Monday, April 25, 2022 // (IG): BB //Weekly Sponsor: Philly Tech Club
DDoS attacks on Estonian state sites continued over weekend
FROM THE MEDIA: RIA Cyber Incident Handling Department (CERT-EE) director Tõnu Tammer said that: "At the same time, we must be prepared for attacks to continue for some time, while their volume may increase. We cannot rest on our laurels, but rather consider how to better mitigate the success of such attacks."
While sites are still under attack, malicious queries are being intercepted before they can negatively affect the systems, RIA says
RIA says the attacks which had begun Thursday last week continued through Saturday.
Tammer said that: "Several websites were attacked, with about 75 million queries being made to each of them. This means that attempts were made to overload the portals at several thousand times the [normal] load."
READ THE STORY: EER
BlackCat ransomware scratched 60-plus orgs
FROM THE MEDIA: The BlackCat ransomware gang, said to be the first-known ransomware group to successfully break into networks with Rust-written malware, has attacked at least 60 organizations globally as of March, according to the FBI.
BlackCat, also known as ALPHV, is a relatively new group of cybercriminals that operates a Windows ransomware-as-a-service. But while it only appeared on the ransomware crime scene in November 2021, security researchers and federal law enforcement have linked its developers and money launderers to the notorious Darkside/Blackmatter crime rings, "indicating they have extensive networks and experience with ransomware operations," the FBI said in a security alert [PDF] this week.
In earlier analysis, security researchers at Cisco Talos and Palo Alto Networks Unit 42 also noted BlackCat's preference for Rust, with Unit 42 saying the gang was "one of the first, if not the first" of its kind to use this programming language.
READ THE STORY: The Register
Intuit Faces Class-Action Lawsuit Over Trezor Phishing Hack
FROM THE MEDIA: ntuit is facing a class-action lawsuit for reportedly not securing its email marketing service, Bloomberg reported Friday (April 22).
The company’s error reportedly let hackers access cryptocurrency wallets sold by Trezor. Per the report, hackers used a “sophisticated” phishing attack that let them access crypto wallets by the Czech company and steal user funds.
On April 4, Intuit’s Mailchimp email marketing service reportedly said that hackers had gotten into the servers, harvesting “audience data” from 102 clients, including Trezor.
The report said the hackers had sent phishing emails to Trezor users, warning them that their accounts had been compromised and that they’d have to download a new version of the app, which would then ask for passwords and recovery codes, which the hackers would use to clear out those peoples’ digital wallets.
According to the report, the attack began when the hackers got access to Mailchimp’s email accounts after an employee clicked a malicious link.
One defendant, Alan Levinson, said the hackers had taken cryptocurrencies worth $87,000 from his account. A proposed class-action suit puts the blame on Intuit and Rocket Science Group, a subsidiary which runs Mailchimp.
READ THE STORY: PYMNTS
Ronin hack: Despite sanctions across levels, hacker continues to cash in the loot
FROM THE MEDIA: Ronin Network, a cross-bridge chain that powers Axie Infinity, underwent one of the largest exploits. This resulted in a loss of 173,600 Ethereum and 25.5 million USDC, equivalent to more than $600 million. Since the breach occurred on 23 March, the stolen funds have flowed into FTX, Huobi, and Crypto.com, which have all vowed to take actions to trace the funds.
Sky Mavis, the company behind Axie Infinity, said it would compensate online participants who lost funds during the attack.
After more than a month post the attack, the exploiter still kept moving funds from one wallet to another. The hackers cashed in 28,164 ETH out of the 173,000 ETH stolen in the Ronin Bridge attack, with a current market value of $86,128,384.73.
The attackers had initially moved over 2000 ETH ($6 million) 3 weeks ago. Now the hackers are on the move again.
READ THE STORY: AMB CRYPTO
Tackling Strontium: a cyber-espionage group
FROM THE MEDIA: On April 7, Microsoft said it had disrupted cyberattacks from a Russian nation-state hacking group. The group called ‘Strontium’ by the software company targeted Ukrainian firms, media organizations, government bodies, and think tanks in the U.S. and the EU. The Richmond-based company took control of seven Internet domains used by the group to launch their attacks after a court order permitted it to seize the infrastructure. In the past, Microsoft had performed 15 similar seizures to take control of over 100 Strontium-controlled domains. Apart from Microsoft, security firms, government agencies and individual researchers have been watching the attack group, which has been active for over one and a half decades deploying different attack methods to target individuals and organizations across multiple sectors globally.
Strontium, also known as Fancy Bear, Tsar Team, Pawn Storm, Sofacy, Sednit or Advanced Persistent Threat 28 (APT28) group, is a highly active and prolific cyber-espionage group. It is one of the most active APT groups and has been operating since at least the mid-2000s, making it one of the world’s oldest cyber-spy groups. It has access to highly sophisticated tools to conduct spy operations, and has been attacking targets in the U.S., Europe, Central Asia and West Asia. The group is said to be connected to the GRU, the Russian Armed Forces’ main military intelligence wing. The GRU’s cyber units are believed to have been responsible for several cyberattacks over the years and its unit 26165 is identified as Fancy Bear.
READ THE STORY: The Hindu
Ross Ulbricht’s $183M Silk Road fine to be paid via $2.7B in BTC recovered from hacker
FROM THE MEDIA: In a recent development, roughly $2.7 billion in Bitcoin (BTC) was recovered from a wallet linked to a Silk Road hack in 2013 and will be used to wipe out the debt owed to the U.S. Government by creator Ross Ulbricht.
More than $183 million is owed by Ulbricht in fines from illegal sales undertaken via the dark web platform. Prosecutors canceled this debt under one essential condition:
The Justice Department appears to have made a deal with Ulbricht to avoid any claim he might have made to the money: In exchange for Ulbricht’s agreement to waive any ownership he might have of the bitcoins, a portion of them will be used to pay off his restitution in its entirety.
Given that the crypto stolen by Individual X had once belonged to Ulbricht, he would have had a claim to the 69,370 BTC currently sitting in a U.S. government wallet.
The U.S. Justice Department seized the wallet from a person known only as “Individual X.”
The wallet contained 69,370 BTC and similar amounts of coins from forked projects. At today’s prices, the hoard is worth $2.7 billion and was transferred to a wallet owned by the U.S. Justice Department in November 2020.
The Feds likely moved the funds to ensure that no one with access to the private keys could move the BTC and as a safeguard against the hacking community. While it is improbable that a random hacker could access the wallet, there have been numerous attempts over the years and listings for the private keys online.
READ THE STORY: Crypto Slate
Hacker left $1 million in smart contract programmed to destruct
FROM THE MEDIA: After a successful robbery, a hacker supposedly left over $1 million in a smart contract that was programmed to destruct, assuring the crypto could never be moved.
BlockSec, blockchain security, and analytics business announced on Thursday just after 8:00 a.m. UTC that it had discovered an attack on Zeed, a little-known DeFi lending protocol that bills itself as a “decentralized financial integrated ecosystem.”
An attacker has fumbled their heist at the finish line, leaving behind over $1 million in stolen crypto in a rare comedy blunder among decentralized finance (DeFi) vulnerabilities.
The attacker took advantage of a flaw in the way the protocol distributes rewards, allowing them to manufacture extra tokens that were subsequently sold, bringing the price down to zero. However, the exploiter only made a little more than $1 million.
READ THE STORY: The Coin Republic
FBI chief says espionage threat posed by China ‘unprecedented in history’
FROM THE MEDIA: FBI Director Christopher Wray said on Sunday that the current scale of espionage and cybersecurity threats from China were “unprecedented in history.”
“The biggest threat we face as a country from a counterintelligence perspective is from the People’s Republic of China and especially the Chinese Communist Party,“ Wray said during an interview on “60 Minutes.”
“They are targeting our innovation, our trade secrets, our intellectual property, on a scale that’s unprecedented in history,” he added, noting that China’s hacking program is larger “than that of every other major nation combined.”
“They have stolen more of Americans’ personal and corporate data than every nation combined,” he also said, adding that China’s targets span nearly every sector of the economy.
When asked what the FBI was doing to defend against the vast attacks, Wray said investigations were moving at a rapid pace.
READ THE STORY: The Hill
Spain vows to be transparent in probe of Pegasus spyware use
FROM THE MEDIA: Spanish authorities are pledging full transparency as they launch inquiries into allegations that the phones of dozens of supporters of Catalan independence were hacked with powerful and controversial spyware only sold to government agencies.
An internal probe by the country's intelligence agency, a special parliamentary commission to share its results, and a separate investigation by Spain's ombudsman will be arranged to show that central authorities in Madrid have “nothing to hide," the minister for presidency and relations with parliament, Félix Bolaños, announced Sunday.
Bolaños also said the government remained committed to negotiations with separatists on the future of the restive northeastern region of Catalonia.
“We want to recover trust by resorting to dialogue and to transparency,” the minister said in Barcelona, following a meeting with the regional chief of the Catalan presidency, Laura Vilagrà.
READ THE STORY: Click 2 Houston
Seven reasons Putin hasn’t launched a cyberwar in Ukraine - yet
FROM THE MEDIA: Something of a mystery has emerged since the Russian invasion began: the lack of a cyberwar.
Russia and Ukraine hackers have honed their skills over many years targeting each other. Ukraine’s numerous allies make a rich set of targets. Western governments had been warning of action to come.
So, when Russian tanks began rolling over Ukraine’s border on February 24, many expected an online throw-down of epic proportions.
Here are seven reasons why the violence on the physical battlefield has not yet been backed by an online offensive.
There have been some attacks. Satellite communication firms Viasat was attacked at the start of the war. And on April 12, the Computer Emergency Response Team of Ukraine foiled a cyberattack by Russia’s Sandworm group that aimed to black out the country.
READ THE STORY: SMH
India’s Hybrid Warfare Against The State Of Pakistan
FROM THE MEDIA: Hybrid warfare is the new aged doctrine of warfare based on achieving national interests by attacking the enemy’s vulnerabilities and weaknesses by using a blend of non-conventional, irregular and tactical methods of warfare and other non-kinetic means. This blend involves intelligence operations, cyber warfare, proxy warfare, information warfare, propaganda, psychological and political warfare, clever diplomacy and many more. The purpose of hybrid warfare is basically to destabilize, disintegrate and demobilize the enemy.
Global and regional dynamics of conflicts are rapidly changing and posing challenges to traditional state structures and military approaches. Conflicts between national armies are gradually waning and giving rise to non-linear matrix of actors and techniques. The meanings of victory and defeat in battlefield are also changed with the terminology quickly becoming the relic of the past. South Asia is no exception, the continuous state of conflict between India and Pakistan is changing and blurring the line between states of war and peace.
Today wars are no longer declared. Concerns were raised by Pakistan’s COAS Gen. Qamar Javed Bajwa while addressing at Pakistan Military Academy, when he stated that ‘Pakistan is facing enormous challenges both in conventional and sub conventional domains, our enemies know that they cannot beat us fair & stair, thus subjected us to cruel, evil and protracted hybrid war’. Without naming any country, Gen. Bajwa clearly indicated the precarious situations on eastern and western borders with India and Afghanistan and the growing covert activities of hostile agencies.
READ THE STORY: Eurasia Review
India’s Errant BrahMos Launch and Potential Ramifications
FROM THE MEDIA: Irrespective of the real causes behind the Indian BrahMos intruding 124 kilometers deep into the Pakistani airspace, the incident is being viewed with profound skepticism in Pakistan. Reasons: the decades-old hostility and prevalent distrust between the two countries; India’s long history of increasingly belligerent verbalized and force-development posturing vis-à-vis Pakistan; India’s abstruse attitude aimed at mystification instead of coming out transparent as to why the missile was launched.
At this moment in time, there are two widely prevalent discourses in Pakistan regarding the Indian BrahMos crashing into Pakistan:
The first discourse posits the launch of BrahMos as a deliberate act meant to check Pakistan’s response and that it features in the larger Indian stratagem of climbing one rung up the escalation ladder in each new crisis. The ultimate aim of the step-by-step strategy is to render Pakistan militarily acquiescent whilst dawdling below the war threshold. India’s much-publicized but categorically denied by Pakistan “surgical strikes” of 2016 were the first rung on the escalation ladder. In 2019, India stepped one more rung up the escalation ladder and used airpower to deliver ammunition inside mainland Pakistan. Then there are recurrent attempts by the Indian Navy’s submarines to intrude in Pakistan’s territorial waters only to be detected by Pakistan Navy.
READ THE STORY: Modern Diplomacy
SpaceX’s Ability to Thwart Russian Jamming of Starlink Called “Eye Watering”
FROM THE MEDIA: Popular Mechanics reports that the Pentagon is studying how SpaceX was able to quickly thwart attempts to jam Starlink satellite broadband receivers the company sent to Ukraine to help the nation defend itself against a Russian invasion.
The U.S. Department of Defense is casting envious eyes on Elon Musk’s SpaceX after the aerospace company swiftly responded to an “electronic warfare attack” in Ukraine last month. SpaceX donated Starlink terminals to Ukraine to help the country stay connected in wartime, but Russian signal-jamming attempted to thwart those plans. The notoriously bureaucratic Pentagon says it’s a model for responding to threats that it can’t currently match—but desperately needs to…..
According to SpaceX founder and CEO Elon Musk, some Starlink terminals near the front line in Ukraine were experiencing jamming, presumably from Russian military electronic warfare units. Musk later tweeted that the company quickly “reprioritized to cyber defense & overcoming signal jamming,” and issued a fix within a day, broadcast to all Starlink terminals. The fix reportedly involved changing a single line of software code.
A one-day turnaround for software fixes is par for the course for commercial businesses, especially startups, but not for the government. Dave Tremper, director of electronic warfare for the Office of the Secretary of Defense, told attendees at an industry conference that SpaceX’s handling of Russian jamming in Ukraine was “eye-watering.”
READ THE STORY: Parabolic Arc
Items of interest
Foreign minister decries sexual violence in Ukraine; top commander highlights information warfare
FROM THE MEDIA: Foreign Affairs Minister Mélanie Joly is urging the international community to fully reckon with the use of sexual violence as a weapon of war in Ukraine.
Joly and her U.K. counterpart Liz Truss penned an op-ed this week describing the issue. In an interview airing Sunday on Rosemary Barton Live, she said sexual violence was not getting the attention it deserves both because of some sense of taboo and the fact it is difficult to investigate.
"We know that women and children are used as weapons of war, are weaponized, and used by Russian forces to put a lot of pressure on Ukrainian people," Joly told CBC chief political correspondent Rosemary Barton.
"That's extremely preoccupying, because we know that sexual violence is a lasting trauma."
Ukrainian women have recounted widespread attacks and sexual assaults by Russian soldiers.
As part of the awareness push, Canada is signing on to the Murad Code — a new code of conduct developed by Nadia Murad, an Iraqi human rights activist and Nobel laureate, to responsibly engage with survivors of sexual violence and pursue justice.
"Like landmines, like chemical weapons, we need to make sure that there are more international norms governing this issue," Joly said. "We need to make sure that we bring this issue into the limelight, that it is something that is being discussed."
The foreign affairs minister said Canada would work with the International Court of Justice, the International Criminal Court and other institutions to document and investigate instances of sexual violence.
READ THE STORY: CBC
Maritime Piracy: Similar Cases, Different Outcomes (Video)
FROM THE MEDIA: This edition of Tuesdays Second Chance, held on 15 March 22, focuses on two specific piracy cases and examines the difficulties encountered to interdict, arrest and prosecute pirates. How ready are we to deal with cases of piracy? What level of cooperation do we have with partner countries and other agencies?
FBI Director Wray on Russian cyber threat (Video)
FROM THE MEDIA: Christopher Wray, director of the FBI, tells 60 Minutes about Russian threats, including “cyber mercenaries” his federal law enforcement agency is defending against.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com