Saturday, May 21, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
DOD: It's Not Just State Actors Who Pose Cyber Threat to U.S.
FROM THE MEDIA: It's not just hackers operating at the behest of adversarial nation states who pose a threat to U.S. cyber infrastructure — it's cyber criminals who are just in it for the money, the deputy assistant secretary of defense for cyber policy said.
Many in the Defense Department have long viewed the cyber threat in terms of nation-on-nation said Mieke Eoyang, who spoke Friday at TruCon2022, the Truman Center for National Policy's annual conference.
"I think that's because we thought that those are the most technical, the most sophisticated and the ones that would have the greatest impact," she said. "But I think we've seen over time with the development of the non-state actor — the criminal cyber market — is that capabilities that were once reserved for state actors are available on the dark web for purchase."
READ THE STORY: Defense
Beware potential ransomware attacks on QNAP NAS products
FROM THE MEDIA: QNAP Systems is urging its users to check and update their network attached storage (NAS) devices to the latest version to avoid exposure to the Deadbolt ransomware. Users should also avoid exposing their NAS to the Internet, the Taiwan-based NAS maker said in the advisory. The affected models include the TS-x51 series and TSA-x53 series.
QNAP NAS devices have been a frequent target of ransomware groups, including the OLocker and ech0raix ransomware, according to Chris Morgan, Senior Cyber Threat Intelligence Analyst at Digital Shadows. “Much of this activity surrounds the use of Universal Plug and Play (UPnP) protocol, which allows apps and other devices on your network to open and close ports automatically to connect with each other,” he explains. Used for a variety of purposes, UPnP protocol allows the convenience of quickly connecting devices to a network, but at a security cost, Morgan says.
READ THE STORY: Security Magazine
AGCO victim of ransomware attack — full recovery expected
FROM THE MEDIA: AGCO, a worldwide manufacturer and distributor of agricultural equipment, discovered May 5 that it was a victim of a ransomware attack that affected undisclosed production facilities.
AGCO is still investigating the extent of the attack, and its business operations were originally expected to be adversely affected for several days and potentially longer to fully resume all services depending upon how quickly the company was able to repair its systems.
In a May 19 update, AGCO reported that efforts to restore systems and business operations were successful following the ransomware cyberattack, with a majority of the affected production sites and parts operations resuming operational activities. All remaining factories and parts operations are expected to be fully restored by May 20.
READ THE STORY: Michigan Farm News
Oil India hires agency to investigate April ransomware attack
FROM THE MEDIA: State-run Oil India has hired an agency to investigate the April 10 ransomware attack at its the oil PSU’s field headquarters in Duliajan (Assam). The agency will submit a report on the measures required to avoid such attacks in the future as well as on the genesis of the attack.
Oil India has intimated that on April 10 some malware infection followed by a demand for ransom in bitcoin was observed at field headquarters, Duliajan. Servers were shut down but field operations were continuing uninterrupted, the Ministry of Petroleum and Natural Gas (MoPNG) said.
READ THE STORY: The Hindu Businessline
US accuses Russia of holding the world's food supply 'hostage. Cyber attacks could impact global supply
FROM THE MEDIA: The US has accused Russia of enabling a global food crisis and holding supplies "hostage" by blocking Ukrainian ports. "The food supply for millions of Ukrainians and millions more around the world has quite literally been held hostage by the Russian military," US secretary of state Antony Blinken said at a UN security council meeting Thursday. The Guardian and other outlets reported on the news. Blinken demanded that Russia end its blockade of Ukraine's ports to ensure that vital food and fertilizer shipments can continue to flow.
Warning that food insecurity could rise, he cited figures from the World Food Programme and the Food and Agriculture Organization. They found that the number of people affected by food insecurity due to Russia's invasion of Ukraine rose from 100 million in 2020 to around 161 million in 2022.
READ THE STORY: Business Insider
This Russian Botnet Is Powerful Enough To Manipulate Social Media Trends
FROM THE MEDIA: Social Media trends are a powerful tool that can be used to sway the views and opinions of millions of users, which is why a report claiming that a subcontractor working for Russia’s intelligence service has a botnet capable of altering trends on social media platforms has raised eyebrows.
A cybersecurity firm Nisos has alleged that the Russian firm oDay Technologies can spread misinformation at a hefty rate through a customizable suite linked to a malicious network.
READ THE STORY: FossBytes
Chinese Hackers Tried To Steal Key Security Data From Russian Military Institutes
FROM THE MEDIA: Chinese hackers sent emails with malware links to scientists and engineers at several Russian military research and development institutes on March 23 to purportedly obtain critical defence data on the country’s security systems, reported New York Times. These emails were appearing to be sent by Russia’s Ministry of Health and contained seemingly tantalizing information about a “list of persons under U.S. sanctions for invading Ukraine”. However, they were reportedly sent by state-sponsored hackers in China who were seeking to entice their targets in Russia to download and open a document consisting of malware.
NYT reported the activities of Chinese state-sponsored hackers citing a report by Israeli-American cybersecurity firm Check Point. The report has stated that Check Point’s research revealed that despite the deepening ties between Russia and China, Beijing appeared to view Moscow as a legitimate target for the theft of sensitive military technological information. It is to note here that the report has provided fresh evidence of Chinese efforts to spy on a so-called ally, Russia. This further indicates the complexity of the ties between both the nations that have grown closer in solidarity against the US and the West.
READ THE STORY: Republic World
SolarWinds ready to move past breach and help customers manage theirs
FROM THE MEDIA: SolarWinds is ready to move past the "cyber incident", having spent the past year bolstering its build model and processes to better mitigate future cybersecurity breaches. It also has expanded its systems monitoring capabilities as part of efforts to help customers better manage the complexities of hybrid cloud environments.
Mention SolarWinds and most would recall a colossal security breach that triggered when a malware-laced update for the vendor's Orion network monitoring platform was sent to customers. Thousands of companies received the Orion update containing the malicious code Sunburst, including US government agencies, Microsoft, Malwarebytes, and FireEye, which first raised the alarm in December 2020.
READ THE STORY: ZDNET
She joined DHS to fight disinformation. She says she was halted by... disinformation
FROM THE MEDIA: Three weeks: That's how long it took for the Department of Homeland Security to go from announcing a board intended to combat disinformation to suspending it. In those three weeks, both the Disinformation Governance Board and its leader, Nina Jankowicz, came under relentless and sometimes vicious attack from right-wing media and Republican lawmakers.
DHS initially shared few details about the board's function and purview, leading to speculation and fears it would police online speech.
READ THE STORY: Capradio
Putin Says Russia Will Focus on Domestic Technology, Equipment Amid Increase in Cyberattacks
FROM THE MEDIA: Over the years, the world has grown accustomed to Russian hackers posing a severe threat to corporations and infrastructure. But now it looks like Russia is dealing with the same issue on a big scale, forcing President Vladimir Putin to call a meeting with the government’s security council.
Putin said on Friday that the frequency of cyberattacks on Russia by foreign “state structures" has increased several-fold and that Russia needs to strengthen its cyber defenses by reducing reliance on foreign software and hardware.
READ THE STORY: News18
Expanding SEC’s Crypto Assets and Cyber Unit Is Essential, but There Are Potential Risks
FROM THE MEDIA: The SEC recently announced that it was doubling the size of its unit which deals with cryptocurrency assets. It plans to increase the footprint of the unit to reach 50 agents. The unit was first launched in 2017 and since then, has brought forward over 80 enforcement actions, mostly related to fraud and unregistered offerings.
It has resulted in monetary relief of over $2 billion. The focus of the new positions will be on crypto asset offerings, crypto exchanges, crypto asset lending and staking products, DeFi platforms, NFTs and stablecoins.
READ THE STORY: DailyHodl
Agricultural sector at risk of cyber attacks, study warns
FROM THE MEDIA: Since the industrial revolution, technological development has been linked to an improvement of agricultural techniques, resulting in an increase in the global food supply. Now, the idea of farms being run by robots and smart machinery is closer than ever. However, that progress could be hampered by the actions of hackers.
A new risk analysis done by the University of Cambridge, published in Nature Machine Intelligence, warns that the future use of artificial intelligence in agriculture comes with substantial potential risks for farms, farmers and food security that are at present poorly understood and underappreciated.
READ THE STORY: E&T
US agencies announce initiatives to crack down on ransomware
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency on Friday said it plans to convene a Joint Ransomware Task Force, while the Department of Justice announced it is launching two international initiatives aimed at tracking illegal cryptocurrency transfers and disrupting “top tier” cyber actors.
The announcements were made by top government officials at an Institute for Security and Technology event held to mark the one-year anniversary of the Ransomware Task Force — a public-private initiative that brought together dozens of experts from law enforcement agencies, cybersecurity firms, and civil society organizations. The event featured keynotes and commentaries from National Cyber Director Chris Inglis, the current and former directors of CISA, and Deputy Attorney General Lisa Monaco, highlighting how ransomware has become a top priority across the government.
READ THE STORY: The Record
Packaged zero-day vulnerabilities on Android used for cyber surveillance attacks
FROM THE MEDIA: Google assesses with high confidence that these exploits have been packaged by a single commercial surveillance company named Cytrox.
Cytrox is North Macedonian company with bases in Israel and Hungary that was exposed in late 2021 for being the developing and maintaining company of a spyware dubbed “Predator.” Meta also exposed that company, amongst 6 other companies providing surveillance-for-hire services, and took actions against it, banning them from their services while alerting suspected targets about possible compromises. 300 Facebook and Instagram accounts related to Cytrox have been removed by Meta.
READ THE STORY: TechRepublic
Putin promises to bolster Russia's IT security in face of cyber attacks
FROM THE MEDIA: President Vladimir Putin said on Friday that the number of cyber attacks on Russia by foreign "state structures" had increased several times over and that Russia must bolster its cyber defenses by reducing the use of foreign software and hardware. The websites of many state-owned companies and news websites have suffered sporadic hacking attempts since Russia sent its armed forces into Ukraine on Feb. 24, often to show information that is at odds with Moscow's official line on the conflict.
READ THE STORY: Reuters
National Cyber Director's Vision for the Future Flags Overdue National Plan
FROM THE MEDIA: National Cyber Director Chris Inglis drew attention on Friday to the continued absence of a national cybersecurity strategy—something the Government Accountability Office expects his office to deliver—while envisioning collaboration across sectors of industry that may have independently managed risks in the past, but are now increasingly dependent on each other.
“I thought I might give voice to what is the sense of an emerging strategy,” Inglis said. “This isn't the US strategy, but it is a sense of the emerging strategy that I would, in part, observe, in part kind of use as my mantra of what we need to do going forward that addresses not just ransomware but more broadly addresses kind of the causes underneath that give rise to that phenomenon and so many others.”
READ THE STORY: NextGov
The world's top hackers are competing to break into a Tesla. The winner gets $600,000 and keeps the car.
FROM THE MEDIA: Many of the world's top hackers gathered in Vancouver, Canada this week to try to break into highly guarded technology including Microsoft Teams, Apple's Safari browser and a Tesla car. The top prize, for people who manage to hack a Tesla Model 3, is $600,000 and the vehicle itself.
The hackers have come together as part of a contest to celebrate the hacking competition Pwn2Own's 15th anniversary, in what has become a lucrative testing ground for researchers to find exploits and warn companies about their vulnerabilities.
READ THE STORY: Insider
Sandworm uses a new version of ArguePatch to attack targets in Ukraine
FROM THE MEDIA: Sandworm, the APT group behind some of the world’s most disruptive cyberattacks, continues to update its arsenal for campaigns targeting Ukraine.
The ESET research team has now spotted an updated version of the ArguePatch malware loader that was used in the Industroyer2 attack against a Ukrainian energy provider and in multiple attacks involving data wiping malware called CaddyWiper.
The new variant of ArguePatch – named so by the Computer Emergency Response Team of Ukraine (CERT-UA) and detected by ESET products as Win32/Agent.AEGY – now includes a feature to execute the next stage of an attack at a specified time. This bypasses the need for setting up a scheduled task in Windows and is likely intended to help the attackers stay under the radar.
READ THE STORY: We Live Security
New ‘pymafka’ malicious package drops Cobalt Strike on macOS, Windows, Linux
FROM THE MEDIA: This week, Sonatype’s automated malware detection bots have discovered malicious Python package ‘pymafka’ in the PyPI registry. The package appears to typosquat a legitimate popular library PyKafka, a programmer-friendly Apache Kafka client for Python. The development follows our discovery of another typosquat targeting the Apache Kafka project from earlier this month.
PyKafka includes Python implementations of Kafka producers and consumers, and has been retrieved over 4,240,305 times by user-initiated downloads and mirrors/bots alike. By contrast, malicious ‘pymafka’ shows a download count of around 300 as Sonatype timely reported the finding to PyPI.
READ THE STORY: Security Boulevard
China-linked Twisted Panda caught spying on Russian defense R&D
FROM THE MEDIA: Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.
The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.
In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.
READ THE STORY: The Register
Backdoor baked into premium school management plugin for WordPress
FROM THE MEDIA: Security researchers have discovered a backdoor in a premium WordPress plugin designed as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating.
The name of the plugin is “School Management,” published by Weblizar, and multiple versions before 9.9.7 were delivered with the backdoor baked into its code.
READ THE STORY: bleepingComputer
The True Danger for Organizations: Unpatched Vulnerabilities
FROM THE MEDIA: It is no secret that 2021 saw an increase in cyberattacks all around the globe; specifically in critical infrastructure organizations. In October of that year, The U.S. Cybersecurity and Infrastructure Security Agency issued Alert AA21-287 in response to cyberattacks targeting the financial, gas, food and transportation sectors. The advisory was released to draw attention to infrastructure vulnerability and the facilities being targeted by hostile cyber activity. It seems that every year, new software comes out that should limit the number of ransomware attacks, but every year attacks seem to increase. Why is that?
Cyberattack groups succeed when they are one step ahead, and they know they have to evolve their tactics going into a new year. In fact, Check Point Research reported that cyberattacks have recently increased 50% year-over-year. In 2022, ransomware methods and cyberattack techniques, in general, continue to change, demonstrating actors’ growing technological sophistication and the growing threat to enterprises around the world. But there is one way, in particular, they keep getting in—by exploiting system vulnerabilities.
READ THE STORY: Security Boulevard
Items of interest
Google Chat Now Warns You About Suspicious Links
FROM THE MEDIA: Not sure if that chat message is legit or not? Google has your back. Google Chat will start showing a warning banner under messages that might contain phishing links or malware downloads, according to a blog post by Google.
Phishing scams can lock you out of your device or result in identity theft. Malware attacks, which include ransomware attacks, are becoming more frequent, more successful and more expensive. Google wrote that the warning banners "help protect users against malicious actors, keeping data safe."
READ THE STORY: CNET
The Race Ep 128 Supply Chain - Cybersecurity Risks (Video)
FROM THE MEDIA: The Race Ep 128 Supply Chain - Cybersecurity Risks - Part 3 of 4
The Art of Breach Detection (Video)
FROM THE MEDIA: Hackers will never stop their attack attempts, and organizations must be aware they could be breached any second!
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com