Tuesday, June 21, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
Elon Musk’s Starlink aid to Ukraine triggers scrutiny in China over US military links
FROM THE MEDIA: In the days after Vladimir Putin ordered Russian troops into Ukraine, Elon Musk made the decision to support Kyiv. Fewer than 48 hours later, Musk’s commercial rocket and satellite business SpaceX dispatched a shipment of Starlink satellite kits to fortify the country’s internet network against Putin’s forces. Musk was commended by the west but his aid was viewed differently by China, a critical growth market for his business empire, where Tesla makes a quarter of its revenues. Now the richest man on Earth is under increasing pressure from Beijing’s national security and data hawks, threatening his access to the world’s biggest consumer market as tension with the US rises and local electric vehicle competitors close in on Tesla. Blaine Curcio, founder of specialist space technology research group Orbital Gateway, said “significant alarm in China” had been caused because SpaceX and Starlink were considered critical parts of the “US space military industrial complex”.
READ THE STORY: FT
Inside North Korea’s global cyber war: The intersection of hacking and organized crime
FROM THE MEDIA: While the vast majority of citizens in North Korea don’t have access to the global internet, the country has become a hacking superpower — but how? Speaking at the TNW Conference 2022, Author and Investigative Journalist Geoff White addressed this perplexing contradiction. “The case of North Korea is unique in the world, and therefore its computer hackers are absolutely unique in the world as well,” he explained.
The fact that most governments employ computer hackers isn’t news. They employ them to obtain advantageous information that they can use to advance their country’s position. As per White, North Korean hackers do something slightly different. They go after cash as well. That’s because North Korea is economically isolated from the rest of the world, as it’s subject to international financial sanctions. It needs to find alternative monetary resources.
READ THE STORY: The Next Web
Space-based assets aren’t immune to cyberattacks
FROM THE MEDIA: One of the most significant cybersecurity incidents related to Russia's war on Ukraine was a "multi-faceted" attack against satellite provider Viasat's KA-SAT network on February 24, one hour before Russia's invasion began. The assault, which both Ukraine and Western intelligence authorities attribute to Russia, was intended to degrade the Ukrainian national command and control.
However, the attack, which was localized to a single consumer KA-SAT network operated on Viasat's behalf by another satellite company, a Eutelsat subsidiary called Skylogic, disrupted broadband service to several thousand Ukrainian customers and tens of thousands of other fixed broadband customers across Europe. It also highlighted how space-based assets, such as satellites are as vulnerable to malicious exploitation as any other piece of critical infrastructure.
READ THE STORY: CSO Online
Ukraine war spotlights cyber operations
FROM THE MEDIA: Russia’s war on Ukraine has been largely defined by indiscriminate shelling and grinding exchange of artillery, but it has also shown how cyberspace will be a central battleground in the future of global conflicts.
Early Russian cyberattacks were a harbinger of a ground war to come, and the battle for hearts and minds is now largely playing out online. And Russia has strategically timed cyberattacks for advantage in its on-the-ground assaults.
Experts said all of these components will likely be present in future global conflicts, with the Russia-Ukraine war cementing cyberspace as an intrinsic component of modern warfare.
“I believe the future of cyberwarfare is going to be more complex, more sophisticated and a lot more destructive,” said Paul Capasso, vice president of strategic programs at Telos, a cybersecurity firm based in Virginia.
READ THE STORY: The Hill
Why Supply Chain Will Never Be the Same After the Russian Invasion
FROM THE MEDIA: After the Russian invasion of Ukraine, the world of business will never be the same again. Deputy Attorney General (DAG) Lisa Monaco recently said that the world’s “geopolitical landscape is more challenging and complex than ever. The most prominent example is of course Russia’s invasion of Ukraine.” It is “nothing less than a fundamental challenge to international norms, sovereignty and the rule of law that underpins our society.” This is even more so in the current business climate.
Over this five-part series, I will consider how business will never again be the same and how a confluence of events has changed business forever. I am joined in this exploration by Brandon Daniels, Chief Executive Officer (CEO) of Exiger. We will explore the irrevocable changes in Supply Chain, trade and economic sanctions, anti-corruption, cyber-security and environmental, social and governance (ESG). In Part 1, we begin with changes in the supply chain as there may well be no area of businesses which has experienced the tectonic shifts that have occurred in the marketplace over the past couple of years than in Supply Chain.
READ THE STORY: JDSUPRA
Cyber warriors - hackers in Bundeswehr uniform
FROM THE MEDIA: The German Center for Cyber Operations (ZCO) is located not far from Bonn, in the idyllic town of Rheinbach on the Rhine. There in the Tomburg barracks, the Bundeswehr is engaged in digital warfare. What is done in the ZCO is usually called hacking - a crime that can end with prison sentence.
German female and male soldiers in that center, on the orders of the state, practice breaking into other people's computer networks, learning how to steal important information, manipulate data and how to turn off complete computer networks if necessary. About 200 of them, among them only three women, are looking for weak points of the opposing IT systems, but they are also trying to attack the IT infrastructure of the Bundeswehr in order to find weak points in their defense.
The ZCO Cyber Operations Center is part of the Command Cyber and Information Center, which was established in 2017. It has more than 20 locations across the country - most of them in and around Bonn. There is also the IT hub of the Bundeswehr whose systems hackers want to protect. Nearby is the Federal Institute for Security and IT, as well as the Cyber Defense Center of the German "Telecom".
READ THE STORY: B92
Russian cyberwar campaign not ending soon
FROM THE MEDIA: Russia’s war on Ukraine through the cyberspace alone has shown how the shadowy world of cyberattacks will be a central battleground in the future of global conflicts. We’ll detail Moscow’s online tactics and what this means for the war going forward, plus China’s latest missile interceptor test and Biden’s upcoming trip to Europe.
Russia’s war on Ukraine has been largely defined by indiscriminate shelling and grinding exchange of artillery, but it has also shown how cyberspace will be a central battleground in the future of global conflicts.
Early Russian cyberattacks were a harbinger of a ground war to come, and the battle for hearts and minds is now largely playing out online. And Russia has strategically timed cyberattacks for advantage in its on-the-ground assaults.
READ THE STORY: The Hill
Chinese gov-backed hackers have breached major telecom companies
FROM THE MEDIA: The risk of cyberattacks originating from China and targeted at the U.S. continues, with an increasing number of incidences being attributed to Chinese hackers. Many of these hackers are said to be acting with state support. This is the view of U.S. Security agencies, who are warning that Chinese government-backed hackers have breached major telecommunications companies worldwide.
Considering the ramifications for Digital Journal is cybersecurity evangelist Alon Nachmany, Field CISO of AppViewX. Nachmany has been considering the motives behind these types of dangerous cyberattacks. Nachmany also considers what companies must prioritize looking ahead. Nachmany begins his analysis with the probable point of origin: “The Chinese government-backed hackers that have breached major telecommunications companies, is yet again another validation on how countries rely on cyber warfare for political gain.”
READ THE STORY: Digital Journal
Previously Undiscovered Team of State-Sponsored Chinese Hackers, Has Been Quietly Committing Cyber Espionage in the APAC Region for a Decade
FROM THE MEDIA: The cyber espionage group is thought to have been in action since at least 2013, with a heavy focus on certain APAC countries and regions: Australia, Cambodia, Hong Kong, Singapore, and Vietnam. The group also focuses in on government agencies, educational institutions and telecommunications firms, and appears to target individuals involved in political affairs.
The group’s favorite approach is a fairly simple one, and has remained consistent over the years: get the victim to open malicious documents, such as PDF and RTF files. Since 2018 the group has also been observed utilizing fake removable devices via bogus shortcut files delivered to victims using Windows computers; when targets attempt to open the fake device in Windows Explorer, the Evernote Tray Application is hijacked to load a malicious DLL that quietly creates a backdoor for the attackers. The group has also been observed using fake antivirus executables.
READ THE STORY: CPO MAG
Sophos Firewall zero-day bug exploited weeks before fix
FROM THE MEDIA: A vulnerability in the Sophos Firewall, first discovered in late March and patched soon afterwards, was being exploited by a Chinese advanced persistent threat (APT), in the weeks before the patch was released, reports have revealed.
Researchers from cybersecurity firm Volexity, the threat actor, known as DriftingCloud, exploited the CVE-2022-1040 since early March, against a number of unnamed entities. It used it to bypass authentication, and run arbitrary code on the victims’ endpoints. The flaw affects the User Portal and Webadmin of Sophos Firewall, and the threat actors managed to install webshell backdoors and other malware.
READ THE STORY: TechRadar
How the blurring of the “supply chain” opens your doors to attackers—and how you can close them
FROM THE MEDIA: There have been more than 200 dedicated supply chain attacks over the past decade. Some of these campaigns have affected countless supplier networks and millions of customers – SolarWinds, Kaseya and the recent Log4j debacle come to mind.
But given how distributed work has become, especially since the beginning of the Covid-19 pandemic, what exactly isn’t part of the “supply chain” now? Likewise, what workplace doesn’t include aspects of “remote work”, even if it’s being done in a cubicle on the 30th floor of a skyscraper?
Dependence on cloud-hosted platforms, weaker authentication solutions, and public tools has become endemic, and there’s no turning back now. The dense ecosystem we find ourselves in – where everything is bleeding into everything else and companies rarely have more than one degree of separation from each other – will only become denser.
READ THE STORY: Helpnet Security
Hertzbleed exposes x86 vulnerability
FROM THE MEDIA: Researchers have proved that the new breed of x86 processors from both Intel and AMD are vulnerable to remote attack that can allow the attacker to remove cryptographic keys on servers previously thought to be safe.
The discovery comes in the form of “Hertzbleed” – a new method that can turn a common and well understood power side-channel attack into a more serious remote timing attack.
We’ve known that power side-channel attacks can exploit data-dependent variations in a CPU’s power consumption for some time, and that if unmitigated, such attacks can be used to remove keys from the server.
But the new research from a team of six researchers (led by Yingcheng Wang of UT Austin) proves that x86 processors can be vulnerable to the Hertzbleed attack because their dynamic frequency scaling is dependent on the data being processed at any moment.
READ THE STORY: Tech HQ
QNAP investigating new Deadbolt ransomware attacks
FROM THE MEDIA: QNAP has once again warned consumers and organizations using their network-attached storage (NAS) solution of a recently detected Deadbolt ransomware campaign.
According to victim reports, the campaign appears to target QNAP NAS devices running outdated versions of QTS 4.x. According to Scott Bledsoe, CEO at Theon Technology, any NAS device is a big target for ransomware since it is used to store a significant amount of business critical data..
READ THE STORY: SEC MAG
International law enforcement operation takes down Russian botnet
FROM THE MEDIA: An international law enforcement operation has taken down infrastructure used by a Russian botnet known as RSocks that hacked millions of computers and other electronic devices.
The joint operation, which included the U.S. Department of Justice and law enforcement agencies in Germany, the Netherlands and the U.K., started with Federal Bureau of Investigation agents mapping the RSocks infrastructure after purchasing a large number of proxies in 2017. Initially, the FBI identified about 325,000 compromised victim devices throughout the world.
According to a June 16 announcement, RSocks was found to compromise victims by conducting brute-force attacks. The RSocks backend servers maintained a persistent connection to the compromised devices. Having identified three victim locations, investigators replaced the compromised devices with government-controlled computers, or honeypots, and then let all three be compromised by RSocks.
READ THE STORY: Silicon Angle
Ransomware ring claims attack on Africa’s largest retail chain Shoprite
FROM THE MEDIA: The attack, which Shoprite confirmed a week ago, compromised customer data in Eswatini, Namibia and Zambia, the company said. Shoprite said the data breach “included names and ID numbers, but no financial information or bank account numbers.”
In messages posted on RansomHouse’s Telegram channel and seen by TechCrunch, the gang, which is said to be targeting companies with weak security, claimed to have obtained 600 gigabytes of data from Shoprite. It said to have collected personal data that was “in plain text/raw photos packed in archived files, completely unprotected.”
The group also claimed to have contacted Shoprite’s management for negotiations, and hinted that it will sell the data and make some of it public if the talks failed.
READ THE STORY: Business Ghana
Items of interest
Russia has threatened retaliation against Lithuania over a ban on key goods. Here's what it means
FROM THE MEDIA: Last week, Lithuania banned the transport of Russian goods subject to European Union sanctions to Kaliningrad, a Russian exclave on the Baltic Sea surrounded by EU countries. The ban by the EU and NATO member states, which took effect on Saturday, blocks shipments of coal, metals, construction materials and advanced technology. Russia's foreign ministry summoned Lithuania's top diplomat and demanded the nation’s government reverse the "openly hostile" move immediately, with the ministry saying Russia "reserves the right to take actions to protect its national interests."
Lithuania, which declared itself independent from the Soviet Union in 1990, said it was required to enforce the ban under EU sanctions. The ban comes as several EU countries push to start work on a new package of sanctions against Russia and Belarus for the Ukraine invasion and also want to grant more military support to Kyiv, according to diplomats and a draft document.
READ THE STORY: SBS
Understanding the Business of Cybercrime (Video)
FROM THE MEDIA: It might be easy to characterize cyber criminals as random threat actors, but plenty of them work within sophisticated organizations that function like legitimate businesses.
Nation-State Attacks (Video)
FROM THE MEDIA: Government agencies across the world have issued sharp warnings for organizations to adopt an enhanced cyber security posture against state-sponsored attacks.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com