Search This Blog

Showing posts with label IISS. Show all posts

On Microsoft Exchange Servers, a New IceApple Exploit Toolkit was Launched


Security analysts discovered a new post-exploitation framework that could enable Microsoft Exchange servers to be compromised. This framework, known as IceApple, was created by threat actors who wanted to preserve a low profile while launching long-term attacks to assist reconnaissance and data exfiltration. 

"As of May 2022, IceApple is under active development, with 18 modules seen in operation across several enterprise contexts," CrowdStrike reported. The complex virus was identified in various victim networks and in geographically separate areas, which were detected in late 2021. Victims come from a variety of fields, including technology, academia, and government.

IceApple is unique for being an in-memory framework, implying a threat actor's desire to keep a low forensic footprint and avoid detection, which bears all the signs of a long-term algorithmic mission by creating files that appear to come from Microsoft's IIS web server. While most of the malware has been found on Microsoft Exchange servers, IceApple can function under any Internet Information Services (IIS) web app, making it a dangerous threat.

IceApple activity, as per CrowdStrike researchers, could be linked to nation-state attacks. Although IceApple has not been linked to any single threat actor, many believe it was developed by China. 

The actual number of victims of the attack has not been determined by CrowdStrike, but they do not rule out the possibility that the threat will expand in the following weeks. In this regard, the experts suggested updating any apps used by public and commercial businesses to strengthen the system's protection against this framework. 

The malware can locate and erase files and directories, write data, collect credentials, search Active Directory, and transfer sensitive data due to the framework's various components. These components' build timestamps date back to May 2021.

Countries Not Capable To Face Current Cyber Threats: IISS Report Says


Currently, the US is the leading cyberspace power, but China is also closing in quickly and will be a tough rival to the US in the military and civil sector, says International Institute for Strategic Studies, a Britain-based research organization. The other countries are still in the early process to come on foot with the cyberspace implications, according to the experts at IISS. In the present scenario, a feeling of inadequacy and crisis is evident in political circles, where private players can be seen bragging 'catch me if you can' to government organizations as they are trying to reap off high profits. 

There has been rapid advancement in surveillance and intelligence technologies that are capable of compromising network capabilities and advanced computing, but still, there is a need in the government sector to build legal frameworks for the use of such technologies. "China is a second-tier cyber power but, given its growing industrial base in digital technology, it is the state best placed to join the US in the first tier," says the IISS report. At the heart of the national strategies of the US and China, and the trade war between them is competition for control over the technologies that physically underpin the future of cyberspace -- such as microchip production, computer assembly, mobile internet (such as 5G), cloud architectures, cables, and routers," the analysts said. 

The primitive model of government, social organization, and corporate management are continuously struggling to adapt to the current changes, says the IISS report. The reports list 15 major countries into three groups, on the basis of their technological capabilities. The US tops the list, as expected because of 25 years of experience and investment in cybersecurity infrastructure. However, China is also closing in rapidly in technological advancements, along with France, Britain, Russia, Australia, Canada, and Israel. India has emerged as the leading country in the third group along with North Korea, Iran, and Japan. 

As of now, the countries in the third group are not that eminent, but they are making quite progress in particular areas with high ambitions for building their cyber power sector. IISS says, "Governments worldwide are too often playing catch-up against private cyberspace operators in what is poised to become a key arena for defending national interests."