Year of the (Clandestine) Linux Desktop, topic, and the news - Rob Allen - ESW #433

Segment 1: Interview with Rob Allen

It's the Year of the (Clandestine) Linux Desktop!

As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy.

In this segment, we'll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker.

Segment Resources:

• Pro-Russian Hackers Use Linux VMs to Hide in Windows
• Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs
• Qilin ransomware abuses WSL to run Linux encryptors in Windows

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Segment 2: Topic - Threat Modeling Humanoid Robots

We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance...

Resources

• https://www.unitree.com/H2 (watch the video!)
• China's humanoid robots get factory jobs as UBTech's model scores US$112 million in orders
• The big reveal: Xpeng founder unzips humanoid robot to prove it's not human
• Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability
• 100-page Paper: The Cybersecurity of a Humanoid Robot
• 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors
• Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me

Segment 3: Weekly News

Finally, in the enterprise security news,

1. A $435M venture round
2. A $75M seed round
3. a few acquisitions
4. the producer of the movie Half Baked bought a spyware company
5. AI isn't going well, or is it?
6. maybe we just need to adopt it more slowly and deliberately?
7. ad-blockers are enterprise best practices
8. firewalls and VPNs are security risks, according to insurance claims
9. could you power an entire house with disposable vapes?

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-433