Binary Ballet: China’s Espionage Tango with Microsoft

Microsoft Threat Intelligence has identified several distinct Storm-0558 capabilities that facilitate the threat actor’s intrusion techniques.Storm-0558 uses a repository of PowerShell and Python scripts to perform REST API calls against the OWA Exchange Store service. For example, Storm-0558 has the capability to use access tokens to extract email data such as: Email Body and Subject. Email Attachments. Email Folder Information and metadata. The scripts contain extremely sensitive hardcoded information such as bearer access tokens and email data, which the threat actor uses to perform the OWA API calls. The threat actor has the capability to refresh the access token for use in subsequent OWA commands, adding a layer of persistence. Whilst the goals of Storm-0558 is to remain opaque, the response from Microsoft has had an adverse effect on consumer confidence and identified systemic shortcomings. The difficulty in understanding the full scale of this attack lies in the lack of sufficient logs to determine if companies were compromised, meaning the foundational incident response processed has been hamstrung. This points to a problem on a grander scaler than previously thought. The fact that Microsoft’s logging capabilities have come into question undermines faith in the largest technology provider in history, and further cements the idea that threat actors are moving at a pace that large business cannot keep up with. SecurityHQ Threat Intelligence team have been following the developments of this closely, and there are two services that can alleviate some of the pressure that such attacks can cause. By http://www.securityhq.com

BearingPoint Makes Strategic Investment in Binary Code Scanning Leader Insignary

Management and technology consultancy BearingPoint has made a strategic investment in Insignary, a global leader in binary-level open source software security and compliance. It marks BearingPoint’s first time investing in an Asian start-up. As part of its Ventures activities, the investment builds on BearingPoint’s successful partnership with Insignary, through which they became the first to offer managed binary code scanning service in Europe. The funding will enable Insignary to meet the growing demand in the EU, the US and Asia for businesses looking to improve their open-source software (OSS) risk management.
Insignary’s software-as-a-service (SaaS) and server-based security tool, Insignary Clarity™, enables proactive scanning of software binaries for known, preventable security vulnerabilities, while also identifying potential license compliance issues. Insignary Clarity uses unique fingerprint-based technology, which works on the binary-level without the need for source code or reverse engineering. “We are very excited to welcome our strategic partner, BearingPoint, as a new investor,” said Tae-Jin (TJ) Kang, CEO of Insignary, Inc. “Having the financial and strategic support of such a leader in enterprise managed security services validates Insignary’s technology and go-to-market strategy, and fuels our momentum as a company.” “We see this as an extraordinary opportunity. Insignary has a unique capability of coping with one of the most pressing challenges companies face today: identifying and addressing known security vulnerabilities. With open-source software used in critical enterprise platforms, web and mobile apps, as well as IoT, blockchain, cloud, open container and other fast-growth technologies, Insignary is at the forefront with its security solutions. This fits perfectly with our investment strategy of being a step ahead of tomorrow for our clients”, said Patrick Palmgren, Chief Development Officer at BearingPoint.