Welcome to another week here on the blog, and there’s been a bit of interesting things in the security landscape. There may be other articles, but I’ll only cover those in this post in the security landscape that might be of interest. That also includes the phishing aspect, as Security can only be a human learning experience based on what we see, correct?
Lots of items in this week’s Security News. Its packed from Fancy Bear being on a hacking spree for extortion, A ride on a self driving bus, Russian officers being caught up in stuff, a hacker selling info on 186 million people and more. This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users’ Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree is the article.
This is why I would not trust the government in anything security related. While the intentions are good in their writing, seems as though the department of justice (DOJ) can’t seem to understand that encryption is the way forward, not trying to weaken it. In an article by Shannon Vavra at Cyberscoop, talks about this and I think its worth talking about. This is definitely going to get interesting as the year draws to a close.
Rep. Ro Khanna has one message for politicians who continue to suggest technology companies should give law enforcement agencies access to encrypted data:
This is a power grab.
The U.S. Department of Justice has long called for technology firms to create software that would allow law enforcement agencies to investigate suspects
who use encryption to hide illegal behavior …
This is only the beginning of what I think we should be talking about. We should be convincing the department of justice to quit this, and support encryption. We know people will abuse it, but you can’t stop advancements in technology. It just isn’t going to work.
What do you think about when you look up a web hosting service similar to what I offer to people including the Mix, Internet Radio? Most providers are going to be honest, we’ll offer a level of service that is comperable to one another without stepping on each other’s toes. We all can’t offer the same thing, some providers offer different operating system environments, yet others may offer services and turn the other way to complaints. One particular situation in regards to hosting reminds me of a Colorado provider who was responsible for this, but I can’t find the article that caught my attention on this topic. If you search out bullet proof hosting, you’ll find many different types of articles from around the web.
The latest in this comes this year when Phish labs penned an article entitled Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor.
PhishLabs is monitoring a threat actor group that has set up fraudulent hosting companies with leased IP space from a legitimate reseller. They are using
this infrastructure for bulletproof hosting services as well as to carry out their own phishing attacks. The group, which is based in Indonesia, has been
dubbed Planetary Reef.
This is the beginning of a big problem we definitely need to solve. We know that Phishing and other activities started with the free domain hosting services like ones issued by your ISP or Internet Service Provider. In no way am I saying that all pages hosted through ISP servers are bad, but I am saying that this can be a starting point.
There are other providers in this space which may not offer free services anymore like Homestead. That is where my first personal page came from, way before I baught my domain I use today. It was free, and easy to use. Free is good, but in today’s space, unless you know where to look, free isn’t going to be around. When you choose a provider whether it is homestead, any provider with Cpanel web services, or even a provider who may offer a Windows operating system platform, you want to make sure you choose something that will meet your needs, and you can surely enquire about what types of content are allowed by either viewing the site or contacting sales and support. I know I can’t get in to the illegal game, or my account can be flagged, and that is how all hosting providers should be. No provider should allow the types of things we’ve seen through the years from phishing pages to hosting ransomware and fake pages promoting to be from well-known companies. That should be the next thing we tackle, and how do you, dear reader, think we should do this?
What bothers me about this type of thing is the fact you can have shell companies. Here is something else this article has to say.
Planetary Reef’s infrastructure includes a large number of domains registered through a variety of well-known registrars. Each domain has a substantial
assortment of subdomains that they use to point to different phishing sites hosted on their IP space. In order to quickly set up these phishing sites and
effectively manage their inventory of domains, the group is utilizing dynamic DNS services.
There are various behaviors that indicate Planetary Reef is acting as a bulletproof hosting provider. These types of hosts allow customers considerable
leniency in the types of illicit material they upload and distribute, and are favored among malicious actors. They have sold hosting services to another
actor targeting large social media platforms. They also have connections to known groups offering phishing-for-hire services. Additionally, we have observed
threats using Planetary Reef’s infrastructure targeting various brands and properties in ways that suggest distinct actors pursuing their own ends.
The most prominent hosts run by Planetary Reef are Planet Hosting and CNF-HOST.
More information about each is given, and I think this is definitely worth talking about. What do you all think?
Looks like Trick Bot has been having some big time problems. Trick Bot is really not tricked, it got disrupted and they’re trying to rebuild is an article I wrote after seeing an article talking about how this botnet has been crippled. This is definitely a good sign, and I hope that we can start taking other botnet services down. If it isn’t us in the states, I think it’ll eventually happen with another country. Let’s go!
There’s more in the governmental aspect that may be appropriate for this blog post, but I’ll cover them separately. I appreciate everyone checking out the blog and podcasts, and we’ll be sure to have more stuff coming soon. Thanks for reading!