Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Security News
Sarah Gooding
March 14, 2024
This week the U.S. Intelligence Community (IC) published its 2024 Annual Threat Assessment in connection with a public Worldwide Threats hearing of the U.S. Senate Select Committee on Intelligence. The IC includes the CIA, FBI, NSA, Department of State, DIA, and ODNI, among other agencies. Their concerns ranged from biological pathogens and election interference to the weaponization of space, across one of the most challenging threat environments the community has ever documented.
In his opening remarks, committee chairman Mark Warner commented on the rise in competition around new technologies, which is redefining how the agencies think about national security:
“The nature of strategic competition today revolves as much about not only traditional military power but around non-traditional tools and the ability to harness emerging dual use technologies. For example, advanced communication networks can provide ubiquitous connectivity but also ubiquitous surveillance. Artificial intelligence can accelerate software development but can also accelerate malicious cyber attacks or the spread of misinformation.
“Compounding all of this. The nature of conflict increasingly allows adversaries to project power through asymmetrical means. For example, cyber attacks can disable critical infrastructure from thousands of miles away and are increasingly available to a widening array of actors.”
The report features analysis of some of the primary states engaging in “competitive behavior that directly threatens U.S. national security,” including China, Russia, North Korea, and Iran. It cites China as “the most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks.” Cyber threats from Russia were identified as espionage, influence, and attack capabilities against critical infrastructure and industrial control systems.
North Korea's cyber program was cited as being responsible for “agile espionage, cybercrime, and attack threats,” with an emphasis on cryptocurrency: “North Korea will continue its ongoing cyber campaign, particularly cryptocurrency heists; seek a broad variety of approaches to launder and cash out stolen cryptocurrency; and maintain a program of IT workers serving abroad to earn additional funds.”
The IC’s report warns of transnational threats from state-actors that precipitate cascading risks and conflict across borders, particularly in the ransomware arena where cybercriminals exploit vulnerabilities for financial gain and geopolitical leverage:
Transnational organized criminals involved in ransomware operations are improving their attacks, extorting funds, disrupting critical services, and exposing sensitive data. Important U.S. services and critical infrastructure such as health care, schools, and manufacturing continue to experience ransomware attacks; however, weak cyber defenses, coupled with efforts to digitize economies, have made low-income countries' networks also attractive targets.
The IC credits the emergence of “inexpensive and anonymizing online infrastructure combined with the growing profitability of ransomware” for the recent increases in global cybercrime, which is becoming more decentralized, sophisticated, and efficient. It also attributes this rise in ransomware to the tendency for groups to rebrand and renew their activities following disruption or law enforcement action.
“Absent cooperative law enforcement from Russia or other countries that provide cyber criminals a safe haven or permissive environment, mitigation efforts will remain limited,” the report stated. These factors are not likely to change anytime soon.
The recently released FBI Internet Crime Report also marked an increase in ransomware incidents, with over 2,825 complaints logged in 2023, an 18% increase over 2022. Reported losses also rose 74%, from $34.3 million to $59.6 million last year. It’s important to note that many incidents are not reported to the FBI and are therefore not represented in these numbers.
The FBI noted that cybercriminals continue to adjust their tactics. Emerging ransomware trends they noted include the deployment of multiple ransomware variants against the same victim and the use of data-destruction tactics to increase pressure on victims to negotiate.
The White House’s proposed budget plan for 2025 was published today, with major increases allocated for protection against foreign adversaries as it relates to cybersecurity and the safeguarding of public services. This includes the following notable highlights:
The proposed budget plan includes a section specific to investing in healthcare cybersecurity, where disruptions put patient care and safety at risk. The HHS marked a 95% increase in large data breaches of healthcare systems from 2018-2022, including ransomware attacks. As part of the proposed budget, $800 million was earmarked to help “high need, low-resourced hospitals cover the upfront costs associated with implementing essential 84 Department of Health and Human Services cybersecurity practices.” An additional $500 million would be allocated to an incentive program that encourages hospitals to invest in advanced cybersecurity practices.
As part of an effort to address emerging cyber and counterintelligence threats, the budget also expands DOJ’s ability to investigate threats with investments in the FBI’s cyber investigative capabilities, including the following:
This week marked an important milestone as intelligence agencies justified the costs of these budget requests through a flurry of reports that summarize the threats from 2023 and those anticipated to persist in the coming years.
The U.S. Intelligence Community (IC) painted a stark picture with its 2024 Annual Threat Assessment outlining the how cyberattacks – particularly ransomware – continues to pose a significant risk to critical infrastructure and national security.
While the budget increase is substantial, the IC report acknowledges the limitations of unilateral action. The report highlights the need for international cooperation to disrupt cybercriminal havens and deter state-sponsored attacks.The success of the U.S. response will likely hinge on its ability to foster such collaboration alongside its own domestic efforts.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.