Monday, June 20, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
Getting Drones Ready for Conventional War
FROM THE MEDIA: While the U.S. military fields an impressive arsenal of unmanned aircraft, the effectiveness of these drones is largely unproven in roles beyond counter-terrorism. In Iraq, Afghanistan, Syria, and elsewhere across the Middle East, drones like the MQ-1 Predator and MQ-9 Reaper provided the United States and its allies with a decisive intelligence and precision-strike capability, often finding and killing high-value enemy leaders that would have been otherwise impossible to target. Due to the massive commitment of aircraft and personnel required by the “Global War on Terror,” U.S. military drones have been forced to learn in combat, continuously flying without an opportunity to address fundamental flaws in the tasking, command and control, and targeting processes critical to these aircraft.
READ THE STORY: War On The Rocks
Ransomware attacks rise but researchers prove hackers aren't all geniuses
FROM THE MEDIA: For more than two decades, ransomware attacks have been the bane of corporate IT managers and their CEOs, and a source of much research for cybersecurity professionals. An underground market for hacking and encryption tools has helped such incursions proliferate, but thankfully a recent case shows what we can learn when attackers don’t know what they’re doing.
Unlike other cyber nuisances, such as viruses, which replicate and cause mayhem, or denial of service attacks, which bring networks to a grinding halt, ransomware is almost impossible to unwind once it’s been deployed successfully. That’s because they use encryption to lock up the files, with a secret decryption key being the only route out.
READ THE STORY: Business Standard
QNAP Customers Hit by Double Ransomware Blitz
FROM THE MEDIA: Customers of a popular network-attached storage (NAS) vendor appear to be caught in the middle of two ransomware campaigns. Taiwanese manufacturer QNAP released an advisory late last week warning of a critical threat from the DeadBolt variant, which it said appeared to be targeting users running outdated versions of QTS 4.x. “To secure your NAS, we strongly recommend updating QTS or QuTS hero to the latest version immediately,” it said.
“If your NAS has already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page.” Separately, security researchers have warned of a resurgent eCh0raix campaign targeting the same devices.
READ THE STORY: InfoSec Mag
ALPHV Ransomware Operators Pressure Victim With Dedicated Leak Site
FROM THE MEDIA: First observed in November 2021 and also known as BlackCat and Noberus, ALPHV is the first ransomware family to have been developed using the Rust programming language. ALPHV, which is believed to have ties with the cybercrime group behind the Darkside/Blackmatter ransomware, has compromised at least 100 organizations to date, based on the list of victims published on their Tor website.
The threat operates under the Ransomware-as-a-Service (RaaS) business model, with affiliates compromising organizations (via stolen credentials or by exploiting unpatched Microsoft Exchange servers) and stealing and encrypting data. As Malwarebytes notes, ransom negotiations and data leaks are typically coordinated from ALPHV’s dark web site, but it appears that the miscreants took a different approach with at least one of their victims.
READ THE STORY: SecurityWeek
The future of IoT ransomware – targeted multi-function bots and more cyberattacks
FROM THE MEDIA: A new IoT malware was detected in October 2021 with as many as 30 exploit mechanisms that were coded into it. This malware called BotenaGo was able to seek out and attack vulnerable targets by itself without having to rely on any human intervention. Once it infects a device, it creates two backdoor ports viz., Ports: 31412 and 19412. It will then use port 19412 to listen and roll through programed exploit functions and execute them in sequence.
BotenaGo is an autonomous malware which means that it doesn’t need any human intervention once it is released. This malware was released accidentally by its developers and could very well be a beachhead malware I.E., malware that opens the infrastructure to another wave of devastating attacks. This was just the preview. Sectrio’s Threat Research team has come across new propagation and exploit strategies that hackers are using to target IoT deployments exclusively.
READ THE STORY: Security Boulevard
Microsoft Office 365 and Onedrive Vulnerability Still Open To Ransomware attacks
FROM THE MEDIA: Cybercriminals are now hunting SharePoint and OneDrive accounts to encrypt data and extort users. While this is primarily “lucrative” for businesses, it can also affect individuals. That’s what they are doing now Proofpoint Security Researchers In the past week, researchers revealed a vulnerability in a Microsoft 365 feature that opens up new cloud-based attack vectors for hackers. Proofpoint’s findings explain how malicious actors can use basic functions in the applications to encrypt files and make ransom demands. This vulnerability gives hackers another way to attack cloud-based data and infrastructure.
The vulnerability is based on a four-step attack chain that begins with a user’s identity being compromised. For example, user accounts can be compromised by brute force or phishing attacks, improper authorization via third-party OAuth apps, or hijacked user sessions.
READ THE STORY: RS
Crypto mixers: What are they and how are they used?
FROM THE MEDIA: Coined during Al Capone’s times, the term ”money laundering” has since entered the general lexicon as criminals have been busy obscuring the source of their ill-gotten assets and making it appear as if the funds have come from legitimate activities.
As technology advances, so do the methods used by criminals to try to launder the proceeds of their criminal activity. Here is where cryptocurrencies and some specialized crypto services come into play as they cater not just to people who prefer anonymity for legitimate reasons, but also to those who seek to launder their dirty coins and cover their tracks.
READ THE STORY: We Live Security
Cisco tells customers to upgrade VPN routers or risk attack
FROM THE MEDIA: Cisco has advised customers to trade in old Small Business RV VPN routers for newer models, as the old ones have high-severity vulnerabilities that it won’t be patching.
As reported by BleepingComputer, the company recently discovered a vulnerability revolving around insufficient user input validation of incoming HPPT packets. By sending a “specially crafted request” to the web-based management interface of these devices, an attacker could end up with root-level privileges. Essentially, they’d be getting free access to the endpoint(opens in new tab).
Tracked as CVE-2022-20825, the flaw has a severity score of 9.8, so it’s pretty dangerous. It was found in four models: the RV110W Wireless-N VPN Firewall, the RV130 VPN Router, the RV130W Wireless-N Multifunction VPN Router, and the RV215W Wireless-N VPN Router.
READ THE STORY: TechRadar
Qualcomm and Renault see potential in software-connected vehicles
FROM THE MEDIA: In a panel session as reported by Mobile World Live, the CEOs posed the possibility of a software-defined car, recognizing that more car companies are adding more computing elements to vehicles.
De Meo is pushing for software driven and 5G-enabled cars, which, he said, would lead better experience for drivers, and more profits for automakers. This comes at a time when smartphone users personalized their devices with apps and received constant over-the-air upgrades, according to Automotive News Europe.
"Cars have been closed products. They tend to stay more or less the same for the whole life cycle, and that will change," he said per Automotive News Europe. "They will become intelligent, they will learn from the driver, so your car after three years will be better than when you buy it, because it knows you."
READ THE STORY: ITwire
What the Russia-Ukraine war means for the future of cyber warfare
FROM THE MEDIA: Russia’s war on Ukraine has been largely defined by indiscriminate shelling and grinding exchange of artillery, however it has also shown how cyberspace will be a central battleground in the future of global conflicts. Early Russian cyberattacks were a harbinger of a ground war to come, and the battle for hearts and minds is now largely playing out online. And Russia has strategically timed cyberattacks for advantage in its on-the-ground assaults. Experts said all of these components will likely be present in future global conflicts, with the Russia-Ukraine war cementing cyberspace as an intrinsic component of modern warfare.
“I believe the future of cyberwarfare is going to be more complex, more sophisticated and a lot more destructive,” said Paul Capasso, vice president of strategic programs at Telos, a cybersecurity firm based in Virginia.
READ THE STORY: The Hill
F5 Labs Discovers New Strain Of Android Malware Targeting Online Banking Customers
FROM THE MEDIA: While tracking the mobile banking trojan FluBot, F5 Labs recently discovered“MaliBot”, a new strain of Android malware. While its main targets are online banking customers in Spain and Italy, its ability to steal credentials, cookies, and bypass multi-factor authentication (MFA) codes, means that Android users all over the world must be vigilant. Key characteristics include:
MaliBot is focused on stealing financial information, credentials, crypto wallets, and personal data (PII), and also targets financial institutions in Italy and Spain.
Malibot is capable of stealing and bypassing multi-factor (2FA/MFA) codes.
It includes the ability to remotely control infected devices using a VNC server implementation. MaliBot is most obviously a threat to customers of Spanish and Italian banks, but F5 Labs expects a broader range of targets to be added to the app as time goes on.
READ THE STORY: MENAFN
Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild
FROM THE MEDIA: A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero.
The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to gain arbitrary code execution. In early February 2022, Apple shipped patches for the bug across Safari, iOS, iPadOS, and macOS, while acknowledging that it "may have been actively exploited."
READ THE STORY: THN
Challenges of securing a software supply chain
FROM THE MEDIA: A major area of concern for IT security teams is how to tackle the challenges posed by the increasing use of third-party platforms and services. The need for security that spans third parties applies across physical supply chains, software supply chains and outsourcing contracts. In its 2021 UK CEO Outlook report, KPMG found that 81% of leaders considered protecting their partner ecosystem and supply chain just as important as building their own organisation’s cyber defences.
In January 2022, the White House convened government and private sector stakeholders to discuss initiatives to improve the security of open source software and ways new collaboration can drive improvement. US president Joe Biden has made software security a national priority. His executive order on cyber security requires that only companies that use secure software development lifecycle practices and meet specific federal security guidance will be able to sell to the federal government.
READ THE STORY: Computer Weekly
Iranian cyberattack may be behind false rocket warning sirens in Jerusalem
FROM THE MEDIA: False rocket warning sirens that were activated across parts of both Jerusalem and Eilat on Sunday evening may have been caused by a cyberattack, the Israel National Cyber Directorate (INCD) confirmed on Monday morning.
During the evening on Sunday, rocket sirens sounded in Eilat and across several Jerusalem neighborhoods including Talpiot, Katamon and Beit Hakerem for almost an hour. The reason was said to be a system malfunction by the IDF, although the cause of it was unknown.
However, on Monday morning, Army Radio reported that the INCD suspected that a cyberattack was behind the system malfunction, which they then confirmed shortly after the initial report was published.
READ THE STORY: Jpost
Items of interest
Greater API usage raises concerns for protection
FROM THE MEDIA: Radware has released its 2022 State of API Security report, which shows a rise in APIs, with 92% of the organizations surveyed significantly or somewhat increasing their usage.
However, the survey, which was conducted in collaboration with Enterprise Management Associates, found that many organizations have been lulled into a false sense of security when it comes to protecting APIs.
Although 92% of respondents believe their organization has adequate protection for its APIs and 70% believe they have visibility into applications that are processing sensitive data, 62% say that at least one third of their APIs are undocumented.
Radware notes this is an issue as undocumented APIs leave companies vulnerable to cyber threats, including exposures, data breaches and scraping attacks.
“For many companies, there is unequivocally a false sense of security that they are adequately protected from cyber attacks.
In reality, they have significant gaps in the protection around unknown and undocumented APIs,” Radware chief operations officer and research and development head Gabi Malka says.
“API security is not a ‘trend’ that is going away. APIs are a fundamental component to most of the current technologies and securing them must be a priority for every organization.”
The report includes responses from chief information officers, chief technology officers, vice presidents of IT, and IT directors from global organizations across North America, EMEA, and APAC.
READ THE STORY: SecurityBrief
Understanding the Business of Cybercrime (Video)
FROM THE MEDIA: It might be easy to characterize cyber criminals as random threat actors, but plenty of them work within sophisticated organizations that function like legitimate businesses.
Nation-State Attacks (Video)
FROM THE MEDIA: Government agencies across the world have issued sharp warnings for organizations to adopt an enhanced cyber security posture against state-sponsored attacks.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com