Daily Drop (153)

6-2-22

Thursday, June 02, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ

Defense & National Security —US doubles down on support for Ukraine

FROM THE MEDIA: Despite President Biden’s vow this week to send more advanced weapons to Kyiv, the commander-in-chief is still exercising caution, reinforcing that his administration is not seeking a hot-war with Moscow or trying to depose Russian President Vladimir Putin, and issuing dire warnings against the prospect of a nuclear confrontation.  

Significantly, the new $700 million package the U.S. is readying for Ukraine for the first time contains High Mobility Artillery Rocket Systems, but says they are configured to limit their range to strike only Russian forces in Ukraine and not inside Russia. 

READ THE STORY:  The Hill

US ran offensive cyber ops to support Ukraine, says general

FROM THE MEDIA: America's military conducted offensive cyber operations to support Ukraine in its response to Russia's illegal invasion, US Cyber Command chief General Paul Nakasone has said. "We've conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations," General Nakasone told Sky News in an interview that aired Wednesday.

Nakasone, who also serves as director of the NSA, didn't provide specific details about the offensive operations, though he said they were lawful and complied with US policy. 

READ THE STORY:  The Register // The Hill

US and Europe make moves to secure access to Taiwanese tech

FROM THE MEDIA:  Taiwan has engaged with the United States, and the European Union, in separate talks aimed at securing tech supply chains. On Wednesday, the US and Taiwan launched an "Initiative on 21st Century Trade" that is very similar to the recently-announced 14-country Indo-Pacific Economic Framework (IPEF) that aimed to secure regional supply chains. Taiwan is not a party to the IPEF – an omission possibly intended to avoid provoking China. 

READ THE STORY:  The Register

Iranian-backed hackers targeted Boston Children’s Hospital, FBI chief says

FROM THE MEDIA: Hackers sponsored by the Iranian government last year attempted a “despicable” cyberattack against Boston Children’s Hospital that threatened to disrupt services to patients, FBI Director Christopher Wray said on Wednesday. Wray, in a speech delivered at a conference hosted by Boston College, detailed the incident as he warned about the rising threat cyberattacks sponsored by some nation states including Iran pose to companies and US infrastructure.

READ THE STORY:  Arab News

Line Between Criminal Hackers and Nation-State Threats Blurs, U.S. Officials Say

FROM THE MEDIA: The lines between criminal hacking groups and intelligence operations in countries like Russia, Iran and China have increasingly blurred, senior U.S. officials said on Wednesday, making Washington’s job in curbing cyberattacks all the harder.

In recent years, some Russian hackers who have locked U.S. businesses with ransomware have proclaimed support for the Kremlin, the officials said, while Russian intelligence officers have at times moonlighted as criminal hackers, or used black-market tools to obscure hackers’ ties to their respective governments.

READ THE STORY:  WSJ

Microsoft zero day under attack as industry awaits patch

FROM THE MEDIA: Security researchers say there is the potential for significant impact on businesses worldwide, as millions of enterprise users depend on Microsoft Office to conduct business. The company has thus far only issued workarounds for the vulnerability. Microsoft warned late Monday the vulnerability, if successfully exploited could allow an attacker to install programs, change or delete data or create new accounts. The most common method of delivering Follina would be through email campaigns that entice users to download attached files.

READ THE STORY:  Cyber Security Dive

EnemyBot Puts Enterprises in the Crosshairs With Raft of '1-Day' Bugs

FROM THE MEDIA: An Internet of Things (IoT) botnet dubbed “EnemyBot" is expanding its front lines to target security vulnerabilities in enterprise services — potentially leading to it being a much more virulent threat than it has been, researchers say. EnemyBot, which is controlled by a threat actor known as Keksec, is a Linux botnet that emerged on the malware scene in late March. It shares source code with two other well-known botnets, Gafgyt (aka Bashlite) and the mighty Mirai, according to a prior analysis from Fortinet. Like those threats, EnemyBot is used to carry out distributed denial-of-service (DDoS) attacks. Other aspects of the code include smaller elements from Qbot and other malware, and some custom development.

READ THE STORY:  Dark Reading

12K Misconfigured Elasticsearch Buckets Ravaged by Extortionists

FROM THE MEDIA: Cyberattackers are targeting misconfigured Elasticsearch cloud buckets exposed on the public Internet and stealing the wide-open data, then replacing it with a ransom note. According to Secureworks Counter Threat Unit (CTU) researchers, more than 1,200 indexes have already been affected, with the attackers issuing 450 requests for Bitcoin payment in exchange for the return of the data. However, the ransom amounts are relatively low, researchers have pointed out: Taken together, all of the demands total just $280,000. "The average ransom request was approximately $620 payable to one of two Bitcoin wallets," they noted in a Wednesday analysis. "As of this publication, both wallets are empty and do not appear to have been used to transact funds related to the ransoms."

READ THE STORY:  Dark Reading

Iran’s Cyberwar Grows More Aggressive, Thanks to Russia and Hezbollah

FROM THE MEDIA: Iranian cyber warfare has gone global, thanks to Tehran’s strategic alliances with some of the worst geopolitical players. Analysts say that Russia has helped Iran become a cyber-power by supplying it with cyber weapons, information, and capabilities. In turn, Iran has passed its expertise to its terrorist proxy Hezbollah. Due to Iran’s development of cyber power, the United States is now under attack.

“Ayatollah Khamenei has successfully fostered a culture in Iran centered around suspicion of the West. … To blunt America’s influence in the region and around the world, Iran’s soft war, from their perspective, is instrumental in their long-term rules of non-violent engagement with the United States and its allies,” says cybersecurity expert Charles Denyer in his upcoming book “Iran’s Cyber Assault on America.”

READ THE STORY:  Algemeiner

Foxconn confirms ransomware attack disrupted production in Mexico

FROM THE MEDIA: Foxconn electronics manufacturer has confirmed that one of its Mexico-based production plants has been impacted by a ransomware attack in late May. The company did not provide any info on the group responsible for the attack but operators of the LockBit ransomware gang claimed responsibility. Foxconn operates three facilities in Mexico, which produce computers, LCD TVs, mobile devices, and set-top boxes, formerly used by Sony, Motorola, and Cisco Systems. The attacked Foxconn factory is located in Tijuana, Mexico, and is considered a strategic facility that acts a critical supply hub for the U.S. state of California, a significant electronics consumer.

READ THE STORY:  Bleeping Computer // ITWire (Supply Chain)

Ransomware Attack Disrupted SpiceJet’s Flight Operations Leaving Passengers Stranded

FROM THE MEDIA: Budget Indian airlines SpiceJet suspended flight operations, causing massive delays after an attempted ransomware attack. SpiceJet acknowledged the incident that slowed down morning flight departures, claiming that its security team had rectified the situation and flights had resumed. However, passengers complained on social media that SpiceJet’s customer services and booking systems were unavailable. SpiceJet is the second-largest airline operator in India, with a 15% market share, 14,000 employees, and a fleet of 102 aircraft. The airline makes about 630 daily flights, transporting approximately 12 million passengers per month across 54 Indian cities and 15 international destinations.

READ THE STORY:  CPO Magazine

Darktrace's Brianna Leddy on How Ransomware Groups Adapt to New Defenses

FROM THE MEDIA: Ransomware groups are difficult to shut down because they are constantly adapting their techniques to evade newer security defenses and controls. In this Tech Talk, Brianna Leddy, director of analysis at Darktrace, says that just because an attack group ceases operations doesn't mean they won't re-emerge in a different form. For example, researchers believe that the DarkSide group behind the ransomware attack against Colonial Pipeline returned as Blackmatter, a ransomware-as-a-service group. DarkSide shut down its operations, presumably because of investigations by law enforcement and the US federal government clawing back the ransom payments.

READ THE STORY:  Dark Reading

US Agencies: Karakurt extortion group demanding up to $13 million in attacks

FROM THE MEDIA: The Karakurt data extortion group is holing victim data for ransoms of $25,000 to $13 million in Bitcoin, according to a new alert from the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Treasury Department. The U.S. agencies said Karakurt victims have not reported encryption of compromised machines or files, but instead the gang’s members threaten to auction off stolen data or release it to the public unless they receive a ransom. Victims are typically given a week to pay, according to the CISA alert. 

READ THE STORY:  The Record

'Frightening' flaws cloud Microsoft Azure

FROM THE MEDIA: One of the biggest hacks of all time happened last summer, and the world barely noticed.

In August 2021, hackers broke into a widely used database service on Microsoft’s Azure public cloud platform. They reported gaining access to databases in thousands of customer environments, or tenants, including those of numerous Fortune 500 companies. This was possible because the cloud runs on shared infrastructure — and as it turns out, that can uncover some shared risks that cloud providers thought were solved problems.

READ THE STORY:  Protocol

Google Project Zero exposes critical Zoom vulnerabilities

FROM THE MEDIA: Google's Project Zero vulnerability research team has identified critical vulnerabilities Zoom patched last week, a zero-click remote code execution exploit that run malicious code on devices running the software, according to reports. According to ArsTechnica, researchers tracked CVE-2022-22786 and CVE-2022-22784 as the vulnerabilities, which performed attacks even when the victim took no action other than to have the client open. Someone who can send chat messages could cause the Zoom client app to install malicious code such as spyware or malware from an arbitrary server.

READ THE STORY:  ITWire

AI and ML: Key combatants in the cyber security conflict

FROM THE MEDIA: The “work-from-anywhere” distributed operational model adopted by many organizations in recent times has resulted in a proliferation of network-connected devices. According to estimates, globally there could be as many as 50 billion connected devices in daily use.

This has caused increased network and systems complexity on a massive and unprecedented scale. What’s more, advances in technology, while delivering greater efficiencies to organizations on many fronts, have added layers of complexity to the task of protecting vital corporate assets. And as the number of assets increases, so visibility into how they interface with vital organizational data diminishes.

READ THE STORY:  ITWeb

Russia Forcing Changes to NATO Strategic Concepts

FROM THE MEDIA: Even before the Russian invasion, the Madrid Summit was poised to be a game-changer for the alliance. The summit crown jewel was to be the agreement on a new strategic concept for the alliance. Much has changed since the last time NATO leaders approved a strategic concept in 2010.

"Even before February 24, there was a deep appreciation across the alliance that the language on Russia from 2010 was sorely outdated and needed a significant upgrade and needed to reflect the current environment," Smith said. "There was also an appreciation that China, for the first time, needed to be part of the strategic concept."

READ THE STORY:  DoD

CDC Tracked Americans' Cell Phones During Lockdowns

FROM THE MEDIA: If you’ve ever felt like Google knows what you’re going to do before you know what you’re going to do, it’s because they are tracking you. If you’re using any of Google’s apps or products on your Android phone, iPhone or computer, you are likely being tracked. Internal documents1 from the Centers for Disease Control and Prevention show your cell phone data was used to track your movements during lockdowns and vaccine campaigns.

CNET reports that some apps created by Google can store your location data and just opening the maps app or using a Google search will log your location and time.2 Google analyzes the data to predict your behavior and sells the information to advertisers.

READ THE STORY:  Verve Times

China’s spies are not always as good as advertised

FROM THE MEDIA: In recent years Western officials have maintained a steady drumbeat of warnings about Chinese spies. In short, the spooks are getting bolder and better. Among other things, they’re accused of hacking into Microsoft's Exchange email service, stealing Western defense and commercial secrets, harassing Chinese dissidents overseas and bugging the headquarters of the African Union (all of which China denies). Yet, when confronted by overwhelming evidence that Russia was about to invade Ukraine, China's spies appear to have dropped the ball.

READ THE STORY:  Stuff

FBI seizes domains tied to stolen records, DDoS services

FROM THE MEDIA: The FBI and Justice Department said Tuesday they had seized the domain of a search engine service that claimed to offer users the ability to scour billions of records of personal data from more than 10,000 data breaches, effectively shutting down the criminal operation.

The site, weleakinfo.to, offered a subscription service where customers could access personal information leaked in data breaches, including names, email addresses, usernames, phone numbers and passwords for online accounts. Such information is valuable to cybercriminals looking to commit identity fraud and financial crimes.

READ THE STORY:  CyberScoop

Costa Rican Social Security Fund hit with ransomware attack

FROM THE MEDIA: On Tuesday, May 31, the government of Costa Rica confirmed that it had ended up facing another attack from ransomware gangs. The government specified that this time, its Social Security Fund was hit with an unfortunate cyberattack.

The Costa Rican Social Security Fund gave in a statement on Twitter, specifying how the attack was initiated early in the morning on May 31. Moreover, it said that they were already in the process of conducting an extensive investigation on the incident. They went on to confirm that the attack did not impact many of the payroll and pension databases. These included the Unified Digital Health system, along with the Centralized Tax Collection system.

READ THE STORY:  TechStory

Items of interest

Fear grows that US military satellite communications are falling behind: Study

FROM THE MEDIA:  Despite growing more reliable, military operators fret that Defense Department satellite communications (SATCOM) capabilities are not keeping apace with either growing needs or adversary challenges, according to a new study.

The vast majority of respondents (eight out of 10) from across the services said that improving US military SATCOM should be a high priority, and a large majority (some 77%) pointed to the fact that advanced capabilities would be key to Joint All Domain Command and Control (JADC2), the Government Business Council’s “State of Military Communications Technologies” study finds.

However, the study shows, only about a third believed that the Pentagon was moving quickly enough to adopt commercial technology and streamlined acquisition rules to be able to make necessary upgrades quickly.

READ THE STORY:  Breaking Defense

20 years in cyber security (Video)

FROM THE MEDIA: IT Governance is celebrating 20 years in business. 20 years in which organisations’ approaches to cyber security have continually evolved – and with ever-evolving risks lurking in cyberspace, it is imperative that businesses and individuals are vigilant and aware of the threats.

Why Cybersecurity Education Is Taking Off At Heathrow Airport (Video)

FROM THE MEDIA: At the UK’s busiest airport, staff face this security threat daily: Phishing emails that promise something hard to resist. But @Heathrow’s cybersecurity team has developed a great new safety feature – cyber education that closely mimics real-world situations, targeted at those who need it most.

About this Product

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com