Monday, June 27, 2022 // (IG): BB //Weekly Sponsor: Dataminr
Anonymous vows to bring Do Kwon’s ‘crimes’ to light
FROM THE MEDIA: Hacktivist group Anonymous has pledged to “make sure” Terra co-founder Do Kwon is “brought to justice as soon as possible” in regard to the collapse of the Terra (LUNA) and TerraUSD (UST) ecosystems in May.
On Sunday, a video purportedly coming from the Anonymous hacker group rehashed a laundry list of Kwon’s alleged wrongdoings, including cashing out $80 million each month from LUNA and UST prior to its collapse, as well as his role in the fall of stable coin Basis Cash, for which Do Kwon allegedly co-created under the pseudonym “Rick Sanchez” in late 2020.
READ THE STORY: Coin Telegraph
‘False assumptions’ about social engineeering debunked: Proofpoint
FROM THE MEDIA: A new research report has debunked five “false assumptions” that people have about social engineering which are integral to why so many fall victim to these forms of cyberattack. Cybersecurity researchers at security firm Proofpoint have today released their 2022 Social Engineering report, which analyses key trends and techniques of socially engineered cyber threats observed over the past year. The report debunks 5 false assumptions people have about social engineering which are integral to why so many fall victim to these forms of cyberattack.
READ THE STORY: ITwire
Clever phishing method bypasses MFA using Microsoft WebView2 apps
FROM THE MEDIA: A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.
With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant. However, the increasing adoption of multi-factor authentication (MFA) has made it difficult to use these stolen credentials unless the threat actor also has access to the target's one-time MFA passcodes or security keys.
READ THE STORY: Bleeping Computer
Microsoft warns of rising Russian cyberattacks
FROM THE MEDIA: Since the start of the conflict in Ukraine, Russian intelligence agencies have increase their attempts to acquire intelligence from US and allies' government computer networks. Hackers are not only going after government systems, but also targeting other sectors that may have crucial information related to the war, such as think tanks and humanitarian groups, as well as defense, telecommunications, and energy firms.
Since the start of the war, Microsoft has identified more than 100 organizations in 42 countries that have been impacted by the attacks. According to the report, over 60% of the activity has targeted entities in NATO states. The US has been the main country targeted, accounting for 12% of the worldwide total.
READ THE STORY: Computer UK
Microsoft warns of increased Russian cyberattacks on countries supporting Ukraine
FROM THE MEDIA: Microsoft claims it detected network intrusions from Russian hackers on systems belonging to government agencies, think tanks, humanitarian groups, as well as telecommunications, energy, and defense companies. Organizations from over 40 countries have allegedly been affected by these attacks since the beginning of the war in Ukraine.
According to a new report by Microsoft, Russian intelligence agencies have significantly increased the frequency of their cyberattacks against countries allied with Ukraine. Russian hackers are not only targeting government systems but also other sectors that might have valuable information related to the war, such as think tanks, businesses, and aid groups.
READ THE STORY: TechSpot
Beijing probes security at academic journal database
FROM THE MEDIA: China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure (CNKI), citing national security concerns. In its announcement of the investigation, the China Cyberspace Administration (CAC) said: ”It is reported that CNKI holds a large amount of personal information and important data involving key industries such as national defense, industry, telecommunications, transportation, natural resources, health and health, and finance, as well as sensitive information such as major projects, important scientific and technological achievements, and key technological dynamics.”
CNKI is a privately-owned publishing company that maintains a monopoly on academic journal searches in China. In recent years, it has been criticized for imposing exorbitant price increases.
READ THE STORY: The Register
Does Biden Care About China’s Theft of American Technology?
FROM THE MEDIA: Depending on one’s biases, the Biden administration has done either too much of one thing or too little of another. One area where it has done nothing is in protecting U.S. interests in trade with China. Though President Joe Biden has kept Donald Trump’s questionable tariffs in place, he has not lifted a finger to stem China’s ongoing theft of American technology and intellectual property. Indeed, the administration has obliquely, if inadvertently encouraged China to continue such practices.
Every nation, and every business, tries to get its competitors’ trade secrets and technological edges. That is why governments and international agreements enforce patents and copyrights as well as recognized trademarks. Because Beijing has largely ignored these international norms and laws, businesses have turned to Washington for help instead of to courts and international agencies. Washington’s past efforts have failed to give this protection, but at least previous administrations have tried. The Biden White House cannot even make that claim.
READ THE STORY: National Interest
Resilience Case Study: Chaos Engineering
FROM THE MEDIA: In order to understand what Chaos Engineering is, we have to first accept the fact that we no longer live in a linear, digital world. When the internet emerged as a useful business tool (say in the mid-1990s), things were pretty simple. We didn’t think so at the time, but compared to today, that world was Kindergarten. If you changed one thing in that world, you pretty much knew what was going to happen. Today’s IT environments are systems of systems. We are in PhD land here. They are complicated and most of us have no idea how they actually work, what the real dependencies are between software modules. It’s like that old chestnut that when a butterfly flaps its wings in China, you might end up with a hurricane in the Gulf of Mexico. When the hard drive of a system running a non-essential monitoring app in an AWS region in North America fails but somehow causes a system wide failure, this is what I'm talking about.
READ THE STORY: The CyberWire
Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
FROM THE MEDIA: CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches. The CSA provides information—including tactics, techniques, and procedures and indicators of compromise—derived from two related incident response engagements and malware analysis of samples discovered on the victims’ networks.
READ THE STORY: HSTODAY
Fake copyright infringement emails install LockBit ransomware
FROM THE MEDIA: LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims.
The recipients of these emails are warned about a copyright violation, allegedly having used media files without the creator's license. These emails demand that the recipient remove the infringing content from their websites, or they will face legal action. The emails, spotted by analysts at AhnLab, Korea, do not determine which files were unfairly used in the body and instead tell the recipient to download and open the attached file to see the infringement content.
READ THE STORY: Bleeping Computer
OpsPatuk: DragonForce starts ransomware attacks
FROM THE MEDIA: After website defacement and data leaks, DragonForce Malaysia, the hacker group behind the ongoing cyber attack against India, has now moved on to ransomware attacks.
DragonForce had on June 10 issued a call to all hackers, asking them to join the campaign dubbed OpsPatuk, meant to be revenge against suspended BJP spokesperson Nupur Sharma’s derogatory comments about the Prophet Mohammed. The first wave of OpsPatuk included hacking and defacement of hundreds of Indian websites, both government and private, while in the second waves, DragonForce hacked servers of organizations and leaked personal data of lakhs of Indians.
READ THE STORY: Free Press Journal
Cetera Financial Group Data Breach and Investigation
FROM THE MEDIA: Cetera Financial Group, Inc. (“CFG”), a financial services group based in El Segundo, California, reported a data breach to the Maine Attorney General’s Office. 2,188 individuals nationwide were affected by the breach.
According to the company, on March 16, 2022, CFG received notice of a data breach from its printing service, R.R. Donnelley & Sons Company (“RRD”), that occurred between November 29, 2021 and December 23, 2021. After starting its own investigation, CFG determined that personal information from its files that were present on RRD’s systems at the time of the data breach were impacted by the RRD data breach.
READ THE STORY: Legal Scoops
Hackers can bring ships and planes to a grinding halt. And it could become much more common
FROM THE MEDIA: Armed with little more than a computer, hackers are increasingly setting their sights on some of the biggest things that humans can build. Vast container ships and chunky freight planes — essential in today’s global economy — can now be brought to a halt by a new generation of code warriors. “The reality is that an aero plane or vessel, like any digital system, can be hacked,” David Emm, a principal security researcher at cyber firm Kaspersky, told CNBC.
Indeed, this was proven by the U.S. government during a “pen-test” exercise on a Boeing aircraft in 2019. Often it’s easier, however, to hack the companies that operate in ports and airports than it is to access an actual aircraft or vessel.
READ THE STORY: CNBC
Want a Break From Hardware Hacking? Try BITBURNER
FROM THE MEDIA: If you ever mention to a normal person that you’re a hacker, and they might ask you if you can do something nefarious. The media has unfortunately changed the meaning of the word so that most people think hackers are lawless computer geniuses instead of us simple folk who are probably only breaking the laws meant to prevent you from repairing your own electronics. However, if you want a break, you can fully embrace the Hollywood hacker stereotype with Bitburner. Since it is all online, you don’t even have to dig out your hoodie.
The game takes place in 2077 where, apparently, people are still using green monochrome terminals and writing JavaScript code. Who knew? The operating system is suspiciously Linux-like with commands like alias
, cat
, cp
, kill
, and the like. We were nonplussed that in 2077 they’re still using vim, but you can use nano. We always thought real hackers would be emacs users. Our machine only starts out with 8 MB of RAM, too. Good think you can virtually buy more.
READ THE STORY: Hackaday
Hackers Attacked Ukrainian Operators and Telecommunications Providers
FROM THE MEDIA: The governmental emergency response team of Ukraine CERT-UA, operating under the State Special Communications Service, reported the distribution of dangerous emails with the subject line “Free Primary Legal Aid”.
“The letters come from an email address in the gov.ua domain (probably compromised) and have a password-protected attachment “Algorithm for the actions of family members of a missing soldier LegalAid.rar,” the press service of the State Special Communications Service said on Saturday.
“The specified RAR archive contains the ‘Algorithm_LegalAid.xlsm’ document, the opening of which will ultimately lead to the download and execution of the DarkCrystal RAT malware,” the experts warned.
Given the email addresses of email recipients, experts suggest that the attack is aimed at operators and telecommunications providers in Ukraine.
READ THE STORY: Open 4 Business
Items of interest
How To Tell If Someone Is Watching Your Nest Cam
FROM THE MEDIA: As terrifying as it may sound, a growing number of homeowners have reported hackers who had gained access to the Wi-Fi based surveillance cameras set up in their homes. In particular, incidents involving people who use Google's Nest security cam have been in the media spotlight since it was first released in 2015 (via Tech Crunch).
These cameras are popular among homeowners for their cutting-edge features and reliability and are frequently used to protect the most private areas of your home including bedrooms and nurseries. If they are hacked, digital intruders can not only spy on you and your family without you knowing — they can also talk to you through the security cam's two-way communication features.
While it is considered one of the more secure cameras available, sophisticated hackers are still able to crack passwords set by users. So, how do you know if someone is watching your cam, and what can you do to prevent your account from being compromised?
READ THE STORY: Sky News
OSINT At Home #5 – Creating a panorama from a video for geolocation (Video)
FROM THE MEDIA: For geolocation, a panorama is not always necessary, however it is useful in more difficult geolocation tasks where there are limited ‘obvious’ features in the footage.
FINDING: MODI – Find where & when a photo was taken (geolocation & chronolocation) (Video)
FROM THE MEDIA: The purpose for this tutorial is to answer questions that I received from my previous tutorials on shadow calculation, specifically relating to things such as, ‘what if I don’t know the height of the person’, or ‘does it have to be the exact location’, or more simply, ‘how can I geolocate an image using mountains in the background’. I hope this video answers those questions.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com