Wednesday, May 11, 2022 // (IG): BB //Weekly Sponsor: Unsafe Waters
Hackers are using tech services companies as a 'launchpad' for attacks on customers
FROM THE MEDIA: A warning from international cybersecurity agencies has urged IT service providers and their customers to take action to protect themselves from the threat of supply chain attacks.
The cybersecurity agencies warn that Russia's invasion of Ukraine has increased the risk of cyberattacks against organisations around the world. But they also suggest a number of actions that IT and cloud service providers, along with their customers, can take to protect networks from supply chain attacks, where attackers gain access to a company that provides software or services to many other companies.
"As this advisory makes clear, malicious cyber actors continue to target managed service providers, which is why it's critical that MSPs and their customers take recommended actions to protect their networks," said Jen Easterly, director of US's Cybersecurity and Infrastructure Security Agency (CISA).
READ THE STORY: ZDNET
Elon Musk says Russia has stepped up efforts to jam SpaceX's Starlink in Ukraine
FROM THE MEDIA: Elon Musk said on Tuesday that Russia has increased its efforts to jam SpaceX's Starlink satellite internet in Ukraine, but hasn't succeeded.
"Starlink has resisted Russian cyberwar jamming & hacking attempts so far, but they're ramping up their efforts," Musk tweeted.
The SpaceX CEO linked a Reuters article, published on Tuesday, which reported that Russia carried out a cyberattack against satellite broadband provider Viasat on the day in February when President Vladimir Putin's troops advanced into Ukraine, according to Western officials.
The UK government said in a press release on Tuesday that the hack left thousands of Viasat users without internet connection, affecting people across Ukraine and other EU member countries. It was the most public cyberattack since Russia began its war on Ukraine, Reuters reported.
READ THE STORY: Business Insider Africa
Ransomware attack hits fighter jet company helping fight against Russia
FROM THE MEDIA: A ransomware attack involves cybercriminals asking for money and they usually threaten to release private information or continue the attack if they don't get paid. According to The Record, Top Aces said it's investigating after it appeared on a leak site for the LockBit ransomware group.
LockBit has given the company until May 15 to pay up. It's threatening to release 44GB of stolen data if Top Aces refuses or can't pay.
READ THE STORY: The Sun
Cyberattacks Against MSPs continue to Escalate
FROM THE MEDIA: A novel post-exploitation framework that allows the activity of its malicious actors to persist on their targets was exposed Wednesday by Crowdsrike's Falcon OverWatch threat hunters. Dubbed IceApple, the .NET-based framework has been observed since late 2021 in multiple victim environments in geographically diverse locations with targets spanning the technology, academic and government sectors, according to CrowdStrike’s report.
Up to now, Falcon OverWatch's threat hunters have found the framework only on Microsoft Exchange instances, but they said it's capable of running under any Internet Information Services (IIS) web application and advise organizations to make sure their web apps are fully patched to avoid infection.
READ THE STORY: CSO
Sale of Grindr Data Illuminates Privacy Blindspots
FROM THE MEDIA: Was anyone truly shocked to learn that user data from Grindr, a social networking app for gay, bi, trans and queer men, had been collected and sold on ad networks for many years? Perhaps ‘disappointed’ would be a more appropriate description—disappointed not only that the data was sold but that freely collecting and selling it has become something consumers normalized and even expected these days.
“We all have come to enjoy having mobile apps to provide us with instant information on our smartphones—the current weather, traffic patterns, news, sports results and so on. However, it is important to note that not all apps are comparable when it comes to protecting our privacy,” said Nasser Fattah, North America steering committee chair at Shared Assessments. “In fact, some apps, in order to best operate and provide the best value, do ask permission to access personal information, including your contacts and location.”
READ THE STORY: Security Boulevard
Five Eyes Nations Issue New Supply Chain Security Advisory
FROM THE MEDIA: Organizations have been urged to take action to secure their supply chains following Russia’s invasion of Ukraine in a joint advisory by the Five Eyes nations.
The document, ‘Protecting Against Cyber Threats to Managed Service Providers and their Customers,’ has been issued jointly by relevant government agencies from the Five Eyes security alliance. These are the UK’s National Cyber Security Centre (NCSC), the US’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS) and the New Zealand National Cyber Security Centre (NZ NCSC).
READ THE STORY: InfoSecurity
FBI Ransomware Crime Unit Seeks Public-Private Partnerships
FROM THE MEDIA: In an ongoing effort to stem the tide of ransomware, the FBI in March announced the Virtual Assets Unit (VAU). The VAU will focus on stopping ransomware criminals that demand large amounts of cryptocurrency from their victims. The FBI’s Virtual Asset Exploitation Team (VAXU), which specializes in cryptocurrencies, will support the VAU.
“Ransomware and digital extortion, like many other crimes fueled by cryptocurrency, only work if the bad guys get paid, which means we have to bust their business model,” said U.S. Deputy Attorney General Lisa Monaco in a statement. “The currency might be virtual, but the message to companies is concrete: If you report to us, we can follow the money and not only help you but hopefully prevent the next victim.”
READ THE STORY: ITPRO Today
New Specifications for Cross-Border Processing of Personal Information for MNCs
FROM THE MEDIA: the National Information Security Standardization Technical Committee (NISSTC), a government body under the State Administration for Market Regulation, released a draft version of the Practice Guidelines for Cyber Security Standards – Technical Specifications for Certification of Cross-Border Processing of Personal Information (the “technical specifications”) for public comment until May 13, 2022.
The technical specifications are the latest addition to China’s legislative framework for protecting the personal information of users and consumers in China. Under China’s Personal Information Protection Law (PIPL), companies are required to meet certain requirements and undergo a security assessment in order to transfer or process the personal information of Chinese users and customers outside of China.
READ THE STORY: China Briefing
The National Security Implications of New Rules of the Road for Cyber
FROM THE MEDIA: The Cyber Initiatives Group (powered by The Cipher Brief) filed national security-related comments in support of the SEC’s proposed rules regarding Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies this week. The official filing is below.
Commenters, led by former National Security Agency General Counsel Glenn Gerstell, include Kelly Bissell, Global Security Services Lead, Microsoft Corporation, HON. Sue Gordon, former Principal Deputy Director of National Intelligence, Matt Hayden, former Assistant Secretary of Homeland Security for Cyber, Infrastructure, Risk and Resilience, GEN Michael Hayden (Ret.), former Director of the Central Intelligence Agency and the National Security Agency, HON. S. Leslie Ireland, former Assistant Secretary of the Treasury for Intelligence and Analysis, Richard H. Ledgett, Jr., former Deputy Director, National Security Agency, RADM Mark Montgomery (Ret.), former Executive Director Cyberspace Solarium Commission and Debora Plunkett, former Director of the Information Assurance Directorate of the National Security Agency.
READ THE STORY: The Cipher Brief
Attribution of Russia’s Malicious Cyber Activity Against Ukraine
FROM THE MEDIA: The United States is joining with allies and partners to condemn Russia’s destructive cyber activities against Ukraine. In the months leading up to and after Russia’s illegal further invasion began, Ukraine experienced a series of disruptive cyber operations, including website defacements, distributed denial-of-service (DDoS) attacks, and cyber attacks to delete data from computers belonging to government and private entities – all part of the Russian playbook. For example, the United States has assessed that Russian military cyber operators have deployed multiple families of destructive wiper malware, including WhisperGate, on Ukrainian Government and private sector networks. These disruptive cyber operations began in January 2022, prior to Russia’s illegal further invasion of Ukraine and have continued throughout the war.
Today, in support of the European Union and other partners, the United States is sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries. The activity disabled very small aperture terminals in Ukraine and across Europe. This includes tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens.
READ THE STORY: DoS
U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors
FROM THE MEDIA: CISA and the Federal Bureau of Investigation (FBI) have updated the joint cybersecurity advisory, Strengthening Cybersecurity of SATCOM Network Providers and Customers, originally released March 17, 2022, with U.S. government attribution to Russian state-sponsored malicious cyber actors. The United States assesses Russia launched cyberattacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the Russia invasion, and those actions had spillover impacts into other European countries.
READ THE STORY: HS Today
Pro-Russia 'Killnet' hackers target Italian institutions
FROM THE MEDIA: A pro-Russia hacker group known as "Killnet" claimed a cyberattack on websites belonging to several Italian institutions on Wednesday, Italy's ANSA news agency and several other domestic outlets including newspaper Corriere della Sera reported.
As of Wednesday evening, websites belonging to Italy's defense ministry, Senate and National Health Institute were not functioning.
The Defense Ministry's website said it was "under maintenance" and the Senate's was also inaccessible. Police said an investigation was ongoing but provided no further details. Italy's Defense Ministry and cybersecurity agency have not commented.
READ THE STORY: DW
Ransomware Deals Deathblow to 157-year-old College
FROM THE MEDIA: Illinois-based Lincoln College was established during the U.S. Civil War. Since then it has weathered two world wars, the Spanish Flu, the Great Depression, the Great Recession and a devastating fire. But two things it couldn’t survive?
A ransomware attack and financial pressures tied to the impact of COVID-19 on its enrollment.
On Friday, the university announced, due to financial distress from COVID-19 and cybersecurity issues, it is shutting its doors. It’s a warning sign for academic institutions around the country that have been disproportionately targeted by ransomware attacks. That’s why some universities are now taking new and remarkable measures to protect themselves against the threat of ransomware attacks.
READ THE STORY: ThreatPost
Hacktivism in the Ukraine War
FROM THE MEDIA: Russia’s invasion of Ukraine triggered a wave of online vigilante activists on both sides of the conflict. Two days after the start of the war, Ukraine’s Minister of Digital Transformation Mykhailo Fedorov called on anyone with “digital talents” to join what he described as an “IT army”. A Telegram group set up for the initiative quickly had more than 34,000 members.
This led many Russian criminal gangs, including ransomware groups such as Conti, to publicly declare their support for Russia, while hacktivist group Anonymous soon pledged its allegiance with Ukraine.
READ THE STORY: TechMonitor
Nation-state attacks are hard to spot. It’s time for a new approach to threat detection
FROM THE MEDIA: Nation-state threat actors are fast emerging as one of the biggest security challenges facing nearly all organizations in light of the Ukraine crisis. Hackers that are either directly sponsored by nation-states or are simply given the leeway to act, have the time and resources to launch potentially devastating attacks against public and private sector organizations. One recent study suggests a 100% increase in significant nation-state incidents between 2017 and 2020, with enterprises now the most common target.
The threat posed by nation-state hackers is back in the spotlight with the growing concern over Russian-backed cyberattacks. As the war in Ukraine ensues, the Cybersecurity and Infrastructure Security Agency (CISA) warned that malicious malware against organizations in Ukraine may spread to businesses in other countries. A threat like this can infiltrate a business’ network, cutting off access to critical data.
READ THE STORY: Security Magazine
Nerbian RAT enjoys using Covid-19 phishing lures
FROM THE MEDIA: Two years since the first wave of the Covid-19 pandemic, and the novel coronavirus remains a lure too tempting to resist for cyber criminals, who continue to press it into service in their phishing campaigns.
One newly discovered malware using Covid-19 lures has been named Nerbian RAT – Nerbia being a fictional location in Miguel de Cervantes’s Don Quixote, a reference to it being included in the malware’s code – which has been tracked by Proofpoint researchers.
So far used in a low volume email borne campaign targeting users in Italy, Spain and the UK, Nerbian RAT’s lures claim to represent the World Health Organisation (WHO) and purport to be important information on Covid-19. The lure also contains the logos of Ireland’s Health Service Executive (HSE), the Irish government, and the National Council for the Blind of Ireland (NCBI).
READ THE STORY: Computer Weekly
Microsoft: Ransomware Relies on the Gig Economy
FROM THE MEDIA: The current ransomware-as-a-service (RaaS) pandemic is being fuelled by the tools and services offered by “gig” workers, making ransomware payload attribution harder and attacks easier to launch, according to Microsoft.
The tech giant explained in a lengthy post this week that short-term contractors of this sort are helping to lower the barrier to entry for other threat actors, who provide a cut of the profits from campaigns in return.
“The cyber-criminal economy is a continuously evolving connected ecosystem of many players with different techniques, goals, and skillsets,” it said.
“In the same way our traditional economy has shifted toward gig workers for efficiency, criminals are learning that there’s less work and less risk involved by renting or selling their tools for a portion of the profits than performing the attacks themselves. This industrialization of the cybercrime economy has made it easier for attackers to use ready-made penetration testing and other tools to perform their attacks.”
This has made it more difficult for investigators to link attacks to a particular ransomware payload developer group, Microsoft added.
READ THE STORY: Info Security
Items of interest
Social Engineering: What You Need to Know to Stay Resilient
FROM THE MEDIA: Security and IT teams are losing sleep as would-be intruders lay siege to the weakest link in any organization's digital defense: employees. By preying on human emotion, social engineering scams inflict billions of dollars of damage with minimal planning or expertise. Cybercriminals find it easier to manipulate people before resorting to technical "hacking" tactics. Recent research reveals that social engineering is leveraged in 98% of attacks.
As the rapid, ongoing acceleration of remote work raises the stakes, security leaders are fighting back with education and awareness. Resources developed by experts, like this new white paper — "Social Engineering: What You Need to Know to Stay Resilient" — identify the most common tactics, track how these types of attacks are evolving, and provide tips to protect organizations and their end-users. These insights not only inform security practitioners of the latest tactics and emerging threats, but help employees understand that safeguarding data is not just a "security team problem." Instead, every teammate is vulnerable to social engineering schemes, and every teammate must play their part to safeguard sensitive data.
READ THE STORY: THN
Address by the US National Cyber Director on cyber cooperation (Video)
FROM THE MEDIA: US National Cyber Director Chris Inglis addressed the Lowy Institute on the role of cyber in US strategy and the outlook for international cyber cooperation to build resilience and counter threats.
Third Party Cyber Risks (Video)
FROM THE MEDIA: Third-Party Cyber Risk
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com