CyberWire Daily

A seemingly legitimate but actually bogus host for a proxy botnet. PowerShell Gallery vulnerabilities. Cyber incident at Clorox. Scamming would be beta-testers. Cyber updates from Russia’s hybrid war.

Aug 17, 2023

Experts Robert M. Lee and Steve Leeper discuss industry layoffs and mitigating risks with illegal data on networks. Other topics include a proxy botnet with over 400,000 exit nodes, PowerShell Gallery vulnerabilities, a cyber incident at Clorox, and scams targeting mobile beta-testers. Lessons from the Russian cyberattack on Viasat and cyber updates on Starlink are also covered.

31:10

Creator website

Episode guests

Robert M. Lee

Steve Leeper

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Malware writers are using a seemingly legitimate company to host a botnet consisting of over 400,000 proxy exit nodes, distributing the malware through peer-to-peer networks and sites offering free premium software.

The PowerShell Gallery package repository has active flaws that can be exploited by threat actors to spoof package names, discover unlisted packages, and uncover deleted secrets, posing a significant risk to organizations using PowerShell gallery modules in cloud deployments.

Deep dives

Botnet comprising over 400,000 proxy exit nodes discovered

AT&T Alien Labs has identified a botnet consisting of more than 400,000 proxy exit nodes. The attackers are using a seemingly legitimate company to host the proxies. Alien Labs has evidence that the malware writers are silently installing the proxy on infected systems via social engineering techniques, often disguising it as cracked software or games. The malware is distributed through peer-to-peer networks and sites offering free premium software. The proxy application, being signed, evades antivirus detection. Alien Labs recommends avoiding downloading pirated software or running executable files from dubious sources.

Introduction

3min

Botnet of 400,000 Proxy Exit Nodes

7min

Espionage Campaign and Currency Concerns in Russia

5min

Illegal Data and Risk Mitigation

14min

Management team pressures and layoffs, followed by a sponsor ad

4min

Building a proxy botnet. Active flaws in PowerShell Gallery. A cyber incident disrupts Clorox. Scams lure would-be mobile beta-testers. Lessons learned from the Russian cyberattack on Viasat. An update on cyber threats to Starlink. Robert M. Lee from Dragos shares his thoughts on the waves of layoffs that have gone through the industry. Steve Leeper of Datadobi explains mitigating risks associated with illegal data on your network. And hey, world leader: it’s never too late to stop manifesting a chronic cranio-urological condition, as they more-or-less say in the Quantum Realm.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/12/157