Sunday, June 19, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
Android-wiping BRATA malware is evolving into a persistent threat
FROM THE MEDIA: The threat actor behind BRATA banking trojan has evolved their tactics and improved the malware with information-stealing capabilities.
Italian mobile security company Cleafy has been tracking BRATA activity and noticed in the most recent campaigns changes that lead to longer persistence on the device.
"The modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," explains Cleafy in a report this week.
READ THE STORY: BleepingComputer
US military group in talks to purchase Israel's blacklisted Pegasus spyware
FROM THE MEDIA: The Biden administration is warning that this potential acquisition is deeply concerning and would raise serious counterintelligence and security concerns for the US government, the UK-based Middle East Monitor reported Friday but did not say if US authorities have taken any measures to halt the deal.
The development came several months after the US Department of Commerce added Israeli-based NSO and Candiru cyber intelligence companies to the blacklist of companies that it describes as engaging in activities that undermine US national security and the foreign interests of America. According to the report, L3 Harris, a global defense contractor based in Florida that manufactures technologies in the air, land, sea, space a
READ THE STORY: Press TV
Russia could target Commonwealth Games with drones, security chiefs fear
FROM THE MEDIA: An aerial threat from Russia is plunging Britain’s showpiece summer sporting spectacular into a Game of Drones. Security chiefs will use unmanned aircraft to guard against enemy drones at the Commonwealth Games, starting in Birmingham next month.
They will be used for air security at a major UK public event for the first time as fears grow over Russian operations here and a revived terror threat. Intelligence chiefs believe drones are capable of bombing the event. Spooks fear up to 50 of Vladimir Putin ’s spies are active in Britain and our support of Ukraine since Russia ’s invasion may make us a target.
READ THE STORY: Mirror
Putin ‘orders up to 50 sleeper agent spies hiding in Britain to prepare to launch cyber attacks against UK’
FROM THE MEDIA: MI5 believes the Russian leader has instructed the undercover agents to be ready to launch cyber attacks amid soaring tensions with Moscow over the war in Ukraine. Intelligence chiefs fear that agents will also try to steal military information and target Ukrainian activists and Russian dissidents.
Sources have told the Mirror that Russian spies have infiltrated all parts of British society, including top public schools and the civil service. A senior intelligence insider said: “We have to assume Russia is now active at all levels of British society. "They scoop up all forms of intelligence and pass it back to the Kremlin through handlers.
READ THE STORY: The Sun
More cyber warfare with Russia lies on the horizon
FROM THE MEDIA: What is on the horizon in Russia's war plans? According to Neal Higgins, deputy national cyber director for national cybersecurity, there could be more cyber warfare. The cybersecurity professional spoke to DefenseNews on June 14 at an event hosted by Defense One and had some pretty revealing comments.
“A slow military progress continues to thwart the Russians on the ground in Ukraine. They may increasingly consider cyber options to divide our allies and to dilute international resolve against its action,” Higgins said. “We have not seen that yet, but we’re not out of the woods. We have to keep our shields up, we can’t let our guard down.”
READ THE STORY: Interesting Engineering
US, Partners Dismantle Russian Hacking ‘Botnet,’ Justice Department Says
FROM THE MEDIA: Law enforcement in the United States, Germany, the Netherlands, and Britain dismantled a global network of internet-connected devices that had been hacked by Russian cyber criminals and used for malicious purposes, the U.S. Justice Department said on Thursday.
The network, known as the “RSOCKS” botnet, comprised millions of hacked computers and devices worldwide, including “Internet of Things” gadgets like routers and smart garage openers, the department said in a statement.
RSOCKS users paid a fee of between $30 and $200 per day to route malicious internet activity through compromised devices to mask or hide the true source of the traffic, the department said.
READ THE STORY: The Epoch Times
China Boosts Cyber Censorship, Requires Sites to Recruit Content Moderators
FROM THE MEDIA: Three years after Cyberspace Administration of China (CAC) instructed companies to inspect user comments on news content, according to an article by SCMP, the CAC has proposed a regulation requiring social media services and video platforms to hire content moderators to review their users' comments before getting to the public.
In 2017, the Chinese government implemented a stern policy mandating Weibo and Weixin (the mainland's version of WeChat) users to use relevant identification documents like their national ID and phone number to certify their accounts under the country's real-name registration system.
Using human commenters and bots in the said registration system was also prohibited as China's way of preventing the spread of information that could mislead public opinion and disturb social order.
READ THE STORY: iTech Post
Rapid7 research reveals which data ransomware groups seek and use for leverage
FROM THE MEDIA: Double extortion attacks have increased in recent years. Traditional ransomware attacks encrypt data on attacked systems to extort money from companies and individuals. The rise of countermeasures, including the use of backups, have reduced the effectiveness of traditional ransomware attacks.
If data backups are available, companies could use these to restore the data without having to pay ransom. Without additional leverage, ransomware groups would be left empty handed after the attack.
Double extortion attacks combine the encryption stage with another stage, which happens before data is encrypted. Groups analyze files and documents on the attacked network to steal data. Data is still held hostage, as it is encrypted in the second stage, but the stolen data may be used as leverage in ransomware negotiations. Ransomware groups may threaten to release the data to the public, or sell it to interested parties. If negotiations fail, data may be sold on the dark web.
READ THE STORY: Ghacks
Social Engineering in the Name of Iran’s Islamic Revolution
FROM THE MEDIA: Iran continues to significantly develop its cyber capabilities for a variety of purposes. Only recently it was reported that Tehran had sought to attack Boston Children’s Hospital – an attempt that the director of the Federal Bureau of Investigation called one of the most “despicable” he had ever seen. This incident is another indication of Iran’s boldness in operating cyber tools.
But the majority of Iranian cyberactivity is focused on social engineering for obtaining intelligence information. Tehran has been expanding its use as a tool, mainly through numerous inquiries to various experts on Iran. Iranian intelligence is attempting to obtain their information and assessments, and even trying to lure some to attend international conferences to recruit or kidnap them.
READ THE STORY: Algemeiner
Ransomware gangs target Japan as a feeding ground
FROM THE MEDIA: The Tsurugi Municipal Handa Hospital is a modestly sized, dreary pile in a somnolent corner of Shikoku island. It looks on to a river, backs on to a hill and serves an ageing local population last clocked at 8,048. The perfect place, therefore, for the world’s most ruthless cyber-gangs to expand their assault on everyday life, shift the globalized ransomware war front deep into Asia and confront a whole new victim-scape with one of the more excruciating debates of modern business. At this point the Handa hospital is just about back to normal, barring apologies and incident reports. But for two months at the end of last year, it was paralyzed — unable to accept new patients and perform other basic functions after a ransomware attack targeting the extortionists’ sweet spot of medical records.
READ THE STORY: FT
QNAP NAS devices targeted by surge of eCh0raix ransomware attacks
FROM THE MEDIA: This week, ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage (NAS) devices again, according to user reports and sample submissions on the ID Ransomware platform.
ech0raix (also known as QNAPCrypt) had hit QNAP customers in multiple large-scale waves starting with the summer of 2019 when the attackers brute-forced their way into Internet-exposed NAS devices.
Since then, several other campaigns have been detected and reported by this ransomware strain's victims, in June 2020, in May 2020, and a massive surge of attacks targeting devices with weak passwords that started in mid-December 2021 (right before Christmas) and slowly subsided towards early February 2022.
READ THE STORY: Bleeping Computer
Tether Experience DDOS Attack ! Here’s The Outlook at What Really Happened!
FROM THE MEDIA: The main ASN that Cloudflare recognizes is AS-CHOOPA, Arduino continued, which made it possible for the attack to be mitigated. He also made it clear that Tether sustained no losses as a result of the attack.
Austin Federa, the head of communications at Solana, inquired as to whether 8 million requests made in less than a minute constitute a DDOS attack. A jump from 20,000 to 80,000 should be seen as an attack, in Ardoino’s opinion.
The CTO commented on what the attackers wanted to gain given that it wouldn’t affect the USDT chain.
READ THE STORY: Coinpedia
Federal cybersecurity bill may be 'Band-Aid on a bigger problem,' Waterloo, Ont., expert says
FROM THE MEDIA: A new federal bill would make it mandatory for businesses to report cyberattacks. Eldon Sprickerhoff, the chief innovation officer and founder of eSentire, a Waterloo, Ont.-based provider of cybersecurity, thinks the proposed bill might be a Band-aid on a bigger problem. "If this proposed bill helps to improve the rigors of end-user data security, I am cautiously in favor of it, though the devil is in the details," Sprickerhoff said.
"I have broad concerns about the reporting process — to whom are you reporting this information, do we have some privacy regarding with whom the data is shared, where this data is stored." Public Safety Minister Marco Mendicino said the Liberals legislation would take additional steps to protect Canada's telecommunications, finance, energy and transport sectors.
After the government banned Huawei and Z-T-E from Canada's 5-G network last month, it signaled new legislation would be coming to safeguard critical infrastructure.
READ THE STORY: CBC CA
Inside D.C. Police’s Sprawling Network of Surveillance
FROM THE MEDIA: It was the early days of the Black Lives Matter movement. Protesters gathered in Washington, D.C., in the fall of 2014, awaiting word on whether a grand jury would indict Ferguson, Missouri, police officer Darren Wilson for shooting and killing Michael Brown.
Unbeknownst to the demonstrators, the police were also waiting — and watching. Stowed away in a secure room known as the Joint Operations Command Center, officers and analysts from the D.C. Metropolitan Police Department kept eyes on the news, activists’ social media accounts, and closed-circuit television feeds from across the district, according to internal MPD emails. The police were ready to funnel intelligence to officers on the ground, who were instructed to provide updates on protest activity back to the JOCC every half-hour.
READ THE STORY: The Intercept
Will optics ever replace copper interconnects? We asked this silicon photonics startup
FROM THE MEDIA: Science fiction is littered with fantastic visions of computing. One of the more pervasive is the idea that one day computers will run on light. After all, what’s faster than the speed of light?
But it turns out Star Trek’s glowing circuit boards might be closer to reality than you think, Ayar Labs CTO Mark Wade tells The Register. While fiber optic communications have been around for half a century, we’ve only recently started applying the technology at the board level. Despite this, Wade expects, within the next decade, optical waveguides will begin supplanting the copper traces on PCBs as shipments of optical I/O products take off.
Driving this transition are a number of factors and emerging technologies that demand ever-higher bandwidths across longer distances without sacrificing on latency or power.
READ THE STORY: The Register
Killnet hackers can use 'any device' to attack Western targets, cyber security chief warns
FROM THE MEDIA: The group, who last month threatened to attack UK hospital ventilators, has and can hijack everyday items from external hard drives to security cameras and use them to create a virtual army of devices to carry out cyber attacks, Daniel dos Santos tells express.co.uk. Mr Santos is the Head of Security Research at Forescout Technologies - a cybersecurity firm.
Forescout has been researching what kinds of devices hackers typically use in an attack, the company discovered that the devices most likely to be hijacked were much more simple than personal computers.
READ THE STORY: Express
The Bat-Family's Biggest Threat Is - An Internet Troll?
FROM THE MEDIA: For a long time now, Oracle's nemesis, Seer, has been an enigma. All that was truly certain about her was that she was almost as gifted a hacker as Oracle is, and that she seems to exist purely to incite chaos. However, Batgirls #7 (by Becky Cloonan, Michael W. Conrad, Robbi Rodriguez, Rico Renzi, and Becca Carey) finally gave readers some insight into who Seer, (aka Kira Kosov) truly is as well as what may motivate her.
Far from being some adult nemesis, Seer is actually a young girl, undoubtedly gifted, but far from the intimidating master of cyber warfare that has been propped up for so long. Revelations about her past makes it clear that although she is a mystery to nearly everyone, all Seer really wants is attention. Unfortunately, her chosen method of attaining the attention she craves causes chaos for not only the Bat-Family but Gotham City as a whole.
READ THE STORY: CBR
Former Amazon employee convicted over 2019 Capital One hack
FROM THE MEDIA: A former Amazon Web Services (AWS) engineer has been found guilty of hacking into customers’ cloud storage systems and stealing data linked to the massive 2019 Capital One breach. A US District Court in Seattle convicted Paige Thompson of seven counts of computer and wire fraud on Friday, a crime punishable by up to 20 years in prison.
Thompson, who also went by the name “Erratic” online, was arrested for carrying out the Capital One hack in July 2019. The breach was one of the largest ever recorded, exposing the names, birth dates, social security numbers, email addresses, and phone numbers of over 100 million people in the US and Canada. Capital One has since been fined $80 million for allegedly failing to secure users’ data and settled with affected customers for $190 million.
READ THE STORY: The Verge
Security News This Week: An Alleged Russian Spy Was Busted Trying to Intern at The Hague
FROM THE MEDIA: WIRED revealed new details that link an Indian police force to a hacking campaign against human rights defenders and activists. Researchers at SentinelOne uncovered connections between the city of Pune’s police agency and evidence planted on the devices of activists, as part of a hacking campaign dubbed Modified Elephant. It is alleged that evidence was planted on the computers of activists Rona Wilson and Varvara Rao and then used to arrest the two men. Among other details, an unnamed security analyst at an email provider revealed to SentinelOne and WIRED that the email address and phone number of a Pune police official was set as the recovery email on hacked accounts.
Elsewhere, a new front is emerging in Russia’s war against Ukraine. In the occupied city of Kherson and other nearby regions, Russian forces are routing internet connections from Ukrainian internet service providers to Russian companies. Ukrainian officials tell WIRED the shifts are happening at a large scale and could result in people being subjected to Vladimir Putin’s surveillance and censorship machine.
Robocalls aren’t going away. There’s been progress in tackling the nuisance calls in recent years but the spammy calls are still prevalent. This week we looked into the roots of the problem and what can still be done in the fight against robocalls. We also looked at a new way for cops to collect your fingerprints. How censors in Shanghai haven’t been able to hide stories of the city’s dead during an aggressive Covid-19 lockdown. And the dwindling options facing WikiLeaks founder Julian Assange after the UK Home Office approved his extradition to the US, where he faces espionage and hacking charges.
READ THE STORY: Wired
Items of interest
Animate Arcane Protocols with Interrupt-Backed Bitbanging
FROM THE MEDIA: We often take our “SoftwareSerial” libraries for granted, and don’t investigate what goes on under the hood — until they fail us, at least. Would you like to learn how to harness the power of interrupt-driven bitbanging? [Jim Mack] teaches us how to make our protocol implementations fly using the LTC protocol as a springboard.
LTC (Linear/[Longitudinal] TimeCode) is a widely-used and beautifully-crafted protocol that tends to fly under our radar, and is one that hackers could learn plenty from. It’s used for synchronization of audio/video devices during media production and playback. LTC’s signal is almost digital but not quite: it doesn’t need a clock, and it has no polarity. Additionally, it mimics an audio signal really well, you can decode it at any playback speed, and many other benefits and quirks that [Jim] outlines. You do need to maintain the timings, though, and [Jim]’s article shows us how to keep them right while not inconveniencing your primary tasks.
Using interrupts means that your main loop gets to do other things, effectively letting you run different kinds of tasks in the background. [Jim] implements an LTC protocol transmitter using interrupts fired off at a defined frequency, doing LTC data processing in the main loop, and the time-critical GPIO wiggling from inside the interrupt handler code. He explains the code structure and the nuances along the way, and in the end, even provides us with source code of a highly capable and configurable LTC transmitter project for us to study and reuse. Be it RF transmitter bitbanging, IR remote signal reception, UART emulation, or any other protocols your MCU lacks peripherals for, this is where you learn to get it working.
READ THE STORY: Hackaday
If you Hack, You go to Jail? (Video)
FROM THE MEDIA: A cautionary tale: An Ethical hacker jailed for reporting a serious vulnerability. It is very unfortunate how being ethical can still result in jail time. This is one of those stories. Be very cautious and careful with your skills.
Learn to hack in 60 seconds? (Video)
FROM THE MEDIA: Learn to hack in 60 second TikToks! Is that even possible? Well, Serena shows us how she teaches hacking concepts in short TikTok / YouTube shorts. It's amazing how much information she can share in such a short video :)
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com