Linux file and directory management commands

linux-file-and-directory-management-commands
  • Provided by
    TechRepublic Premium
  • Published
    July 30, 2020
  • Topic
    TechRepublic Premium
  • Format
    PDF

If you’re new to the world of Linux server administration, you might be overwhelmed with the idea of having to deal with the command line. However, it’s almost inevitable that you will have to face those fears. And even though you can install a GUI on those servers, the added overhead and security risks might have you second-guess that decision. When you combine that with the reality that the most popular form of working remotely on Linux is via SSH and the Command Line Interface (CLI), chances are pretty good you’ll need to know a command or two.

Without a solid understanding of these basic commands, you’ll have a hard time pulling off simple tasks on headless or remote Linux servers.

But fret not, TechRepublic Premium has you covered. Within this document you’ll find all of the commands you need to manage directories and files from the command line on a Linux machine. With these commands in your toolkit, you won’t have any problem managing files and directories from the CLI on a Linux machine. You can move about the directory structure, list contents and permissions of files, change permissions and ownership of files and directories, create files and directories, and more.

People Also Downloaded

How Device-as-a-Service is leading a new kind of business transformation

how-device-as-a-service-is-leading-a-new-kind-of-business-transformation

The work-from-home needs of employees due to COVID-19 could help drive big changes in how laptops and other devices are sold.

digital-transformation.jpg

Digital transformation and the work-from-home movement may not be the only big technology trends gaining strength due to the COVID-19 pandemic of 2020. Also picking up traction in the business IT marketplace in the last six months is the Device-as-a-Service (DaaS) model of acquiring hardware without having to buy, configure, and manage it.

In 2015, no major PC manufacturers offered a DaaS option to acquire hardware, according to a recent report from Accenture. But by 2019, that changed dramatically, with 65% of major PC makers offering DaaS options to their customers.

To Kevin Dobbs, the leader of Accenture’s Everything-as-a-Service practice, it’s where PC makers and other hardware suppliers need to go if they want to keep up with business and consumer expectations and demands.

With DaaS, vendors take laptops, desktop PCs, and other devices and preconfigure and customize them with productivity and security applications as well as value-added services to ready them for business or consumer customers. The devices aren’t purchased outright by companies like in the past, but are paid for on a consumption model.

 

SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)

 

That may seem like a lease, but it’s not a lease, Dobbs said. “They may look similar, but DaaS is less about the device and more about the services associated with the devices.”

The work-from-home movement due to the pandemic could be a big boost for DaaS adoption in the future, he said. Companies that scrambled to send workers home to do their jobs as the pandemic spawned shutdowns across the nation were often forced into a laptop-buying frenzy

That quickly revealed that it was easier to buy the machines fully loaded and configured and ready for workers to do their jobs from home, Dobbs said. For companies, it essentially streamlined the process of quickly enabling a large number of at-home workers that companies didn’t have in the past. DaaS arrangements also include product support from vendors or partners as needed.

“It gives an easy way to get help,” Dobbs said. “They would rather buy things preconfigured with software and security. I think a lot of the customer buying pattern is moving in that direction.”

Benefits and challenges for vendors

And while this can all be beneficial for users, the DaaS model also provides a mix of big benefits and real challenges for hardware vendors, Dobbs explained.

First, because customers use the devices until they are done with them, the vendors get them back and can collect, refurbish, and resell them to new users up to four more times over the useful life of the devices, which maximizes returns on investments, according to Dobbs.

“For vendors, it’s a great option because rather than only selling a product one time, they can sell them up to five times,” Dobbs said. “The benefit is that by keeping control of the devices and surrounding them with different kinds of services and capabilities each time you can give more to customers. In the hardware business, margins are thin, but here you sell it over and over. That’s why we think this is an exciting trend.”

 

SEE: Mobile device computing policy (TechRepublic Premium)

 

It’s also something that can boost revenue for hardware vendors at a time when sales may be lower due to the growing popularity of business customers moving workloads to the cloud. When customers move to the cloud, hardware sales typically get lost in the transaction.

“DaaS becomes a more interesting way for manufacturers and channel partners to head as they are moving into the next phase of their growth,” he said.

But the challenges are there as well. To enable DaaS, vendors require complicated supply chains to collect, refurbish, and redistribute all that gear. “That means that vendors need to take a very different approach to how they sell their goods,” Dobbs said. “We’re seeing more and more companies looking at that option.”

Creating and maintaining the needed supply chains to create a seamless experience for customers isn’t easy, though. “At scale, it is difficult to do these things, when we’re talking about millions of devices and being able to orchestrate them to make money for vendors,” Dobbs said. On the flip side, companies that already have such supply chains will be able to drive more value from them.

DaaS is all about the customer

Ultimately, DaaS is gaining traction because business customers and consumers want to make things easier for themselves, Dobbs said. “In the end, the customers don’t care about the device itself. They just want an outcome. If it breaks, they just want it replaced. They want service. All those things are valuable to customers.”

And that’s where the flexibility and value of DaaS can solve problems for users, Dobbs said. “This is the way customers now want to get their devices. The business buyers are expecting the same level of service and experience in their work as they are in their consumer lives. Customers want to try before buying, pay as they go, and have more of a consumption-based model, where they get charged as they go for what they use.”

By using DaaS, customers potentially pay less up-front, but could spend more over time for the overall package of devices and integrated services and support. Cost-savings aren’t usually why customers are attracted to DaaS in the first place, Dobbs said.

For hardware vendors that aren’t filling these demands in the future, it will be a challenging environment in the future, he said.

“The opportunity today is to do this proactively,” Dobbs said. “Customers want to buy it this way, so you are going to have to move this way, like it or not. COVID-19 is also highlighting the fact that more and more customers will be embracing this approach.”

 

Tech News You Can Use Newsletter

We deliver the top business tech news stories about the companies, the people, and the products revolutionizing the planet.
Delivered Daily



Sign up today

Also see

Top 10 apps every iOS user should download

top-10-apps-every-ios-user-should-download

Check out a developer’s picks of 10 essential iOS apps, which focus on security, productivity, and more.

Over the past 13 years, as iPhones and iPads have become fixtures in more users’ lives, the number of apps and the Apple App Store ecosystem have expanded to offer services and apps that iOS users rely on each day. If you’re an iPhone or iPad user, chances are, you have pages of apps installed, but which ones are really must-haves?

This is my list of essential iOS apps that I use every single day. Some of these apps manage device security, some hold memories, and even more keep me organized, productive, and able to move throughout my day with ease. 

1Password



10iosapps-1password.jpg

1Password app

Image: 1Password

The iCloud Keychain is great for most users to manage passwords and website logins; however, 1Password handles multiple logins, two-factor authentication (2FA), and multiple shared vaults with ease, making it my go-to password management software. The multiple vaults that can be shared with business partners or others is a no-brainer feature that makes the software worth its weight in… well, passwords. This software supports multiple languages and is a 96.8MB download.

A free trial is available, with different pricing plans for personal and families. Plans start at $2.99 per month. 


Apple

Day One



day-one-ipad-1.jpg

Day One app

Image: Day One

The Apple Notes app on iOS is great, but what if you want to have multiple journals, the ability to map out entries, everything sorted by date added, and to top it all off, Markdown support? Well, the Day One app has been one of my must-haves for years because of these features and many more. I love that it now has the ability to add videos and unlimited photos, as well as recording audio, to posts. Plus, you can have your favorite journals printed in a real book, and all entries added to a journal can be encrypted. There’s even API access available through IFTTT that can automatically add entries to your journals (I have one set up to automatically log every tweet I post to Twitter as backup). This software supports multiple languages, iPad, iPhone, and Mac, and is a 95.1MB download for the iOS version.

The software is $34.99 per year for unlimited online storage and syncing. A free trial is available.


Apple

DEVONthink To Go



10iosapps-devonthink.jpg

DEVONthink To Go app

Image: DEVONthink

I love having a paperless office, and DEVONthink is the tool that I use on my Mac and iOS devices to make that happen. I use the Mac version to scan documents and have them automatically transcribed into searchable PDF documents and synced to iCloud; then, I use this iOS version of the app to be able to search, sort, view, and look up information while I’m on the go. You can also add documents and files directly into the iOS version, but only the Mac version supports scanning and OCR-ing documents into searchable PDFs. I love the fact that no matter how much I seem to put into this app, a decade’s worth of PDFs containing mail, emails, and more is searchable within seconds on iOS, making it an app that I cannot live without.

The software supports multiple languages and iPad and iPhone. It’s a 103.8MB app and costs $14.99 with an optional $7.99 Pro Package that supplements the base set of features with even more.


Apple

Deliveries



10iosapps-deliveries.jpg

Deliveries app

Image: JuneCloud

In today’s world, receiving shipments is an everyday occurrence, and managing those deliveries can be a headache–that’s where the Deliveries app comes in. What started as a handy OS X Tiger Widget back in the day on the Mac has grown into a must-have app on iOS and macOS. It can sync with either iCloud or “JuneCloud” (the app’s own syncing service) to get shipment information between all of your devices. It gives push notifications for up-to-the-minute package tracking, and includes the ability to search all of your past deliveries as well as see current deliveries on a map and scheduled delivery dates without ever having to leave the app.

The software supports multiple languages and shipment carriers around the world, as well as iPad and iPhone. The app is a 17.2MB download and costs $4.99 one time.


Apple

Google Photos



10iosapps-googlephotos.jpg

Google Photos app

Image: Google

I use and love iCloud Photo Library, but at the end of the day, I don’t trust my photos and precious memories to just a single cloud photo provider–that’s why I also use the Google Photos app to automatically back up photos to my Google account as well. I set the app to automatically back up all of my photos from my device whenever new photos are added to the Apple Photos library. As long as you don’t force quit the app from your device, it will keep backing up without any intervention.

The software supports multiple languages, and iPhone and iPad. The app is a 161.8MB download. Google Photos prices may vary depending on additional storage requirements beyond the free storage from Google.


Google

Unread



10iosapps-unread.jpg

Unread app

Image: Golden Hill Software

RSS readers are still a thing, and have made a comeback in recent years as many users’ default way to read websites. Unread is a minimalist RSS reading client that can sync with multiple service providers, including Feed Wrangler, Feedly, and more. It downloads the full content of the articles so you don’t have to navigate out of the app to another website to read the full text, and it features keyboard and gestures that give prominence to the content over the app’s UI. Swiping left will bring up menus that let you share articles, add to Pinboard or Raindrop, or other services that can be configured in the app.

The app costs $19.99 per year (after trial) and is a 15.1 MB download from the App Store. 


Apple

Carrot Weather



carrot-weather.jpg

Carrot Weather app

Image: Carrot

The iOS weather app isn’t the most reliable for every user, leaving many to rush to third-party apps like Dark Sky; but, with the recent acquisition of Dark Sky by Apple, its future is unknown at this point. One of my favorite weather apps, Carrot, uses the Dark Sky API to get weather data, but is infinitely configurable to use many other services, or even your own personal weather stations (like those from Netatmo and WeatherFlow). The app also has a very interesting “personality” that makes me smile every time you check the weather. This, coupled with the ability to use Siri Shortcuts, the Apple Watch app, and customization, makes it well worth the price.

Carrot Weather is $4.99 on the App Store, and includes in-app purchase for yearly subscriptions for additional features and services. The app is a 74.8MB download. 


Apple

Stocard



stocard.jpg

Stocard app

Image: Stocard

If you’re like me, then you hate carrying around loyalty and membership cards. While some stores and memberships have gone digital, some still rely on plastic cards that you have to remember to tote around with you. Enter Stocard, an app that can scan in the barcodes of your cards and organize them digitally. When you go to a store, simply pull out your phone and let the barcode get scanned. You can even store a photo of the front and back of the card if the digitized barcode refuses to work or you need additional proof of your card.

This app is a free 102.3 MB download from the App Store. 


Apple

Screens



10iosapps-screens.jpg

Screens app

Image: Endova

Sometimes it can be important to connect back to your desktop computer to perform a simple task while on the go. With Screens, you can easily start a screen-sharing session from anywhere as long as your Mac or Windows computer is connected to the network and turned on. With the keyboard and mouse support in iPadOS, you can perform even more complex tasks while on the go, thanks to this app. With keyboard shortcuts, curtain mode, and gesture support, this app is a help when you’re in a pinch and need to access your desktop computer.

The app costs $19.99 one time, and is a 23MB download on iPad and iPhone. 


Apple

Notability



10iosapps-notability.jpg

Notability app

Image: Notability

Being able to take useful notes is important for business meetings and classroom instruction. The Notability app lets you take hand-written notes or typed notes with drawing abilities while recording the audio of the room with your iPad or iPhone. With the ability to sync recorded audio to the typed notes, share notes with a presentation mode or in various other ways, including PDF, and sync to multiple cloud services including iCloud Drive, this app is a must-have whenever I need to take notes in person and don’t want to miss anything that was said.

Notability costs $8.99 one time and is a 215.4MB download for iPhone and iPad. 


Apple

Apple emerges as only smartphone maker to grow amid market decline

apple-emerges-as-only-smartphone-maker-to-grow-amid-market-decline

iPhone shipments rose last quarter as the only bright spot in an otherwise dour smartphone market, according to research firms IDC and Canalys.

Image: Apple

Apple was the sole smartphone vendor to thrive in the second quarter amid the damaging economic side effects of the coronavirus pandemic. Looking at the overall smartphone arena, global shipments fell by 16% to 278.4 million according to IDC and by 14% to 284.7 million according to Canalys.

SEE: Mobile device computing policy (TechRepublic Premium) 

Though larger than the one in the first quarter, the drop was anticipated as countries around the world went into lockdown mode due to COVID-19. Specifically, IDC pegged the second-quarter decline on a few virus-related factors.

“Smartphones shipments suffered a huge decline in Q2 as they directly correlate to consumer spending, which had a massive reduction due to the global economic crisis and rising unemployment brought on by the widespread lockdowns,” Nabila Popal, research director with IDC’s Worldwide Mobile Device Trackers, said in a press release.

“This, combined with the closure of retail stores, especially in regions where online shopping is less common, compounded the negative effect on smartphone sales,” Popal added. “In addition, consumers spent significantly on other technologies, such as PCs, monitors, and tablets, to facilitate mandatory work from home and distance learning, leaving an even smaller share in the shrinking consumer wallet for smartphones.”

Image: IDC

In the face of the overall downturn, Apple saw its iPhone shipments and market share both increase during the quarter. Shipments rose by 11.2% to 37.6 million, earning the company a 13.5% slice of the market, according to IDC’s data. Canalys’s estimates for Apple were even higher, pointing to a 25% gain in shipments to 45.1 million with a 15.8% market share.

Both firms attributed Apple’s growth to the ongoing popularity of the
iPhone 11

series and the launch of the 2020 iPhone SE. The new SE satisfied demand for lower cost phones at a time when consumers are seeking out more budget-friendly options. Apple also rode out some of the bumps of the COVID-19 crisis by enhancing the digital experience for customers as the lockdown forced smartphone buyers to turn to online resources.

“Apple defied expectations in Q2,” Canalys analyst Vincent Thielke said in a press release. “Its new iPhone SE was critical in the quarter, accounting for around 28% of its global volume, while iPhone 11 remained a strong best-seller at nearly 40%. iPhone SE will remain crucial to prop up volume this year, amid delays to Apple’s next flagship release.”

Image: Canalys

For the first time ever in a quarter, China’s Huawei slipped past Samsung to take the top spot in the smartphone market. By tapping into China’s resurgence following its bout with COVID-19 earlier this year, the company was able to satisfy the demands of consumers in the world’s largest smartphone market. Though its shipments actually dropped by 5%, that was a smaller decline than the ones felt by most other phone makers. But Huawei will face increased pressure across the global market due to sanctions in the US and elsewhere and ongoing suspicion that the company poses a security threat.

Stripped of its No. 1 title, Samsung saw its smartphone shipments plummet by around 30% in the second quarter. Though the company’s A-series of smartphones continued to do well, more premium devices such as the
Galaxy S20

and the
Galaxy Z Flip

were victims of bad timing as they rolled out during the peak of the pandemic.

Shipments for Xiaomi and OPPO, China’s two other major smartphone vendors, also fell last quarter. Xiaomi was hurt by lower sales in both China and India, the effects of the lockdown, and anti-China sentiment in India. OPPO was hit by supply and demand issues with factory shutdowns as well as the ongoing anti-China attitude.

Looking ahead, smartphone vendors will need to adapt to the “new normal” of the pandemic, according to IDC senior analyst Ben Stanton. Even as several countries allowed retail stores to reopen, customer traffic has remained low.

“Going forward, vendors will need to switch channel focus at short notice to adapt to second-wave outbreaks,” Stanton said. “In addition, geopolitical uncertainty hangs over the global smartphone market. Countries are becoming polarized between the interests of the US and China. Smartphone vendors need to act, and many are already directing funds to brand marketing to highlight their positive impact in a local region.”

What about 5G? Under normal conditions, the rollout of more 5G phones and networks would provide a boost to the smartphone industry. But, with the virus continuing to hold on amid lockdowns and weak economic conditions, buyers may resist spending money on new phones, even with the lure of 5G.

“The question now becomes what does demand look like with so much uncertainty around the world,” Ryan Reith, vice president of IDC’s Worldwide Mobile Device Trackers, said in a press release. “We have already seen OEMs moving more aggressively with their 5G portfolios both in terms of production and price points. However, we still see consumer demand for 5G being low, so the supply-side push is likely to produce very high-priced competition.”

http://www.techrepublic.com/

5G and Mobile Enterprise Newsletter

5G networks and devices, mobile security, remote support, and the latest about phones, tablets, and apps are some of the topics we’ll cover.
Delivered Tuesdays and Fridays



Sign up today

Also see

Security analysts: Industry has not solved the talent gap or provided clear career paths

security-analysts:-industry-has-not-solved-the-talent-gap-or-provided-clear-career-paths

New survey finds that cybersecurity professionals want more training to keep up with the threat landscape and learn new software platforms.

Cybersecurity professionals want more guidance about how to build a career in the field, according to a new survey.

Image: ESG

A small study found that many cybersecurity professionals are only somewhat confident in their CISOs and never get enough training time, but they like their jobs, mostly.

Enterprise Strategic Group (ESG) and the International Systems Security Association (ISSA) released its fourth annual cooperative research report The Life and Times of Cybersecurity Professionals 2020. The groups also conducted a second survey to understand the impact of COVID-19 on cybersecurity.

 

Jon Oltsik, a senior principal analyst and fellow at ESG, analyzed the survey results with answers from 327 professionals. The results showed that:

  • 68% of respondents said they don’t have a well-defined career path
  • 65% said their companies don’t provide enough training
  • 45% believe the cybersecurity skills shortage has gotten worse over the past few years
  • 29% said they’ve experienced significant personal issues due to job stress or they know someone who has

Oltsik said that the industry has not found the answer to the talent gap. 

“This is a people-centric practice and we’re still behind,” he said. 

At the same time, 77% said they are happy overall as a cybersecurity professional. 

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

The workplace impact of the skills shortage include: 

  • An increasing workload for existing analysts
  • Unfilled open job requisitions
  • An inability to learn or use cybersecurity technologies to their full potential 

Oltsik said companies are not providing enough time for professional development.

“We need to keep up with training but at the same time we are too busy to keep up with training,” he said.

Oltsik said that companies that get it right have strong mentoring programs and allocate time for continuous training on a regular basis. Investing time and money in training results in better security and better morale which can lower the attrition rate. “This means changing work schedules and paying people overtime to cover for other people in training,” he said.

Oltsik said mentoring programs have to be formal and mentors should be measured on the success of their mentees. 

Another effect of scrimping on training is making the ROI on security tools harder to realize. Among survey respondents who said that they didn’t have enough training time, 38% said this includes learning how to use security software. 

“Companies are spending money on expensive tools but not giving people enough time to figure out how to use them correctly,” he said.

Among the respondents who have a CISO at their company, 47% said the executive was somewhat effective with 42% grading the leader as very effective.

Respondents listed communication and leadership skills as the two most important skills for a CISO.

Oltsik said that CISOs are often hampered by corporate leaders who don’t take cybersecurity as seriously as they should.

Limited confidence in cybersecurity defenses

In this year’s survey, the two organizations asked respondents to grade how well individual companies and the industry as a whole is doing to keep up with cybersecurity challenges. From the government to schools to private companies, no one got a good rating. Sixty-four percent of respondents believe their organization should be doing somewhat or a lot more to address cybersecurity challenges. This suggests a disconnect between business, IT, and security teams, or a lack of cybersecurity knowledge at the board level.

And 68% of respondents said that cybersecurity technology and service vendors should be doing somewhat or a lot more to address cybersecurity challenges. A majority of respondents also said that the cybersecurity community at large, government agencies, and public schools should all be doing more.

WFH boosts collaboration

One bright spot in the COVID-19 study was that respondents said working from home is improving collaboration among departments. Slightly more than one-third of organizations have experienced significant improvement in coordination between business, IT, and security executives as a result of COVID-19 issues.  Thirty-eight percent have seen marginal improvements, and 21% aren’t convinced but hold out hope for coordination improvement.

Oltsik said the survey found that security teams were mostly prepared to support completely remote teams but not for the scale and the urgency of the shift. 

 

“All these things became much more front and center: Policy management, remote user security, and insider attacks,” he said. 

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see

4 kits to help fast track your hiring process

4-kits-to-help-fast-track-your-hiring-process

Finding the right job candidate just got easier with interview questions, required skill sets, and ready-to-post job descriptions at your fingertips.

The ongoing coronavirus pandemic has businesses between a rock and a hard place. New requirements for touchless services and remote work have created a demand for new products and services. At the same time, economic uncertainty has made it riskier than usual to hire new team members to build these products. In addition, digital transformation is more important than ever, which makes hiring the right people both a long-term and a short-term priority. Once you’ve found the money, the next step is to find the right person. 

 

If the idea of writing a job description and planning an interview has stalled the hiring process at your company, consider using hiring kits. These comprehensive kits include desirable skill sets, salary ranges, a skeleton job description, list of duties, and desired experiences. With thorough interview questions and ready-to-post job postings for each position, hiring kits make it easier than ever to find, recruit, and ultimately hire the right person for the job.

Hiring Kit: User Experience Designer

Using customer research, workflow analysis, and other data sources, a UX Designer builds  compelling user experiences. A good UX Designer can anticipate a user’s needs and provide experiential solutions as each new question arises. A successful candidate should have strong analytical and problem-solving skills, as well as impeccable artistic and creative talent. 


View at TechRepublic Premium

Hiring Kit: Game Developer

This hiring kit includes extensive interview questions that cover languages and other technical aspects of game development as well as conversation starters that explore a person’s creative ideas. The kit also offers skill sets and personality traits to look for in potential game developers.


View at TechRepublic Premium

Hiring Kit: Data Scientist

Data scientists often have experience in mathematics, statistics, computer science, or economics,andbusiness management expertise in statistical or scientific emphasis are also common. This role requires analytical, statistical, and programming skills to develop an algorithmic methodology to transform high volumes of raw data into useful information to inform business decisions. A strong candidate for an open data scientist job will have the demonstrated ability to use analytical and statistical tools to recognize patterns in business-generated data.


View at TechRepublic Premium

Hiring Kit: Computer Forensic Analyst

As governments pass more laws to protect consumer data, more and more companies have to ensure that they are securing sensitive data. This requires hiring analysts with proficient technical skills, inquisitive and analytical mindsets, and the drive to solve intractable problems. This hiring kit will help you find the best candidate for an open Computer Forensic Analyst position who has the technical, analytical, and communicative skills required, and the ability to learn on the job.


View at TechRepublic Premium

That job offer in your inbox might be part of a North Korean cyberattack

that-job-offer-in-your-inbox-might-be-part-of-a-north-korean-cyberattack

Professionals in the aerospace and defense industries should watch out; a wave of fake job offers containing malicious documents have been spotted in the wild by McAfee researchers.

Notification warning email on the laptop, Computer screen showing malware or virus alerts.

Image: iStockphoto/Sompong Lekhawattana

A wave of bogus job offer emails from leading aerospace and defense companies is actually a cybercrime campaign designed to harvest information about professionals in sensitive industries. Discovered by McAfee Advanced Threat Research (ATR), the campaign appears to have begun in April 2020 and was detected until mid-June, and there are telltale signs that the campaign is being orchestrated by known North Korean hacking groups

Based on similarities, ATR found in the Visual Basic code used to execute the attack and familiar core functions, “the indicators from the 2020 campaign point to previous activity from 2017 and 2019 that was previously attributed to the threat actor group known as Hidden Cobra,” the report stated.

Hidden Cobra is a US Government umbrella term for North Korean threat groups Lazarus, Kimsuky, KONNI, and APT37, and like the campaigns in 2017 and 2019, this one has the apparent goal of “gathering intelligence surrounding key military and defense technologies,” ATR said. 

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

The basis of the campaign is simple: Use legitimate job postings from leading defense contractors, turn them into fake job offers, and email them directly to aerospace and defense professionals who may be interested in that kind of position. The offer contains a malicious Microsoft Word document that, once opened, installs data harvesting software that will give the attacker access to sensitive personally identifying information about the victim. 

Like other attacks of this kind, there’s nothing new going on here–it’s a familiar spearphishing campaign that relies on a victim to open the malicious document and allow it to download and execute macros hidden in a template that is fetched from the attacker’s command and control server. 

Once the payload is executed, the attack runs macros that install malicious DLL files that ATR said are designed “to gather machine information from infected victims that could be used to further identify more interesting targets.” The DLLs used in the attack are modified versions of legitimate software DLLs, making it easier for the malicious file to go unnoticed.

Once installed, the DLL uses active evasion techniques by mimicking User-Agent strings of other applications so that Windows assumes it’s part of a legitimate application. It also adds a LNK file to the Windows startup folder to ensure persistence. 

Avoiding the threat

McAfee notes in its report that the campaign appears to be widening its targets, with examples being found of fake job offers at top animation companies and fake reports on US-Korean diplomatic relations targeting South Koreans. 

Common mitigation methods apply here, such as not opening attachments from potentially suspicious sources, verifying the source of an email, and not granting permissions for scripts or macros to run from downloaded files.

SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)

McAfee ATR also recommends the following strategies for organizations whose members could be targeted: 

  • Have a threat intelligence program that keeps you up-to-date on threats to your particular industry or role.
  • Train users to detect potentially malicious messages: “Well-trained and ready users, informed with the latest threat intelligence on adversary activity, are the first line of defense,” the report said.
  • Ensure your end user device security is adaptable, updated, and able to detect fileless malware.
  • Use a secure web proxy to filter out known malicious websites and command and control domains. Keep it updated with the latest known threat intelligence.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see

Sally Beauty Case Study

sally-beauty-case-study

Sally Beauty, a global distributor of professional beauty products, noticed their online store was experiencing significant transaction spikes to the tune of thousands of dollars per hour in fees for declined cards. The card-not-present (CNP) fraud costs, incurred for every transaction, were specifically card pre-authorization, address verification service and payment gateway fees.

Discover how Sally Beauty was able to reduce bot-driven CNP fraud costs by 97% upon implementation with PerimeterX.

The Forrester New Wave™: Bot Management, Q1 2020

the-forrester-new-wave:-bot-management,-q1-2020

The Forrester New Wave™: Bot Management, Q1 2020 ranked PerimeterX as a leader in the market. According to the report, PerimeterX “leads the pack with robust machine learning and attack response capabilities.”

The report evaluated 13 vendors in the bot management market. PerimeterX received the highest ratings possible in attack detection, attack response, threat research, feedback loops, performance metrics, vision, roadmap and market approach criteria.

Read the report to learn more about why PerimeterX is a leader.