Saturday, July 09, 2022 // (IG): BB //Weekly Sponsor: The Fintel Brief
Rogers network resuming after major outage hits millions of Canadians
ANALYST NOTES: Public Safety Minister Marco Mendicino issued several warnings in June of this year. Granted Minister Mendicino stated Friday evening that this is not the result of a cyber attack. Mendicino’s speech to the Commons public Safety committee, in June, told members that the threat is not just to the federal government but also to critical infrastructure (Rogers memo on the outage).
Mendicino described those attacks as potentially coming in the form of cyberattacks and ransomware “which look to identify potentially valuable targets to Canadian interests like critical infrastructure but equally, to sub-national targets, different orders of government, different sectors to the economy.”
This incident if it were an attack successfully displayed effects on “restaurants, gas stations, ATM’s, grocery stores, government services and crippled some government agencies”.
Kye Prigg (Rogers Senior VP Access Networks and Operations): “We experienced a failure in the core network (in the systems that carry voice traffic and data across the country)” (0:46 seconds). Kye did not rule out cyber attack.
FROM THE MEDIA: Rogers Telecommunications said its network was beginning to recover late on Friday after a 19-hourservice outage at one of Canada's biggest telecom operators shut banking, transport and government access for millions, drawing outrage from customers and adding to criticism over its industry dominance.
Nearly every facet of life has been disrupted, with the outage affecting internet access, cell phone and landline phone connections. Some callers could not reach emergency services via 911 calls, police across Canada said.
Canadians crowded into cafes and public libraries that still had internet access and hovered outside hotels to catch a signal. Canada's border services agency said the outage affected its mobile app for incoming travelers. Retailers' cashless pay systems went down; banks reported issues with ATM services.
READ THE STORY: Reuters // ITworld Canada
FBI Director calls increasing Chinese Cyber Attacks a threat to Wall Street and Main Street
FROM THE MEDIA: FBI Director Chris Wray calls China the biggest long-term threat to the U.S. and said the CCP’s cyberattacks are a threat to both Wall Street and Main Street.
"Americans should be concerned because the Chinese government's attempts to steal our innovation, our intellectual property effects American jobs, we're talking about American jobs, American consumers being directly affected," said Wray. "There was a case not that long ago where an American company was essentially fleeced by a Chinese company, and that caused the company's stock value to drop by something like 85% and hundreds and hundreds of jobs lost. And so that's real impact, not just on Wall Street, but on Main Street."
READ THE STORY: Foxnews
Security warning after sale of stolen Chinese data
FROM THE MEDIA: In an advert on a criminal forum, later removed, the user said the data was stolen from Shanghai National Police. The hacker claims the information includes names, addresses, National ID numbers and mobile phone numbers. Cyber-security experts have verified that at least some of a small sample of the data offered is real. The 23 terabytes of data is thought to be the largest ever sale of data on record and was being offered for $200,000 (£166,000) until the post was removed on Friday.
READ THE STORY: BBC
Apple’s Business Could Be Greatly Disrupted By A Possible China Takeover of Taiwan
FROM THE MEDIA: First, let’s look at the possible scenario should China launch aggressive invasive actions to take over Taiwan. Should this happen, the U.S. and other allied countries will most likely employ the same sanctions imposed on Russia when it invaded Ukraine. Most companies would probably halt all their operations in both China and Taiwan. And this includes Apple.
Unfortunately for Apple, the company is highly dependent on Taiwan when it comes to sourcing components for most of its products. The Taiwan Semiconductor Manufacturing Co. (TSMC) fabricates its A-series, S-series, and M-series chips. The production of these chips is located in Taiwan. So the last thing that Apple would hope for is an armed conflict between China and Taiwan. This would not only affect the manufacturing industry in the country but also compel Apple to halt production.
READ THE STORY: MacObserver
Russian Energy a Dangerous Opportunity for China Amid Ukraine War: Experts
FROM THE MEDIA: China’s communist leadership is pursuing opportunities to increase imports of Russian coal, oil, and gas amid the ongoing war in Ukraine. Experts say the move could help stabilize China’s continuing energy woes, but could also backfire by drawing international sanctions on itself.
With Western countries weighing stricter sanctions on Russian energy exports in the months ahead, the question of how Beijing may react to the international ire against Russia is on many minds. It was a topic of discussion for a roundtable of foreign policy experts on July 8 at an event hosted by the Atlantic Council, a foreign-policy-oriented think tank.
READ THE STORY: The Epoch Times
China's WeChat shuts Bloomberg's financial news account
FROM THE MEDIA: As China controls the internet companies under toughened laws, social media platform WeChat has shut down a Bloomberg social media account, accusing it of violating country's regulations on online public accounts, the media reported on Friday. Tencent-owned WeChat said it had received "complaints" about Bloomberg's "Daybreak" account, which posts global market updates, reports South China Morning Post. The account, active since January 2021, has breached Chinese regulations, the Chinese platform said.
READ THE STORY: ET India
Americans in the crosshairs of China's spy game
FROM THE MEDIA: As a long-time dissident and California-based opponent of the Chinese government, Arthur Liu - the father of US Olympic figure skater Alyssa Liu - was not particularly surprised when a phone call came from the FBI.
"They told me that the Chinese government had sent spies over to the Bay Area to gather me and my daughter's passport information," he told the BBC. "I wouldn't say I was shocked. But I thought to myself, 'wow' - they're taking this very seriously."
At first, Mr Liu didn't make the connection: A "fishy" phone call from a man claiming to be from the US Olympic and Paralympic Committee, claiming to be conducting a "preparedness check" ahead of his daughter's trip to the Beijing Winter Olympics in February 2022.
READ THE STORY: BBC
New US Space Force spy agency points to earthly rivalries being played out in orbit
FROM THE MEDIA: The US Space Force has launched a new space intelligence unit as competition heats up in space and nations take action to protect their orbiting interests. The unit, called Space Delta 18 or the National Space Intelligence Centre (NSIC), was officially launched late last month with a mission to “deliver unparalleled technical expertise and game-changing intelligence … to outwit, outreach and win in the space domain”. The new unit is tasked with monitoring and identifying threats to US space assets in orbit, those either causing physical damage or operational disruption, after the US military defined outer space as an “operational frontier” while becoming increasingly alert to any development of anti-satellite capabilities by China and Russia.
READ THE STORY: SCMP
China uses community organizations to tamp down global criticism of Uyghur repressions in Xinjiang: Report
FROM THE MEDIA: A new report details China’s efforts to control Uyghurs beyond its borders. The Chinese Communist Party (CCP) is using community organizations as fronts to challenge global criticism of Uyghur repressions in Xinjiang. Kurban Niyaz, writing in Radio Free Asia (RFA), said that the South Australia Xinjiang Association, a nonprofit organization set up in 2009, provides a platform for Chinese migrants from the region in northwestern China to meet one another and network. However, the group, dominated by Han Chinese, according to two researchers work to neutralize or silence criticism of CCP policies in Xinjiang.
READ THE STORY: The Print
SoftBank under pressure over links with 'blacklisted' Chinese facial recognition firm
FROM THE MEDIA: Softbank is under pressure after it emerged one of its subsidiaries, which indirectly sells to prominent US enterprises, may use facial recognition systems sourced from a Chinese company blacklisted by the US government.
Japan Computer Vision Corp (JCV), which is owned by Softbank, provides facial-scanning systems to clients such as Mastercard and Visa through an intermediary third-party company. Both companies seek to use biometrics at checkout to increase security for their customers.
Reuters, however, reports that JCV utilises technology developed by SenseTime Group, a Chinese firm that was sanctioned by the US government in December for alleged links to human rights violations in the Chinese province of Xinjiang.
READ THE STORY: ITpro
Recorded Future acquires malware analysis company Hatching
FROM THE MEDIA: Threat intelligence company Recorded Future on Friday announced that it acquired Hatching, a company that offers Triage, a sandboxing technology that delivers high-performance malware analysis. A purchase price was not disclosed.
The merger aims to offer Recorded Future customers with better visibility into active malware campaigns in the wild, improved attribution, and a critical edge against adversaries that use malicious software to disrupt business operations.
“By combining Hatching’s automated malware analysis capabilities with Recorded Future intelligence …our clients will now have an intelligence advantage against malware exploits, one of the most pervasive threats facing every organization,” said Christopher Ahlberg, co-founder and CEO of Recorded Future. “
READ THE STORY: SCMAG
States Prohibit Ransomware Payments
FROM THE MEDIA: When you are hit with a ransomware attack, you typically have a few options. You can restore from backups (if you have backups). You can rebuild your network and all the devices on it. Or you can pay the ransom. Which of these tactics you decide to take is frequently dependent upon the cost of each one, including the potential reputational cost and legal costs associated with picking one option over another. It makes little sense to pay $2 million to rebuild your network in the face of a demand for a $5,000 ransom.
However, municipalities—including state and local governments, towns and villages which are often victims of ransomware attacks—may no longer have the option of paying the ransom even where that makes logical and economic sense. Increasingly, state legislatures have made it illegal to use public funds to pay ransom in ransomware cases. This reflects an ideological view that, if everyone agrees not to pay ransom, ransomware attacks will subside because they are unlikely to be successful for the ransomware threat actor. It reflects a form of the tragedy of the commons: If just one person agrees to pay a ransom, then everyone is at risk. But if nobody is permitted to pay a ransom, everyone is protected.
READ THE STORY: Security Boulevard
Researchers Warn of Raspberry Robin's Worm Targeting Windows Users
FROM THE MEDIA: Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities. Describing it as a "persistent" and "spreading" threat, Cybereason said it observed a number of victims in Europe. The infections involve a worm that propagates over removable USB devices containing malicious a .LNK file and leverages compromised QNAP network-attached storage (NAS) devices for command-and-control. It was first documented by researchers from Red Canary in May 2022.
READ THE STORY: THN
Costa Rica in crisis: Russian ransomware raises its head
FROM THE MEDIA: Conti, the ruthless threat group behind hundreds of global ransomware attacks, has cast its dark shadow over sunny Costa Rica. The Central American republic is struggling to withstand a series of cyberattacks that have paralyzed state institutions. On May 11, 2022, Costa Rican President Rodrigo Chaves declared the attacks a national state of emergency. These cyberattacks not only damaged Costa Rica, but they pose a threat to global stability, as we’ll explore in the rest of this column.
READ THE STORY: Security Magazine
Why code signing is the talk of the dark web
FROM THE MEDIA: Code signing certificates are an essential part of our software world. Every software update is signed with a unique machine identity, combining a time stamp with an encryption algorithm in the form of a x.509 certificate issued by a trusted certificate authority. This allows other machines to know they are authentic and can be trusted.
Developers sign their code with a private key, and an end-user uses the public key from that developer to validate that the code hasn’t changed since the developer signed it. If someone has altered the code, the signature will provide an untrusted alert, in the same way a website with an untrusted or expired certificate does with transport layer security (TLS) machine identities. Without this system of identity, it would be impossible to deliver software. Without this you couldn’t use Windows, Mac, or iPhone let alone fly on a modern Airbus or Boeing aircraft. And it’s quickly becoming the same way in the cloud-native world of Kubernetes.
READ THE STORY: Betanews
QR codes are just as insecure as anything else
FROM THE MEDIA: Think back to February and the weekend of the Super Bowl. I didn’t watch it as I have better things to do in the early hours of the morning, like playing Cyberpunk 2077 because I can’t sleep. Also, I prefer proper rugby without crash helmets and 1980s shoulder pads. I didn’t escape the fallout of the thing, though, and I’m not talking about Eminem taking the knee: I’m talking about the adverts.
Don’t worry, this isn’t another of my rants about trackers, cookie options or advert delivery and blocking options. Instead, it’s about a certain level of cyber security-related hysteria. That hysteria – spread by way of tweets and blogs and emails – centred around Coinbase. Not for the usual “cryptocurrency is all an illusion” reasons, either, but rather down to a 60-second advert featuring a QR code bouncing around the telly-box, or more likely your computer screen, by way of a half-time advertising slot that’s reported to have cost in the region of $13 million.
READ THE STORY: ITpro
New 0mega ransomware targets businesses in double-extortion attacks
FROM THE MEDIA: A new ransomware operation named ‘0mega’ targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms. 0mega (spelled with a zero) is a new ransomware operation launched in May 2022 and has attacked numerous victims since then. A ransomware sample for the 0mega operation hasn’t yet been found, therefore there’s not much information on how files are encrypted. However, we do know that the ransomware appends the .0mega extension to the encrypted file’s names and creates ransom notes named DECRYPT-FILES.txt.
READ THE STORY: Bleeping Computer
Medical debt collection firm says ransomware attack exposed info on 650+ healthcare orgs
FROM THE MEDIA: A February ransomware attack on a medical debt collection company caused a widespread data breach affecting 657 healthcare organizations. In a statement issued late last week, Professional Finance Company said that during the attack the ransomware group gained access to databases that held names, addresses, accounts receivable balances, information regarding payments made to accounts, dates of birth, Social Security numbers, and health insurance data and medical treatment information.
READ THE STORY: The Record
New 'HavanaCrypt' Ransomware Distributed as Fake Google Software Update
FROM THE MEDIA: Security researchers at Trend Micro have identified a new ransomware family that is being delivered as a fake Google Software Update application. Dubbed HavanaCrypt, the ransomware performs multiple anti-virtualization checks and uses a Microsoft web hosting service IP address for its command and control (C&C) server, which allows it to evade detection.
During their analysis of HavanaCrypt, Trend Micro also discovered that it uses a namespace method function that queues a method for execution and that it employs the modules of an open-source password manager during encryption.
READ THE STORY: Security Week
QNAP NAS devices targeted by Checkmate ransomware
FROM THE MEDIA: QNAP network-attached storage devices are under attack from the novel Checkmate ransomware strain that exploits internet-exposed Server Message Block services, reports The Record, a news site by cybersecurity firm Recorded Future. Dictionary attacks are being conducted by Checkmate ransomware to infiltrate accounts with weak passwords, according to a QNAP advisory.
READ THE STORY: SCMAG
Improving cyber resiliency in manufacturing
FROM THE MEDIA: At the end of 2021, it was estimated that cyber attacks cost the global economy a staggering $6 trillion. This could escalate to $10.5 trillion by 2025 according to Cybersecurity Ventures. Cyber crime has accelerated since the beginning of the pandemic, with hackers quick to exploit the growth in home working practices. Two years on, working patterns have changed and some employees in the manufacturing industry continue to work hybrid patterns. It’s vital that manufacturers move cyber security from what may have been ‘left of stage’ to centre stage.
READ THE STORY: The Manufacturer
Items of interest
Aon Hack Exposed Sensitive Information of 146,000 Customers
FROM THE MEDIA: Aon recently disclosed that 145,889 of its North American customers had their sensitive information exposed in a large data breach.
The British multinational financial services firm that sells a range of risk-mitigation products announced that hackers breached its systems “at various times” from December 29 2020 to February 26 2022.
Aon disclosed the breach in a Securities & Exchange Commission filing in February. Further details were disclosed three months later, on May 26.
In a letter dated May 27, Aon told affected individuals that affected personally identifiable information includes driver’s license numbers, Social Security numbers and “in a small number of cases, benefits enrolment information.”
“Aon has taken steps to confirm that the unauthorized third party no longer has access to the data and Aon has no indication the unauthorized third party further copied, retained or shared any of the data,” the letter added. “We have no reason to suspect your information has or will be misused.”
READ THE STORY: InfoSec Magazine
Did Rogers Get Hacked!? (Video)
FROM THE MEDIA: MILLIONS of Canadians Effected After Massive Internet Company 'Rodgers Communications' Networks Fail.
Fraud & Cyber Crime Consultant at The Fraud Guy (Video)
FROM THE MEDIA: Starting out in the police, he holds years of experience in countering fraud and cybercrime across insurance, banking, lending, online retail, workplace fraud, and other areas where organized cyber fraud takes place.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com