Por Mohit Kumar em 18/10/2019 no site The Hacker News.
Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide.Whether it's American voting machines during the 2016 presidential election or India's EVMs during 2014 general elections, the integrity, transparency, and security of electronic voting machines remained questionable, leaving a wound in the minds of many that is difficult to heal.Many countries, including the largest democracy in the world i.e., India, believe the best way to ensure the security of EVMs is to make its technology opaque to bad actors, but in recent years a large section of the population is losing trust in any system that has been certified by a closed group of experts only.
To make a balance between transparency and security, in May 2019, Microsoft released a free, open-source software development kit (SDK) called ElectionGuard that aims to enable end-to-end verification of voting.Microsoft's ElectionGuard SDK can be integrated into voting systems and has been designed to "enable end-to-end verification of elections, open results to third-party organizations for secure validation, and allow individual voters to confirm their votes were correctly counted."
ElectionGuard Bug Bounty Program
Since no software comes bugs-free, Microsoft today finally launched the ElectionGuard Bounty program, inviting security researchers from across the world to help the company discover high impact vulnerabilities in the ElectionGuard SDK."The ElectionGuard Bounty program invites security researchers to partner with Microsoft to secure ElectionGuard users, and is a part of Microsoft's broader commitment to preserving and protecting electoral processes under the Defending Democracy Program," the company says in a blog post published today.
"Researchers from across the globe, whether full-time cybersecurity professionals, part-time hobbyists, or students, are invited to discover high impact vulnerabilities in targeted areas of the ElectionGuard SDK and share them with Microsoft under Coordinated Vulnerability Disclosure (CVD)."ElectionGuard Bounty offers cybersecurity researchers a reward of up to $15,000 for eligible submissions with a clear and concise proof of concept (POC) to demonstrate how the discovered vulnerability could be exploited to achieve an in-scope security impact.The ElectionGuard components that are currently in scope for bug bounty awards include ElectionGuard API SDK, ElectionGuard specification and documentation, and verifier reference implementation.However, the tech giant says it will update the ElectionGuard bounty scope with additional components to award further research in the future.
Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen data to attacker-controlled server.Active since 2012, Stealth Falcon is a sophisticated hacking group known for targeting journalists, activists, and dissidents with spyware in the Middle East, primarily in the United Arab Emirates (UAE).Dubbed Win32/StealthFalcon, named after the hacking group, the malware communicates and sends collected data to its remote command-and-control (C&C) servers using Windows Background Intelligent Transfer Service (BITS).
BITS is a communication protocol in Windows that takes unused network bandwidth to facilitate asynchronous, prioritized, and throttled transfer of files between machines in the foreground or background, without impacting the network experience.BITS is commonly used by software updaters, including downloading files from the Microsoft servers or peers to install updates on Windows 10, messengers, and other applications designed to operate in the background.According to security researchers at cyber-security firm ESET, since BITS tasks are more likely permitted by host-based firewalls and the functionality automatically adjusts the data transfer rate, it allows malware to stealthily operate in the background without raising any red flags.
"Compared with traditional communication via API functions, the BITS mechanism is exposed through a COM interface and thus harder for a security product to detect," the researchers say in a report published today.
"The transfer resumes automatically after being interrupted for reasons like a network outage, the user logging out, or a system reboot."
Besides this, instead of exfiltrating the collected data in plain text, the malware first creates an encrypted copy of it and then uploads the copy to the C&C server via BITS protocol.
After successfully exfiltrating the stolen data, the malware automatically deletes all log and collected files after rewriting them with random data in order to prevent forensic analysis and recovery of the deleted data.As explained in the report, Win32/StealthFalcon backdoor has not only been designed to steal data from the compromised systems but can also be used by attackers to further deploy more malicious tools and update its configuration by sending commands through C&C server.
"The Win32/StealthFalcon backdoor, which appears to have been created in 2015, allows the attacker to control the compromised computer remotely. We have seen a small number of targets in UAE, Saudi Arabia, Thailand, and the Netherlands; in the latter case, the target was a diplomatic mission of a Middle Eastern country," the researchers say.
According to the researchers, this newly discovered malware shares its C&C servers and code base with a PowerShell-based backdoor attributed to the Stealth Falcon group and tracked by the Citizen Lab in 2016.
