Skip to content
Imran ViraniNov 28, 20222 min read

Security Impurities: News of the Week (November 16th - 22nd)

Malicious software on PyPI and the problem with using open source

The Internet has been an incredible avenue for the dispersion of technology and knowledge. Today, much of software development relies on open source packages: free-to-use software with source codes that can be user-modified. These are found on websites and indexes across the Internet, where users can access them and contribute to their evolution.

While a great achievement of the digital age, open source has its risks. This week, an ongoing supply chain attack has targeted the Python Package Index (PyPI) to distribute malware. Hackers have uploaded malicious packages of the programming language Python to PyPI with embedded W4SP Stealer malware. This malware steals (among other things) passwords, crypto wallets, and Discord accounts.

This attack speaks to the dangers of using open source, particularly with critical infrastructure. As open source is popular and widely used by critical infrastructure organizations, it presents a growing risk. Using code that comes from outside, public sources (that can be manipulated by threat actors) has its dangers. While laws have been passed to regulate use of open source in government projects, it is crucial that critical infrastructure companies do their own due diligence when opting to use open source software. Open source can be useful and cost-effective. But, for companies in critical infrastructure, convenience and security should both be important.

Zeppelin ransomware cracked!

In cybersecurity, there is a tendency to focus on negative headlines. The news that Russian ransomware Zeppelin was cracked is a welcome respite from the doom and gloom. Zeppelin was cracked by Lance James, founder of the cybersecurity consulting firm Unit 221B.

Though his firm was hired to deal with a company affected by Zeppelin, James has had the malware in his sights for some time. Citing his disgust at Zeppelin targeting vulnerable groups, James relished the opportunity to take it down. He cracked the ransomware by brute-forcing its encryption keys, which required almost 100 Cloud servers but only a few hours of his time. Even though his firm was paid to deal with Zeppelin, the fact that it is no longer attacking any victims shows how valuable James's actions were. As the holiday season approaches and the spirit of giving is on the minds of many, it is refreshing to witness good deeds in the cyber world.

Holiday phishing attacks

If your organization participates in Secret Santa and uses online shopping to buy these gifts, be aware of phishing attacks! A phishing kit has been targeting online shoppers in the US and Canada. It has been impersonating well-known retailers such as Costco, Delta Airlines, and Dick's Sporting Goods. This kit is designed to entice victims looking for holiday specials, sending emails to targets informing them of great deals. Users clicking on these links are then taken to a unique URL, where they are asked to complete a survey. These surveys eventually lead to the theft of their credit card information.

This phishing attack is well-designed and very dangerous. It uses legitimate cloud services like Google and deploys URL shorteners for its malicious links. The attackers have even created fake testimonials by 'users' who completed these surveys. If you're in charge of the office Christmas shopping this year, think before you click!