Linus Tech Tips' YouTube channels were hacked due to a session hijacking attack

Maybe @cruelsister will comment She's been an advocate of using application firewalls to block outbound exfiltration attempts to remote servers.

 

Yes it's so weird. Now that I think of it, my guess is that these guys are probably using the built-in firewalls of Windows and macOS and they don't block outgoing connections by default. In this article they mention it's not a good idea to store passwords in browsers, but not a word on using third party "default deny'' firewalls to block data exfiltration.

https://www.bleepingcomputer.com/ne...-why-passwords-shouldnt-be-saved-in-browsers/

 

BTW, here is some info, hackers made $14.000 with this hack, not bad.

https://news.netcraft.com/archives/...e-channels-hacked-to-promote-cryptoscams.html

 

For the past few weeks I've been running videos on such stealers. Although ransomware is more sexy for the general public, the various stealers are much more common and constitute the bulk of malware currently being released. Sadly most are unaware (except for Blackhats, who are totally aware).

Sandboxing a browser is just another "feel good" protection modality (like MB, WD, HMP) that wouldn't protect from this.

 

Firewalls were technically deprecated, people hate them and they assume that they have a firewall, because of MS Firewall. Not sure about paid AVs with a firewall, but I guess they are very lenient by allowing trusted processes (lolbins).

 

OK will check those videos out, but I assume a firewall like TinyWall could block them? I'm guessing you tested these stealers against Comodo Firewall which should block them too. And what about our requests to test a tool like Secure Folders against ransomware? I wonder if it could block ransomware from encrypting for example the Downloads and Documents folders, even when explorer.exe is marked as trusted.

https://www.softpedia.com/get/Security/Security-Related/Secure-Folders.shtml

 

Hope you understand, but as SF has been abandoned for ~10 years and isn't known by many, devoting the time and effort needed to extensively test, the game just isn't worth the candle.

 

Now that I think of it, not even Linus Tech Tips speaks about how firewalls could have blocked this attack, what a joke, and we're supposed to get tech advise from this guy?

We all know that the built-in firewalls from Windows and macOS are pretty much a joke. And yes, it's most likely since they wanted to make sure they don't get on people's nerves. But they could have also made some type of whitelist of allowed apps?

To be honest, I don't really understand? It's about showcasing defence techniques, who cares about whether it's abandoned? As long if it's still available from download, why not? And I have watched your videos, no surprise there, I'm guessing any third party firewall could have blocked them. Of course with Comodo you also get isolation.

 

R- you are totally correct and I was totally wrong as it indeed is appropriate to test the technique.

In way of a heartfelt apology I set up a Win 11 system, installed Secure Folders and protected the Documents and Photos folder (I chose "Read Only"). The installation was quick, and the protection setup was intuitively obvious. As the defense chosen was changing the selected files to Read Only, SF took up barely any resources.

Once everything was set, I rebooted and ran 20 diverse ransomware samples. These included the normal suspects as well as one which can bypass Controlled Folder protection of WD (did a previous video on this). Also included were 2 that would autostart on boot (a modified X-data and a RedEye variant) in order to confirm boot-time protection.

The results in all cases was the same- all of the protected files remained intact, a total Pass. The only downside would be a minor inconvenience in that protection must be temporarily disabled to do things like edit a document or plop more files into a protected folder. The major downside is that although everything the user decides to protect will be protected, files outside of this will not be (although a doc file is fine, Word may be trashed)

To sum up, the protection was perfect and surpassed that of Controlled Folders.

 

I have replied in the thread about Secure Folders:

https://www.wilderssecurity.com/thr...s-anti-executable.369503/page-19#post-3140002

 

What is this? Would you mind elaborating a bit further?
TIA

 

What I meant is, that I believe the whole point of Cruelsister's videos is to make people aware of certain defence techniques and what software actually delivers this protection. I mean let's say they will stop developing Comodo Firewall and OSArmor, that doesn't make them any less effective against many malware attacks. So to me that's not a good reason to stop testing them, and luckily Cruelsister agreed with me.