Connect with us


Log4j exploits suggest attackers gearing up for ransomware



Researchers at major cybersecurity firms say they’re seeing indications of attackers exploiting Log4Shell, the widespread Apache Log4j vulnerability, in ways that might be laying the groundwork for a ransomware attack.

Microsoft’s threat intelligence teams reported on Saturday that they’ve seen Log4Shell exploited to install Cobalt Strike, a popular tool with cybercriminals that is often seen as a precursor to deploying ransomware.

Cisco’s threat intelligence team, Talos, hasn’t directly seen the installation of Cobalt Strike so far—but “we’ve seen an increase in malicious Cobalt Strike servers online that may be supporting infrastructure,” said Matt Olney, director of threat intelligence and interdiction at Cisco Talos, in an email to VentureBeat.

And researchers at Sophos have seen “signs of attackers trying to exploit the vulnerability to install remote access tools in victim networks, possibly Cobalt Strike, a key tool in many ransomware attacks,” said Sean Gallagher, a senior threat researcher at Sophos, in a statement circulated to media.

At the time of this writing, no ransomware groups are publicly known to have exploited the vulnerability in Log4j to deploy a ransomware attack.

Widespread vulnerability

The Log4Shell vulnerability was revealed late Thursday and impacts a broad swath of enterprise software and cloud services. The vulnerability affects any application that uses Apache Log4j, an open source logging library, and many applications and services written in Java are potentially vulnerable.

Along with being widespread, the flaw is also considered highly dangerous because it’s seen as fairly easy to exploit. The remote code execution (RCE) vulnerability can ultimately enable an attacker to remotely access and control devices.

In its blog post published Saturday, Microsoft said that “at the time of publication, the vast majority of observed activity has been scanning, but exploitation and post-exploitation activities have also been observed.”

In particular, “Microsoft has observed activities including installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems,” the company said.

Microsoft did not provide further details on the attacks. VentureBeat has reached out to Microsoft for any updated information.

Along with providing some of the largest platforms and cloud services used by businesses, Microsoft is a major cybersecurity vendor in its own right with 650,000 security customers.

Microsoft’s report of seeing Cobalt Strike installation is notable because the tool is “commonly abused by targeted ransomware,” said Chris Doman, cofounder and chief technology officer at cyber vendor Cado Security, in an email to VentureBeat.

Popular with cybercriminals

Cobalt Strike was originally a legitimate tool for penetration testing, but a leaked version of the platform’s source code reportedly appeared on GitHub in late 2020, and researchers say the tool has increasingly been leveraged by cybercriminals.

Use of Cobalt Strike by threat actors surged 161% in 2020, year over year, according to a recent report from Proofpoint. And the tool has been “appearing in Proofpoint threat data more frequently than ever” in 2021, the company said.

Many security researchers—including at Cisco Talos, VMware Carbon Black, and Accenture Security—have reported a significant correlation between the use of Cobalt Strike and ransomware attacks.

The Cobalt Strike tool is useful both because of its effectiveness—the tool launches a “beacon” enabling actions such as remote surveillance and lateral movement—as well as the “anonymity” it offers due to its popularity, VMware and Accenture researchers said in a recent threat research post.

“As the use of Cobalt Strike increases among ransomware operators, Accenture Security and Carbon Black have, in turn, observed attackers use Cobalt Strike Beacon capabilities, such as named pipes over Server Message Block (SMB) and WinRM to move laterally in targeted networks,” the researchers said in the post.

Ransomware threat

Deployment of malware that takes advantage of Log4Shell has already begun, with researchers reporting they’ve observed the use of Mirai and Muhstik botnets to deploy distributed denial of service (DDoS) attacks, as well as deployment of Kinsing malware for crypto mining.

It may only be a “matter of days” before ransomware might be deployed in connection with the vulnerability in Log4j, said David Warshavski, vice president of enterprise security at cybersecurity vendor Sygnia, in an email to VentureBeat.

Due to the broad reach of the vulnerability in Log4j, “the bar for ransomware threat actors to breach enterprise networks and establish an initial foothold has been lowered significantly,” Warshavski said.

The vulnerability comes with the majority of businesses already reporting that they’ve had first-hand experience with ransomware over the past year. A recent survey from CrowdStrike found that 66% of organizations had experienced a ransomware attack in the previous 12 months, up from 56% in 2020. And the average ransomware payment has surged by about 63% in 2021, reaching $1.79 million, the report said.

In terms of Log4Shell, managed detection and response firm Huntress so far has “not seen any serious attacks on our partners and their customers,” said Roger Koehler, vice president of threat ops at the company, in an email. “It’s a little early to hear of anything serious right now,” Koehler said.

However, “this is just the beginning, and we will be seeing this for a long time,” Koehler said.

Exploits began earlier

Researchers have also said that exploits of the vulnerability may have begun as far back as December 1 or December 2.

Cisco Talos said it has discovered attacker activity related to the Log4Shell vulnerability starting on December 2. “It is recommended that organizations expand their hunt for scanning and exploit activity to this date,” Talos researchers said.

Meanwhile, Matthew Prince, CEO of Cloudflare, said his company has found evidence of a Log4j exploit starting on December 1. “However, [we] don’t see evidence of mass exploitation until after public disclosure” on December 9, Prince said on Twitter.

Source link


Amazon may lay off 20,000 employees, including managers: Report



Amazonmay lay off about 20,000 employees across divisions as the company reevaluates its pandemic-induced hiring spree, according to a media report.

A Computerworld report stated that the tech giant could lay off employees across the company, including distribution centre workers, technology staff, and corporate executives. Staff at all levels will likely be affected, it found.

Last month, the New York Times reported that Amazon plans to lay off approximately 10,000 people, and “the cuts will focus on Amazon’s devices organisation, including the voice-assistant Alexa, as well as at its retail division and in human resources”.

However, according to Computerworld, the layoffs could impact nearly double the number of employees– roughly 6% of the company’s corporate employees and about 1.3% of its global workforce of more than 1.5 million composed primarily of hourly workers.

YourStory could not independently verify the report.

Corporate staff have been told that employees will receive a 24-hour notice and severance pay, in accordance with their company contracts, the Computerworld report noted. “There is a sense of fear among employees in the company as the news has come out,” the report added, quoting a source who was informed directly about the layoff effort.

The layoffs would be the largest staff reduction in Amazon’s history.

“There is no specific department or location mentioned for the cuts; it is across the business. We were told this is as a result of over-hiring during the pandemic and the need for cost-cutting as the company’s financials have been on a declining trend,” the source told Computerworld.

After the New York Times report, Amazon Chief Executive Officer Andy Jassy shared some information about role eliminations in a note. Jassy confirmed that layoffs were occurring, though he did not specify the planned number of employees to be laid off.

“Our annual planning process extends into the new year, which means there will be more role reductions as leaders continue to make adjustments. Those decisions will be shared with impacted employees and organisations early in 2023,” Jassy wrote in the message, noting that Amazon had already communicated that layoffs would occur in the Devices and Books businesses, and would be extending a voluntary reduction offer for some employees in the People, Experience, and Technology (PXT) organisation. 

“We haven’t concluded yet exactly how many other roles will be impacted (we know that there will be reductions in our Stores and PXT organisations), but each leader will communicate to their respective teams when we have the details nailed down,” Jassy noted.

Meanwhile, the Computerworld report noted that employees on Amazon’s robotics team have been laid off.

Amazon’s muted third-quarter earnings as well as disappointing fourth-quarter projections led the company’s stock to plummet. Its third-quarter earnings were severely impacted by unpredictable consumer shopping habits and inflation. 

Amazon is likely to lay off several employees in India across divisions, according to media reports. Last month, Amazon confirmed that it will shut down its wholesale unit Amazon Distribution. This is the third business unit to be closed after the e-commerce giant announced the wrapping up of Amazon Academy and the food delivery business in India.

Globally, tech companies have announced layoffs as part of their cost-cutting efforts. In November, Meta CEO Mark Zuckerberg announced that the company had decided to reduce the size of its team by about 13%, cutting over 11,000 jobs. In the same month, Elon Musk reduced half of Twitter’s workforce or about 3,700 jobs at the social media firm.

Source link

Continue Reading


Unlock The Entrepreneurial Potential Of Your Team With Employee-Ownership



A strong team of many outperforms even the most hardworking of entrepreneurs on their own. But when hiring employees, freelancers and contractors, how do you ensure they have the same entrepreneurial skills and drive that you do as your company’s owner? Is it unrealistic to expect employees to be motivated and committed to an organisation they didn’t found?

Nicki Sprinz thinks she has cracked the code of unlocking the entrepreneurial potential of your team, and the answer lies in employee ownership. Sprinz is managing director of B-Corp certified ustwo London, a company of over 200 employees, and cofounder of Ada’s List, an 8000-strong community designed to support women working in the tech industry. ustwo has recently become employee-owned and has already seen the benefits of breaking down the distinction between owners and employees.

According to the Employee Ownership Association, this way of working can improve productivity, support more resilient regional economies and empower team members, resulting in them being far more engaged. Sprinz explained the main benefit for entrepreneurs of this model along with practical tips for managing directors and company founders to make the transition to becoming employee-owned.

Employee ownership protects the company

“Being employee-owned means existing team members, who are now partners, feel empowered as owners,” said Sprinz. She believes that this encourages everyone to put in the work to uphold a strong company culture and course-correct if they see anything awry.

Whilst this might not happen automatically, a founder can make it more likely that their team upholds the vision. Sprinz has put frameworks in place to ensure everyone has a voice. “We hold open firesides, have elected partner representatives on the board, and ensure there are regular channels of communication for all team members to be part of growing the culture and living the values,” she said.

Keeping the team on board means protecting the company. “There are no surprises about the direction we are taking with the business,” explained Sprinz. “We involve everyone in the decisions we make on our projects and ensure we are accountable, both commercially and ethically.”

Attract and retain top talent

In a competitive market, how does your company attract and retain the best talent in the world for the benefit of your clients? Employee-ownership could be the solution. Not only does it make job listings stand out, but it attracts individuals who are like-minded and think long term. They are committed to a future with whichever company they choose to join and are prepared to push themselves to make it happen.

“High quality potential recruits and employees are interested in values and purpose,” said Sprinz. “Being able to talk about employee ownership helps you stand out in a tough hiring market. We have several interview stages so a candidate can get to know us as well as we’d like to know them.”

Sprinz’ interview stages aim to weed out “cultural and value mismatches that ultimately lead to an unfulfilled team.” They ask candidates multiple questions about their values and examples of them in practice, and they encourage candidates to probe with questions about ustwo. They also “publicise the salary for all open roles and candidates have the opportunity to meet other members of the team,” she added.

Control quality

When scaling a business, ambitious entrepreneurs cannot afford to let quality slip. Growth at all costs is a false economy that ends with the business back at square one and having to work harder to undo reputational damage. “A more entrepreneurial team ensures quality stays high,” explained Sprinz. Not only do your team members care deeply about the work they do, they also know they benefit from company growth, so they are incentivised to keep raising the bar.

“If your team is invested in the long term financial success of the company, they also feel pride that their work contributes to overall success,” said Sprinz. “They respond by raising the bar on their work.” Sprinz also believes that, “Regular transparent sharing of financial results and metrics maintains dialogue on personal and company impact.”

Direct the future

An employee-owned company has options for the future. The owner might one day want to step aside or sell, and the company’s succession plan will already be in place. In the meantime, the company has hit new heights and progressed with new ideas because its foundations are solid.

Like Maslow’s Hierarchy of Needs, you cannot reach self-actualisation without warmth and shelter, and a company cannot break through ceilings with constant recruitment issues. When team members are bought into the company, they are bought into its future too, making more certain outcomes for everyone involved.

“The partner representatives on the board surface the priorities of the rest of the team and ensure the conversations of the board are directed accordingly,” explained Sprinz. “The representatives are actively part of the bigger picture and playing a huge part in shaping the company’s future.”

Unlock the entrepreneurial potential of your team by exploring employee ownership, advised Sprinz. The best people will be proud to tell their friends that they are part-owners of the place they work. They will feel valued and listened to and respond with their effort and devotion. Could employee ownership be the right step forward for you?

Continue Reading


With $3M new funding, Egyptian startup OneOrder sets out on growth drive • TechCrunch



OneOrder, Egypt’s supply chain solutions provider for restaurants, has raised $3 million seed funding led by Nclude with participation from A15, and Delivery Hero Ventures. The latest funding brings the total funding raised by the startup to $10.5
million, including $6.5 million working capital financing from financial institutions.

Launched in March this year, OneOrder makes it possible for restaurants to order food supplies through its online platform, solving the fragmented supply chain challenges that lead to erratic prices, waste, quality issues, and storage cost.

By using its platform, restaurants no longer have to deal with tens of suppliers, and can order only what they need, for next day delivery, stemming wastage and doing away with the need for warehouses. The platform also ensures operational efficiency and helps restaurants save money by leveraging OneOrder’s economies of scale.

The startup plans to use the funding to scale its operations in Egypt including increasing its warehouse footprint, and to explore growth opportunities within the Gulf Cooperation Council (GCC) region, and Africa.

“We are exploring Saudi Arabia and expanding south into our continent. I think Africa has a lot of markets that feel the same pain points that Egypt does,” said OneOrder co-founder and CEO, Tamer Amer, who co-founded OneOrder with Karim Maurice (CTO), also founder Cube, an online restaurant-reservation service.

“The solution that we’re providing has shown that this industry is ready for tech solutions…[and] we are working on a more substantial operating system for the restaurants not just the supply chain and inventory management system, rather the full cycle that would turn their operations automatic by using AI and machine learning capabilities to drive the supply chain,” said Amer, a restaurateur for over two decades, initially in the U.S before settling in Egypt from 2008.

Amer, told TechCrunch that the sourcing challenges he experienced operating two restaurants in Egypt — Fuego, a sushi bar, and Longhord Texas Barbeque — inspired the launch of OneOrder, to serve the country’s total addressable market of 400,000 restaurants.

“I had always taken the supply chain in the U.S for-granted; we would order and get the supplies all the time. We didn’t have to worry about shortages or price changes. I realized that Egypt is so underserved and the industry is really doing a lot of things that we shouldn’t be doing,” he said.

“… restaurants should not have a full-time job monitoring the supply chain and procuring products because it takes away focus on the core business, which is serving customers. So that’s where the idea really started,” he said.

OneOrder plans to, through its partners and backed by its extensive data, begin extending working capital financing options to restaurants as a way of helping them scale their operations.

Basil Moftah, the managing partner at Nclude, said: “The product-market fit of the OneOrder solution is very impressive, along with the positive impact it is delivering to all stakeholders in the value chain. Through the use of technology and alternative data, OneOrder’s embedded financing will help underserved clients who are unable to secure traditional financing. This aligns perfectly with our investing philosophy and we are glad to be embarking on this journey with the team.”

Source link

Continue Reading