Saturday, June 04, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
Electronic warfare shapes Russia-Ukraine war
FROM THE MEDIA: On Ukraine's battlefields, the simple act of powering up a cellphone can beckon a rain of deathly skyfall. Artillery radar and remote controls for unmanned aerial vehicles may also invite fiery shrapnel showers.
This is electronic warfare, a critical but largely invisible aspect of Russia's war against Ukraine. Military commanders largely shun discussing it, fearing they'll jeopardize operations by revealing secrets.
Electronic warfare technology targets communications, navigation and guidance systems to locate, blind and deceive the enemy and direct lethal blows. It is used against artillery, fighter jets, cruise missiles, drones and more. Militaries also use it to protect their forces.
READ THE STORY: The Daily Citizen
Pro-Indian ATP Attempts Phishing Attacks Against Pakistani Military, Government
FROM THE MEDIA: SideWinder is one of the most prolific cyber crime groups in the world, and it has mostly flown under the radar despite its large attack volume. Much of its activity suggest that this group is aligned with India, with some positing that it might be actively sponsored by the Indian state because of the fact that this is the sort of thing that could potentially end up explaining some of its activities and attack patterns.
Research conducted by Group-IB just revealed that Sidewinder has been trying to target Pakistani government and military officials with phishing attacks. Pakistan has been one of the biggest targets for this group, and with all of that having been said and now out of the way it is important to note that this latest attack involved a fake VPN that was available on the Google Play Store.
READ THE STORY: Digital Information World
WatchDog hacking group launches new Docker cryptojacking campaign
FROM THE MEDIA: The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software. The hacking group targets exposed Docker Engine API endpoints and Redis servers and can quickly pivot from one compromised machine to the entire network. The goal of the threat actors is to generate profit by mining cryptocurrency using the available computational resources of poorly secured servers. Researchers at Cado Labs discovered the new hacking campaign, analyzing the threat actor's distinctive tactics, and are confident about their attribution to WatchDog.
READ THE STORY: BleepingComputer
How safe is the Western world from North Korea’s state cyber hackers?
FROM THE MEDIA: These days, when Cold War superpowers are squaring up over Ukraine, and revelations of shoot-to-kill policies in detention camps serve as a visceral reminder that China’s authoritarianism grows grimmer, it can be hard to get too worked up about little old North Korea. Even brandishing nuclear weapons, its rotund, baby-faced, spiky-haired leader, Kim Jong-un, can seem something of a joke – “Little Rocket Man”, as Donald Trump dubbed him in 2017.
But the North Korean regime does not take mockery well. And while its principal victims will always be its own 26 million-strong population who have, for decades, endured famine and poverty, it has in recent years developed a way of lashing out at the West that is not delivered by an ICBM: hacking.
READ THE STORY: Telegraph
'Anonymous' Strikes Again, Takes Down Internal Affairs Ministry's Website In Belarus
FROM THE MEDIA: Amid the ongoing ravaging war in Eastern Europe, cyber hacking group 'Anonymous' has once again attacked the Belarusian government website as it took down the site of the country's Internal Affairs Ministry. This comes just a few days after the hacking group had blocked several government websites for the country’s alleged support of Russia's invasion of Ukraine. According to reports, ‘Anonymous’ had taken down the websites of the Ministry of Education, the Ministry of Communications, the Ministry of Justice, the National Legal Information Center, the State Customs Committee, and the State Committee websites last week on May 29.
"Hello #Belarus The Ministry of Internal Affairs. http://mvd.gov.by | Tango Down. When you learn how to treat your citizens, you may find your ministry open, but until then, Spider webs will keep it closed. We are #Anonymous. Don't forgive, Don't forget [sic]," Anonymous-affiliated collective Spid3r tweeted on Saturday. In a separate tweet, the group also claimed that it has never supported any government or government official. "As Anonymous, we have never supported any government or government official. We have always stood by the peoples, the new generation must understand that #Anonymous is independent of states and statesmen," Spid3r stated.
READ THE STORY: Republic World
FBI says Iran behind Boston Children’s Hospital cyberattack
FROM THE MEDIA: The U.S. FBI has named Iran as the suspect behind the Boston Children’s Hospital cyberattack. Had the attack succeeded, there would have been an array of threats including a system-wide shutdown, affecting the care of children who were patients at the hospital, as well as ransom demands.
According to FBI Director Christopher Wray: “We got a report from one of our intelligence partners indicating Boston Children’s was about to be targeted, and understanding the urgency of the situation, the cyber squad in our Boston field office raced out to notify the hospital.”
READ THE STORY: Digital Journal
A look at how AI can help battle cyberattacks
FROM THE MEDIA: The latest data from Mimecast's State of Email Security 2022 report found that 94 percent of South African organizations were targeted by email-borne phishing attacks in the past year, and six out of every ten fell victim to a ransomware attack.
Pinnock said to protect against such attacks, companies were increasingly looking to unlock the benefits of new technologies. The market for AI tools for cybersecurity alone was expected to grow by $19-billion between 2021 and 2025. He said that locally, adoption of AI as a cyber resilience tool is also growing. Nearly a third (32 percent) of South African respondents in Mimecast's latest State of Email Security 2022 report were already using AI or machine learning - or both - in their cyber resilience strategies. Only 9 percent said they have no plans at the moment to use AI.
READ THE STORY: IOL
Even Russia's Evil Corp now favors software-as-a-service
FROM THE MEDIA: The Russian-based Evil Corp is jumping from one malware strain to another in hopes of evading sanctions placed on it by the US government in 2019. You might be wondering why cyber extortionists in the Land of Putin give a bit flip about US sanctions: as we understand it, the sanctions mean anyone doing business with or handling transactions for gang will face the wrath of Uncle Sam. Evil Corp is therefore radioactive, few will want to interact with it, and the group has to shift its appearance and operations to keep its income flowing.
As such, Evil Corp – which made its bones targeting the financial sector with the Dridex malware it developed – is now using off-the-shelf ransomware, most recently the LockBit ransomware-as-a-service, to cover its tracks and make it easier to get the ransoms they demand from victims paid, according to a report this week out of Mandiant.
READ THE STORY: The Register
RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares
FROM THE MEDIA: At RSA Conference 2022, which takes place next week in San Francisco, advanced technologies to help companies implement zero trust principals will be in the spotlight. Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication.
However, there’s a third pillar of zero trust that hasn’t gotten quite as much attention: directly defending data itself, whether it be at the coding level or in business files circulating in a highly interconnected digital ecosystem. I had a chance to discuss the latter with Ravi Srinivasan, CEO of Tel Aviv-based Votiro which launched in 2010 and has grown too.
READ THE STORY: Security Boulevard
New York to get first right-to-repair law for electronics
FROM THE MEDIA: Right-to-repair advocates are applauding the passage of New York's Digital Fair Repair Act, which state assembly members approved Friday in a 145–1 vote. The law bill, previously green-lit by the state senate in a 49-14 vote, now awaits the expected signature of New York Governor Kathy Hochul (D).
Assuming the New York bill becomes law as anticipated, it will be the first US state legislation to address the repairability of electronic devices. A week ago, a similar right-to-repair bill died in California due to industry lobbying.
READ THE STORY: The Register
Costa Rica 'at war' with Russian hackers, experts warn other countries
FROM THE MEDIA: On Tuesday morning in the Central American country, printers at the national health service abruptly churned out copies of a ransomware note. Hospital record-keeping systems went down, and screens flashed up demands for a digital key needed to unlock compromised files and servers.
This was just the latest in a string of cyber attacks that have knocked out basic government services, including the online tax portal and automated system for paying teachers' salaries. Costa Rica is now in an official state of emergency - the first time a country had done this as a response to cyber attacks. Security experts feared other countries would be next, as criminals spy soft targets in public infrastructure like trains, hospitals, and schools.
READ THE STORY: RNZ
Blake Dowling: Hackers for good? Robin Hood and ‘goodwill ransomware’
FROM THE MEDIA: In the world of cybercrime, we have seen this year the emergence of some Robin Hood-type crimes among a certain group of hackers and what they are launching around Florida and the nation. It’s called “goodwill ransomware.”
As I discussed in a column last month about the Costa Rican government hit by ransomware; the typical ransomware attack goes after a business, individual or government. Usually, it’s a bogus email embedded with a link that, when clicked, freezes all files on that computer and all computers connected to it. Next, a demand for payment (ransom); if paid, the hackers will in turn supply the encryption keys to unlock your files.
It’s fair to say that by now, most of us have heard of this scenario, but the goodwill attack is quite different. You still have a fake email or malicious website exposing you or your organization to an encryption attack — but then something rather bizarre happens after you click and things get encrypted.
READ THE STORY: Florida Politics
How Russia’s Invasion of Ukraine Is a Litmus Test for Cryptocurrency Exchanges
FROM THE MEDIA: Many companies have withdrawn from Russia to protest Russia’s invasion of Ukraine. So far, major cryptocurrency exchanges in the U.S. have resisted, saying they won’t do it unilaterally.
This is a principled stand, and it is consistent with the guiding ethos of the cryptocurrency community. After all, these markets serve as an alternative to those dominated by governmental policy interference. And in Russia, as in Venezuela and in other zones of economic chaos, cryptocurrency is an important tool for ordinary citizens to resist financial totalitarianism.
READ THE STORY: CoinDesk
Ransomware hits military supplier CMC Electronics
FROM THE MEDIA: CMC detected a third-party intrusion into its network that disrupted its operations, in connection with a ransom demand,” writes Paul Holmes, a public relations specialist hired by parent company TransDigm of Cleveland. . “We shut down our network to protect our systems and data, and immediately launched an investigation, with the help of cybersecurity and cybercrime experts. »
The Alphv gang uploaded low-resolution copies of documents apparently stolen from the Montreal company on Tuesday. Since then, the CMC website has been out of use.
On Wednesday, CMC management initially declined to comment on the computer attack. “We won’t have a statement to make to you today. That’s all we can tell you, ”said a manager who refused to name herself at the reception of the company, in the borough of Saint-Laurent.
READ THE STORY: OIC Canadian
SORRY, YOUR INTERNET CONNECTION IS SLOW
FROM THE MEDIA: How fast is your Internet connection? The days of 56K modems are — thankfully — long gone for most of us. But before you get too smug with your gigabit fiber connection, have a look at what researchers from the Network Research Institute in Japan have accomplished. Using a standard diameter fiber, they’ve moved data at a rate of 1 petabit per second.
The standard fiber has four spatial channels in one cladding. Using wavelength division multiplexing, the researchers deployed a total of 801 channels with a bandwidth over 20 THz. The fiber distance was over 50 km, so this wasn’t just from one side of a lab to another. Well if you look at the pictures perhaps it was, but with big spools of fiber between the two lab benches. The project uses three distinct bands for data transmission with 335 channels in the S-band, 200 channels in the C-band, and 266 channels in the L-band.
READ THE STORY: Hackaday
Louisiana authorities investigating ransomware attack on city of Alexandria
FROM THE MEDIA: Louisiana state officials are investigating a ransomware attack affecting Alexandria, a 50,000-person city about two hours outside of Baton Rouge. On Thursday, the AlphV ransomware gang added the city to its list of victims. City officials initially confirmed that there was a cyberattack to local news outlet KALB, telling reporters that it was “notified of a possible systems breach.”
“The matter is currently being investigated. All City operations are continuing as scheduled,” city officials said in a statement on Thursday night. Mike Steele, communications director at the Louisiana Governor’s Office of Homeland Security and Emergency Preparedness, told The Record on Friday that state officials had been pulled in to help with the response and investigation of the attack.
READ THE STORY: The Record
Google May Owe You a Chunk of $100 Million
FROM THE MEDIA: NOT TO FREAK out anyone, but there's a serious flaw in all supported versions of Microsoft Windows that allows attackers to take over your machine. The so-called Follina vulnerability can be exploited using a weaponized Word document, and security researchers say they've already spotted government-backed hackers using this attack in the wild. Fingers crossed that Microsoft, which has downplayed the severity of the flaw, issues a patch soon.
Speaking of patches, everything from Apple's iOS and Google Android to Chrome, Firefox, and Zoom received major security updates in May. Check out our complete list of available updates to see which apps you need to attend to as soon as possible.
READ THE STORY: Wired
Lazarus Attacks Aerospace And Defense Contractors Worldwide While Misusing Linkedin And Whatsappup
FROM THE MEDIA: In the relevant 2021-2022 attacks and according to ESET telemetry, Lazarus has been targeting companies in Europe (France, Italy, Germany, the Netherlands, Poland, and Ukraine) and Latin America (Brazil).
Despite the primary aim of this Lazarus operation being cyber-espionage, the group has also worked to exfiltrate money (unsuccessfully).“The Lazarus threat group showed ingenuity by deploying an interesting toolset, including for example a user mode component able to exploit a vulnerable Dell driver in order to write to kernel memory. This advanced trick was used in an attempt to bypass security solutions monitoring.,” says Jean-Ian Boutin.
READ THE STORY: MENAFN
China’s Draft Cybersecurity Rules Pose Risks for Financial Firms, Lobby Group Warns
FROM THE MEDIA: China’s proposed cybersecurity rules for financial firms could pose risks to the operations of western companies by making their data vulnerable to hacking, among other things, according to a leading lobby group.
The latest regulatory proposal comes at a time when a string of western investment banks and asset managers are expanding their presence in China, either by setting up wholly-owned units or by taking a bigger share in existing joint ventures.
The China Securities Regulatory Commission (CSRC) released the draft Administrative Measures for the Management of Network Security in the Securities and Futures Industry on April 29, and offered a month-long public consultation on the proposals.
READ THE STORY: The Epoch Times
Google and Russia’s delicate dance
FROM THE MEDIA: Russia has spent months either driving out American tech firms or watching them leave of their own accord over its war in Ukraine. But the country now finds itself stuck in a stalemate with one big tech company: Google.
Many of Google’s services, including search, maps, Gmail and, perhaps most importantly, YouTube, continue to be available in Russia at a time when Facebook, Instagram and Twitter are not. The situation illustrates the difficult position both sides now find themselves in and the tenuous current state of Russia’s internet ecosystem. Russia has attempted to wall off its internet from the world but appears to recognize the potential backlash from citizens for banning the most popular services. For its part, Google has spoken out against Russia’s actions but also has strategic and moral incentives to remain.
READ THE STORY: ABC 17
How Russia’s war with Ukraine has changed the face of military reconnaissance
FROM THE MEDIA: When a war is about to start, a military must first understand the battlefield. Advance Force Operations — tactical reconnaissance — is an old and common way of doing this. These days, modern military forces conduct such preparatory operations with satellite imagery and signals collection. Historically, this role had been performed by highly secretive special operations teams charged with intelligence collection, clandestine operations, source generation, and preparation for follow-on operations. As the Global War on Terror evolved into a long night of finding and finishing specific targets, these teams perfected the finish aspect, while the preparation fell by the wayside.
READ THE STORY: Task and Purpose
Items of interest
Shutterfly, Inc. Provides Notice of Data Breach to Additional Employees
FROM THE MEDIA: In March of this year, Shutterfly sent out data breach notification letters to roughly 1,400 employees following a ransomware attack. More recently, Shutterfly, Inc. filed additional documents with various state governments indicating that the number of employees affected by the Shutterfly breach may be much higher than the company initially believed. According to the most recent filings, the Shutterfly breach appears to have resulted in the following data types being compromised: name, address, Social Security number, government-issued identification, financial information, medical information and healthcare information. On May 29, 2022, Shutterfly provided notice of the breach to all employees whose information was leaked as a result of the incident.
READ THE STORY: JDSUPRA
Lack of cybersecurity professionals raising alarm in the industry (Video)
FROM THE MEDIA: Cyber-attacks are getting more serious and issues are becoming a day-to-day struggle for businesses. The industry clearly has a problem with supply and demand – and it is affecting companies large and small. Recent trends, side effects of a global pandemic and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.
Atlassian Confluence Zero-Day Gives RCE On ALL Versions (Video)
FROM THE MEDIA: On June 2nd, we learned that Confluence had a critical vulnerability that allowed attackers to perform command injections and gain unauthenticated remote code execution. This vulnerability has been assigned the CVE identifier CVE-2022-26134. Let's walk through the little we know now and how you can protect yourself.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com