the UK (HM Revenue & Customs), France (Direction Générale des Finances Publiques), Germany (Bundeszentralamt für Steuern), Italy (Agenzia delle Entrate), and from August 19, also India (Income Tax Department), and Japan (National Tax Agency). Each lure was customized and written in the language of the authority being impersonated. 

Proofpoint analysts correlated the language of the email with public information available on a select number of targets, finding that the threat actor targeted the intended victims with their country of residence rather than the country that the targeted organization operates in or country or language that could be extracted from the email address. For example, certain targets in a multi-national European organization received emails impersonating the IRS because their publicly available information linked them to the US. In some cases, it appears that the threat actor mixed up the country of residence for some victims when the target had the same (but uncommon) name as a more well-known person with a more public presence. Emails were sent from suspected compromised domains, with the actor including the agency’s real domain in the email address.

The threat actor targeted 18 different verticals, but nearly a quarter of the organizations targeted were insurance companies. Aerospace, transportation, and university entities made up the rest of the top 50% of organizations targeted by the threat actor.  

Proofpoint does not attribute this activity to a tracked threat actor. Based on the functionality of the malware and collected data observed when examining the Sheet, information gathering was one objective of this campaign. While many of the campaign characteristics align with cybercriminal threat activity, we assess this is likely espionage activity conducted to support as yet unknown final objectives.  

The Frankensteinian amalgamation of clever and sophisticated capabilities, paired with very basic techniques and functionality, makes it difficult to assess the level of the threat actor’s capability and determine with high confidence the ultimate goals of the campaign. It is possible that large numbers of emails could be used to obscure a smaller set of actual targets, but it’s equally possible the actors wanted to genuinely infect dozens of organizations. It is also possible that multiple threat actors with varying levels of experience in developing tooling and initial access worked on this activity. Overall, it stands out as an unusual campaign.   

The behavior combines a variety of recently popular techniques observed in several disparate campaigns from multiple cybercriminal threat actors that have used similar techniques as part of ongoing experimentation across the initial access ecosystem. Many of the techniques used in the campaign are observed more frequently in the cybercriminal landscape, demonstrating that actors engaging in suspected espionage activity often use the same TTPs as financially motivated threat actors. 

While the activity appears to align with espionage activity, it is possible that future activities associated with this threat cluster may change this assessment. In that case, it would indicate cybercriminal actors, while demonstrating some typical e-crime delivery characteristics, used customized malware with unusual features currently only available to the operators and not abused in widespread campaigns, as well as very specific targeting not normally seen in financially motivated campaigns. 

Defense against observed behaviors includes restricting access to external file sharing services to only known, safelisted servers; blocking network connections to TryCloudflare if it is not required for business purposes; and monitoring and alerting on use of search-ms in scripts and suspicious follow-on activity such as LNK and PowerShell execution. 

Proofpoint reached out to our industry colleagues about the activities in this report abusing their services, and their collaboration is appreciated. 

Continue Reading

Editorial

Voldemort Espionage Malware Campaign: A Familiar Threat with New Tricks

Published

on

Malware

By: Srijith Kn

The Voldemort espionage malware campaign, which has made headlines for its widespread infiltration of organizations worldwide, has raised significant concerns among cybersecurity experts. While the name may invoke a sense of dread, cybersecurity professionals are downplaying its novelty, pointing out that the tactics used by the attackers are not as groundbreaking as they may seem.

Kevin Reed, Chief Information Security Officer at Acronis, explained that the campaign uses a blend of well-established methods seen in previous cyberattacks. “This may sound alarming, but the techniques used are far from revolutionary,” Reed said. “What we’re seeing is a ‘Frankenstein’ approach — combining well-known tools and methods in a logical manner to increase the chances of system compromise.”

One of the more common tactics employed by the Voldemort campaign is the use of malicious PowerShell scripts, a long-standing favorite among cybercriminals. Reed emphasized the importance of proper detection mechanisms to counter these familiar threats. “We encounter these types of malicious scripts frequently,” he noted. “That’s why having robust detection systems, like script emulation technologies such as those found in Acronis Cyber Protect, is critical to neutralize the threat early.”

Despite this reliance on traditional methods, there is one aspect of the Voldemort campaign that has raised eyebrows: the use of Google Sheets as a command-and-control (C2) platform. While this might sound innovative, Reed explained that it’s simply the latest iteration of a tactic used by hackers to exploit user-generated content platforms.

“It’s somewhat unusual to see Google Sheets being used for C2,” Reed said. “But we’ve seen attackers leverage various online platforms for similar purposes before. Social media platforms, like Instagram, have been used in the past — with one high-profile example involving command-and-control messages hidden in the comments section of Britney Spears’ Instagram account.”

The campaign’s success, Reed argues, is less about innovation and more about the persistence and resourcefulness of cybercriminals. Still, the real takeaway from this attack, according to the Acronis expert, is the need for preparedness. “The most important thing is to be ready with advanced cybersecurity tools that can detect and neutralize these types of threats,” Reed said.

As the Voldemort campaign continues to develop, cybersecurity professionals remain focused on the importance of vigilance, investing in robust detection systems, and keeping up with the ever-evolving landscape of cyber threats.

Continue Reading

Features

Robust patch management. In the fight against ransomware, it’s time to get back to basics

Published

on

ransomware

By Saeed Abbasi, Product Manager, Vulnerability Research, Qualys Threat Research Unit (TRU)

In the Arab Gulf region, ransomware has become an epidemic. Since 2019, Saudi Arabia has been a top target for RansomOps gangs. And the GCC remained the most affected territory in the Middle East and Africa, as of 2023, showing a 65% increase over 2022 for instances of victims’ information being posted to data-leak sites. According to the Known Exploited Vulnerabilities (KEV) catalog, maintained by the Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Department of Homeland Security, approximately 20% of the 1,117 exploited vulnerabilities are linked to known ransomware campaigns. Attackers have become more relentless and more sophisticated, just as regional security teams have become more overworked and overwhelmed by their new hybrid infrastructures.

In today’s climate, senior executives approach discussions about cyber risk with the expectation of hearing unfavorable news. Indeed, matters have escalated of late with the emergence of human-mimicking AI. We used to take comfort in the fact that at least artificial intelligence could not be creative like people could. But that was before generative AI came along and left us speechless — with delight or dread, depending on our day job. For security professionals, it is the latter because every new technology that arrives will eventually get exploited by threat actors. AI and its generative subspecies can make it easier to find vulnerabilities, which implies there will be a surge in the volume of zero-days. And GenAI can pump out convincing phishing content at a scale unreachable by human criminals.

But in a break with tradition, I offer good news. In the daily struggle with ransomware threats, the answer lies in the daily fundamentals of IT admin. Patch management is the keystone of cyber resilience. As each vulnerability becomes known and fixes are released, that dreaded countdown begins again. Whether threat actors have beaten vendors to the punch by publishing an exploit before the patch was released or not, organizations must be prepared to act strategically when fixes become available. It may be that a patch fixes an error that poses no risk to the enterprise, in which case patching would not have much impact on reducing cyber risk. Hence, organizations need to look at prioritizing patching the assets that cause the most existential risk to the company, maximizing their patch rate (a measure of how effectively vulnerabilities are addressed) and minimizing their mean time to remediation (MTTR) for such “crown jewel” assets.

Windows mean doors

The Qualys Threat Research Unit (TRU) uses these metrics often in anonymized studies of organizations’ cyber-readiness. Our 2023 Qualys TruRisk Research Report found that weaponized vulnerabilities are patched within 30.6 days in 57.7% of cases, whereas attackers typically publish exploits for the same flaws inside just 19.5 days. That 11-day window is where our concerns should be concentrated. It should spur us to revisit patch management and — if we have not already — to integrate it into our cybersecurity strategy so we can start to close our open doors to attackers.

If we imagine a graph of MTTR plotted against patch rate for every vulnerability, then we can imagine four quadrants, defined by combinations of “high” or “low” for our two metrics. Our sweet spot is in the bottom righthand corner, where patch rate is high and MTTR is low. We could call this quadrant, the “Optimal Security Zone”. If a vulnerability is in this zone, we are unfazed by it. It is low-risk because it is patched and resolved quickly. In the top right, we find that patch rate is still high, so we call this the “Vigilant Alert Zone”, but incidents take a longer time to remediate (high MTTR). But while this is a higher source of concern, it is less worrying than if a vulnerability falls in the bottom left quadrant — the “Underestimated Risk Zone”. Here, we find overlooked vulnerabilities (low patch rates) but unexpectedly short remediation times. These flaws can quickly become risks if left unaddressed. Finally, we come to our red-flag quadrant, the “Critical Attention Zone” (top left), where vulnerabilities have low patch rates and take a long time to resolve.

Combining metrics like this can give us important crossover information that allows us to triage our patch management effectively. By exploring the critical areas first, we can examine overlooked vulnerabilities and discover either that they pose little threat and are less of a source of concern, or that they could lead to a ransomware incident, in which case they become a top priority on our to-do list. With RansomOps groups now leveraging advanced automation tools, the importance of optimal patch management cannot be overstated. Ensuring that systems are updated and secure is critical to prevent potential vulnerabilities.

Action stations

Starting today, then, GCC organizations should look to their vulnerability management strategy and determine an approach that is able to stand up to armies of threat actors, working as a unified industry, equipped with advanced AI, to disrupt, disable, and damage the region’s innovative spirit. We all need to make sure that our vulnerability gaps are closed and our defenses tightened against these malicious actors. Technical and business stakeholders must collaborate on crafting roadmaps that make sense to their operational uniqueness.

The hope remains that one day, cyber criminals, a persistent threat today, will be effectively countered by innovative security technologies. However, we must confront the fact that attackers are becoming more sophisticated, their campaigns are escalating in scope, and the resources available for cybersecurity defense are often constrained.

The solution does not lie in an unknowable panacea, but in the day-to-day fundamentals — robust patch management that uses the four-quadrant principle and aims for the highest possible patch rate and the shortest possible resolution time. The top practitioners in any field — sports, business, the arts — will always extol the virtues of the fundamentals. If it works for them, then why not for us? So, let’s get back to basics and send the ransomware actor packing.

Continue Reading

Trending

Please enable JavaScript in your browser to complete this form.

Copyright © 2023 | The Integrator