Tuesday, May 24, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
Fake Windows exploits target infosec community with Cobalt Strike
FROM THE MEDIA: A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Whoever is behind these attacks took advantage of recently patched Windows remote code execution vulnerabilities tracked as CVE-2022-24500 and CVE-2022-26809. When Microsoft patches a vulnerability, it is common for security researchers to analyze the fix and release proof-of-concept exploits for the flaw on GitHub.
These proof-of-concept exploits are used by security researchers to test their own defenses and to push admins to apply security updates. However, threat actors commonly use these exploits to conduct attacks or spread laterally within a network.
READ THE STORY: Bleeping Computer
Heroku Breach Update, Opsera Delivers Devops Secrets Management
FROM THE MEDIA: Heroku, a division of Salesforce, last week announced status updates on their GitHub-related OAuth security breach. This extremely serious incident exposed customer passwords and data to a cybersecurity threat actor. In a status update and blog post, Heroku says it has identified the users who had been impacted by the attack, and they have been notified. In this post, I analyze the Heroku response, and interview an enterprise user on how one Salesforce devops vendor, Opsera, delivers a HashiCorp Vault integration that does better secrets management.
In a short May 19, 2022 blog post, this time co-authored by two engineering staff members instead of division leader Bob Wise, Heroku offered up few explanations and mysteriously put a security choice into the hands of Heroku users.
READ THE STORY: Sales Force Devops
AdvIntel: Conti rebranding as several new ransomware groups
FROM THE MEDIA: The Conti ransomware group is rebranding as multiple other ransomware groups, according to Friday research from threat intelligence vendor AdvIntel.
AdvIntel's research blog, titled "DisCONTInued: The End of Conti's Brand Marks New Chapter For Cybercrime Landscape," used internal investigations to posit that the downfall of the Conti ransomware gang has been developing since February, when the gang declared public support for Russia in its invasion of Ukraine and suffered major leaks as a consequence.
READ THE STORY: TechTarget
Cyberattack Affects Greenland's Healthcare Services
FROM THE MEDIA: Greenland's healthcare services have been "severely limited" due to a cyberattack that has lasted for at least two weeks to date, says the Naalakkersuisut, the country's government. All IT systems and servers associated with the healthcare services of the country were forced to restart due to the cyberattack, cutting off access to patient records. The attack, the government says, has also affected the healthcare service's email system.
"The health services are therefore severely limited and increased waiting time must be expected," the government says. Some people may experience a delay in agreed schedules, but "acute inquiries will of course continue to be met and you can contact the health service by phone."
READ THE STORY: Gov InfoSec
Hackers can hack your online accounts before you even register them
FROM THE MEDIA: Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox.
Andrew Paverd, a researcher at Microsoft Security Response Center, and Avinash Sudhodanan, an independent security researcher, analyzed 75 popular online services and found that at least 35 are vulnerable to account pre-hijacking attacks.
READ THE STORY: Bleeping Computer
Over 194K patients added to ongoing Eye Care Leaders breach tally
FROM THE MEDIA: A breach notice from West Virginia-based Regional Eye Associates informs 194,035 patients that their data was accessed and deleted from their third-party vendor’s system in December 2021, ahead of a ransomware attack.
Although Eye Care Leaders is not named directly, the notice mirrors several other provider notices tied to a ransomware attack on the cloud-based electronic medical record vendor. ECL has been embroiled in a provider-based lawsuit after a year of alleged outages tied to multiple ransomware attacks and claims of an insider-incident, in addition to the December incident.
READ THE STORY: SC Magazine
The Evolution of Ransomware: Understanding Its Past, Present, and Future
FROM THE MEDIA: The first ransomware attack is generally regarded as the “AIDS trojan.” It is named for the 1989 World Health Organization (WHO) AIDS conference, at which biologist Joseph Popp handed out 20,000 infected floppy discs to event participants. After a user had booted up ninety times, the names of the user’s files would be encrypted and the below message would appear, asking victims to send US$189 to a PO box in Panama. The ransomware was relatively easy to remove using online decryptor tools.
READ THE STORY: Security Boulevard
Bad bots make up a quarter of APAC’s web traffic
FROM THE MEDIA: Bad bots accounted for 25.9% of website traffic in the Asia-Pacific region last year, culminating in bot attacks such as account takeovers, content or price scraping, and scalping to obtain limited-availability items, a new study has found. According to the 2022 Imperva bad bot report, Singapore had the highest proportion of bad bot traffic in the region at 39.1%, followed by China with 38.6%. Next came Australia (25.7%), New Zealand (20.3%) and Japan (16.9%).
Globally, bad bots – software applications that run automated tasks with malicious intent, such as stealing personal information and credit card data – accounted for a record 27.7% of all website traffic in 2021, up from 25.6% in 2020.
READ THE STORY: Computer Weekly
Cyber feud between Anonymous and Killnet groups unlikely to affect others
FROM THE MEDIA: Anonymous "is officially in cyber war against the pro-Russian hacker group [Killnet]," the largest Twitter account representing the hacker collective announced Saturday. It follows Killnet announcing it was at war with Annonymous two months earlier. The level of fascination is high. The risk of spillover affecting your organization is low.
You could bill this as a fight between high-profile citizen cyber warfare groups backing opposite sides of a kinetic conflict. But in practice, in the context of huge beasts of war causing geopolitical strife and the risk of spillover, "Brainy Smurf and Handy Smurf are getting into a fight," said Allan Liska, an analyst with Recorded Future.
READ THE STORY: SC Magazine
Russia demands that the world 'demilitarize' the internet and accuses the West of 'cyber-totalitarianism'
FROM THE MEDIA: Russian diplomat Vassily Nebenzia launched a tirade against the West on Monday, accusing the world's largest democracies of controlling information about the war in Ukraine and shutting down Russia's "alternative views." "States that call themselves a 'community of democracies' in fact are building a cyber-totalitarianism," Nebenzia, Russia's permanent representative to the United Nations, said at a UN Security Council briefing on worldwide technology and security.
The diplomat denounced Ukraine for openly stating that it's built a volunteer "IT" army to fight Russian disinformation online and to target Russian and Belarusian facilities.
READ THE STORY: Business Insider
Cyber developments in Russia's hybrid war against Ukraine. Conti's dissolution.
FROM THE MEDIA: AdvIntel Friday described what they're observing with the Conti ransomware operation as the retirement of a brand, but not necessarily the dissolution of a gang, and almost certainly not the retirement of the gang's members. The admin panel of its "shame blog" (AdvIntel's phrase) Conti News, has shut down. The blog itself persists as a rump of its former self, but its posts are now merely poorly written anti-American screeds. There are no significant signs of Conti News's former role as a site that pressured victims to pay. AdvIntel sees the gang's dismantling itself into smaller affiliates as a business move. Conti's brand was under pressure from law enforcement, and its public adherence to the Russian cause in the war against Ukraine seems to have made it more difficult to receive ransom payments. Its high-profile attack against the Costa Rican government, then, seems to have been misdirection for spin-out and rebranding as opposed to a serious attempt to foment insurrection.
READ THE STORY: The CyberWire
Agriculture and Cyber Risk are a New Driving Force and Critical Uncertainty
FROM THE MEDIA: A new research vector has emerged in the last couple of months. “New” in the sense that the topic was not mentioned in our 2022 year-end reviews in December or in the OODA Almanac 2022.
The new research is the “praxis” (or intersection) of agriculture and cyber risk based on the following nascent driving force and critical uncertainty: Ukraine is a crucial breadbasket in the global food system. The war is impacting the entire agriculture supply chain and value chain in Ukraine and Russia. Ukraine not only provides wheat and other grains to Europe but to parts of Asia and Africa. Broad global food shortages are forecast – and may have a duration of years (not days, weeks, or months).
READ THE STORY: OODALOOP
Experts wonder why it took vendor so long to notify Chicago Public Schools of data breach
FROM THE MEDIA: In the wake of a massive data breach involving more than half a million Chicago Public Schools students and staff, the district still wants to know why it took its vendor months to disclose the breach. As CBS 2 Political Investigator Dana Kozlov reported, experts with whom we spoke said ransomware attacks in general – including those on school districts and vendors – are skyrocketing.
Chicago Public Schools families began getting emails late last week. They learned their children's information had been compromised in a data breach and ransomware attack at Battelle for Kids – a CPS vendor. The emails state cybercriminals did not access students' Social Security numbers, but they did get names, dates of birth, genders, student ID numbers, and other information.
READ THE STORY: CBSNEWS
Military-made cyberweapons could soon become available on the dark web, Interpol warns
FROM THE MEDIA: Digital tools used by the military to conduct cyberwarfare could eventually end up in the hands of cybercriminals, a top Interpol official has warned. Jurgen Stock, the international police agency’s secretary general, said he’s concerned state-developed cyberweapons will become available on the darknet — a hidden part of the internet that can’t be accessed through search engines like Google — in a “couple of years.”
“That is a major concern in the physical world — weapons that are used on the battlefield and tomorrow will be used by organized crime groups,” Stock said during a CNBC-moderated panel at the World Economic Forum in Davos, Switzerland, Monday.
READ THE STORY: CNBC
New RansomHouse group sets up extortion market, adds first victims
FROM THE MEDIA: Yet another data-extortion cybercrime operation has appeared on the darknet named 'RansomHouse' where threat actors publish evidence of stolen files and leak data of organizations that refuse to make a ransom payment.
The new operation claims not to use any ransomware and instead focuses on breaching networks through alleged vulnerabilities to steal a target's data.
However, they do not take responsibility for their actions. Instead, they blame the companies for not properly securing their network and for "ridiculously small" bug bounty rewards offered for vulnerability disclosures.
READ THE STORY: Bleeping Computer
XorDdos malware is targeting Linux and putting millions of devices at risk
FROM THE MEDIA: Hackers are increasingly deploying the XorDdos malware to infiltrate Linux systems and launch distributed denial of service (DDoS) attacks, with a large surge in attempted breaches in recent months. The open-source nature of Linux makes it a prime target for such malware, particularly when it is running on Internet of Things (IoT) connected devices where security updates are patchy. New legislation announced this month may help tackle the problem.
READ THE STORY: TechMonitor
A ‘whale’ of a threat evolves in the financial industry to steal sensitive data
FROM THE MEDIA: Cybersecurity attacks in the financial industry have not only become more sophisticated but more bold. Bad actors are aiming high, directing their schemes at the top level of financial executives to gain the greatest access and, potentially, the highest profit.
In gambling hotspots like Las Vegas and Macau, the term “whale” usually refers to a big gambler — the kind who might bet thousands, or even hundreds of thousands, on a single hand of Black Jack or roulette. When cybersecurity experts discuss “whaling,” they are looking at how cybercriminals target high-level executives with an eye to stealing the most privileged information and getting access to the most sensitive data.
READ THE STORY: SC Magazine
Hospital Cyberattack Compromises Data From Decades Ago
FROM THE MEDIA: A cyberattack detected in December at a Canadian healthcare entity has compromised a wide range of data, including some patient information dating back to 1996, as well as employee vaccination records from last year. Some of the affected data belonged to a nonprofit group of affiliated clinicians.
Arnprior Regional Health, which includes a hospital, long-term health facility and other healthcare services in Arnprior, Ontario, Canada, says in a statement posted recently on its website that on Dec. 21, 2021, it learned of unauthorized access to its IT system in which data was "taken."
READ THE STORY: Gov Infosecurity
How Hackers Are Wielding Artificial Intelligence
FROM THE MEDIA: As businesses found themselves scrambling to adapt to current events over the last few years, some of them found ways to cram half a decade’s worth – in Frito-Lay’s case – of digital transformations into a much shorter time frame. Harris Poll and Appen found that AI budgets increased by 55% during the global pandemic.
Like any tool, artificial intelligence has no innate moral value. AI’s usefulness or potential for harm comes down to how the system “learns” and what humans ultimately do with it.
Some attempts to leverage AI – such as “predicting” crime before it happens – show that models trained on biased data tend to replicate human shortcomings. So far, training AI using data from the U.S. justice system has resulted in tragically prejudiced AI reasoning.
READ THE STORY: Unite
Nіmechchina announced about the increase in the number of cyberattacks in Russia
FROM THE MEDIA: Deputies from the German coalition report on the growth of Russian cyberattacks on German companies. The situation is called very tense. About it, let us know Handelsblatt. "The situation with IT-security in Nіmechchyna is seen as soon as it is stressful , – a member of the parliamentary committee for control over the special services, Kostyantyn von Nots, said.
Behind these words, for the rest of the year, several providers were attacked in the strategic infrastructure area of Niemecchina.
READ THE STORY: The Times Hub
Items of interest
Quad unveils satellite-based maritime initiative to counter China
FROM THE MEDIA: The US, Japan, Australia and India have launched a satellite-based initiative to help countries in the Indo-Pacific region track illegal fishing and unconventional maritime militias, in their latest effort to counter China. President Joe Biden and the other leaders of the Quad security grouping unveiled the scheme in Tokyo at their fourth summit in just over a year. The Quad, which was revived in 2017 after a nine-year hiatus, is the latest US effort to deepen engagement in the region. But Russia’s invasion of Ukraine has also exposed divisions within the group, as India has refused to condemn Moscow for the war.
“It is natural that there are differences in position,” Japan’s prime minister Fumio Kishida said at a news conference on Tuesday following the meeting. “But the four countries, including India, have reached a common understanding that a unilateral attempt to change the status quo by force in any region is not acceptable.” The summit was held a day after Biden said he would use force to defend Taiwan from a Chinese attack, in comments that appeared to overturn a decades-old US policy of “strategic ambiguity” that does not make clear whether Washington would come to the self-governing island’s defense.
The White House rolled back Biden’s remark, saying US policy had not changed. But it was the third time Biden has made similarly confusing comments on Taiwan. The Indo-Pacific Partnership for Maritime Domain Awareness initiative, which was first reported by the Financial Times, is designed to help countries in the region boost maritime capabilities to tackle human and weapons trafficking, illegal fishing and Chinese maritime militias. The militias are supposedly engaged in commercial fishing but instead enable Chinese coast guard and naval activity.
READ THE STORY: FT
Cyber security analyst on how hacking will change the world (Video)
FROM THE MEDIA: Adam Levin is a cyber security expert who teaches me how to prepare for cyber warfare and protect myself from hackers.
Cyber Insurance - With David Finz (Video)
FROM THE MEDIA: Cyber Insurance With David Finz the First VP Alliant Insurance Service.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com