Sunday, June 26, 2022 // (IG): BB //Weekly Sponsor: Dataminr
It's Back: REvil Ransomware Makes a Return, Here's What to Do
FROM THE MEDIA: REvil, a formidable Ransomware-as-a-Service (RaaS) operation that first came to light at the end of April 2019, has made a return. After six months of inactivity—following the raid by Russian authorities—the ransomware group seems to have resumed operation.
Analysis of new ransomware samples reveals that the developer has access to REvil's source code, meaning that the threat group has re-emerged. These suspicions were further reinforced when the ransomware crew's site relaunched on the dark web.
READ THE STORY: MUO
What Is Conti Ransomware and What Makes It Different?
FROM THE MEDIA: On 31 October 2021, the news surfaced online of a hack into the premium jewelry brand, Graff. Thousands of personal documents were leaked onto the dark web, including information of high-profile customers like David Beckham and Donald Trump.
The UK diamond company was hit by Conti ransomware. This isn’t a one off case, either. In 2021 alone, the Conti gang has managed to pillage somewhere close to $180 millions from its target market—making it the biggest ransomware group.
READ THE STORY: MUO
Ransomware as a service creates cottage industry of cybercrime
FROM THE MEDIA: As cyber-attacks increase, ransomware-as-a-service (RaaS) has catapulted from a fledgling threat into a force to be reckoned with, significantly lowering the barrier of entry and allowing cybercriminals who lack the technical skills to commoditize ransomware, a new research has warned.
The research found that ransomware’s current dominance is directly linked to the emergence of a technique known as “double extortion”.
The tactic, pioneered by the Maze ransomware group, involves stealing sensitive data from victims and threatening to publish these files on leak websites, while also encrypting the data so that the victim cannot access it, according to the report by Tenable, a cyber exposure company.
READ THE STORY: Siasat
Automotive fabric supplier TB Kawashima announces cyberattack
FROM THE MEDIA: TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack. The company did not confirm but there is reason to suspect that it is dealing with an attack from the LockBit ransomware group. TB Kawashima is a manufacturer of interior fabrics for automobiles, airplanes, theaters, and trains, with offices and plants in the U.S., China, Thailand, Indonesia, and India.
READ THE STORY: BleepingComputer
North Korean Hackers Stealing from the Crypto World
FROM THE MEDIA: While the crypto world is going through a market weakness resulting in the price of bitcoin plummeting from $69,000 to around $20,000 today, add security breaches and cybercriminals secretly taking over the crypto world, and you have a perfect - ‘things are about to go south’ - dish.
The notorious cybercrime Lazarus Group is another factor on the long list of concerns fueling the crypto meltdown.
READ THE STORY: News Track
AI Favors Autocracy, But Democracies Can Still Fight Back
FROM THE MEDIA: As Ben Buchanan and Andrew Imbrie note in their recent book, “AI’s [artificial intelligence’s] new capabilities are both marvels and distractions.” The marvel versus distraction dichotomy is an interesting one: due to the two possible natures of AI, the question of whether advances in AI will favor autocracies or democracies has come to the forefront of the tech and global power debate. On the one hand, AI has the potential to tackle some of the world’s most challenging social problems, such as issues related to healthcare, the environment, and crisis response, leading some to believe that democracies will wield AI to create a future for human good. On the other hand, some fear AI-enabled surveillance, information campaigns, and cyber operations will empower existing tyrants and produce new ones, leading to a future where autocracies thrive and democracies struggle.
READ THE STORY: Nation Interest
Pokémon Go developer Niantic says it's better at spotting cheaters and is "ramping up" enforcement
FROM THE MEDIA: Pokémon Go developer Niantic has outlined its plans on tackling cheating in the popular augmented-reality mobile game.
In an update posted to the company's official blog (thanks, NME), Niantic said it is "continuously work[ing] to facilitate a fun and fair environment" and "[felt players'] frustration about how cheating behaviors" affected them.
Its last post on cheating - posted way back last year - was "focused primarily on sharing a broad overview" on the topic, but since then, Niantic says it's "becoming better" at spotting cheaters.
READ THE STORY: EURO
A supply chain transformation
FROM THE MEDIA: Over the past four years the aerospace and defence industry (A&D), and in particular its supply chain, has been under unprecedented pressure. Companies in the sector all over the world have been reeling from the massive disruption caused by the Boeing 737-Max tragedy, closely followed by the outbreak of the Covid-19 pandemic, and now the horrific Russia-Ukraine war.
Even before these tragic events, there had been clear signals that the A&D supply chain was fragile and lacking resilience. Supply chain vulnerabilities have been exposed by everything from geopolitical events, regulatory changes, natural disasters, terrorism, and cyber-attacks. The geographic location of materials and parts production, lack of visibility and the poor communication that arises because of the large number of disparate supply chain partners make it particularly susceptible to volatility, uncertainty, complexity and ambiguity (VUCA).
READ THE STORY: AERO MAG
Another day, another crypto heist: Hacker steals $100 million from Harmony blockchain bridge
FROM THE MEDIA: $100 million. That's the latest haul from yet another successful crypto heist carried out by hackers finding a weakness to exploit.
Harmony, a blockchain bridge that helps facilitate transfers between different cryptocurrency tokens, recently announced that $100 million in cryptocurrency was stolen from its Horizon bridge on Thursday morning. In a blog post detailing the events, Harmony explained that its Horizon Ethereum Bridge fell victim to a "malicious attack."
READ THE STORY: Mashable
White hat hacker attempts to recover 'millions' in lost Bitcoin, finds only $105
FROM THE MEDIA: Joe Grand, a computer engineer and hardware hacker known by many for recovering crypto from hard-to-reach places, spent hours breaking into a phone only to find a fraction of a Bitcoin.
In a YouTube video released on Thursday, Grand traveled from Portland to Seattle in an effort to potentially recover “millions of dollars” in Bitcoin (BTC) from a Samsung (KS:005930) Galaxy SIII phone owned by Lavar, a local bus operator. Lavar originally purchased the BTC in July 2016 in a “super sketchy” way, paying a person at a cafe and storing the crypto in a wallet on the phone before putting it in storage and losing track of the device.
READ THE STORY: Investing
Spyware firm is hacking into iOS and Android devices, according to Google
FROM THE MEDIA: Google's Threat Analysis Group (TAG) has identified Italian vendor RCS Lab as a spyware offender, developing tools that are being used to exploit zero-day vulnerabilities to effect attacks on iOS and Android mobile users in Italy and Kazakhstan.
According to a Google blog post on Thursday, RCS Lab uses a combination of tactics, including atypical drive-by downloads as initial infection vectors. The company has developed tools to spy on the private data of the targeted devices, the post said.
Milan-based RCS Lab claims to have affiliates in France and Spain, and has listed European government agencies as its clients on its website. It claims to deliver "cutting-edge technical solutions" in the field of lawful interception.
READ THE STORY: Channel Asia
Neural Network Identifies Bird Calls, even on your PI
FROM THE MEDIA: Recently, we’ve stumbled upon the extensive effort that is the BirdNET research platform. BirdNET uses a neural network to identify birds by the sounds they make, and is a joint project between the Cornell Lab of Ornithology and the Chemnitz University of Technology. What strikes us is – this project is impressively featureful and accessible for a variety of applications. No doubt, BirdNET is aiming to become a one-stop shop for identifying birds as they sing.
There’s plenty of ways BirdNET can help you. Starting with likely the most popular option among us, there are iOS and Android apps – giving the microphone-enabled “smart” devices in our pockets a feature even the most app-averse hackers can respect. However, the BirdNET team also talks about bringing sound recognition to our browsers, Raspberry Pi and other SBCs, and even microcontrollers. We can’t wait for someone to bring BirdNET to a RP2040! The code’s open-source, the models are freely available – there’s hardly a use case one couldn’t cover with these.
READ THE STORY: Hackaday
Defi Dapps DNS Attacked
FROM THE MEDIA: Hackers are increasingly targeting the front-end websites of DeFi protocols in a bid to steal users’ funds. Convex Finance, a protocol offering boosted rewards for Curve liquidity providers and stakers, is urging users to be diligent in checking the addresses for contract approvals after its website was hijacked on Thursday.
Convex is the sixth-largest DeFi protocol with a total value locked (TVL) of $3B, despite TVL dropping 6% over the past 24 hours, according to DeFi Llama.
On June 23, angel investor Alexintosh tweeted that Convex Finance was asking users to approve an unverified smart contract address, suggesting a hacker may have infiltrated Convex Finance’s website to execute a DNS (domain name server) spoofing attack.
READ THE STORY: The Defiant
Hyderabad: 'Fraudsters swindle crores in name of cryptocurrency investment': Police
FROM THE MEDIA: Regardless of several initiatives and precautionary measures being taken to crack down the cases of cyber-crimes, cryptocurrency investments, there have been at least 20 cases of fraud in the name of cryptocurrency investment under the Hyderabad City Police limits in 2022 alone.
In October-November 2021, there were 15 complaints across the three commission rates of Hyderabad, Rachakonda and Cyberabad, with the complainants losing around Rs 9 crore in just one month. There was also one suicide reported in Suryapet — a man killed himself after losing Rs 70 lakh after investing in crypto, Telangana Today reported. The amount lost by the victims varies from Rs 10 lakh to Rs 1 crore.
READ THE STORY: Times Now News
The Prints Don’t Stop with this PRUSA I3 MK3 MOD
FROM THE MEDIA: One of the issues with 3D printing is that when a print is done, you need to go back and pull the print off the bed to reset it for the next one. What if you needed to print 600 little parts for whatever reason? Most people might say get lots of printers and queue them up. Not [Pierre Trappe], as he decided that his Prusa i3 MK3S+ would print continuously.
The setup was dubbed Loop and consisted of a few parts. First, there’s an arm that sweeps the build plate to clear the printed pieces, a slide for the pieces to descend on, and a stand for the printer to sit on that puts it at an angle. The next step is to modify OctoPrint to allow a continuous print queue. The slicer needs to change as [Pierre] provides some G-code to reset the printer and clear the print.
We were especially impressed with the attention to detail in the documentation for this one. There’s extensive guidance on getting the bed adhesion just right, as you can’t have it come off mid-print, but you need it to detach cleanly and easily when the arm sweeps across the bed. Calibrating that first layer is essential, and he provides handy instructions to dial it in. Additionally, temperature and material play a crucial role, and [Pierre] documented the different materials and temperatures he used while developing Loop.
READ THE STORY: Hackaday
GAO report recommends DHS and Treasury assess federal response to cyber attacks
FROM THE MEDIA: In a report released June 21, 2022, the U.S. Government Accountability Office (GAO) urged the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury’s (Treasury) Federal Insurance Office (FIO) to jointly assess whether the risk to critical infrastructure and potential financial exposures from catastrophic cyber incidents warrant a federal insurance response, and to inform Congress of the results of their assessment. CISA is the primary risk advisor on critical infrastructure, and FIO is the federal monitor of the insurance sector.
READ THE STORY: Consumer Finance Monitor
Cyber harassment is increasing with time
FROM THE MEDIA: Gender-based violence is defined by the United Nations as “violence that is directed against a woman because she is a woman or that affects woman disproportionately”.
This includes physical, sexual and/or emotional harm. Gender-based cybercrimes include cyber stalking, cyber harassment and cyber bullying. All these offences have been described in PECA as avoidance of hate speech, unwanted online messages, making sexual and offensive advances through social networking websites.
Certain recent cases have shown that Pakistan needs to protect women and children on the internet through various online social applications. Cyber harassment has exacerbated after the COVID pandemic since millions of people were forced to shift to online systems. According to recent data, the cyber harassment helpline in Pakistan received 4,441 online harassment complaints in 2021.
READ THE STORY: Dawn
Items of interest
The lessons military planners are learning from the Ukraine invasion and what it means if the UK went to war with Russia
FROM THE MEDIA: Throughout the Cold War, Britain's military planners thought long and hard about what was needed to beat the Soviets if World War Three ever broke out. Assuming both sides weren't annihilated by nuclear weapons, they assumed a Soviet invasion would lead to a war in western Europe, and trained and equipped UK forces would need to counter that threat. With the collapse of the Soviet Union, it was believed that the threat was no longer there, and came from other places.
But the invasion of Ukraine has changed all of that. While analysts say a direct conflict between NATO and Russia is unlikely, it is possible - particularly in the Baltic states, or Finland. The Ukraine war is providing a golden opportunity for British and NATO military planners to observe Russia fighting on the battlefield and to plan accordingly. Here, according to former Royal United Services Institute (RUSI) head Professor Michael Clarke and retired Air Vice Marshal Sean Bell, are a few of the lessons the MoD will be taking on board.
READ THE STORY: Sky News
OSINT At Home #8 – Calculate time using shadows in a photo or video (Video)
FROM THE MEDIA: Using the shadows in a photo or video can help us identify or verify when something was taken. Sometimes we either have no metadata in an image or a video, or we simply cannot rely upon it, so a way to either double-check the legitimacy of a timestamp, or to find a window of time, is by turning objects seen in imagery into a sundial.
OSINT At Home #7 – How to create a satellite image time lapse (Video)
FROM THE MEDIA: Using the satellite imagery time lapse is a great way to identify change on the ground, and through mastering this skill, it will inevitably help any of those looking to verify incidents that happened on the ground, verify footage seen on social media, or claims in the news. It can also help with research and investigations in other fields, such as using satellite imagery in environmental journalism to identify deforestation, business journalism to identify mining growth, or research on urban sprawl and development by using the satellite imagery to indicate spread of urban areas over time.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com