Author: DN

New attack lets hackers run bad code despite users leaving web page

Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users’ browsers even after users have closed or navigated away from the web page on which they got infected.

This new attack, called MarioNet, opens the door for assembling giant botnets from users’ browsers. These botnets can be used for in-browser crypto-mining (crypto jacking), DDoS attacks, malicious files hosting/sharing, distributed password cracking, creating proxy networks, advertising click-fraud, and traffic stats boosting, researchers said.
The MarioNet attack is an upgrade to a similar concept of creating a browser-based botnet that was described in the Puppetnets research paper 12 years ago, in 2007.

The difference between the two is that MarioNet can survive after users close the browser tab or move away from the website hosting the malicious code.
This is possible because modern web browsers now support a new API called Service Workers. This mechanism allows a website to isolate operations that rendering a page’s user interface from operations that handle intense computational tasks so that the web page UI doesn’t freeze when processing large quantities of data.

Technically, Service Workers are an update to an older API called Web Workers. However, unlike web workers, a service worker, once registered and activated, can live and run in the page’s background, without requiring the user to continue browsing through the site that loaded the service worker.

MarioNet (a clever spelling of “marionette”) takes advantage of the powers provided by service workers in modern browsers.

The attack routine consists of registering a service worker when the user lands on an attacker-controlled website and then abusing the Service Worker SyncManager interface to keep the service worker alive after the user navigates away.

The attack is silent and doesn’t require any type of user interaction because browsers don’t alert users or ask for permission before registering a service worker. Everything happens under the browser’s hood as the user waits for the website to load, and users have no clue that websites have registered service workers as there’s no visible indicator in any web browser.

Can AI become a new tool for hackers?

Over the last three years, the use of AI in cybersecurity has been an increasingly hot topic. Every new company that enters the market touts its AI as the best and most effective. Existing vendors, especially those in the enterprise space, are deploying AI  to reinforce their existing security solutions. Use of artificial intelligence (AI) in cybersecurity is enabling IT professionals to predict and react to emerging cyber threats quicker and more effectively than ever before. So how can they expect to respond when AI falls into the wrong hands?

Imagine a constantly evolving and evasive cyberthreat that could target individuals and organisations remorselessly. This is the reality of cybersecurity in an era of artificial intelligence (AI).

There has been no reduction in the number of breaches and incidents despite the focus on AI. Rajashri Gupta, Head of AI, Avast sat down with Enterprise Times to talk about AI and cyber security and explained that part of the challenge was not just having enough data to train an AI but the need for diverse data.

This is where many new entrants into the market are challenged. They can train an AI on small sets of data but is it enough? How do they teach the AI to detect the difference between a real attack and false positive? Gupta talked about this and how Avast is dealing with the problem.

During the podcast, Gupta also touched on the challenge of ethics for AI and how we deal with privacy. He also talked about IoT and what AI can deliver to help spot attacks against those devices. This is especially important for Avast who are to launch a new range of devices for the home security market this year.

AI has shaken up with automated threat prevention, detection and response revolutionising one of the fastest growing sectors in the digital economy.

Hackers are using AI to speed up polymorphic malware, causing it to constantly change its code so it can’t be identified.

File-less Malware Is Wreaking Havoc Via PowerShell.

File-less Malware Is Wreaking Havoc Via PowerShell

Windows is not a platform PowerShell is limited to. Microsoft Exchange, IIS and SQL servers also fall into line.

What file-less malware does is that it forces PowerShell to institute its malicious code into the console and the RAM.

It becomes a “lateral” attack once the code gets executed, meaning the attack propagates from the central server.


As after the dirty work’s done the malware leaves no traces behind, traditional security solutions are never able to place what was behind the attack.

Only heuristic monitoring systems, if run constantly could help in tracing the attack’s culprit.

Precautionary Measures Against Fileless  Malware

  • Disable PowerShell (If it’s not required to administer systems)
  • If it can’t be disabled, ensure that you’re using the latest version of it. (PowerShell 5 has better security measures in Windows)
  • Only enable specific features of PowerShell via “Constrained Language” mode.
  • Enable automatic transcription of commands which will help in making the system suspicious about file-less attacks.
  • Employ advanced cyber-security methods such as permanent anti-malware services.
  • Do constant research on unknown processes occurring within the system which could generate file-less malware.

What are the MOST Critical Web Vulnerabilities in 2019?

So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?

Well luckily for you Acunetix compiles an annual web application vulnerability report which is a fairly hefty piece of analysis on data gathered from the previous year. This is compiled from the automated web and network perimeter scans run on the Acunetix Online platform, over a 12 month period, across more than 10,000 scan targets.

Read the rest of What are the MOST Critical Web Vulnerabilities in 2019? now! Only available at Darknet.