How Israel Built One Of The World’s Most Powerful Cyber Armies

In the last few years, along with the United States, UK, China and Russia, Israel has become a superpower in the world of government hacking and cyber espionage.
Israeli cyberspies are believed to have worked with NSA hackers to develop Stuxnet, the world’s first cyberweapon. And many of its cyberspies and warriors have moved to the private sector to launch companies worth hundreds of millions of dollars that have a footprint all over the globe, such as Cellebrite or the NSO Group. How did such a small country become such a big player in the world hacking stage?
At the core of Israel’s success in cyberspace is a military intelligence corps named Unit 8200, which specializes in sophisticated hacking and espionage operations. Young Israeli geeks vie to get into Unit 8200 to have a chance to work within a team tasked with carrying out cutting-edge missions, and the license to hack and spy on almost anyone.
“You get 18 or 19-year-olds to deal with the most exciting stuff that anyone can deal with, espionage!” said Ronen Bergman, an investigative journalist at Yedioth Ahronoth.
After they leave service, they can leverage the experience and prestige of Unit 8200 to get practically any cybersecurity job or get funding to launch a company. That’s why kids in high school dream about joining Unit 8200, and that’s why the Israeli government has set up a program to nurture and recruit high school kids interested in computers.

A zero-day vulnerability in InPage publishing software used primarily in Urdu, Pashto and Arabic-speaking nations has been publicly exploited in attacks against financial institutions and government agencies in the region. While there are more than 10 million InPage users in Pakistan and India alone, there are a significant number of users in the U.S., U.K. and across Europe as well. Related Posts IBM Opens Attack Simulation Test Center November 16, 2016 , 6:04 pm CrySis Ransomware Master Decryption Keys Released November 14, 2016 , 2:20 pm Microsoft Patches Zero Day Disclosed by Google November 8, 2016 , 2:57 pm Researchers at Kaspersky Lab today disclosed the vulnerability after a number of attempts to privately report the bug to InPage were ignored. “We have informed the vendor of the affected software of the existence of the vulnerability, but have received no reply, while the attacks continue,” Kaspersky Lab said in a statement. “We have also informed the Indian CERT and received the reply that the organization’s specialists are looking into the issue.” Kaspersky Lab said it’s possible a number of criminal or nation-state actors are using this exploit since it has recorded several different attacks against banks in Asia and Africa, as well as others targeting government agencies. The exploit is spreading via phishing campaigns, and was discovered during a separate investigation in September. It was then when Kaspersky Lab researchers found a file with a .inp extension that was analyzed and found to contain shellcode inside a Microsoft OLE file, a file format that has been used in a number of Office exploits dating back to 2009. The researchers detected a number of different payloads and command and control servers used in the respective attacks. A list of C2 servers and indicators of compromised has been published as well. Kaspersky Lab’s analysis of some of the emails shows that the attackers used other exploits using .rtf and .doc files in conjunction with the InPage exploit. The attacks dropped different versions of particular keyloggers and backdoors on victims’ machines. The vulnerability in question is in a parser in the main InPage module. “The parser in the software’s main module ‘inpage.exe’ contains a vulnerability when parsing certain fields,” Kaspersky Lab said. “By carefully setting such a field in the document, an attacker can control the instruction flow and achieve code execution.” The shellcode found in the document first looks for certain patterns in virtual memory space before launching a decoder that obtains an instruction pointer and decrypts the next stage of the attack. At that point, a downloader grabs and executes the payload. Kaspersky Lab researchers said the attacks are similar to attacks exploiting vulnerabilities in the Hangul Word Processor against government targets in South Korea. Researchers at FireEye last year found such an attack and linked the payloads and command and control infrastructure used to North Korea. “Despite our attempts, we haven’t been able to get in touch with the InPage developers,” Kaspersky Lab said. “By comparison, the Hangul developers have been consistently patching vulnerabilities and publishing new variants that fix these problems.”

See more at: InPage Zero Day Used in Attacks Against Banks https://wp.me/p3AjUX-vLy