![earn 30000 from google vulnerability program](https://7defence.com/wp-content/uploads/2023/05/google-reward-program-370x370.jpg)
Earn up to $30,000! Google Launches Bug Bounty Program for Android App Vulnerabilities
Google has introduced the Mobile Vulnerability Rewards Program (Mobile VRP), a new bug bounty initiative aimed at incentivizing security researchers [...]
todayMay 23, 2023
Cyber security + Global news 7 Defence
Google has introduced the Mobile Vulnerability Rewards Program (Mobile VRP), a new bug bounty initiative aimed at incentivizing security researchers [...]
Blockchain + Cyber security + Cybercrime 7 Defence todayMay 23, 2023 118
A group of financially motivated hackers from Indonesia have been discovered using Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances for unauthorized cryptocurrency mining activities.
The cloud security firm Permiso P0 Labs, which detected the group, has named them GUI-vil (pronounced Goo-ee-vil). The hackers show a preference for Graphical User Interface (GUI) tools, specifically utilizing S3 Browser (version 9.5.5) for their initial operations. Once they gain access to the AWS Console, they continue their activities directly through a web browser.
The attack method employed by GUI-vil involves exploiting AWS keys found in publicly exposed source code repositories on GitHub or targeting vulnerable GitLab instances with remote code execution flaws (e.g., CVE-2021-22205). Once initial access is obtained, the hackers escalate privileges and conduct internal reconnaissance to identify accessible S3 buckets and services through the AWS web console.
A unique aspect of GUI-vil’s approach is their attempt to blend in and maintain persistence within the victim’s environment. They achieve this by creating new user identities that adhere to the same naming convention as existing ones, thereby avoiding suspicion. Additionally, the group creates access keys for these new users to continue using S3 Browser seamlessly.
Alternatively, GUI-vil has been observed creating login profiles for existing users without them, allowing access to the AWS console without raising alarms.
The link to Indonesia arises from the IP addresses associated with the group’s activities, which are tied to two Autonomous System Numbers (ASNs) located in the Southeast Asian country.
The primary objective of GUI-vil is financially motivated, centered around setting up EC2 instances to facilitate their crypto mining operations. However, the profits they make from mining are often minimal compared to the costs incurred by victim organizations for running the compromised EC2 instances.
The researchers at P0 Labs emphasize the importance of organizations maintaining strong security measures, such as protecting AWS keys, regularly updating source code repositories, and promptly patching known vulnerabilities. Heightened awareness and proactive defense strategies are crucial in mitigating the risks posed by threat actors like GUI-vil.
Written by: 7 Defence
Data Breach 7 Defence
Mashable, a major tech and culture news website had experienced a data breach which leaked the users’ personal information. This news was confirmed by Mashable itself that their database had ...
Copyright 2020 By 7Defence.
Post comments (0)