https://bit.ly/42N4ttI - 🔍 At Black Hat Asia 2023, the Network Operations Center (NOC) team faced a unique challenge - the majority of network traffic was classified as posing a severe cybersecurity threat. Neil Wyler and Bart Stump shared insights into managing the malicious traffic during the event. #BlackHatAsia #Cybersecurity 🌐 The NOC used various dashboards to provide real-time views of the network, capturing stats on device profiles and cloud app connections. A unique heat map was used to track Wi-Fi, Bluetooth, and peer-to-peer wireless connections, giving insights into where people were congregating and potential cyber issues. #NetworkOperationsCenter #HeatMap 📱 Among the 1,500 unique devices connecting to the network, TikTok made its first appearance in the Top 10 apps used during the event, alongside Office 365, Teams, Gmail, Facebook, and WhatsApp. A domain called Hacking Clouds hosted the most user sessions. #TikTok #AppsUsage 🚨 The NOC team encountered various interesting incidents, such as a person generating excessive malicious activity and VPN issues exposing users' location data. The team worked with the problematic entities to resolve the issues and enhance security for all attendees. #CyberIncidents #Security 🛡️ Despite the perception of Black Hat events' networks being dangerous, the NOC team aimed to leave attendees more secure than when they arrived, alerting them to issues like clear-text password transmissions and cryptomining activity.

https://bit.ly/44QatUq - 📱Research at Black Hat Asia by Trend Micro has revealed a startling trend: millions of Android devices come pre-infected with malware before they even leave the factories. This is predominantly affecting lower-cost Android mobile devices, but other tech such as smartwatches and TVs are also impacted. This problem is due to outsourcing to original equipment manufacturers (OEMs), enabling malware implantation within the supply chain. #CyberSecurity #MobileMalware 🏭This isn't a new issue, with similar instances dating back to 2017, but the problem is escalating. Malware plugins, such as proxy plugins, allow criminals to rent infected devices, potentially gaining access to sensitive data like keystrokes, geographical location, and IP addresses. All of this is made possible at the early stages of the device lifecycle, likened to a tree absorbing liquid from the root. #MalwareThreat #CyberCrime 💰The proliferation of malware-infected devices became more prevalent as the price of mobile phone firmware dropped. Fierce competition led to firmware being distributed for free, often bundled with unwanted silent plugins. The most damaging plugins are those with a business model built around them, marketed openly on platforms like Facebook, YouTube, and blogs. #Firmware #InfoSec 🔍The objective of the malware is to steal or monetize information. Devices are turned into proxies used for data theft and click fraud. Users may unwittingly rent out their infected devices, allowing criminals to harvest data or use their phone as an exit node for a period of 1200 seconds. #DataTheft #CyberFraud 🌏Telemetry data estimates that millions of infected devices exist globally, predominantly in Southeast Asia and Eastern Europe. While the precise origin of these threats remains unspecified, China was mentioned several times during the presentation. It's important to note that most of the world's OEMs are based there. #GlobalThreat #CyberAttack 📲At least 10 vendors were found to harbor the malware, with potentially 40 more affected. Higher-end devices are less likely to be infected, suggesting that sticking to well-known brands may offer a degree of protection, though no guarantee. Companies like Samsung and Google have robust supply chain security, but for threat actors, the market remains lucrative.