Wednesday, June 01, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
CHEERSCRYPT Linux-based Ransomware Targets VMWARE ESXI Servers
FROM THE MEDIA: Researchers have observed new Linux-based ransomware that joins other ransomware families, like LockBit and Hive, in targeting VMware ESXi servers.
The Cheerscrypt ransomware employs a double extortion scheme to coerce its victim to pay the ransom, threatening to leak the encrypted files, notify customers of the data breach and sell data to victims’ “opponents” or other cybercriminals if the ransom is not paid, said researchers with Trend Micro in an analysis last week. The attackers’ specific targeting of ESXi, a bare-metal hypervisor for creating and running virtual machines that share the same hard drive storage, is notable here. As more organizations transition to ESXi, it is becoming a more popular target for ransomware families including LockBit, Hive and RansomEXX.
READ THE STORY: DUO
Naming Adversaries and Why It Matters to Your Security Team
FROM THE MEDIA: What is it with these funny adversary names such as FANCY BEAR, WIZARD SPIDER and DEADEYE JACKAL? You read about them in the media and see them on CrowdStrike T-shirts and referenced by MITRE in the ATT&CK framework. Why are they so important to cyber defenders? How is an adversary born?
You may think you have a problem with ransomware, bots or distributed denial of service (DDoS) attacks but you would be wrong. Because humans are behind every cyberattack, what you really have is an adversary problem. Understanding the adversaries most likely to target your business is critical because it helps you focus your resources and better prepare your defenses to defeat them.
READ THE STORY: Crowdstrike
AI is Supporting Cybercrime Investigations at the Secret Service
FROM THE MEDIA: Most people are aware of the U.S. Secret Service’s mission to protect the president, but not everyone knows that the service is also responsible for investigating financial crimes — a landscape that has drastically changed following the advent of crypto laundering.
“I come from the old days when you followed the money on a paper trail,” said Roy Dotson, assistant special agent in charge and national pandemic recovery coordinator at the Secret Service, at an ATARC event. “But now cybercrime is probably the top priority of our agency in what we do day to day — whether that's a business email compromise or ransomware or an [Investment Coin Offering (ICO)] for crypto — whatever the flavor of the day is.”
READ THE STORY: GOVCIO
Hackers Steal a ‘Very Large’ Batch of Private Data from Australia’s Disability Scheme
FROM THE MEDIA: Hackers have obtained and published part of a “very large” batch of medical records and other sensitive information belonging to participants of Australia’s National Disability Insurance Scheme after breaching the scheme’s client management software last month.
The platform that fell victim to the breach is an Australian software provider called CTARS, and provides client management services to NDIS providers as well as the people living with disabilities they support.
READ THE STORY: VICE
Transport systems give hackers a moving target
FROM THE MEDIA: Transport and travel groups are proving doubly attractive targets to cyber criminals — as both operators of critical national infrastructure, and as treasure troves of valuable customer data. Over the past five years, cyber attacks on the IT systems and databases of transport organizations have increased and evolved, experts say. In 2017, malicious software, or “malware”, hidden in a document used to file tax returns infiltrated the IT systems of Maersk — and cost the global shipping company up to £300mn. A year later, hackers shut down 2,000 computers belonging to the Colorado Department of Transportation in the US.
READ THE STORY: FT
Critical Infrastructure Under Assault
FROM THE MEDIA: With the current geopolitical tensions, repeated supply chain issues, and rising inflation, the last thing any business or government organization wants is to face the threat of ransomware. Yet, critical infrastructure organizations are highly susceptible and have become the focus of Conti’s ransomware attacks. Early in the COVID19 pandemic, Conti targeted healthcare organizations such as the Irish healthcare system. This led to the cancellation of dozens of outpatient services, inoperable vaccine portals, and many weeks of service restoration. Ultimately, Ireland declined to pay the $20M ransom, deciding to incur the costs of restoring services instead. After all was said and done, Ireland’s recovery and restoration costs added up to an estimated $100M.
READ THE STORY: Security Boulevard
Energy plants at risk in cyber power play
FROM THE MEDIA: In 2017, a Russian hacker came within a whisker of causing what could have been a “catastrophic” and deadly attack on a US oil refinery, according to a Department of Justice indictment. The hacker got into the refinery’s systems and deployed malicious software with a view to causing severe “physical damage” — but, instead, triggered safety systems and automatic shutdowns of the refinery. In March, the hacker — an employee of the Russian defence ministry’s research institute — was charged by the DoJ, alongside three other Russian government employees who allegedly targeted energy companies across more than 135 countries between 2012 and 2018.
READ THE STORY: FT
US Agriculture Is Under Attack
FROM THE MEDIA: The U.S. agricultural sector is under attack, and Russian operatives appear to be the aggressors. Last month, the FBI’s cyber division published an emergency statement. Ransomware actors “may be more likely to attack agricultural cooperatives during critical planting and harvest seasons,” warned the federal investigative agency. Coordinated attacks on the agricultural sector threaten the country’s “entire food chain.”
On May 5, just a few weeks after the FBI’s warning, AGCO, one of the largest manufacturers and distributors of agricultural machinery on the planet, suffered a ransomware attack. Headquartered in Duluth, Georgia, the attack impacted its operations for several days.
READ THE STORY: The Epoch Times
Loosening China’s Grip on Telecommunications
FROM THE MEDIA: Imagine mobile networks that stream a hologram of yourself to your doctor with a real-time reading of your heartbeat – or playing online 3D games in the metaverse through radio waves that detect both your motions and emotions.
Or consider a connected car linked up to satellites and road sensors that locates a soon-to-be-freed parking space. Or a mobile network that detects when a driver has lost consciousness, allowing the dispatch of an ambulance.
Just when we learned that 5G mobile phones will transform everything around us, these thought-provoking hypotheticals are what telecom and cloud engineers are building for next generation 6G networks. It’s the next-next big thing that will become a global reality within six to ten years.
READ THE STORY: CEPA
Chinese state media propaganda found in 88% of Google, Bing news searches
FROM THE MEDIA: A think tank says Chinese state media have proven very effective at influencing search engine results for users seeking information on Xinjiang, a region of China where the Uyghur ethnic minority has been subjected to what the State Department calls genocide.
The findings on the Chinese manipulation of prominent American search engines came via Brookings Institution scholars Friday, following on the heels of the BBC’s release of disturbing images of Uyghur detainees accompanied by documents detailing a Chinese shoot-to-kill policy for detainees who try to escape.
READ THE STORY: Cyberscoop
Chinese hackers now using ‘Follina’, a Zero-day vulnerability in Microsoft Office against the International Tibetan community
FROM THE MEDIA: Chinese hackers are now said to be actively exploiting the Microsoft Office zero-day vulnerability dubbed as ‘Follina’. The vulnerability allows threat actors to remotely execute malicious code, by sending the victims a Microsoft Word file, the exploit activates the moment you open the file or view it in ‘preview’. Follina would download the code from the remote server utilizing Microsoft Windows Support Diagnostic Tool (MSDT).
The Chinese TA413 APT group, a state-affiliated threat actor is now exploiting the Follina Zero-day vulnerability to target the International Tibetan community. Proofpoint threat research team had found the same group targeting Tibetans with Sepulcher malware during the COVID pandemic in 2020.
READ THE STORY: Times Now News // The CyberWire // Darkreading
The Risks of Managing a Purchased Cyber Arsenal
FROM THE MEDIA: In March 2013, WikiLeaks began publishing a series of CIA documents. When it leaked the files, WikiLeaks claimed, “This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.” The leaked documents were collectively labeled Vault 7. Vault 7 revealed that of the fourteen exploits used by the CIA to target Apple’s iOS operating systems at the time, four were purchased.
READ THE STORY: CFR
Industrial IoT ransomware attacks control systems directly
FROM THE MEDIA: Researchers at Forescout's Verede Labs released a proof of concept for industrial systems that damages systems deeper embedded in industrial processes than any seen before.
One of the recent projects at Verede Labs has been "Project Memoria," an audit for vulnerabilities in popular TCP/IP stacks — including many commonly used in Internet of Things devices. The "R4IIoT" ransomware concept they debuted Wednesday weaponizes that research, exploiting a denial of service bug in Nucleus the group discovered in 2021 to disable industrial processes.
READ THE STORY: SCMAGAZINE // TechTarget
Trial Docs: Sussmann Edited FBI Press Release About DNC Hack Because It ‘Undermined’ The DNC’s Narrative
FROM THE MEDIA: Documents released during Michael Sussmann’s federal trial show the FBI solicited advice from Hillary Clinton’s lawyer on a press release describing the intelligence agency’s awareness of the Democratic National Committee hack in 2016. The original press release sent over to Sussmann by Jim Trainor, the assistant director of the FBI’s Cyber Division, noted that the FBI was aware of “a possible cyber intrusion involving the DCCC,” or the Democratic National Campaign Committee, via “recent media reporting.”
READ THE STORY: The Federalist
Azure Active Directory logs are lagging, and alerts may be wrong or missing
FROM THE MEDIA: UPDATED Microsoft has warned users that Azure Active Directory isn't currently producing reliable sign-in logs. "Customers using Azure Active Directory and other downstream impacted services may experience a significant delay in availability of logging data for resources," the Azure status page explains. Tools including Azure Portal, MSGraph, Log Analytics, PowerShell, and/or Application Insights are all impacted.
READ THE STORY: The Register
This Hacker Group Forces People to Do Good to Get Their Data Back
FROM THE MEDIA: A new strain of ransomware was recently identified by cybersecurity analysts, which forces its victims to complete a series of charitable tasks in order to retrieve their data. It combines the inconvenience of having your data stolen, plus the added cringe of self-righteous instructions on how to retrieve said data by doing a number of “good deeds.”
The ransomware is dubbed GoodWill, and was recently flagged by threat analysis firm CloudSEK. Ransomware is typically a form of malware that will encrypt a user’s photos, documents and other files, preventing them from accessing it, and extorting their victims to pay a ransom in order to give them the decryption key.
READ THE STORY: Gizmodo
After Hive cyberattack, Partnership HealthPlan confirms data theft affecting 855K
FROM THE MEDIA: Following reports of network downtime after a cyberattack in March, Partnership HealthPlan of California has since confirmed the Hive ransomware group stole a trove of health information ahead of the ransomware deployment. Reports show 854,913 patients were impacted.
As previously reported, PHC faced a long period of computer system disruptions immediately following the attack and were working with third-party working forensic specialists to recover the network. The incident also disrupted PHC’s ability to receive or process treatment authorization requests, the forms used to gain pre-approved funding for treatment.
READ THE STORY: SCMAGAZINE
SkyLink UAS trials drone medical delivery flights
FROM THE MEDIA: Drone company SkyLink UAS and intelligent positioning solutions Position Partners has trialed beyond visual line of sight drone medical delivery flights using its UTM micro services and UTM cloud platform. The trial provided integrated oversight of live UAV telemetry data from ‘Project Field Drones’ with other simulated drones and real manned aircraft activities near the 5G site.
The system enabled safe operations via flight authorization and traffic information over Optus 5G mobile data network in Victoria. Operations were monitored from SkyLink’s SkyLink’s traffic control centers in Armidale NSW using SpaceX Starlink Satellite Internet.
READ THE STORY: ITwire
Ukraine war spurs Japan to boost R&D in drones, AI: document
FROM THE MEDIA: A draft of one of Japan's most closely watched policy documents calls for "radically strengthening" the country's defensive capabilities with more research and development in technologies needed to respond to conflicts like the Ukraine war.
The draft economic and fiscal policy guidelines put forward by Prime Minister Fumio Kishida note that "the security environment has grown even more difficult" as a result of Russia's invasion of Ukraine.
READ THE STORY: Nikkei Asia
Protect Your Executives’ Cybersecurity Amidst Global Cyberwar
FROM THE MEDIA: It’s been roughly three months since Russia first launched its unprovoked invasion of Ukraine. Since then, the world has borne witness to unspeakable tragedy. While damaged and destroyed property can and will be rebuilt; the death and despair incurred by Ukrainians will leave a lasting imprint across all of Europe for generations to come.
As horrific as the physical war has been, the much-anticipated cyberwar hasn’t materialized as quickly as some cybersecurity and national security experts thought it would. In early March, Former General Counsel of the National Security Agency and Central Security Service Glenn S. Gerstell told The Guardian, “we have not yet seen the completely destructive attacks on Ukraine infrastructure some anticipated.”
READ THE STORY: Security Boulevard
Cyber agency: Voting software vulnerable in some states
FROM THE MEDIA: Electronic voting machines from a leading vendor used in at least 16 states have software vulnerabilities that leave them susceptible to hacking if unaddressed, the nation’s leading cybersecurity agency says in an advisory sent to state election officials.
The U.S. Cybersecurity and Infrastructure Agency, or CISA, said there is no evidence the flaws in the Dominion Voting Systems’ equipment have been exploited to alter election results. The advisory is based on testing by a prominent computer scientist and expert witness in a long-running lawsuit that is unrelated to false allegations of a stolen election pushed by former President Donald Trump after his 2020 election loss.
READ THE STORY: Milford Mirror
Items of interest
Intel vs. Analog Devices: Which Chip Stock is Currently a Better Investment?
FROM THE MEDIA: The extended global supply chain disruptions due to the ongoing Russia-Ukraine conflict and COVID-19 lockdowns in China worsened the global chip supply shortage this year. However, with substantial government investments and increased production capacities worldwide, semiconductor sales increased 23% year-over-year in the fiscal first quarter ended March.
This growing demand and increasing government and corporate investments to enhance chip production and impressive breakthroughs in the chip manufacturing process should drive the industry’s growth over the long run. Investors’ interest in this space is evident from the SPDR S&P Semiconductor ETF’s (XSD) 8% returns over the past month versus the SPDR S&P 500 Trust ETF’s (SPY) marginal decline. The global semiconductor market is expected to grow at a 9.2% CAGR to $893.10 billion by 2029.
Intel Corporation (INTC - Get Rating) and Analog Devices, Inc. (ADI - Get Rating) are two prominent players in the global semiconductor industry. INTC designs, manufactures, and sells computer products and technologies that deliver networking, data storage, and communication platforms. It also provides IoT products, computer vision, machine learning-based sensing, data analysis, localization, mapping, and driving policy technology. ADI designs, manufactures, and markets a portfolio of solutions that leverage high-performance analog, mixed-signal, and digital signal processing technology, including ICs, algorithms, software, and subsystems for industrial, automotive, consumer, and communication markets.
READ THE STORY: Stocknews
The national security implications of small satellites (Video)
FROM THE MEDIA: Experts from across the space community discuss how the United States and its allies and partners can leverage commercial small satellites to enhance space security.
How to Hunt for Cyber Threats Using Network Metadata and AI(Video)
FROM THE MEDIA: The network metadata the Vectra platform produces can be valuable for threat investigåations. Have you wondered how you could make use of same metadata to proactively hunt for threats? In this webinar, Vectra Sidekick MDR analysts will describe techniques to identify three common attacker behaviors in your environment. Sidekick analysts will walk you through the specific workflows for each attack technique, provide best practices for hunting in your own environment, and answer questions about how to threat hunt using the Vectra platform. Recall will be used for this webinar.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com