Daily Drop (192)

7-13-22

Wednesday, July 13, 2022 // (IG): BB //Weekly Sponsor: The Fintel Brief

Ongoing phishing campaign can hack you even when you’re protected with MFA

FROM THE MEDIA: On Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when they're protected with multi-factor authentication measures designed to prevent such takeovers. The threat actors behind the operation, who have targeted 10,000 organizations since September, have used their covert access to victim email accounts to trick employees into sending the hackers money.

Multi-factor authentication—also known as two-factor authentication, MFA, or 2FA—is the gold standard for account security. It requires the account user to prove their identity in the form of something they own or control (a physical security key, a fingerprint, or face or retina scan) in addition to something they know (their password). As the growing use of MFA has stymied account-takeover campaigns, attackers have found ways to strike back.

READ THE STORY:   Arstechnica

Hackers impersonate cybersecurity firms in callback phishing attacks

FROM THE MEDIA: Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks. Most phishing campaigns embed links to landing pages that steal login credentials or emails that include malicious attachments to install malware. However, over the past year, threat actors have increasingly used "callback" phishing campaigns that impersonate well-known companies requesting you call a number to resolve a problem, cancel a subscription renewal, or discuss another issue. When the target calls the numbers, the threat actors use social engineering to convince users to install remote access software on their devices, providing initial access to corporate networks. This access is then used to compromise the entire Windows domain.

READ THE STORY:  Bleeping Computer

This ransomware gang lets you rummage around their stolen data

FROM THE MEDIA: We appear to have reached the next stage in the evolution of ransomware(opens in new tab), as operators now allow people to search through the files stolen from companies that declined to pay up.

Multiple ransomware operators are reportedly now adding the feature to their leak sites - and while some have done a poor job, as their engines didn’t exactly work as intended, others appear to have successfully pulled it off. In the case of BlackCat (AKA ALPHV), not only does the search engine work, but the files were also indexed, allowing visitors to search by specific keywords or file types, making it easier for other cybercriminals to find sensitive data, and possibly attack other firms with malware(opens in new tab) and ransomware, as well

READ THE STORY:  Techradar

Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs

FROM THE MEDIA: Microsoft has fixed 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution. The Azure Site Recovery service is a disaster recovery service that will automatically fail-over workloads to secondary locations when a problem is detected. As part of the July 2022 Patch Tuesday, Microsoft fixed 84 flaws, with Azure Site Recovery vulnerability accounting for more than a third of the bugs fixed today.

READ THE STORY:  Bleeping Computer

Rise in Qakbot attacks traced to evolving threat techniques

FROM THE MEDIA: Qakbot has been a prevalent threat over the past 14 years and continues to evolve adopting new delivery vectors to evade detection. Zscaler Threatlabz has discovered a significant uptick in the spread of Qakbot malware over the past six months using several new techniques. Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 to trick victims into downloading malicious attachments that install Qakbot. Other more subtle techniques are being deployed by threat actors to prevent automated detection and raise the odds that their attack will work, including obfuscating code, leveraging multiple URLs to deliver the payload, using unknown file extension names to deliver the payload, and altering the steps of the process by introducing new layers between initial compromise, delivery, and final execution.

READ THE STORY:  Security Boulevard

Core Security by HelpSystems Introduces New Ransomware Simulator

FROM THE MEDIA: - Core Security by HelpSystems, a leading provider of cyber threat solutions, today announced the addition of ransomware simulation to its penetration testing solution, Core Impact. Using an automated Rapid Pen Test, Core Impact users can now efficiently simulate a ransomware attack. According to the 2022 Penetration Testing Report, ransomware is one of the top concerns for cybersecurity professionals. Also, a PhishLabs by HelpSystems report shows ransomware is booming, growing more than 100% year-over-year. The cost of ransomware attacks is also on the rise; the average ransom demand alone was $220,298 in 2021, with the recovery cost much steeper, averaging $1.8 million.

READ THE STORY:   DarkReading

Evolving cybersecurity to protect today’s energy network architecture

FROM THE MEDIA: The energy sector is in a unique position when it comes to network security. Not only does it need to protect private information and keep employees productive, but it is tasked with preventing attacks that could bring the power infrastructure supporting communities across the nation to its knees. While the ramifications of a cyberattack on the energy sector could be extraordinary, energy companies face many of the same challenges as organizations in other verticals. For example, with the growing challenges of adapting to a mobile and disparate workforce, energy firms need to give their work-from-anywhere (WFA) users the flexibility, secure access and network performance needed to perform their duties.

READ THE STORY:   SECMAG

Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations

FROM THE MEDIA: Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication (MFA). "The attackers then used the stolen credentials and session cookies to access affected users' mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets," the company's cybersecurity teams reported.

READ THE STORY:   THN

MGA sounds alarm on "BazarCall" ransomware attack

FROM THE MEDIA: There is a new type of ransomware attack targeting small businesses and it has already caused “an increasing number” of malware infections over the last three months, according to cyber insurance leader CFC. Dubbed ‘BazarCall,” CFC’s cyber threat analysis team noted that this new attack subverts common safeguard controls through the use of a phishing email intended to trick victims into phoning a call center. Upon contact, they’re instructed to download malicious software that will infect their computers and enable hackers to carry out ransomware attacks without being detected.

READ THE STORY:   Insurance Business Magazine

Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware

FROM THE MEDIA: Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter and free gaming sites. ChromeLoader has also been codenamed Choziosi Loader and ChromeBack by the broader cybersecurity community. What makes the adware notable is that it's fashioned as a browser extension as opposed to a Windows executable (.exe) or Dynamic Link Library (.dll).

READ THE STORY:   THN

Singapore - Terrorists using 'online ecosystem' to raise funds; Ukraine war potential rallying point for far-right extremism

FROM THE MEDIA: Terrorist groups in Southeast Asia are increasingly banking on an "online ecosystem" to raise funds and propagandize through social media, with at least 181 terror-linked non-profit organizations in Indonesia known to channel money to these violent groups. The Internal Security Department (ISD) also said on Wednesday (July 13) that in the West, the threat of far-right extremism has "overshadowed" Islamist terrorism, with the Russian-Ukraine war potentially serving as a "rallying point" for these groups, who have shown an interest in the conflict since Russia's annexed Crimea in 2014.

READ THE STORY:   Today Online

Canada's Rogers to credit customers with 5 days service after massive outage

FROM THE MEDIA: Rogers Communications Inc (RCIb.TO) will be crediting customers with the equivalent of five days service, it said on Tuesday after the Canadian telecoms operator suffered a major outage that paralyzed the country's banking and emergency services last week. Rogers has come under pressure from Canadian government, customers and politicians over last Friday's unprecedented glitch that lasted 19 hours. On Tuesday, the telecoms regulator ordered Rogers to respond within ten days to its questions about the network outage that impacted millions of Canadians.

"We know that we need to earn back their trust, and as a first step, we will be crediting our customers with the equivalent of five days service," Rogers said in a statement late on Tuesday.

READ THE STORY:   Reuters

Almost everyone faced an industrial attack in the last year

FROM THE MEDIA: A report commissioned by cloud security company Barracuda found that 94 per cent of respondents have experienced some form of attack on their industrial IoT (IIoT) or operational technology (OT) systems during the last 12 months. The State of Industrial Security in 2022 report surveyed 800 senior IT and security officers responsible for these industrial systems.

“In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organisations at risk,” said Tim Jefferson, senior vice president for data protection, network, and application security at Barracuda said in a statement accompanying the report.

READ THE STORY:   Reseller

Cyber threats ‘a silent nuclear weapon’: ex-Mossad chief

FROM THE MEDIA: Cyberspace has become a multidimensional threat channel enabling crime, warfare and ever-deeper political disruptions, a retired Israeli spymaster warned at a conference today (July 13) in Seoul.

Comparing cyber threats to “a silent nuclear weapon,” ex-Mossad head Tamir Pardo stated that the domain was, 30 years ago, stalked by professional state spy agencies expanding their capabilities from signals intelligence to the wider web. But as connectivity has infiltrated all areas of modern life, the space has been invaded by malicious actors of multiple stripes.

READ THE STORY:   AsianTimes

Esri launches indoor positioning system ArcGIS IPS

FROM THE MEDIA: "Indoor positioning systems solve the 'last mile' navigation challenge, bridging the gap between outdoor and indoor worlds," said Esri founder and president Jack Dangermond.

"We are pleased to offer this important capability that is another piece in completing holistic mapping systems for organizations that aspire to the digital transformation that geospatial technology provides." Indoor positioning systems is a huge step towards smart city efficiency and convenience. Organizations can bundle features for managing facilities and monitor them for conditions that may affect safety and security, according to Esri.

READ THE STORY:  ITwire

India - Silent Sentry: How Rail-Mounted Robot Artificial Intelligence Will Enhance Surveillance Along LoC

FROM THE MEDIA: Around 75 Artificial Intelligence (AI)-enabled defence products were launched by Defence Minister Rajnath Singh at an event in New Delhi. Out of the total AI-enabled defence products launched, many have already been deployed while the others are in the process of being deployed. Amongst these, one of the most eye-catching product was the Silent Sentry which is a key technology developed by the design bureau of the Indian Army to plug the gaps in surveillance networks.Also Read - Artificial Intelligence, Air-Based Sensors To Help Indian Army Scan LAC Amid Increase In Chinese Exercises

At the event, products were launched under multiple domains like cyber security, human behavioural analysis, block chain-based automation, command, control, communication, computer & intelligence, surveillance and reconnaissance, intelligent monitoring systems, speech, voice analysis using natural language processing and the list goes on.

READ THE STORY:  India

Computer chips face toilet paper hoarding moment as shortage turns to glut

FROM THE MEDIA: A supply chain crisis triggered by the global pandemic deprived makers of PCs and smartphones to cars of computer chips needed to make their products. All that suddenly changed over three weeks from late May to June, as high inflation, China's latest Covid lockdown, and the war in Ukraine dampened consumer spending, especially on PCs and smartphones. Chip shortages turned into a glut in some sectors, taking Wall Street by surprise. By late June, memory chip firm Micron Technology Inc said it would reduce production. The market reversal caught Micron off guard, admitted Chief Business Officer Sumit Sadana.

READ THE STORY: ET

Kingsoft Denies Rumors It Is Deleting Users’ Data, Says It Has Banned Access to Some Illicit Files

FROM THE MEDIA: Kingsoft Office Software has blocked access to a link on its widely used Writer, Presentation and Spreadsheets office suite (WPS) that was allegedly used to share illegal documents online, the Chinese software developer said today in response to rumors that it is deleting users’ files. Kingsoft protects customer privacy and does not examine, lock or delete any files but the firm will check online documents shared through its cloud service as required by the country’s cyber security law, Kingsoft Office said.

Rumors were circulating on social media on July 11 that the Beijing-based company was deleting users’ files and infringing their privacy. Local files could easily be accidentally uploaded to the WPS cloud and converted into online documents due to the design of many could-friendly services, a blogger on Twitter-like Weibo said.

READ THE STORY:  YICAI Global

Huawei redefines Lebanon’s future through advanced technologies

FROM THE MEDIA: Huawei announced Wednesday it is working to help Lebanon lift its economy through technology. "Lebanon stands at the precipice of change – it needs to move forward and prioritize the implementation of a resilient ICT strategy in order to secure its bright future," the CEO of Huawei in Lebanon, Aiden Li, said in a statement.

Li added that the World Bank Group has adapted its strategy to support Lebanon’s emerging needs – the Performance and Learning Review (PLR) of the Country Partnership Framework (CPF) to make it more people-centric, being more selective in the sectors that directly benefit the poor and most vulnerable, including refugees, and preparing the ground for a reform program.

READ THE STORY:  Naharnet

Experts say US must not let EU lead on cybersecurity

FROM THE MEDIA: Cybersecurity experts argued on Tuesday that the U.S. is falling behind the European Union when it comes to being a leader in the realm of cyber security. Experts called the bloc’s General Data Protection Regulation, a law governing data privacy and security rules, the global standard. The law, adopted in 2018, renewed how businesses handle personal data in Europe, with large fines for companies that fail to comply. Panelists at a virtual Council on Foreign Relations event echoed recommendations made in a new cybersecurity report by the foreign policy think tank. 

READ THE STORY:  The Hill

The growing influence of the Cyberspace Administration of China.

FROM THE MEDIA: Protocol recounts how the regulatory powers of the Cyberspace Administration of China (CAC), China’s central internet censorship agency, have grown to cover nearly every internet company in the country. When the CAC was established in 2013, China’s State Council mandated it to regulate online content, and it was tasked with drawing up China’s 2017 Cybersecurity Law. The CAC went on to draft China’s Data Security Law and the Personal Information Protection Law, which went into effect last year. The agency tested the limits of its power when it ordered a cybersecurity investigation of DiDi, a leading ride-hailing platform, after the launch of the company’s US IPO. The CAC followed this with a requirement that all companies handling the data of more than a million users undergo a security review before listing their shares overseas.

READ THE STORY:  The CyberWire

TikTok admits Australian data can be accessed in China, prompting warnings app may be compromised

FROM THE MEDIA: The federal Treasurer says he is concerned that social media platform TikTok's China-based employees are able to access Australian user data. Responding to a letter from Shadow Cyber Security Minister James Paterson, TikTok admitted its staff in China were able to access Australian data. "Our security teams minimize the number of people who have access to data and limit it only to people who need that access in order to do their jobs," the company's Australian director of public policy, Brent Thomas, wrote.

READ THE STORY:  ABC

Mangatoon data breach: 23m user accounts stolen from poorly-secured Elasticsearch database

FROM THE MEDIA: Available on iOS and the Android app store, Mangatoon allows millions of comics fans worldwide to read a variety of web comics, webtoons, novels, and chat stories for free, with the option to read the whole comics for a fee. The popular application is owned and operated by Shanghai-based Mangatoon HK Limited. In May this year, Mangatoon suffered a major data breach that involved a threat actor named Pompompurin gaining unauthorised access to its Elasticsearch database protected by a weak password. According to the data breach notification service Have I Been Pwned, the intrusion compromised data associated with all of Magnatoon’s 23 million user accounts.

READ THE STORY: TEISS

Items of interest

China “Will Challenge Us In Our Port And Beyond” Says Top Marine

FROM THE MEDIA: In a conflict with China, which would require the U.S. military to operate over vast swaths of ocean, ports, other logistical hubs, and command and control centers would be especially vulnerable, the top Marine says.

“I think logistics in a contested environment is a huge challenge for us,” Marine Corps Commandant Gen. David Berger said last week during a conversation with the Hudson Institute. “Not insurmountable, but we need to acknowledge that we should assume…they're going to challenge our sustainment. We have work to do.”

That work, he said, requires a “real relook at everything from pre-positioning ashore to pre-positioning afloat to the lift that conventionally has gone across the ocean through this solid protected pipeline delivered in some big port."

READ THE STORY:  The Drive

Data for Peace: Unleashing the Power of Data in Humanitarian Response (Video)

FROM THE MEDIA: The conflict in Ukraine represents the first conventional war in which disruptive technologies and digital platforms play a key role. In a series of online talks, the Global Peace Tech Hub invites to discuss the different ways in which digital technologies and technology platforms can contribute to the promotion of peace and build new bridges between citizens in Europe and the world.

China's Space Weaponization and Global Deterrence(Video)

FROM THE MEDIA: Dr. Namrata Goswami and Rick Fisher bring out the Global concern and the facts about the challenges of China's Space aggression and weaponization causing Security challenges to the world, with soft and hard power space dynamics employed by China.

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com