Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Rolling in the deep.
That’s the warning from BlackBerry. The smartphone maker-turned-enterprise software company announced on Nov. 12 that it had uncovered a new framework in LightSpy, a malware campaign allegedly connected to Chinese cybercrime group APT41.
“Despite facing indictments from the US Department of Justice and ongoing FBI investigations, APT41 is intensifying its espionage activities, now deploying the advanced DeepData framework to monitor widely used communication tools such as WhatsApp and Signal on compromised devices,” BlackBerry VP of Threat Research and Intelligence Ismael Valenzuela told IT Brew in an email. “The group continues to target high-value political activists, politicians, and journalists.”
Played to the beat. The new DeepData tool is a “a modular Windows-based surveillance framework that significantly broadens their espionage capabilities,” BlackBerry researchers wrote.
LightSpy utilizes malware plugins to infiltrate systems and obtain user data. DeepData is the latest in the software’s toolkit deployment and appears to present an escalation in capabilities for the technology.
For LightSpy users, DeepData represents a potential attack vector they can use to exploit VPNs and other more secure communication systems. Volexity researchers discovered that Fortinet’s Windows VPN client was breached through a zero-day attack utilizing DeepData.
A reddit user detailed the danger of the unauthorized access: “The credentials for that also have a high probability of being recycled. They can use the access to establish persistent access by implanting reverse shells, for example, deep into the system. They can install keystroke loggers to capture credentials for other services.”
Could have had it all. It’s not the first time VPNs have been breached in recent months. As IT Brew has reported, attackers have increasingly targeted the private networks since the pandemic, making taking care of them an urgent necessity. A September study from SpecOps Software revealed that millions of VPN access passwords have been leaked online.
DH2i co-founder and CEO Don Boxley told IT Brew that he has concerns over how the attack surface has evolved due to the pervasiveness of VPNs, and urged a rethinking on how organizations approach virtual network security.
“The real issue for those large organizations is where they’ve got thousands of people accessing critical systems via VPNs,” Boxley said.