Connect with us

Featured

Hackers reach for the sky

Published

on

While investigating the infamous Russian-speaking cyberespionage actor Turla, Kaspersky Lab researchers have discovered how it’s evading detection of its activity and physical location.

Turla is a sophisticated cyberespionage group that has been active for more than 8 years. The attackers behind Turla have infected hundreds of computers in more than 45 countries including Kazakhstan, Russia, China, Vietnam and the United States. Types of organisations that have been affected include government institutions and embassies, as well as military, education, research and pharmaceutical companies. At the initial stage, the Epic backdoor performs victim profiling. For only the most high profile targets, the attackers then use an extensive satellite-based communication mechanism in the later stages of the attack, which helps them to hide their traces.

Satellite communications are known mostly as a tool for TV broadcasting and secure communications; however, they are also used to provide access to the Internet. Such services are mostly used in remote locations where all other types of Internet access are either unstable and slow, or not available at all. One of the most widespread and inexpensive types of satellite-based Internet connection is a so-called downstream-only connection.

unnamed-2

In this case, outgoing requests from a user’s PC are communicated through conventional lines (a wired or GPRS connection), with all the incoming traffic coming from the satellite. This technology allows the user to get a relatively fast download speed. However, it has one big disadvantage: all the downstream traffic comes back to the PC unencrypted. Any rogue user with the right set of inexpensive equipment and software could simply intercept the traffic and get access to all the data that users of these links are downloading.

unnamed-1

The Turla group takes advantage of this weakness in a different way: by using it to hide the location of its Command and Control servers (C&C), one of the most important parts of the malicious infrastructure. The C&C server is essentially a “homebase” for the malware deployed on targeted machines. Discovering the location of such a server can lead investigators to uncover details about the actor behind an operation, so here’s how the Turla group is avoiding such risks:

1.      The group first “listens” to the downstream from the satellite to identify active IP addresses of satellite-based Internet users who are online at that moment.

2.      They then choose an online IP address to be used to mask a C&C server, without the legitimate user’s knowledge.

3.      The machines infected by Turla are then instructed to exfiltrate data towards the chosen IPs of regular satellite-based Internet users. The data travels through conventional lines to the satellite Internet provider’s teleports, then up to the satellite, and finally down from the satellite to the users with the chosen IPs.

 

Interestingly, the legitimate user whose IP address has been used by the attackers to receive data from an infected machine, will also receive these packets of data but will barely notice them. This is because the Turla attackers instruct infected machines to send data to ports that, in the majority of cases, are closed by default. So the PC of a legitimate user will simply drop these packets, while the Turla C&C server, which keeps those ports open, will receive and process the exfiltrated data.

 

Another interesting thing with the Turla actor tactics is that they tend to use satellite Internet connection providers located in Middle Eastern and African countries. In their research, Kaspersky Lab experts have spotted the Turla group using IPs of providers located in countries such as Congo, Lebanon, Libya, Niger, Nigeria, Somalia or the UAE.

Satellite beams that are used by operators in these countries usually do not cover European and North American territories, making it very hard for most of security researchers to investigate such attacks.

“In the past, we’ve seen at least three different actors using satellite-based Internet links to mask their operations. Of these, the solution developed by the Turla group is the most interesting and unusual. They are able to reach the ultimate level of anonymity by exploiting a widely used technology – one-way satellite Internet. The attackers can be anywhere within range of their chosen satellite, an area that can exceed thousands of square kilometers,” said Stefan Tanase, Senior Security Researcher at Kaspersky Lab. “This makes it almost impossible to track down the attacker. As the use of such methods becomes more popular, it’s important for system administrators to deploy the correct defense strategies to mitigate such attacks.”

Kaspersky Lab products successfully detect and block the malware used by the Turla threat actor with the following detection names: Backdoor.Win32.Turla.*, Rootkit.Win32.Turla.*, HEUR:Trojan.Win32.Epiccosplay.gen, HEUR:Trojan.Win32.Generic.

Cars

Auto rivals team up for connected car demo

Rivals BMW, Ford and Groupe PSA, maker of Peugeot and Opel cars, have teamed up with the 5G Automotive Association (5GAA), Qualcomm Technologies and Savari for Europe’s first live demonstration of C-V2X direct communication technology operating across vehicles from multiple auto manufacturers.

Published

on

The live demonstration also featured a live showcase of C-V2X direct communication technology operating between passenger cars, motorcycles, and roadside infrastructure. C-V2X is a global solution for vehicle-to-everything (V2X) communication in support of improved automotive safety, automated driving and traffic efficiency.

The demonstration exhibited the road safety and traffic efficiency benefits of using C-V2X for Vehicle-to-Vehicle (V2V) collision avoidance, as well as Vehicle-to-Infrastructure (V2I) connectivity to traffic signals and Traffic Management Centers (TMC). C-V2X was operated using real-time direct communications over ITS spectrum and demonstrated its ability to work without cellular network coverage, and underscores its commercial readiness for industry deployment as early as 2020. Superior performance and cost-effectiveness compared to other V2X technologies, along with forward-compatibility with 5G, make C-V2X direct communications a preferred solution for C-ITS applications.

Six demonstrations were shown including: Emergency Electronic Brake Light, Intersection Collision Warning, Across Traffic Turn Collision Risk Warning, Slow Vehicle Warning and Stationary Vehicle Warning, Signal Phase and Timing / Signal Violation Warning and Vulnerable Road User (pedestrian) Warning. The vehicles involved included two-wheel e-scooters provided by BMW Group, and automotive passenger vehicles provided by Ford, Groupe PSA, and BMW Group, all of which were equipped with C-V2X direct communication technology using the Qualcomm® 9150 C-V2X chipset solution.  V2X software stack and application software, along with roadside infrastructure, were provided by industry leader, Savari.

C-V2X is globally supported by a broad automotive ecosystem, which includes the fast growing 5GAA organization.  The 5GAA involves over 85 global members comprised of many leading automakers, Tier-1 suppliers, software developers, mobile operators, semiconductor companies, test equipment vendors, telecom suppliers, traffic signal suppliers and road operators.  

Cellular modems will be key to the C-V2X deployment in vehicles to support telematics, eCall, connected infotainment and delivering useful driving/traffic/parking information. As C-V2X direct communication functionality is integrated into the cellular modem, C-V2X solutions are expected to be more cost-efficient and economical over competing technologies, and benefit from accelerated attach rates.  C-V2X direct communication field validations are currently underway in Germany, France, Korea, China, Japan and the U.S.

C-V2X currently stands as the only V2X technology based on globally recognized 3rd Generation Partnership Project (3GPP) specifications, with ongoing evolution designed to offer forward compatibility with 5G.  C-V2X also leverages and reuses the upper layer protocols defined by the automotive industry, including the European Telecommunications Standards Institute (ETSI) organization. C-V2X includes two complementary transmission modes: 

  • Direct communication as shown in this demonstration for V2V and V2I use cases
  • V2N network communication, which leverages mobile operators for connectivity and delivers cloud-based services, including automated crash notification (ACN, as mandated by eCall), hazard warnings, weather conditions, green light optimal speed advisory (GLOSA), parking spot location, and remote tele-operation to support automated driving, to name a few.

“This demonstration builds on the successful C-V2X showcase we organised with our members Audi, Ford and Qualcomm in Washington DC in April, said Christoph Voigt, Chairman of 5GAA.

“We are excited to witness the growing momentum behind this life-saving technology and to see our members working together to deploy C-V2X, and to make it hit the road as soon as possible.”  

“The BMW Group introduced the first C-ITS use cases already in 2013 with the market introduction of the BMW i3. Today most of envisaged C-ITS use-cases are already institutionalized. With the implementation of C-V2X, the BMW Group accomplishes the last set of the puzzle with a practical path to C-ITS showing quick benefits,” said Christoph Grote, Senior Vice President Electronics, BMW Group. 

“With its ability to safely and securely connect vehicles, along with its evolution into 5G, C-V2X is integral to Ford’s vision for future transportation in which all cars and infrastructure talk to each other,” said Thomas Lukaszewicz, Manager Automated Driving, Ford of Europe. “We are very encouraged by preliminary test results in Europe and elsewhere which support our belief that C-V2X direct communications has superior V2X communication capabilities.”

“We’re moving forward with seamless communication between cars and their environment for enhancing road safety, as well as our customers’ safety,” said Carla Gohin, Group PSA’s Vice President for Research and Advanced Engineering. “Following the first European C-V2X direct communications demonstration we hosted with Qualcomm Technologies last March, we’re pleased to work with leading automotive and technology companies today to highlight that C-V2X interoperability is a reality.” 

“This demonstration of interoperability between multiple automakers is not only another milestone achieved towards C-V2X deployment, but also further validates the commercial viability and global compatibility of C-V2X direct communications for connected vehicles,” said Enrico Salvatori, senior vice president & president, Qualcomm Europe and MEA. “We look forward in continuing to work alongside leaders in the automotive industry, like the 5GAA, BMW Group, Ford, Groupe PSA and Savari, to help advance the automotive industry’s shift towards a safer, connected and more autonomous future.” 

“As one of the V2X pioneers, our company is extremely pleased to continue to help enable the next step in the V2X revolution that we helped start back in 2008,” said Ravi Puvvala, CEO of Savari. “For the last year and a half, the Savari team has worked diligently alongside the dedicated C-V2X engineers in the 5GAA partnership. The resulting string of increasingly impressive demonstrations is continuing to convince the world that C-V2X will soon be deployed around the world.”

Continue Reading

Featured

Win a Poster Heater with Gadget and Takealot.com

This winter Gadget and Takealot.com are giving away three Poster Heaters, which look like posters but become heaters when you plug them in.

Published

on

Three Gadget readers will each win a unit, valued at R550 each. To enter, follow @GadgetZA and @Takealot on Twitter and tell us on the @GadgetZA account how many Watts the heater consumes.

What’s the big deal about these heaters? Many of us are struggling to keep the balance between soaring electricity costs and the need to keep warm this winter.

However, the recently launched Poster Heater by EasyHeat and distributed in South Africa by Takealot.com is not only one of the most cost effective electric heaters currently on the market, it is also easy to setup and use.

As the name indicates, it is a poster similar to one you would hang on a wall. But, plug it in and it turns into a 300 Watt heater. The Poster Heater isn’t designed to heat hallways or large rooms, but rather smaller ones like a bedroom or a baby’s nursery or a dressing room.

It uses radiant heating, which means that it heats up in a couple of minutes and the heat is directed at the objects or people around it, quickly taking the chill out of the air and providing a comfortable ambient temperature.

The other advantage of radiant heating is that it doesn’t dry out the air like infrared or gas heaters. Users also don’t have to worry about their children or pets getting too close to it because, even though it gets hot, it can be touched.

To enter the competition follow the steps below:

Competition entry details:

1. Follow @GadgetZA and @Takealot on Twitter. (We will ONLY be accepting entires via Twitter, so please don’t enter through the comments section of this article.)

2. Tell us on Twitter, via @GadgetZA, mentioning @Takealot in your posting, how many Watts the Poster Heater consumes.

cleardot.gif3. The competition closes on 31 July 2018.

4. Winners will be notified via Twitter on 1 August and Takealot.com will be in touch to organise delivery.

5. The competition is only open to South African residents.

Continue Reading

Trending

Copyright © 2018 World Wide Worx