Daily Drop (129)
5-9-22
Monday, May 09, 2022 // (IG): BB //Weekly Sponsor: Unsafe Waters
NSO Group keeping owners ‘in the dark’, manager says
FROM THE MEDIA: Israeli spyware company NSO Group has stonewalled questions over whether it is operating legally, according to consultants acting on behalf of the controversial company’s owners. Berkeley Research Group, the US consultancy that was last year put in charge of the private equity fund that owns 70 per cent of NSO, has told EU lawmakers that its inquiries about NSO’s “lawfulness” have been “ignored and/or frustrated by NSO Group’s management team”. Concerns remain about “the historical management of the NSO Group” and “possible ongoing activities in relation to which [BRG is] being kept in the dark”, BRG’s lawyers wrote in a letter to MEPs.
READ THE STORY: FT
‘The authorities are lying’: Russian TV schedule page hacked on Victory Day
FROM THE MEDIA: Russian President Vladimir Putin has described Moscow’s military action in Ukraine as a forced response to Western policies. Speaking at a military parade marking the former Soviet Union’s Second World War victory over the Nazis, Mr Putin drew parallels between the Red Army’s fighting against Nazi troops and the Russian forces’ action in Ukraine. He said that the campaign in Ukraine was a timely and necessary move to ward off potential aggression.
The Russian leader added that troops are fighting for the country’s security in Ukraine, and observed a minute of silence to honor those who had fallen in combat. “The danger was rising” he said, adding that “Russia has pre-emptively repulsed an aggression” in what he described as a “forced, timely and the only correct decision by a sovereign, powerful and independent country”.
READ THE STORY: The London Economic // Metro
North Korea Allegedly Used Blender.io To Launder Millions Stolen From Crypto Game Axie Infinity
FROM THE MEDIA: Axie Infinity is an online game, developed by Vietnam-based Sky Mavis, that finds players collecting and trading digital pets known as Axies which are minted as NFTs. Last month it appeared that hackers had run off with millions of dollars worth of cryptocurrency, allegedly stolen from Axie Infinity, by a group known as Lazarus that the FBI claims is sponsored by the North Korean state. Now, a service allegedly used by Lazarus to launder their crypto millions has been sanctioned by the US Treasury Department.
The Treasury named the Bitcoin mixer service Blender.io in a press release, claiming that it had been used by Lazarus to launder $20.5 million worth of the cryptocurrency it allegedly stole from Axie Infinity (as reported by The Verge). The original hack had made off with around $625 million of cryptocurrency, but the stolen funds clearly needed to be exchanged for something less stolen-y. Blender is a service that allows users to "conduct anonymous transactions without using VPN" according to its own website, and which has now been targeted by the US Treasury.
READ THE STORY: The Gamer // The Crypto Potato
New Raspberry Robin Found Dropping Windows Malware
FROM THE MEDIA: A new Windows malware has surfaced online, running active malicious campaigns. Researchers found this malware as part of a malicious cluster of activity identified as “Raspberry Robin.” The malware exhibits worm functionalities and spreads via external USB drives. Researchers from Red Canary, a US-based cybersecurity firm, have shared details about a malicious cluster of activity dubbed “Raspberry Robin.” As elaborated in their post, this malicious campaign drops a Windows malware that spreads like a worm via external drives. Briefly, the researchers found this “malicious cluster of activity” in September 2021.They observed some recent activities detected in January 2022.
The malware has managed to stay under the radar, as evident from the VirusTotal analysis that shows fewer public reports. Nonetheless, it is actively targeting organizations. This malware spreads to target computers via infected USB drives or other removable drives. The worm appears as a “.lnk” file for an otherwise legit folder in the USB, thus bluffing the victim. Upon inserting the infected drive into a system, the malware runs and executes its malicious activities according to the communication established with its C&C server.
READ THE STORY: LHN
Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware
FROM THE MEDIA: The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer.
The attack, which requires potential victims to enable macros after opening the document, works by downloading and executing an .EXE file that is retrieved from compromised web resources, CERT-UA detailed.
READ THE STORY: THN
Anonymous NB65 Claims Hack on Russian Payment Processor Qiwi
FROM THE MEDIA: The Anonymous affiliated Network Battalion aka NB65 group has allegedly targeted a Russian payment processing platform Qiwi and leaked 7 million payment card data as proof of hack.
On May 1st, 2022, NB65, one of the Anonymous affiliate hacktivist groups published a tweet in which it claimed to have gained access to Qiwi’s databases for operation OpRussia. For your information, QIWI plc is a Russian giant that provides payment and financial services in Russia and Commonwealth of Independent States (CIS) countries.
It is worth noting that NB65 is the same group that had hacked Russian state-run television and radio broadcaster VGTRK aka All-Russia State Television and Radio Broadcasting Company in April 2022 and leaked 786GB worth of data online.
As for the attack on Qiwi, NB65 also tweeted that it managed to extract 10.5TB of data comprising 30 million payment records and filtered 12.5 million credit cards of Qiwi customers. The group also posted a statement revealing that the attack was aimed at disrupting the Russian financial system.
READ THE STORY: Hackread
Russia is quietly wielding its cyber weapons as its military struggles in Ukraine
FROM THE MEDIA: The Russian military is struggling in Ukraine. Two months into the war, it has failed to achieve the quick victory envisioned by President Vladimir Putin and the few advisers informed of the plan. But Russia's offensive might is composed of a lot more than just troops and weapons. Moscow's cyberwarfare capabilities also make it a force to be reckoned with. While the Kremlin's conventional forces have underperformed in Ukraine now, it has employed those cyber weapons to great effect in the past.
Russia has lost thousands of troops and dozens of ground vehicles, aircraft, ships, and other pieces of hardware, and much of that destruction has been rebroadcast to the world through social media.
READ THE STORY: Business insider
China ‘Deeply Alarmed’ By SpaceX’s Starlink Capabilities That Is Helping US Military Achieve Total Space Dominance
FROM THE MEDIA: Of late, Chinese military observers have been increasingly concerned about the potential of SpaceX’s Starlink satellite network in helping the US military dominate space, especially so, in the wake of the Ukraine war, where Elon Musk activated Starlink satellites to restore communications that had stopped because of shelling by the Russian troops.
A recent commentary in the official newspaper of the Chinese armed forces suggested that the international community should be on high alert for the risks associated with the Starlink satellite internet system, as the US military could potentially use it for dominating outer space.
The commentary came one day ahead of SpaceX’s launch of the Falcon 9 rocket that took off on May 6 from Launch Complex 39A at Kennedy Space Center, carrying 53 Starlink internet satellites to the low-earth orbit (LEO).
“SpaceX has decided to increase the number of Starlink satellites from 12,000 to 42,000 – the program’s unchecked expansion and the company’s ambition to use it for military purposes should put the international community on high alert,” said the article on China Military Online, the official news website affiliated with the Central Military Commission (CMC), China’s highest national defense organization headed by President Xi Jinping himself.
READ THE STORY: Eurasian Times
Check your gems: RubyGems fixes unauthorized package takeover bug
FROM THE MEDIA: The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious versions with the same file names and version numbers.
Assigned CVE-2022-29176, the critical flaw existed on RubyGems.org, which is the Ruby-equivalent of npmjs.com, and hosts over 170,000 Ruby packages (gems) with almost 100 billion downloads served over its lifetime.
READ THE STORY: Bleeping Computer
RCE exploit created for critical F5 BIG-IP bug
FROM THE MEDIA: Security researchers claim to have created an exploit for a recently disclosed remote code execution (RCE) bug that affects F5 Network's BIG-IP family of networking devices/modules and could enable an attacker to execute commands on a vulnerable device with elevated privileges. Tracked CVE-2022-1388 and with a CVSS base score of 9.8, the flaw is found within the iControl REST authentication component and could enable a remote threat actor to bypass an authentication check and perform total system takeover.
Researchers from cybersecurity firms Positive Technologies and Horizon3 have said they were able to create exploits for the new F5 BIG-IP bug. "We have reproduced the fresh CVE-2022-1388 in F5's BIG-IP," Positive Technologies stated on Friday. "Patch ASAP!" Horizon3's Chief Attack Engineer, Zach Hanley, told BleepingComputer that they were able to discover the flaw in just two days and expect threat actors to start hacking devices shortly.
READ THE STORY: Computing
Russia’s ‘firehose of falsehood’ in Ukraine marks latest use of propaganda to justify war
FROM THE MEDIA: The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies. BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies. The declaration was signed into law by Chaves on Sunday, May 8th, same day as the economist and former Minister of Finance effectively became the country's 49th and current president.
The newly elected Costa Rican President Chaves declared a national emergency citing ongoing Conti ransomware attacks as the reason. Conti ransomware had originally claimed ransomware attack against Costa Rican government entities last month.
The country's public health agency Costa Rican Social Security Fund (CCSS) had earlier stated that "a perimeter security review is being carried out on the Conti Ransomware, to verify and prevent possible attacks at the CCSS level."
READ THE STORY: Bleeping Computer
AGCO Ransomware Attack Disrupts Tractor Sales During U.S. Planting Season
FROM THE MEDIA: Georgia-based AGCO said in a statement it expects operations at some facilities to be affected for “several days and potentially longer.” The ransomware attack comes at a time U.S. agricultural equipment makers were already facing persistent supply chain disruptions and labor strikes that left them unable to meet equipment demand from farmers. AGCO did not disclose the names of the facilities or if any data was stolen, but said it was still probing the extent of the attack that occurred on Thursday and working to repair its systems.
Tim Brannon, president and owner of B&G Equipment Inc in Tennessee, told Reuters he has not been able to access AGCO’s website for ordering and looking up parts since Thursday morning.
“We just have to trust that it will be over as soon as possible because we are coming into our busiest time of the year and it will be very damaging to our business and customers,” Brannon said.
AGCO, which competes with larger rival Deere & Co, sells tractors and combines, manufactures and assembles products in 42 locations worldwide with 1,810 dealerships in North America.
READ THE STORY: Insurance Journal
The role of streaming machine learning in encrypted traffic analysis
FROM THE MEDIA: Organizations now create and move more data than at any time ever before in human history. Network traffic continues to increase, and global internet bandwidth grew by 29% in 2021, reaching 786 Tbps. In addition to record traffic volumes, 95% of traffic is now encrypted according to Google. As threat actors continue to evolve their tactics and techniques (for example, hiding attacks in encrypted traffic), securing organizations is becoming more challenging.
To help address these problems, many network security and operations teams are relying more heavily on machine learning (ML) technologies to identify faults, anomalies, and threats in network traffic. But as encrypted traffic increasingly becomes the norm, traditional ML technologies need to evolve as well. In this article, I’d like to look at the type of ML models being used today and explore how they can be paired with Deep Packet Dynamics (DPD) technology to gain visibility into threats that could be hidden in encrypted traffic.
READ THE STORY: Helpnet Security
WHAT TO EXPECT AFTER PRESIDENT BIDEN’S EXECUTIVE ORDER ON BITCOIN
FROM THE MEDIA: By signing an executive order (EO) on cryptocurrencies, President Biden has signaled an openness to the technology’s potentially positive impacts. This is a significant and encouraging development for an asset class (digital assets) that recently surpassed $3 trillion in market capitalization. If there were ever any fears of a widespread international or United States-led crackdown on Bitcoin, those appear to be gone and the United States appears to have indicated its intent to be an international leader in the area. That said, it would be naïve to suggest the EO will lead to relaxed legal or regulatory scrutiny.
By overlaying the EO with recent legal and regulatory developments, we may gain a better understanding of what to expect next in the wake of the EO from March 9, 2022.
READ THE STORY: Bitcoin Magazine
Nokia trials 600G transmission over 1008 km network using its coherent optics with Tim Italy to achieve spectral efficiency
FROM THE MEDIA: Finnish telecommunications equipment provider Nokia has completed a network trial with telecommunications company Tim Italy using Nokia PSE-Vs fifth generation super coherent optics.
The said trial demonstrated 600G transmission over a 1008 km live link in Tim's backbone network in Italy. This trial will allow Tim Italy to increase its optical network capacity and support 500 Gigabit Ethernet (400GE) services across its long-haul network.
The trial leverages Tim’s long-haul network based on Nokia’s CDC-F ROADM architecture. It operated with 100GHz WDM channels to maximise network capacity.
“With the introduction of the PSE-Vs super coherent capabilities, we enable scale made simple across our entire 1830 portfolio. Nokia is enabling spectrally-efficient network capacity over real-world long-haul networks while setting new milestones for capacity-reach performance,” comments Nokia head of optical networks division James Watt on the trial.
“This live network field trial validates our plans to scale network capacity everywhere over our existing long-haul network, using the latest generation of high-performance coherent optics,” says Tim Italy head of IP, transport, and SDN engineering Alberto Maria Langelloti.
READ THE STORY: iTwire
A US Government Loophole Is Helping Putin’s Cronies Hide Their Cash
FROM THE MEDIA: Over the past four decades, private equity has become a powerful, and malignant, force in our daily lives. In our May/June 2022 issue, Mother Jones investigates the vulture capitalists chewing up and spitting out American businesses, the politicians enabling them, and the everyday people fighting back. Find the full package here.
After Russia invaded Ukraine, Western nations hit back with punishing sanctions against not just Russian leaders, banks, and businesses, but also the fabulously wealthy oligarchs most closely associated with Vladimir Putin. Their yachts have been seized. Their air travel has been restricted. And they’ve been cut off from the American Express Black Cards and international money transfers that allowed them to live lavishly in London, Miami, and Spain.
READ THE STORY: Mother Jones
Items of interest
Cyber insurance’s ‘dirty little secret’: It’s useless
FROM THE MEDIA: Cyber insurance against ransomware and other online attacks has been rendered almost useless because too many companies make “dumb” claims, and businesses should move to making claims only as a very last resort, a peak body representing Australia’s top information security officers has warned.
Excessive claims against cyber insurance policies have forced insurance companies to ask too many “invasive and intrusive” questions of prospective policyholders in an effort to keep their exposure to a minimum, said James Turner, managing director of CISO Lens, a forum for Chief Information Security Officers in Australia’s biggest companies.
This in turn has made the insurance companies into targets for hackers, as they store so much sensitive information about their clients, “We’ve got into this unhealthy cycle now where everyone is telling their suppliers or anyone they’re doing deals with, ‘We want to know that you’ve got cyber insurance’,” Mr Turner told The Australian Financial Review.
“It’s turned into this daisy chain where everyone is asking everyone if everyone has got cyber insurance, and the dirty little secret is that everyone knows it’s useless.
READ THE STORY: AFR
How Cyberwarfare Actually Works(Video)
FROM THE MEDIA: An Iranian use case.
Drones, hackers and mercenaries - The future of war (Video)
FROM THE MEDIA: A shadow war is a war that, officially, does not exist. As mercenaries, hackers and drones take over the role armies once played, shadow wars are on the rise. States are evading their responsibilities and driving the privatization of violence. War in the grey-zone is a booming business: Mercenaries and digital weaponry regularly carry out attacks, while those giving orders remain in the shadows. Despite its superior army, the U.S. exhausted its military resources in two seemingly endless wars. Now, the superpower is finally bringing its soldiers home. But while the U.S.’s high-tech army may have failed in Afghanistan, it continues to operate outside of official war zones. U.S. Special Forces conduct targeted killings, using drones, hacks and surveillance technologies. All of this is blurring the lines between war and peace.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com