The Cyber Insecurity Show: AWS Coin Mining, F-5 Networks and Encrochat
Welcome to eLearnSecurity’s Cyber Insecurity, a new show dedicated to the latest InfoSec news. Every week, cyber experts Neal Bridges and Jeff Golz join eLearnSecurity’s Matt Kreisher to discuss what businesses need to know about the latest events in cyber security.
This week, Jeff, Neal and Matt discuss AWS coin mining, the 5-alarm vulnerability at F-5 Networks and Encrochat.
AWS Coin Mining
On July 7th, Anthony Randazzo of Expel tweeted about a new AWS coin mining attack that, while not subtle, did raise “interesting observations.” Not only did the attackers have root access, but they also brought their own SSH keys. Randozza also mentions that the bot framework was written in Golang, a language created by Google that is catching on in the cyber criminal world.
F-5 Networks Vulnerability
What constitutes a 5-alarm vulnerability that requires immediate patching, no matter when or what time of day? A recent vulnerability found in networking equipment at Seattle-based F-5 Networks triggered that exact conversation between Neal and Jeff.
Government agencies including Cyber Command and the United States Computer Emergency Readiness Team alerted companies to a major vulnerability that needed immediate patching of the July 4th weekend. Chris Krebs, director of the federal Cybersecurity and Infrastructure Security Agency warned organizations slow to update their hardware that they were in serious trouble. “This is the pre-exploit window to patch slamming shut right in front of your eyes,” Krebs tweeted on July 5. “If you don’t patch by this morning, assume compromise.”
Encrochat Shuttered After Months of Authority Surveillance
An encrypted communication service known as Encrochat was shut down by British and EU officials in July, months after law enforcement agencies began surveilling criminal activity on the app. Originally sold as a nearly unhackable chat app that was only available on proprietary Android phones with GPS, camera, and speakers removed, the service was popular with criminals in Europe, Africa and the Middle East.
However, French police were able to hack the chat service, allowing authorities to monitor unencrypted communications. Drugs were seized, murder plots foiled, and members of organized crime rings across Europe were jailed through a joint effort between Interpol and British police.
Cyber Insecurity is a weekly show, with new episodes published every Thursday. To subscribe, search for INE’s The IT Expert Network wherever you listen to podcasts or subscribe to eLearnSecurity’s YouTube page.