Tuesday, May 31, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
How Beijing’s surveillance cameras crept into Britain’s corridors of power
FROM THE MEDIA: In the confines of his small cell, Ovalbek Turdakun was watched 24/7. At any attempt to speak to others he was instantly told to be quiet, while lights in the room were on round the clock, making it impossible to know what time of day it was. Turdakun and his fellow detainees in the Xinjiang camp were not watched by guards, but by software. Cameras made by the Chinese company Hikvision monitored his every move, according to an account he gave to US surveillance website IPVM. Turdakun had never heard of the company, but recognized the logo after being evacuated to the US last month.
READ THE STORY: Telegraph
Good Luck Not Accidentally Hiring a North Korean Scammer
FROM THE MEDIA: For more than a decade, North Korean hackers and digital scammers have run wild, pilfering hundreds of millions of dollars to raise funds for the Hermit Kingdom and often leaving chaos in their wake. But while the United States and other governments regularly call out North Korea’s digital espionage operations and issue indictments against their hackers, it has proved more difficult to bring charges for rogue theft and profiteering. North Korea has been under extensive sanctions by the US and other governments for years, but efforts to address the regime’s financial crimes have met with obstacles.
READ THE STORY: Wired
142 million data records stolen from MGM resorts published on Telegram
FROM THE MEDIA: The massive trove of data records was discovered by security researchers at vpn Mentor who found the data stored in four archived files on Telegram totaling 8.7GB of data. These records belong to an estimated 30 million people whose data was previously stored by MGM Resorts International.
MGM resorts suffered a widely-publicized data breach in the summers of 2019 which involved a threat actor gaining unauthorized access to one of the resort’s cloud servers and reportedly stole the data repository in question. MGM did not publicize the security incident, but it did inform all affected customers to comply with local data breach notification laws.
READ THE STORY: Teiss
Anonymous hacker collective claims the cyberattacks against Belarus
FROM THE MEDIA: Anonymous hacker collective Spid3r has claimed responsibility for the massive attacks on Belarus’ major government websites in retaliation for the country’s alleged support of Russia’s invasion of Ukraine. The hacker group that has been very vocal about declaring a “Cyber War” against Russia announced on Twitter on Sunday.
It published screenshots of various websites connected with the Belarus state being down, including the Ministry of Communications, the Ministry of Justice, the Ministry of Economy, Ministry of Education, the National Legal Information Center, the Ministry of Internal Affairs, the State Customs Committee, and the State Committee. However, most of these sites seem to have been brought back online later.
READ THE STORY: Teiss
US academic credentials advertised for sale in dark web forums
FROM THE MEDIA: The FBI’s cyber division has issued a new Private Industry Notification, alerting US colleges and universities that higher education credentials have been advertised for sale on online criminal marketplaces and publicly accessible sites. According to FBI data, as of January 2022, Russian cyber-criminal forums offered access to credentials from several US-based universities and colleges across the country, with prices ranging from a few hundred to several thousand US dollars.
According to the document, over 36,000 email and password combinations (some of which are duplicates) for email accounts ending in .edu were discovered on a publicly accessible instant messaging platform in May 2021. The Private Industry Notification also stated that exposing such sensitive credential and network access information could result in cyber-attacks against individual users or affiliated organizations, particularly privileged user accounts.
READ THE STORY: Teiss
EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities
FROM THE MEDIA: A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS).
"The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs said in a technical write-up published last week. "Services such as VMware Workspace ONE, Adobe ColdFusion, WordPress, PHP Scriptcase and more are being targeted as well as IoT and Android devices."
First disclosed by Securonix in March and later by Fortinet, Enemybot has been linked to a threat actor tracked as Keksec (aka Kek Security, Necro, and FreakOut), with early attacks targeting routers from Seowon Intech, D-Link, and iRZ.
READ THE STORY: THN
New 'GoodWill' Ransomware Forces Victims to Donate Money and Clothes to the Poor
FROM THE MEDIA: Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need.
"The ransomware group propagates very unusual demands in exchange for the decryption key," researchers from CloudSEK said in a report published last week. "The Robin Hood-like group claims to be interested in helping the less fortunate, rather than extorting victims for financial motivations."
Written in .NET, the ransomware was first identified by the India-based cybersecurity firm in March 2022, with the infections rendering sensitive files inaccessible without decrypting them. The malware, which makes use of the AES algorithm for encryption, is also notable for sleeping for 722.45 seconds to interfere with dynamic analysis.
READ THE STORY: THN
Cyber criminals targeting agribusiness
FROM THE MEDIA: Agribusiness is increasingly incorporating internet-enabled technologies and data-driven solutions into farm production, food processing, supplier industries, logistics, client communications and sales marketing. Farming operations that have adopted precision farming are even more dependent on advanced technology to carry out their day-to-day business.
Improving internet access is making it easier for agriculture businesses to adopt efficiencies and reduce costs through enhanced technology, but it also widens the cyber-attack surface and threat landscape.
READ THE STORY: World Grain
How Wildcard Hacktivists and ‘Robin Hood’ Ransomware Groups Amplify Cyber Risk
FROM THE MEDIA: The concept of hacktivism or leaking data for socially or politically motivated reasons is built upon shaky ground and often painted in broad strokes of grey. In 2019, hacktivism was almost stricken off the list of most pressing cyber threats – an IBM X-Force Threat Intelligence report shows that it had declined by 95% since 2015. Even in 2021, only 1% of all attacks recorded stemmed from hacktivist groups.
The Russia-Ukraine war, however, gave hacktivism a new lease of life. A recent Kaspersky research shows that between Q4 2021, and Q1 2022, the number of DDoS attacks increased by 46%. Researchers attribute the sharp spike to hacktivists from both factions. While some hacktivist groups and threat actors such as Killnet, CyberGhost, the RedBandits, and the Conti ransomware group declared fealty to Russia, others such as Anonymous, BlackHawk, and GhostSec took Ukraine's side.
READ THE STORY: ET CIO
China leading the world in EVs, renewable energy: Elon Musk
FROM THE MEDIA: Elon Musk on Monday said that whatever the world thinks of China, the country is leading the race in electric vehicles (EVs) and renewable energy.
Tesla has one of its Gigafactory in Shanghai that is currently facing logistics issues due to Covid-19 lockdowns and is slowly getting back on track. In a tweet, Musk said: "Few seem to realise that China is leading the world in renewable energy generation and electric vehicles. Whatever you may think of China, this is simply a fact."
Musk, who has refused to manufacture Tesla cars in India unless the government is allowed to sell and provide service to its electric vehicles, has always praised China and its work culture.
READ THE STORY: The Economic Times
UK government could fund Newport Wafer Fab bailout if Chinese sale is blocked
FROM THE MEDIA: The UK government's Automotive Transformation Fund (ATF) could be used to help fund a US-backed consortium's bid for Britain's largest semiconductor plant. Last July, Wingtech Technology's Nexperia announced it would acquire the Newport Wafer Fab for a reported £63 million ($77m). Wingtech is a Chinese company, with purported ties to the state. But now the deal could be reversed due to national security concerns.
At least two consortia are thought to have expressed interest in taking over the company, which has struggled financially since the pandemic - allowing Nexperia to exercise an option to take over the business after gaining a 14 percent stake.
READ THE STORY: Data Center Dynamics
Shanghai lockdowns to end, perhaps easing tech supply chain woes
FROM THE MEDIA: China’s largest city, Shanghai, will this week all-but end its COVID-19 lockdowns on Wednesday, and by doing so may smooth some of the kinks in the world’s technology supply chains.
Limited lockdowns commenced in Shanghai during mid-March, before April escalations imposed city-wide restrictions that have remained in place ever since.
Shanghai is a major manufacturing hub, so the lockdowns have caused considerable pain. Cisco, for example, Cisco warned of disruption to supplies of parts it needs for power supplies. The likes of Foxconn, Tesla, and Toyota, have all ceased or slowed production. Chinese chipmaker SMIC kept production ticking over by having staff move either into its plants, or into a COVID-free zone around its plants.
READ THE STORY: The Register
Digital agriculture could byte the hand it feeds
FROM THE MEDIA: An international team of researchers has warned that relying on digital tools for agriculture without buttressing these technologies against cyber attacks could be a recipe for disaster. Researchers from King Abdulaziz University, Aix-Marseille University and Flinders University have performed complex IT and mathematical modelling to assess the vulnerabilities that face modern tools used in agriculture.
The world is on track to reach a population of over 10 billion people by the turn of the next century so having the tools to produce the appropriate amount of food for these people is inherently causing farmers and food processors to turn to automated and connection-oriented concepts.
READ THE STORY: Food Processing
How manufacturers and operators can leverage Open RAN detailed in Vodafone paper
FROM THE MEDIA: Telecommunications company Vodafone has revealed the benefits of building Open RAN systems, and has made recommendations to make it easier for manufacturers to meet the needs of operators while reducing the total cost of hardware and software in a new paper. According to Vodafone, mobile base stations are monolithic ‘closed boxes’ from a limited number of vendors consisting of a mix of inseparable hardware and software.
Updating the software to meet extra demand from customers requires ripping out most of the existing system. Open Radio Access Network (RAN) is different, claims Vodafone.
READ THE STORY: ITWire
Summit Healthcare’s Business Associate Provides Notice of Data Breach
FROM THE MEDIA: An accounts receivable management company that assists organizations with recovering outstanding balances, announced last week that it is notifying individuals whose information may have been involved in a recent network security incident.
On Feb. 26, the company PFC detected and stopped a sophisticated ransomware attack in which an unauthorized third party accessed and disabled some of PFC’s computer systems. PFC immediately engaged third-party forensic specialists to assist with securing the network environment and investigating the extent of any unauthorized activity. Federal law enforcement was also notified. The investigation determined an unauthorized third party may have accessed files containing certain individuals’ personal information.
READ THE STORY: WMI Central
Wireless broadband communications frequencies could be costly for scientists and the public
FROM THE MEDIA: The transition to 5G has been rocky. To facilitate faster and more reliable digital communication, radio-spectrum regulators have approved the operation of 5G transmitters and receivers within various wavelength bands in the 1-25 GHz range, according to research by Physics Today.
Radio waves in the L (~1–2GHz) and C (~4–8GHz) bands travel long distances but have limited bandwidth. Those in the 24GHz band don’t travel as far but have the wide bandwidth needed to increase data-transfer rates by an order of magnitude, according to Physics Today associate editor Alex Lopatka.
The problem, Lopatka identifies, is that radio spectrum is already widely-used, and 5G licenses granted in the US have approved the use of wavelengths that are close to those used for essential scientific and technical applications.
READ THE STORY: ITWire
Azerbaijan exposes person who offered WhatsApp hacking service
FROM THE MEDIA: A citizen who offered the service of intercepting correspondence on WhatsApp was exposed in Azerbaijan, the press service of the State Security Service told Trend. The State Security Service studied the information spread in social networks and the media about the Instagram page of Aztechnology company, which offered to track chats between WhatsApp users.
It was established that a resident of Baku Arif Asgarov (born in 2000) posted an advertisement providing a link to intercept and track the WhatsApp chats for a fee on Aztechnology's page (www.instagram.com/xakkerhuseyn).
READ THE STORY: Trend
Researchers Warn of New Microsoft Office 0-Day Vulnerability “Follina”
FROM THE MEDIA: Nao_Sec cybersecurity researchers state the “odd-looking” MS Word document was uploaded on VirusTotal from a Belarus IP address. Independent cybersecurity research group Nao_Sec has revealed startling details of a new zero-day vulnerability identified in Microsoft Office. Dubbed Follina; researchers claim this flaw can be exploited in the wild, researchers noted.
According to researchers, the flaw is named so because of the reference 0438 in the malicious sample, the area code of a municipality in Treviso, Italy, called Follina.
READ THE STORY: HackRead
Anonymous Claims Attacks Against Belarus for Involvement in Russian Invasion of Ukraine
FROM THE MEDIA: Anonymous-affiliated collective Spid3r claims to have attacked Belarus’ government websites in retaliation for the country’s alleged support of Russia’s invasion of Ukraine.
The group made the announcement on Twitter, publishing screenshots of various websites connected with the Belarus state being down, including the Ministry of Communications, the Ministry of Justice and the Ministry of Economy.
In addition, the websites of the Ministry of Education, the National Legal Information Center, the Ministry of Internal Affairs, the State Customs Committee, and the State Committee websites were also down.
READ THE STORY: InfoSecurity Magazine
Police Cyberdome develops new software to take on drug mafia on Dark Web
FROM THE MEDIA: The cyber wing of the Kerala Police has developed new software to counter the drug mafia operations through the Dark Web. The software named Grapnel has been introduced to curb drug trafficking which has been making deep inroads into even rural pockets of Kerala with the help of newfound technologies, including the Dark Web.
Shockingly, the transaction of about 60 parcel packets of "new generation drugs", which were seized recently after they reached the foreign post office in Kochi, took place through the Dark Web.
READ THE STORY: ONMANORAMA
75% Australians Suffer Attack Surface from Web Apps
FROM THE MEDIA: Fastly has released new research in partnership with Ecosystm that shows 75% of Australian businesses are now living with a vastly increased attack surface caused by their reliance on web-based applications. Large attack surfaces are routinely sought out and tested by attackers looking for less-protected entry points into corporate IT environments.
According to the survey, organizations in Australia moved en masse to more decentralized IT architectures over the past two years, but still struggle with some of the cybersecurity implications of these kinds of digital- and cloud-first operating models.
READ THE STORY: Australian Cyber Security
Items of interest
Russia’s War in Ukraine: The War in Cyberspace
FROM THE MEDIA: Dmytro Dubov, Head of the Information Security and Cyber Security Department of the National Institute for Strategic Studies in Kyiv, examines Russia’s methods of cyber attack against Ukraine’s critical infrastructure facilities, and their impact.
He discusses the close coordination between Russia’s cyber and propaganda activities and highlights future challenges for Russia in the IT realm that, if left unaddressed, will degrade its competitiveness in cyberspace. He concludes that Russia has so far failed—at least in part due to Ukraine’s progress in cyber security and defense—to deliver the effects it desired in its cyber attacks against Ukraine
READ THE STORY: ICDS
Renting Rats, Ransomware, Event Logs, Big IP, Clearview, & Cybercrime Law (Video)
FROM THE MEDIA: his week, Dr. Doug talks: Ransomware including Conti, Event Log Shellcode, Big IP, Clearview, Cybercrime laws, DCRAT, the Fifth Element, as well as the Expert Commentary of the illustrious Jason Wood on this episode of the Security Weekly News!
Cybercrime Expert Brett Johnson Talks Escaping Federal Prison & Online Fraud (Video)
FROM THE MEDIA: Brett Johnson joins Sgt. Sean "Sticks" Larkin and Howard Doss to share his story of how he got involved in cybercrime. Johnson is one of the top experts in the world on cybercrime, identity theft, fraud, and cybersecurity.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com