May 22, 2023
PyPi, FIN7 and Clop Ransomware, AI Patch
In this Episode:
PyPI Struggling with High Volume of Malware
FIN7 and Clop ransomware
AI Patch Management
This Day in Tech History
Hey, it’s 5:05 on Monday, May 22nd, 2023. From the Sourced Podcast Network in New York city, this is your host, Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Derek Weeks in Bethesda, Maryland, Kadi Grigg in Alexandria, Virginia, Katy Craig in San Diego, California, Marcel Brown in St. Louis, Missouri.
Let’s get to it.
This is Edwin Kwan from Sydney, Australia.
The Python Package Index, also known as Pypi, is struggling to deal with the high volume of malicious users and packages. As a result, the administrators of the index temporarily suspended new user registrations and project creations. The incident notice stated that the volume of malicious users and malicious projects being created on the index in the past week has outpaced their ability to respond in a timely fashion.
Open source registries like Python Package index are popular with threat actors looking for a way to distribute their malware. The suspension was lifted on Sunday, however, it is not known if the administrators have implemented a more permanent solution for dealing with malware.
Last week, cyber adversaries disrupted access to 455,000 open source projects. A series of attacks forced one of the first large scale digital software supply chain disruptions of our generation. If your business relies on Python code packages or any other code packages, listen up.
I’m Derek Weeks reporting from Bethesda, Maryland.
The world’s open source Python code is housed in a huge internet based warehouse known as the PyPi Repository. It is home to 455,000 open source projects that house their code there. This includes over 4.4 million release versions. Every day, developers download over 473 million PyPi packages from the repository. This amounts to over 240 billion downloads annually.
Projects like TensorFlow, Torch, Panda 3D, NumPy, and Seaborn all live there. According to Hacker News, the maintainers of the Python Package Index, better known as PyPi, temporarily disabled the ability for users to sign up and upload new packages.
According to the admins managing the repo, they were quoted as saying the volume of malicious users and malicious projects being created on the index in the past week outpaced our ability to respond to it in a timely fashion, especially with multiple pipi administrators on leave.
Software registries such as PyPi have become popular targets for attackers looking to poison software supply chains and disrupt software development environments.
What do these software supply chain attacks look like? Researchers recently discovered active malware campaigns that leverage OpenAI ChatGPT themed lures to bait developers into downloading a malicious Python module capable of hijacking cryptocurrency transactions.
Another time, a malicious PyPi package called “colourFOOL” was discovered distributing malware. Two other PyPi packages named Microsoft Helper and Reverse Shell were found delivering information stealing malware by exploiting discord. Even earlier this year, the open source framework PyTorch said a malicious dependency imitating one of its own included code that would upload sensitive data from a victim’s machine.
Uploads to the PyPi repository were shut down for about two days, meaning developers relying on new releases that addressed bugs, improved feature sets, or fixed newly discovered vulnerabilities had to wait.
We all know from the pandemic years that physical supply chain disruptions lead to shortages of key goods, price inflation, factory closures, and effect a nation’s national economic wellbeing. But when it comes to digital software supply chain disruptions, the consequences can be delayed releases, performance problems, and growing cybersecurity risks.
So what should you do? It’s time to examine your software supply chains. Understand what and where they are, better understand how your organization relies on them and begin to model the potential threats and disruptions they might pose to your business.
Disruptions may be out of your control, but don’t wait until your software supply chains shut down to plan your contingencies.
Today I want to dive into the return of a notorious cyber gang, FIN7. Known for their sophisticated hacking campaigns, this group is resurfaced with a new weapon in their arsenal, the C10p or Clop ransomware. But before we discuss this latest attack, let’s take a closer look at FIN7’s background.
FIN7, also known as Carbanak Group or Navigator Group, is no stranger to the cybercrime world. Active since at least 2013, this criminal gang has made a name for itself by targeting financial institutions, restaurants, hospitality, and retail sectors worldwide. Their motive: financial gain.
FIN7’s modus operandi involves utilizing advanced hacking techniques and tools to compromise computer networks and steal sensitive data, particularly payment, credit card information. Spearfishing emails are their weapon of choice, often luring unsuspecting employees into opening malicious attachments or clicking a malicious link. Once inside a targeted network, FIN7 deploys a range of sophisticated malware tools, including their Notorious Carbanak and Cobalt Strike, allowing them to gain persistent access, move laterally within the network, and ultimately exfiltrate valuable data. Their primary objective? Stealing payment, credit card data, and selling it on the underground form.
So why am I talking about this today? The cyber gang has made a comeback this time with Clop or C10p ransomware. This new strain encrypts victims files, rendering them inaccessible until a ransom is paid. It’s a lucrative and increasingly popular method for cyber criminals.
The return of FIN7 in their use of Clop ransomware has once again raised concerns among cybersecurity experts and law enforcement agencies. Their attacks have resulted in significant financial losses for organizations and individuals worldwide.
However, it’s worth noting the efforts to combat FIN7 have not been in vain. Over the years, law enforcement agencies, cybersecurity firms, and international organizations have made significant arrests targeting key members of the group.
Despite these setbacks, cyber criminal groups often adapt and reorganize, making it challenging to fully dismantle them. As the cybersecurity landscape continues to evolve, it’s crucial for organizations and individuals to remain vigilant, implementing robust security measures and staying informed about the latest threat.
Till next time, this is Kadi Girgg in Alexander, Virginia.
Traditional patch management. It’s a headache, isn’t it? Manual patching, poor prioritization, system, downtime, compatibility issues, and the ever looming cyber threat. It’s all an uphill battle. But here’s the good news. AI is stepping up to change the game.
This is Katy Craig in San Diego, California.
AI streamlines the process. Automated solutions continuously scan for vulnerabilities and apply necessary patches swiftly, turning an ordeal into a breeze.
Second, prioritization. Not all vulnerabilities are created equal. AI can intelligently rank the threats, addressing the most severe ones first, thus reducing the risk of major breaches.
Third, AI minimizes downtime. No more long system outages. AI driven solutions can test and deploy patches during off peak hours, ensuring minimal disruption to users.
Fourth. AI helps us dodge the compatibility bullet. AI can be used to predict compatibility issues before deployment, thus averting potential system crashes.
Finally, AI enhances threat detection. Traditional systems react. AI anticipates AI platforms leverage machine learning to predict potential threats, thus staying one step ahead of the cyber criminals.
So what’s the future? Well it’s clear that AI is the superior copilot, and as AI models mature and we feed them more data, we can expect these solutions to become even more efficient, proactive, and indispensable.
But remember, AI is a tool, not a magic wand. And while it’s an exciting development, maintaining a robust layered cybersecurity posture is paramount. Patch management is just one piece of the puzzle.
This is Katy Craig. Stay safe out there.
This is Marcel Brown, the most trusted name in technology, bringing you your technology history for May 21st and May 22nd.
Happy birthday to me.
May 21st, 1952. IBM announces their Defense Calculator, Model 701. It was the company’s first commercial scientific computer, but I guess they figured that calling it a calculator would help it sell better. Perhaps they were right because only expecting to sell five, the company ended up selling 19 to government, large companies and universities.
May 21st, 1980. The sequel to the smash, Success Star Wars, the Empire Strikes Back is released on this day, almost exactly three years after the release of the original film.
The Pioneering use of special effects technology in the Star Wars trilogy transformed the entire movie industry.
May 22nd, 1906. Orville and Wilbur Wright are granted the first airplane patent in the US for their “new and useful improvements in flying machines”.
May 22nd, 1980. NamCo’s upcoming video game, Puck Man, is location tested in a movie theater complex in Japan. After favorable initial testing, the game difficulty is slightly tweaked, along with renaming the game to Pacman. Midway Namco, US distributor thought that vandals would alter the letter P to an F. While the game was not officially released in Japan until July of that year and October 10th in the US, the creators of the game consider May 22nd to be Pacman’s birthday because it was the first time the game was shown to the general public.
One of the little known facts about Pacman is that it was specifically developed to be popular with women. Most video games of that time had a war or sports theme to them, and women were generally not interested in those games. Pacman would be the first game popular with both men and women and was the first video game to become a social phenomenon.
Pacman generated over $2.5 billion by the 1990s, becoming one of the highest grossing video games of all time. I’m not sure how many of you remember Pacman Fever, but Pacman was the first video game to break into the mainstream forever changing our culture and society.
And yes, I share a birthday with Pacman.
That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.
That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.
5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there.
Thank you to Edwin Kwan, Derek Weeks, Kadi Grigg, Katy Craig, Marcel Brown for today’s contributions.
The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.