Thursday, June 23, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
As China shuts itself off from the world, internet access gets harder too
FROM THE MEDIA: Most internet users trying to get past China’s Great Firewall search for a cyber tunnel that will take them outside censorship restrictions to the wider web. But Vincent Brussee is looking for a way in, so he can better glimpse what life is like under the Communist Party.
An analyst with the Mercator Institute for China Studies in Berlin, Brussee frequently scours the Chinese internet for data. His main focus is information that will help him understand China’s burgeoning social credit system. But in the last few years, he’s noticed that his usual sources have become more unreliable and access tougher to gain.
READ THE STORY: LA Times
Microsoft says Russia has stepped up cyber espionage against the US and Ukraine allies
FROM THE MEDIA: Russian intelligence agencies have increased their efforts to hack US and allied government computer networks to gather intelligence since the war in Ukraine began, Microsoft said in new findings published Wednesday.
American organizations were the top target of the Russian hacking attempts outside of Ukraine, according to Microsoft, but the alleged Russian hacking has spanned 42 countries, and a range of sectors that might have valuable information related to the war, from governments to think tanks to humanitarian groups.It's a reminder of the voracious appetite that Russian cyber operatives have for strategic information as the Kremlin is more isolated on the international stage than it has been for decades.
READ THE STORY: CNN
Web3 Wallets Targeted by Chinese Hackers; “SeaFlower” Using Cloned Websites to Trick Crypto Traders
FROM THE MEDIA: A hacking group out of China has been identified using a rather low-tech yet effective way to steal money from Web3 wallets: distributing altered versions that have holes programmed into them. The Chinese hackers cloned the distribution sites of legitimate wallets, tricking users into downloading a compromised version.
Researchers with digital advertising security firm Confiant spotted and tracked the threat actor’s activity, and characterizes it as a “highly sophisticated” operation. The Chinese hackers are primarily targeting searches for a specific group of Web3 wallets and are focused on iOS and Android users.
READ THE STORY: CPO MAG
Kaspersky unveils unknown APT actor 'ToddyCat'
FROM THE MEDIA: Antivirus vendor Kaspersky tracked the advanced persistent threat (APT) actor's activities back to December 2020; in the time since, ToddyCat has attacked high-profile target across European and Asian countries including Taiwan, Vietnam, India, Russia, the United Kingdom, Iran and more. According to report author Giampaolo Dedola, a Kaspersky senior security researcher, ToddyCat's targets include government organizations as well as military entities and contractors.
The actor's initial activities from December 2020 to February 2021 consisted of compromising targeted Microsoft Exchange servers in Taiwan and Vietnam while utilizing "an unknown exploit that led to the creation of a well-known China Chopper web shell." This web shell was then used for a "multi-stage infection chain."
READ THE STORY: TechTarget
Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign
FROM THE MEDIA: Russia’s notorious advanced persistent threat group APT28 is the latest in a growing number of attackers trying to exploit the “Follina” vulnerability in the Microsoft Support Diagnostic Tool (MSDT) in Windows.
Researchers from Malwarebytes this week observed the threat actor — aka Fancy Bear and Sofacy — sending out a malicious document with an exploit for the now-patched flaw (CVE-2022-30190) via phishing emails to users in Ukraine. The document was titled “Nuclear Terrorism A Very Real Threat.rtf" and appeared designed to prey on fears about the war in Ukraine spiraling into a nuclear holocaust.
READ THE STORY: Darkreading
Political games empower Russian cyberattacks
FROM THE MEDIA: The United States faces an alarming and growing threat of cyberattacks from Russia. Some in Congress would compound these dangers by enacting legislation that would force America’s leading tech companies to allow access to their software, hardware and operating systems to customers and competitors in the U.S. and overseas. The Cybersecurity & Infrastructure Agency (CISA) has been blunt about Russia.
“The Russian government engages in malicious cyber activities to enable broad-scope cyber espionage, to suppress certain social and political activity, to steal intellectual property, and to harm regional and international adversaries,” CISA says on its website.
During a “60 Minutes” interview on April 17, CISA director Jen Easterly said: “We are seeing evolving intelligence about Russia planning for potential attacks. And we have to assume that there’s going to be a breach. There’s going to be an incident. There’s going to be an attack.”
READ THE STORY: Boston Herald
What Caused an Explosion at a Texas Energy Plant?
FROM THE MEDIA: A terrible explosion at a liquefied-natural-gas plant and export terminal in Texas earlier this month might have been an accident — or it may be connected to Russian military intelligence, which would have all kinds of disturbing ramifications. Also, President Biden, returning from one of his four houses, declares, “You know, if you’re going out and buying a yacht, it doesn’t help the economy a whole lot.” Unsurprisingly, that’s not true.
Tom Rogan of the Washington Examiner might — with an emphasis on might — have one of the biggest scoops of the year: a possible link between Russian military intelligence and an explosion at a liquefied-natural-gas (LNG) plant and export terminal on Quintana Island, near Houston, on June 8.
Rogan writes: “According to two sources, around the time of Russia’s late February invasion of Ukraine, a cyber unit of Russia’s GRU military intelligence service again conducted targeting-reconnaissance operations against a major U.S. liquefied natural gas exporter, Freeport LNG. U.S. LNG exports have long been a priority concern for Russia, viewed by Russian President Vladimir Putin as a means for the United States to undercut Russia’s domination of the European gas market.”
READ THE STORY: NR
Defending Ukraine: Early Lessons from the Cyber War
FROM THE MEDIA: The recorded history of every war typically includes an account of the first shots fired and who witnessed them. Each account provides a glimpse not just into the start of a war, but the nature of the era in which people lived. Historians who discuss the first shots in America’s Civil War in 1861 typically describe guns, cannons, and sailing ships around a fort near Charleston, South Carolina.
Events spiraled toward the launch of World War I in 1914 when terrorists in plain view on a city street in Sarajevo used grenades and a pistol to assassinate the archduke of the Austrian-Hungarian Empire. It would take until the Nuremberg war trials to fully understand what happened near the Polish border 25 years later. In 1939, Nazi SS troops dressed in Polish uniforms and staged an attack against a German radio station. Adolf Hitler cited such attacks to justify a blitzkrieg invasion that combined tanks, planes, and troops to overrun Polish cities and civilians.
Each of these incidents also provides an account of the technology of the time — technology that would play a role in the war that ensued and the lives of the people who lived through it.
READ THE STORY: Microsoft
Shadowy forms of modern warfare are on full display in Ukraine
FROM THE MEDIA: Russia's attack on Ukraine is the biggest war in Europe since World War II, and warfare has changed a lot since the Allies defeated Nazi Germany.
Although World War II-era GIs might recognize jet aircraft and shoulder-fired missiles, the battles that Ukraine and Russia are fighting in cyberspace and on the electronic spectrum would likely be more puzzling. Cyber warfare and electronic warfare are both playing important roles in Ukraine. Electronic warfare is especially important on modern battlefields, and it has been the most visible in Ukraine.
The US Department of Defense defines electronic warfare as military activities that use electromagnetic energy to attack or disrupt an adversary's activity. It can affect everything that uses electricity and can be waged by ground, air, land, sea, and space.
READ THE STORY: Business Insider
DoJ Disrupts Russian Botnet During International Cyber Operation
FROM THE MEDIA: The U.S. Department of Justice – in collaboration with law enforcement partners in Germany, the Netherlands, and United Kingdom – has dismantled the infrastructure of a Russian botnet known as RSOCKS and responsible for hacking millions of computers and other electronic devices around the world.
The RSOCKS comprised millions of hacked devices worldwide. It initially targeted Internet of Things (IoT) devices – including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers, which are connected to, and can communicate over the internet, and therefore, are assigned IP addresses.
READ THE STORY: MERITALK
Uh oh, malicious Windows shortcuts are making a return
FROM THE MEDIA: At least two threat actors have recently been observed distributing malicious Windows shortcut files designed to infect victims with malware. Late last week, cybersecurity researchers from Varonis reported seeing the dreaded Emotet threat actor, as well as the lesser-known Golden Chickens group (AKA Venom Spider), distributing .ZIP archives via email, and in those archives, .LNK files. Using Windows shortcut files to deploy malware or ransomware(opens in new tab) on the target endpoint(opens in new tab) is not exactly novel, but these threat actors have given the idea a brand new spin.
In this particular campaign, the threat actors replaced the original shortcut icon with that of a .PDF file, so that the unsuspecting victim, once they receive the email attachment, can’t spot the difference with a basic visual inspection.
But the danger is real. Windows shortcut files can be used to drop pretty much any malware onto the target endpoint, and in this scenario, the Emotet payload is downloaded into the victim’s %TEMP% directory. If successful, the Emotet payload will be loaded into memory using “regsvr32.exe”, while the original dropper gets deleted from the %TEMP% directory.
READ THE STORY: TechRadar
Is Continuous Discovery Needed to Detect Rogue APIs?
FROM THE MEDIA: A smart and scalable API security strategy has many factors. But even the most sophisticated API security approach needs a full and current API inventory. This might not sound difficult, particularly with mature API processes, governance, and documentation. But as with most aspects of security, planning for the unexpected is critical. In the case of APIs, this means implementing broad and continuous API discovery across your on-premises and cloud environments.
One of the most challenging aspects of securing APIs is that APIs themselves – and the infrastructure foundation they sit on top of – seem to be constantly changing. Modern applications are deployed and changed daily through fast-moving DevOps processes. Meanwhile, IT infrastructure is continuously evolving as organizations shift to hybrid-cloud architectures and embrace new application deployment models like microservices.
READ THE STORY: SecurityBoulevard
If you didn't store valuable data, ransomware would become impotent
FROM THE MEDIA: Sixteen years ago, British mathematician Clive Humby came up with the aphorism "data is the new oil".
Rather than something that needed to be managed, Humby argued data could be prospected, mined, refined, productized, and on-sold – essentially the core activities of 21st century IT. Yet while data has become a source of endless bounty, its intrinsic value remains difficult to define.
That's a problem, because what cannot be valued cannot be insured. A decade ago, insurers started looking at offering policies to insure data against loss. But in the absence of any methodology for valuing that data, the idea quickly landed in the "too hard" basket.
READ THE STORY: The Register
Chinese hackers target script kiddies with info-stealer trojan
FROM THE MEDIA: Cybersecurity researchers have discovered a new campaign attributed to the Chinese "Tropic Trooper" hacking group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan.
The trojan is bundled in a greyware tool named 'SMS Bomber,' which is used for denial of service (DoS) attacks against phones, flooding them with messages. Tools like this are commonly used by "beginner" threat actors who want to launch attacks against sites. According to a report by Check Point, the threat actors also demonstrate in-depth cryptographic knowledge, extending the AES specification in a custom implementation.
READ THE STORY: Bleeping Computer
Security Think Tank: Supply chain security demands systematic approach
FROM THE MEDIA: As organizations have increased their own cyber security over the past five to 10 years, there has been an increase in indirect attacks via the supply chain. At the same time, there has also been an increase in ransomware, and the emergence of targeted ransomware linked with data theft and extortion.
This is, to some extent, because small to medium-sized enterprises (SMEs) in the supply chain are seen as an easier way into the enterprise than a direct attack. However, sophisticated supply chain attacks through larger companies have also been seen.
The increase in ransomware is a real threat, particularly where there is a single-source supplier. Ransomware has become more sophisticated, sometimes infecting backups as well as operational technology (OT), so companies may be unable to produce and deliver their products for three months or more after an attack.
READ THE STORY: Computer Weekly
Yodel delivery service disrupted by cyber incident
FROM THE MEDIA: Delivery service company Yodel has been hit by a suspected ransomware attack, leading to delays in parcel distribution and customers losing the ability to track orders online.
Yodel has not published any details of the attack itself, but confirmed there was an incident through an FAQ on its website.
“As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by a digital forensics group,” it said. “We are deploying all efforts to resolve the situation as quickly as possible and continue to work closely with authorities and law enforcement.”
It added that, while deliveries are continuing, there may be delays across its network, but that its parcel-tracking service “remains temporarily unavailable”.
READ THE STORY: Computer Weekly
‘Stronger front door’ required to rebuff cyber HEAT attacks
FROM THE MEDIA: Speaking at Info security Europe 2022 this week, Mark Guntrip, senior director of security strategy at Menlo Security, said that so-called ‘HEAT’ (Highly Evasive Adaptive Threats) attacks require a renewal of the ‘strong front door’ model of threat blocking, as standard detect-and-respond techniques are proving unequal to their defensive role.
HEAT attacks are a class of cyber threat that target web browsers as the primary attack vector. They go on to employ techniques to evade multiple layers of protection such as firewalls, secure web gateways, sandbox analysis, URL reputation and phishing detection.
“HEAT attacks are used as the initial access point to deliver malware or to compromise credentials,” said Guntrip. “They allow cyber threats to deliver malicious content like ransomware to the endpoint by adapting to the targeted environment.”
READ THE STORY: ET
Swoop to launch mmWave fixed wireless in 2023
FROM THE MEDIA: The service will be launched in Q1 of FY2023 and will be targeted at the business areas of Osborne Park, Balcatta, and Malaga.
Swoop CEO Alex West says the project will set the precedent for fixed wireless services in Australia and will bring affordable high-speed services to businesses.
“The rollout of mmWave fixed wireless will bring major advantages to Australian businesses, allowing them access to very high-speed internet at extremely affordable pricing,” says West.
Swoop also announced the launch of Swoop Channel, which will tie together the company’s wholesale, reseller, and business partner models along with its new channel portal.
READ THE STORY: IT Wire
Items of interest
USPS appoints director of cyber engineering
FROM THE MEDIA: The U.S. Postal Service has installed Michael Billingsley as director of cybersecurity engineering, a role he had held in an acting capacity since April 5.
Billingsley will continue to lead a team enhancing automated security and visibility to secure data and integrating vulnerability and threat data into network-connected asset management.
The appointment comes at a time when federal agencies like USPS are in various stages of implementing zero-trust security architectures in accordance with the Cybersecurity Executive Order issued in May 2021.
“Michael brings with him a diverse background holding various leadership roles within the USPS, including finance and economics, director client services, and strategy and planning,” an agency spokesperson told FedScoop. “This experience, tied with his Sloan Fellowship MBA focused on analytics, blockchain, Web3, cryptocurrency, artificial intelligence, and finance eminently qualifies him for this role.”
READ THE STORY: FEDSCOOP
Starting an investigation with image reverse search (Video)
FROM THE MEDIA: The image reverse search is a great way to start any piece of research as it allows you to take an image on the internet and not only find where else it has been used, but also by who, in what context, and what location. Through such a quick act you are able to identify much more open source information out of that simple act.
Top 4 Free Satellite Imagery Sources (Video)
FROM THE MEDIA: This tutorial may suit you if you are keen to learn a little bit more about how and where to find satellite imagery for free. We all know commercial imagery can be expensive, so getting it for free is quite helpful.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com