Friday, May 27, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
Hackers Injected Malicious PHP Code Into Online Checkout Pages to Scrape Credit Card Data
FROM THE MEDIA: The Federal Bureau of Investigation (FBI) warned on May 16, 2022, that threat actors scraped credit card data from a U.S. business by injecting malicious Hypertext Preprocessor (PHP) code into its online checkout pages.
The attackers collected credit card data from January 2022 and sent it to a threat actor-controlled server that spoofed a legitimate card processing server.
Additionally, the unidentified cyber actors gained backdoor access to the victim by modifying two scripts on the business’ online checkout page.
READ THE STORY: CPO Magazine
Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy
FROM THE MEDIA: In April 2022 it was reported that pro-Russian hacktivist group, KILLNET, carried out a series of Distributed Denial of Service (DDoS) attacks against a number of websites including the United Nations (UN), The Organization for Security and Cooperation (OSCE) an organization founded in Finland, and other European sites in Czechia, Estonia, Latvia, Lithuania, German, Poland, Romania and the UK. According to the findings by The European Union Agency for Cybersecurity (ENISA), while there are no reports of the attacks having had a major impact on the targeted organizations, this indicates an active increase of targets outside Ukraine.
READ THE STORY: Security Boulevard
The semi-secret list of techs Beijing really really wishes it didn't have to import
FROM THE MEDIA: China has identified "chokepoints" that leave it dependent on foreign countries for key technologies, and the US-based Center for Security and Emerging Technology (CSET) claims to have translated and published key document that name the technologies about which Beijing is most worried.
CSET considered 35 articles published in Science and Technology Daily from April until July 2018. Each story detailed a different “chokepoint” or tech import dependency that China faces. The pieces are complete with insights from Chinese academics, industry insiders and other experts.
READ THE STORY: The Register
In Russia's invasion of Ukraine, cyberwarfare is a decisive element of the battlefield
FROM THE MEDIA: Microsoft noticed unusual activity from two Microsoft Exchange servers: sending a large amount of data to IP addresses. Investigation revealed that the attackers, later identified as Russian hackers, used a vulnerability in Microsoft to steal the entire contents of several user mailboxes worldwide, including in Ukraine, the US, and Australia. This was the first of a series of cyber attacks on Ukraine, including taking down government websites and putting out threatening messages, sending Ukrainians to withdraw cash from ATMs, DDoS attacks on banking, bomb threats to schools, and even a malware wiper that would erase all data in a network.
READ THE STORY: Global Voices
Here's What Hackers Are Really Doing With Your Info
FROM THE MEDIA: Consumers often react to the risk of being hacked in two ways: by either being extra cautious or dismissing the risk outright by saying, "It won't happen to me." Malicious intruders and cybercriminals — sometimes referred to as black hat hackers — take advantage of this popular belief for their own benefit. ESET cybersecurity advisor and industry expert Jake Moore spoke with Digital Security about the issue of lax consumer security practices, noting that many people aren't even aware of basic tools for protecting themselves like two-factor authentication.
This is a big problem because most people now rely on their personal gadgets and online accounts for accessing and storing sensitive information, including everything from health records to financial documents and work materials. Failing to update laptops and smartphones with the latest security fixes, using public Wi-Fi networks without a VPN, and using the same password for every online account are all habits that leave consumers vulnerable to hackers.
READ THE STORY: Slashgear
Lazarus, the cybercriminals who steal and extort for North Korea’s ‘Beloved Leader’
FROM THE MEDIA: Last month saw the largest cyber heist on record. Someone stole $625 million worth of the cryptocurrency Ethereum – the second most used after Bitcoin – from a website related to the video game Axie Infinity. The United States was quick to link the attack to the Lazarus Group, North Korean cybercriminals well known to cybersecurity experts. Blockchain consultancy Chainalysis estimates that these North Korean hackers could have seized another $400 million in digital assets last year through various attacks targeting cryptocurrency platforms.
READ THE STORY: El Pais
Oil and gas industry pledges cyber cooperation at World Economic Forum
FROM THE MEDIA: The announcement follows the high profile cyberattacks on Colonial Pipeline in May 2021 and the attacks on the Amsterdam-Rotterdam-Antwerp oil hub facilities in February.
The oil and gas industry has become a major focus of criminal ransomware and nation-state threat actors looking to extort millions in ransomware payments as well as disrupt critical energy supplies. Russia’s invasion of Ukraine has only ramped up those concerns amid fears a retaliatory cyberattack would target key energy supplies in connection to sanctions related to the war.
READ THE STORY: Cyber Security Dive
Could New Zealanders initiate a cyber attack from within?
FROM THE MEDIA: The threat landscape is significantly increasing worldwide, and the opportunities it presents are a growing concern in Aotearoa. But would a Kiwi have access to the technology needed to initiate one and what is in place to prevent this? KPMG Cyber Security Services partner Philip Whitmore says that nothing stands in the way of someone in New Zealand initiating a cyber attack, and Aotearoa-based attacks take place on a regular basis.
"A local person may however choose at times to use offshore resources to support an attack, for example to hide the origin of an attack," Whitmore says. KnowBe4 recently released its 2022 Security Culture Report examining trends in security culture, with chief evangelist and strategy officer Perry Carpenter explaining that the term refers to "how people think about and approach a more secure environment and this report focuses on those key elements." Conducting this research for the first time, KnowBe4 found that overall, security culture worldwide is improving.
READ THE STORY: Security Brief
Shadow Code, Third-Party Scripts Pose Healthcare Cybersecurity Risks
FROM THE MEDIA: Third-party scripts can facilitate digital transformation by allowing development teams to introduce enhanced functionality to web applications without having to create or maintain them. But these scripts may also make applications vulnerable to shadow code and healthcare cybersecurity risks, a new report conducted by Source Defense suggested.
Researchers analyzed 4,300 websites across a variety of industries during Q1 2022 to identify shadow code risks in the digital supply chain. The report revealed that the average website includes 12 third-party scripts and 3 fourth-party scripts.
A third-party script is a “JavaScript resource loaded into a webpage to provide functionality beyond the core functionality of the website,” Source Defense explained.
READ THE STORY: Health IT Security
OAS platform vulnerable to critical RCE and API access flaws
FROM THE MEDIA: Threat analysts have disclosed vulnerabilities affecting the Open Automation Software (OAS) platform, leading to device access, denial of service, and remote code execution.
The OAS platform is a widely used data connectivity solution that unites industrial devices (PLCs, OPCs, Modbus), SCADA systems, IoTs, network points, custom applications, custom APIs, and databases under a holistic system.
It is a versatile and flexible hardware and software connectivity solution that facilitates data transfers between proprietary devices and apps from multiple vendors and connects them to firm-specific products, custom software, etc.
READ THE STORY: Bleeping Computer
Attribution is key to holding cyber criminals accountable
FROM THE MEDIA: As Russian cyber threats continue to evolve amid the war in Ukraine, cyber experts are urging NATO to take authoritative steps to combat state-sponsored hackers, including attributing the actors behind the attacks.
Merle Maigre, a senior fellow at the Center for European Policy Analysis, said that NATO should “deny covertness by attribution” and hold malicious cyber actors accountable for their criminal actions.
READ THE STORY: The Hill
China offering ten nations help to run their cyber-defenses and networks
FROM THE MEDIA: China has begun talking to ten nations in the South Pacific with an offer to help them improve their network infrastructure, cyber security, digital forensics and other capabilities – all with the help of Chinese tech vendors.
Newswire Reuters broke the news of China’s ambitions after seeing a draft agreement that China’s foreign minister Wang Yi is reportedly tabling on a tour of Pacific nations this week and next.
READ THE STORY: The Register
Marsh and Microsoft survey identifies latest cyber risk trends
FROM THE MEDIA: After three years of unrelenting workplace disruption, digital transformation, and ransomware attacks, business leaders are no more confident in their ability to manage cyber risk than they were two years ago, to according to a study by global insurance broker Marsh and tech giant Microsoft.
With global organizations expecting to face more cyberattacks in 2022, the study by Marsh and Microsoft, called “2022 Marsh and Microsoft Cyber Risk Survey,” aims to help leaders from all departments align and prioritize their cyber strategies for 2022 and beyond.
READ THE STORY: Insurance Business Mag
U.S Smart Grid Cyber Security Market is Likely to Expand at Promising CAGR with “IBM, Itron, Microsoft, Sensus”
FROM THE MEDIA: Smart grid cyber security is the protection against serious cyber threats that affect the users in the smart grid network globally. Cyber security of the smart grid has been an area of concern for the power utility sector, due to frequent exchange of sensitive information that takes place via communication networks such as the internet, intranets, extranets, and corporate networks. The study examines the impact of these key trends in detail and outlines the growth opportunities in various segments on the basis of how these trends will shape the Smart Grid Cyber Security market going forward.
READ THE STORY: Manufacture Link
Researchers uncover cybercriminal stronghold targeting Facebook users
FROM THE MEDIA: The Facebook Messenger 'Is That You?' video phishing scam has been around since 2017, but a recent investigation into it by researchers at Cybernews has led to the discovery of what they're calling a 'cybercriminal stronghold'. Threat actors are using this to infect the social network with thousands of malicious links each day. The research has also identified at least five suspects, thought to be residing in the Dominican Republic.
Following a tip off from cyber investigator Aidan Raney, the Cybernews team discovered thousands of phishing links had been distributed, through a devious network sprawling across the back channels of the social media platform.
READ THE STORY: Betanews
This Android malware targets passwords from almost 500 apps
FROM THE MEDIA: An infamous Android banking trojan has gotten a major update, growing more dangerous - but also more expensive.
Cybersecurity researchers from Cyble and ESET recently discovered version 2.0 of ERMAC being advertised on the dark web, for a monthly subscription rate of $5,000 (up from $3,000 a month for the earlier version).
The spike in subscription cost is not just due to inflation - it’s also due to version 2.0 coming with a lot more features. It is now capable of stealing login information and other sensitive data from 467 applications, up from the previous 378.
READ THE STORY: TechRadar
Sanctions on Russia Having a Positive Effect on Ransomware Attacks, Attempts Down Due to Difficulty Collecting Ransom Payments
FROM THE MEDIA: National Security Agency (NSA) director of cybersecurity Rob Joyce told attendees of a recent UK security conference that ransomware attacks are down in roughly the last two months, and that trend can be traced directly to sanctions placed on Russia. Criminals that operate out of the country are struggling to find ways to cash out ransom payments and set up infrastructure, due in large part to sanctions attached to the invasion of Ukraine.
The NSA cyber security director told the National Cyber Security Centre’s (NCSC) Cyber UK event in Wales that criminal attempts on government agencies and critical infrastructure had made ransomware attacks a national security priority, and that most of the serious players in this particular segment of the criminal underworld are based in Russia. New sanctions against entities in Russia are thus having a dampening effect on ransomware attacks, as the criminals lose options for doing business with the outside world.
READ THE STORY: CPO Magazine
Limited reporting hinders government’s ability to fight ransomware
FROM THE MEDIA: The federal government lacks comprehensive data on ransomware attacks and the use of cryptocurrency in paying ransoms, according to a Senate report.
A 10-month investigation by Senate Homeland Security and Governmental Affairs Committee staff found that while multiple federal agencies are addressing ransomware attacks, more data is needed from federal and the private sector to better understand the attacks.
Even though the FBI acknowledges that its data is artificially low, the number of complaints to the agency between 2018 and 2020 showed a 65.7% increase in the number of victims and a 705% increase in adjusted losses. The bureau received 3,729 ransomware complaints in 2021 alone, accounting for more than $49.2 million in adjusted losses.
READ THE STORY: SC Magazine
Ransomware encrypts files, demands three good deeds to restore data
FROM THE MEDIA: In what is either a creepy, weird spin on Robin Hood or something from a Black Mirror episode, we're told a ransomware gang is encrypting data and then forcing each victim to perform three good deeds before they can download a decryption tool.
The so-called GoodWill ransomware group, first identified by CloudSEK's threat intel team, doesn't appear to be motivated by money. Instead, it is claimed, they require victims to do things such as donate blankets to homeless people, or take needy kids to Pizza Hut, and then document these activities on social media in photos or videos.
READ THE STORY: The Register
Black Basta Besting Your Network?
FROM THE MEDIA: IBM Security X-Force has been tracking the activity of Black Basta, a new ransomware group that first appeared in April 2022. To date, this group has claimed attribution of 29 different victims across multiple industries using a double extortion strategy where the attackers not only execute ransomware but also steal data and threaten to release it publicly if the ransom demands are not met. The data disclosure element of these attacks takes place on a data leak site available on the Tor network. As a mechanism to apply pressure to coerce the victim to pay the ransom, the operators of Black Basta will gradually release stolen data on the leak site.
READ THE STORY: Security Intelligence
Let's play everyone's favorite game: REvil? Or Not REvil?
FROM THE MEDIA: Akamai has spoken of a distributed denial of service (DDoS) assault against one of its customers during which the attackers astonishingly claimed to be associated with REvil, the notorious ransomware-as-a-service gang.
REvil was behind the JBS and Kaseya malware infections last year. In January, Russia reportedly dismantled REvil's networks and arrested 14 of its alleged members, theoretically putting an end to the criminal operation.
Beginning in late April, however, the same group of miscreants — or some copycats — appeared to resume their regularly scheduled ransomware activities with a new website for leaking data stolen from victims, and fresh malicious code.
READ THE STORY: The Register
Items of interest
Cybereason Helps MSSPs Provide Unified Security, Details Massive Espionage Ring
FROM THE MEDIA: Also, Hornetsecurity announces its latest acquisition and MarketsandMarkets gives a sunny forecast for cloud security. Cybereason is focusing on helping MSSP partners and others bridge siloed security technologies to create unified protection for their customers. That’s according to Israel Barak, Cybereason’s CISO. Earlier this year, Cybereason launched its new Pay As You Grow (PAYG) program for MSSP partners, providing financial flexibility to increase margins and profitability.
This month, Cybereason announced new incident response (IR) and professional services subscription bundles. They include services to help organizations measure and optimize their security program. They’re packaged with unlimited IR services that identify, contain and remediate malicious cyber incidents.
“Essentially IR shops and IR service providers can dramatically reduce their cost for best-in-class IR delivery,” Barak said. “They can scale the IR operation and they can streamline the conversion of IR engagements into an ongoing subscription-based managed detection and response (MDR) business.”
One of the core areas of focus of the IR solution is to augment the Cybereason extended detection and response (XDR) platform and provide defenders with a unified incident detection and response platform, he said.
Incident responders and IR providers can gain a combination of visibility and threat analytics, Barak said. That’s based on both real-time and forensic data from a single tool. It automates the digital forensics and incident response (DFIR) processes.
READ THE STORY: Channel Futures
52 US Infrastructure Organizations Breached By Ragnar Locker By FBI (Video)
FROM THE MEDIA: 52 US Infrastructure Organizations Breached By Ragnar Locker By FBI.
The Psychology of Cybercrime (Video)
FROM THE MEDIA: What motivates hackers? What are their psychological manipulation techniques? How can we become a "human firewall'"? More than 90% of cyberattacks are due to human error. Humans are the weakest link in Cybersecurity. But something can be done.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com