Friday, Aug 05, 2022 // (IG): BB //Sponsor: Zanes Hand Made
Cyber Front Z, a Russian troll operation ousted from Facebook, was clumsy, ineffective, according to Meta
FROM THE MEDIA: Cyber Front Z, a pro-Russian troll operation exposed in the days after the Russian invasion of Ukraine, “was clumsy and largely ineffective — definitely not ‘A team’ work,” security officials with Meta said Thursday. In an analysis included in the company’s quarterly adversarial threat report, Meta officials described the group as a “poorly executed attempt, publicly coordinated via a Telegram channel, to create a perception of grassroots online support for Russia’s invasion by using fake accounts to post pro-Russia comments on content by influencers and media.”
READ THE STORY: CyberScoop // Protocol // CBSNEWS // Yahoo
Facebook Says Cyber Spies Are Using Bogus WhatsApp And Signal Apps To Snoop On Thousands
FROM THE MEDIA: A cyber espionage group believed to be operating out of India and Pakistan has been spying on thousands of people by using malware that masquerades as popular secure-messaging apps, according to a new report from Facebook. The report details the efforts of a group known as Bitter APT, which has been installing malware on Android devices via fake versions of encrypted messaging apps WhatsApp, Signal and Telegram, which has surged in popularity among Ukrainians as a tool for communicating information about the Russian invasion (APT stands for “Advanced Persistent Threat”.
READ THE STORY: Forbes
META: Bitter APT Espionage Attack Leveraged Apple’s TESTFLIGHT Service
FROM THE MEDIA: Meta has cracked down on a cyber espionage operation where attackers convinced victims to download an iOS chat application via Apple’s legitimate TestFlight service, which is meant to help developers beta-test new applications. The attackers, which Meta attributed to the known Bitter APT, operate out of South Asia and targeted victims in New Zealand, India, Pakistan and the UK with various social engineering tactics on social media platforms like Facebook with the end goal of deploying malware on their devices.
READ THE STORY: DUO
Ransomware group Vice Society hits another school district
FROM THE MEDIA: The Linn-Mar Community School District in Cedar Rapids, Iowa, has reportedly become the latest school district to be targeted by a ransomware group known as Vice Society. In recent months the group has targeted public school districts, academic institutions and health care organizations, including the Medical University of Innsbruck and other European and U.S. institutions. Vice Society deploys a variety of tactics, including deleting back-up data to prevent victims from restoring access to encrypted systems. The group maintains a website where it publishes the data of those who do not meet its extortion demands.
READ THE STORY: StateScoop
Disruptive Cyberattacks on NATO Member Albania Linked to Iran
FROM THE MEDIA: The Albanian government announced in mid-July that it was forced to shut down some public online services due to a cyberattack. Mandiant has investigated the incident, which led to the discovery of a new piece of ransomware. Mandiant researchers came across the ransomware after it had been uploaded from Albania to a public malware repository a few days after the cyberattack was launched. The ransomware has been named Roadsweep. While they could not confirm that the ransomware was indeed used in the attack, the malware encrypts files on compromised systems and then drops a ransom note suggesting that its target is the Albanian government.
READ THE STORY: SecurityWeek // Times of Israel // ABCNEWS
Hackers try to extort survey firm QuestionPro after alleged data theft
FROM THE MEDIA: Hackers attempted to extort the online survey platform QuestionPro after claiming to have stolen the company's database containing respondents' personal information. QuestionPro is an online service allowing businesses to create and conduct surveys to perform market research. The company told BleepingComputer that they are currently determining whether a data breach occurred and have engaged with law enforcement to investigate the incident.
READ THE STORY: BleepingComputer
Misinformation Campaigns and Threats are Undermining Confidence in U.S. Elections, Official Says
FROM THE MEDIA: Kim Wyman, senior election advisor for the Cybersecurity and Infrastructure Security Agency, told members of the Senate Judiciary Committee on Wednesday that threats against election officials and the spread of online misinformation about the voting process are compromising efforts to ensure safe and secure elections across the United States. The hearing came after the Department of Justice earlier this week provided an update on the work of the agency’s Election Threats Task Force, which was launched last year to investigate and combat threats of violence and harm made against election officials and workers.
READ THE STORY: NEXTGOV
China-Taiwan standoff might increase Global chip shortage
FROM THE MEDIA: US House of Representatives Speaker Nancy Pelosi flew into Taiwan ruffling many a Chinese feathers. The Chinese state media called it an “open salvo of war”, and the country has reportedly sent over two dozen fighter jets into Taiwan’s air defence zone. The situation is more than just a regular geopolitical escalation in some remote part of the world. For if it escalates, it is highly likely that the prices of all electronic appliances, including the much-sought after Apple products would go up. TSMC, the world’s largest chip manufacturer, has called it a “lose-lose situation” for all. In an interview with CNN, TSMC chairman Mark Liu said, “Nobody can control TSMC by force. If you take a military force or invasion, you will render the TSMC factory inoperable.”
READ THE STORY: Analytics India Mag
The Russo-Ukrainian War Rewrites The Laws of Cyber-Warfare
FROM THE MEDIA: The laws of cyber-warfare are being rewritten in Europe. The Russo-Ukrainian War is not limited to the hot conflict at fire zones of the front. It is possible to hear the echoes of war in the cyber world too. In our digital world, data is one of the most valuable assets. Every nation has its own strengths and weaknesses, but those who are able to control and process data go one step further than others. Cyber wars are not only limited to what we read in the newspapers. The consequences of an attack on a data center can be life-threatening because people may not be able to access vital services. Nowadays, cybersecurity risks even threaten the healthcare industry.
READ THE STORY: Dataconomy
Thousands of hackers flock to 'Dark Utilities' C2-as-a-Service
FROM THE MEDIA: Security researchers found a new service called Dark Utilities that provides an easy and inexpensive way for cybercriminals to set up a command and control (C2) center for their malicious operations. The Dark Utilities service provides threat actors a platform that supports Windows, Linux, and Python-based payloads, and eliminates the effort associated with implementing a C2 communication channel. A C2 server is how adversaries control their malware in the wild, sending out commands, configurations and new payloads, and receiving data collected from compromised systems.
READ THE STORY: BleepingComputer
Army of the Undone: Securing IoT Across Critical Sectors
FROM THE MEDIA: To avoid hivemind thinking that IoT devices are secure by design and/or have security features enabled by default, compensating controls should map to the key challenges with IoT security today. IoT deployments promise unique ROI for monitoring, diagnostics and analytics, and enable new business models. However, they lack scalable central management, reveal rudimentary access controls, and often leave swathes of frivolous data vulnerable. Meanwhile, evidence suggests that threat actors are doing their homework; Scanning for CVEs in target environments quickly and focusing on techniques to maintain undetected access to systems and devices. In many cases they masquerade as legitimate users, and specifically target malware to dwell in systems and produce specifics outcomes.
READ THE STORY: SecurityBoulevard
GwisinLocker ransomware targets South Korean industrial and pharma firms
FROM THE MEDIA: ReversingLabs researchers discovered a new ransomware family targeting Linux-based systems. The malware, dubbed GwisinLocker was detected in successful campaigns targeting South Korean industrial and pharmaceutical firms. The malware is notable for being a new malware variant produced by a previously little known threat actor, dubbed “Gwisin” (귀신) — a Korean word meaning ‘ghost’ or ‘spirit’ — and targeting systems running the open source Linux operating system. The ransomware is deployed following a substantial network compromise and data exfiltration.
READ THE STORY: SecurityBoulevard
Malicious Use of Internet Information Services (IIS) Extensions Likely to Grow
FROM THE MEDIA: Microsoft published a report on July 26th alerting defenders to the malicious use of Internet Information Services (IIS) extensions. As with many other attacks, threat actors will first exploit a critical vulnerability in the application to gain initial access, then drop a script web shell as the first stage payload. The threat actor eventually installs the IIS extension, establishing a backdoor which grants covert and persistent access into a targeted server. This type of exploit is often difficult to detect because it is less common than web shell-based exploits, the backdoors live in the directories as legitimate modules, and the code structure often resembles that of clean modules. (1)
READ THE STORY: SecurityBoulevard
An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT
FROM THE MEDIA: Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT. The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw (CVE-2022-30190). The assumption that attackers focus on Russian entities is based on a fake domain they registered, Malwarebytes is aware that they tried to target a Russian aerospace and defense entity known as OAK.
READ THE STORY: SecurityAffairs
This Phishing Kit Can Bypass Multi-Factor Authentication
FROM THE MEDIA: Researchers from security firm Zscaler noticed a sharp uptick in the number of phishing attempts taking place across specific industries. All the phishing attacks, according to the security team, began with an email sent to the victim. Some of the malicious links were located in the email copy, whereas others were loaded into a HTML file. The attackers have set up a number of new domains, many of which use a classic technique from phishing campaigns called typo-squatting (creating a phishing domain that is a legitimate domain name spelled slightly incorrectly). These attacks are targeting end users in Enterprise-level companies.
READ THE STORY: TECH
Emergency Alert System Security Flaws Leave Us Vulnerable To Faked Broadcasts Warns FEMA
FROM THE MEDIA: The US Government’s Cybersecurity and Infrastructure Security Agency (CISA) maintains a list of exploited vulnerabilities and releases notices urging organizations, particularly government agencies and contractors, to patch said vulnerabilities. However, CISA isn’t the only one looking out for US infrastructure. Ken Pyle, an independent cybersecurity researcher, is raising alarms about a set of vulnerabilities in the country’s emergency alert infrastructure. Back in 2019, Pyle found a set of vulnerabilities in the software used by TV and radio networks to transmit emergency alerts. A threat actor could exploit these vulnerabilities to broadcast fake messages over TV, radio, and cable networks using the Integrated Public Alert & Warning System intended for broadcasting natural disaster and child abduction alerts.
READ THE STORY: HotHardware
Suspected Lockbit Ransomware Attack on Italian Tax Agency Potentially Leaked About 100 GB of Data
FROM THE MEDIA: Italian government authorities are investigating a suspected ransomware attack on the country’s tax agency L’Agenzia delle Entrate, with LockBit claiming to have stolen 98 GB of data. The LockBit ransomware gang had made ransom demands and threatened to publish the data if its extortion requests were ignored. Italian government authorities are investigating a suspected ransomware attack on the country’s tax agency L’Agenzia delle Entrate, with LockBit claiming to have stolen 98 GB of data.However, Sogei SpA disputed the ransomware attack, adding that its investigation found no evidence of a data breach.
READ THE STORY: CPOMAG
Russian accused of money laundering and running $4B bitcoin exchange extradited to US
FROM THE MEDIA: A Russian national accused of running a multibillion-dollar cryptocurrency exchange that allegedly profited from various hacking and extortion schemes has been extradited from Greece and is on his way to the US, according to the suspect's lawyer. Alexander Vinnik, who is in his early 40s, is accused of operating a cryptocurrency exchange known as BTC-e that allegedly did business with ransomware gangs, drug dealers and identity thieves, according to the Justice Department. He faces charges in the US Northern District Court of California of money laundering and operating an unlicensed money service business in the US, among other charges.
READ THE STORY: WRAL
Meet the guy uncovering crypto's biggest thefts
FROM THE MEDIA: Ian Balina was reviewing initial coin offerings, the crypto industry’s equivalent of an initial public offering, live on YouTube in 2018 when a hacker emptied around $2 million worth of cryptocurrency from one of his wallets. It may have been his old college email address that he used as a backup to another account that made him vulnerable. His bravado about his accumulated wealth likely didn’t help. When a viewer noted in the comments that his wallet had emptied, Balina said he thought he was being trolled. But he checked and saw that the funds had vanished, he later said in a YouTube video detailing the hack.
READ THE STORY: MorningBrew
Mars Stealer malware distributed through fake Atomic Wallet site
FROM THE MEDIA: Threat actors have been distributing the Mars Stealer info-stealing malware through a phony website spoofing the widely-used decentralized wallet and cryptocurrency exchange portal Atomic Wallet, reports BleepingComputer. Detection evasion measures have been implemented in the ongoing Mars Stealer campaign, which involves a ZIP file with the AtomicWallet-Setup.bat batch file prompting privilege escalation through a PowerShell command, a report from Cyble showed. The PowerShell executable is then copied, renamed, and hidden in the directory prior to the execution of a base64-encoded PowerShell content.
READ THE STORY: SCMAG
Closing security gaps in web applications
FROM THE MEDIA: IT modernization and the shift to remote work have presented unique security challenges for government agencies, especially those shifting to the cloud for greater agility. But attacks aren’t slowing down. Web applications built and managed by the government are under fire, and the numbers are alarming. According to Invicti Security, 86% of federal cybersecurity leaders have experienced a breach originating in a web application in the past year. Web applications are core to how government agencies operate as they store critical, sensitive data, which presents a risk if left unchecked and unsecured.
READ THE STORY: FedScoop
Be warned, GitHub users: Hackers flood platform with malicious clones
FROM THE MEDIA: GitHub users are being targeted with malicious(opens in new tab) copies of legitimate repositories, a cybersecurity researcher recently uncovered. Preying on developers who are either short on time, reckless, or just overworked, someone has been copying official GitHub projects such as crypto, golang, python, js, bash, docker, k8s, giving them names similar to the original projects, and slightly altering them in a way that they contain malicious code. The cunning plan was first spotted by software developer Stephen Lacy, who after reviewing one open source project, noticed a malicious URL hidden within. A quick search through GitHub soon established that more than 35,000 repositories carried the same URL.
READ THE STORY: TechRadar
Items of interest
North Korean-linked Gmail spyware ‘Sharpext’ harvesting sensitive e-mail content
FROM THE MEDIA: A malicious browser extension linked to North Korea has been operating undetected to steal data from Gmail and AOL sessions.
The extension, dubbed ‘Sharpext’ by researchers, monitors webpages to automatically parse any and all emails and attachments from victims’ mailboxes.
It poses a particularly serious threat to machines used by organisations for business operations, as all sensitive information sent via e-mail has the potential to be stolen. Targets have so far been identified within the US, EU and South Korea.
Cyber security firm Volexity revealed the spyware’s existence in a blog post, and linked it to a threat actor tracked by Volexity operating under the name SharpTongue, but known publicly as Kimsuky. This entity is believed to be North Korean in origin, and the researchers have linked SharpTongue to attacks on targets linked to national security.
ArsTechnica reports Volexity president Steven Adair as stating that Sharpext is installed through “spear phishing and social engineering where the victim is fooled into opening a malicious document”. Phishing is a common vector used to deliver malicious programmes, such as LockBit 2.0 which has been distributed by e-mail disguised as PDFs.
To lay the groundwork for the extension, the threat actor manually exfiltrates files such as the user’s preferences and secure preferences. These are changed to include exceptions for the malicious extension and then downloaded back onto the infected machine through the malware’s command and control (C2) infrastructure.
READ THE STORY: TechCentral // FreePressJournal // HotHardWare // Candid
Ethical Hacking using Python | Steal Wi-Fi Passwords in Seconds (Video)
FROM THE MEDIA: Ethical Hacking using Python | Steal Wi-Fi Passwords in Seconds.
5G hacking just got a lot more interesting (Video)
FROM THE MEDIA: 5G hacking just got a lot more interesting.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com