Daily Drop (201)

7-22-22

Friday, July 22, 2022 // (IG): BB //Weekly Sponsor: The Fintel Brief

THE FUTURE OF CHINA’S COGNITIVE WARFARE: LESSONS FROM THE WAR IN UKRAINE

FROM THE MEDIA: With the development of AI, neuroscience, and digital applications like social media, senior officers and strategists in the Chinese People’s Liberation Army (PLA) claim that, in the future, it will be possible to influence the enemy’s brain to affect human cognition directly. Doing so creates the possibility of subduing the enemy without a fight, either by technical or informational means. Will the lessons of the war in Ukraine change their thinking on this subject — and thus alter their plans for possible future invasions of Taiwan?

READ THE STORY:   War on the Rocks

Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky's health

FROM THE MEDIA: Cyber criminals attacked a Ukrainian company that operates nine “major” radio stations to spread a message that Ukrainian President Volodymyr Zelensky was in critical condition and under intensive care, Ukrainian officials announced Thursday. “Cyber criminals have spread the news suggesting that the President of Ukraine Volodymyr Zelenskyy is allegedly in critical condition under intensive care and the Chairperson of the Verkhovna Rada of Ukraine Ruslan Stefanchuk acts in his stead,” a spokesperson for the State Service of Special Communications and Information Protection told reporters.

READ THE STORY:   CyberScoop

Battling Moscow's hackers prior to invasion gave Kyiv 'full dress rehearsal' for today's cyber warfare

FROM THE MEDIA: Ukraine has long been on the front line of many of the most devastating cyberattacks attributed to Russian state-sponsored hackers, from a 2015 power grid attack to the infamous 2017 NotPetya malware infections that spread around the world and caused billions of dollars in damages. More recently, in the weeks leading up to the Russian invasion, Ukraine suffered a series of breaches that officials blamed on Russia. These attacks helped prepare the country to battle back against Moscow’s arsenal of digital weapons.

READ THE STORY:   CyberScoop

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

FROM THE MEDIA: A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks that are part of larger criminal campaigns. Dubbed Atlas Intelligence Group (A.I.G.), the cybergang has been spotted by security researchers recruiting independent black-hat hackers to execute specific aspects of its own campaigns. A.I.G., also known as Atlantis Cyber-Army, functions as a cyber-threats-as-a-service criminal enterprise. The threat group markets services that include data leaks, distributed denial of service (DDoS), remote desktop protocol (RDP) hijacking and additional network penetration services, according to a Thursday report by threat intelligence firm Cyberint.

READ THE STORY:  Threatpost

The Kronos Ransomware Attack: What You Need to Know So Your Business Isn't Next

FROM THE MEDIA: On Dec. 11, 2021, Kronos, a workforce management company that services over 40 million people in over 100 countries, received a rude awakening when it realized its Kronos Private Cloud was compromised by a ransomware attack. This was just the beginning of a series of events to follow. Still to this day, millions of employees are short hundreds or even thousands of dollars as the Kronos software fails to reconcile following the attack. But by understanding the impact of this ransomware attack, and the methods behind it, companies can better plan and tighten their cybersecurity protection efforts to prevent or minimize the effects of such attacks in the future.

READ THE STORY:  DarkReading

Researchers uncover potential ransomware network with U.S. connections

FROM THE MEDIA: Typically, when it comes to ransomware, researcher and cybersecurity companies scramble after attacks to understand the origin of the malware that infected systems and locked crucial data. But researchers with Censys, a firm that indexes devices connected to the internet, said Thursday they’ve flipped the typical script and found what appears to be a ransomware command and control network capable of launching attacks, including one host located in the U.S.

READ THE STORY:  CyberScoop

Which group will replace Conti from the ransomware crown?

FROM THE MEDIA: The infamous Conti group officially closed down at the end of June following the ContiLeaks incident, when a Ukrainian security researcher infiltrated the Russian ransomware group’s infrastructure and leaked all the information he could find. Conversations, personnel information, tools, and the product’s source code were all exposed. In a matter of weeks, Conti went from being the world’s biggest ransomware group to rapidly becoming a largely spent force. Although its campaigns in Peru and Costa Rica earlier this year made waves in the mainstream media, it appears that the Conti group itself achieved little more than headlines.

READ THE STORY:  SCMAG

ACLU report confirms DHS purchased phone location data to monitor citizens.

FROM THE MEDIA: The American Civil Liberties Union (ACLU) has released thousands of pages of documents demonstrating how the US Department of Homeland Security (DHS) accesses mobile location data to track citizens, often purchasing the data without following appropriate protocols. After obtaining the documents through a Freedom of Information Act (FOIA) lawsuit, Wired explains, the ACLU found evidence that DHS worked with surveillance companies Babel Street and Venntel to access hundreds of millions of Americans’ cell phones between 2017 and 2019, obtaining “more than 336,000 location data points across North America.”

READ THE STORY:  CyberWire

Black Basta takes credit for attack on Knauf Insulation

FROM THE MEDIA: International building materials manufacturer Knauf Insulation has confirmed a cyberattack that disrupted operations and resulted in the shutdown of all of the company’s IT systems. The incident occurred on June 29, and though Knauf has not specified the nature of the attack, Bleeping Computer says all signs point to ransomware. Earlier this week the Black Basta ransomware group added Knauf to its list of victims on their extortion site, and the hackers published a sample of the data allegedly stolen. The fact that not all of the data has been released indicates that ransom negotiations are still ongoing, TechMonitor notes.

READ THE STORY:   CyberWire

Eberspaecher reveals details of cyberattack that likely cost up to $60M

FROM THE MEDIA: Nearly nine months after German supplier Eberspaecher Group fell victim to a large-scale cyberattack, the company is finally eliminating the remaining effects from its 80 sites worldwide and has made its IT systems more secure. The attack cost the company a "mid-double-digit million amount," Eberspaecher CEO Martin Peters told journalists. This figure is likely to be between 40 and 60 million euros ($40 million to $60 million), according to a report in Automotive News Europe sister publication Automobilwoche.

READ THE STORY:   Automotive News Europe

National data privacy law draws mixed reaction from civil liberties, industry groups

FROM THE MEDIA: The House Energy and Commerce Committee advanced major data privacy legislation Wednesday along with two other bills that would compel federal reporting on cross-border ransomware complaints and require IoT vendors to warn consumers about surveillance components in the connected devices they manufacture. The top item on the docket was the American Data Privacy and Protection Act, the House’s version of a comprehensive privacy bill that congressional Democrats are seeking to advance.

READ THE STORY:   SCMAG

A tale of two states’ cyber strategies

FROM THE MEDIA: On this week’s Priorities podcast, two state technology officials share details of recent changes to their cyber strategies. Former Louisiana Chief Information Security Officer Dustin Glover explains his new role as chief cyber officer. Glover was promoted to the new role earlier this month after the role of CISO became overloaded with responsibilities. In addition to running enterprise cybersecurity for the state, Glover has helped more than 100 local governments with cyber incidents.

READ THE STORY:   StateScoop

MiCODUS Car Trackers are SUPER Vulnerable and Dangerous (CCP?)

FROM THE MEDIA: A popular  automotive GPS tracker used in 169 countries has severe software vulnerabilities, posing a potential danger to highway safety, national security and supply chains, cybersecurity researchers have found. … The flaws could let attackers remotely hijack device-equipped vehicles, cutting off fuel to them and otherwise seizing control while they travel.

READ THE STORY:   SecurityBoulevard

A Criminal Talent Broker

FROM THE MEDIA: Cyberint reports that they have discovered a new threat group emerging, the Atlas Intelligence Group, also known as the Atlantis Cyber-Army. Atlas is unusual in its recruitment of “cyber-mercenaries” to do specific jobs for campaigns known only to the administrators. The group has been operating and growing since May of this year, advertising in Telegram markets and its own dedicated Telegram accounts. Their customers access their services in an e-commerce store hosted on the Sellix platform. One “Mr. Eagle,” who presents himself as the group’s leader, has advertised Atlas Intelligence Group’s variety of services, which include exclusive data leaks, distributed denial-of-service (DDoS) campaigns for hire, RDP attacks, and initial access.

READ THE STORY:   CyberWire

Russia-linked APTs targeted fleeing Ukrainian civilians

FROM THE MEDIA: Two advanced persistent threat (APT) groups likely linked to the governments of Russia and its puppet state Belarus conducted a phishing campaign that targeted Ukrainian civilians fleeing the illegal shelling of their homes by Russian forces, according to new information released by Mandiant and the US authorities. The two groups, tracked as UNC1151 and UNC2589 in Mandiant’s database, used lures themed on public safety and humanitarian emergencies in two distinct campaigns.

READ THE STORY:   ComputerWeekly

New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems

FROM THE MEDIA: A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems. "The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration," Intezer researcher Ryan Robinson said in a new report published today.

READ THE STORY:   THN

Russia, Iran discuss tech manufacturing, infosec and e-governance collaboration

FROM THE MEDIA: Iran's Communications Ministry joined in a pledge with Russian state-owned defence and technology conglomerate Rostec to explore future collaboration in e-government, information security, and other areas. News of the collaboration came in a statement published on Friday by Iran's Information Technology Organization (ITO) – a government agency charged with developing policy related to data networks and digital services.

READ THE STORY:   The Register

The Ukraine war’s gifts to North Korea

FROM THE MEDIA: Militaries around the world are keenly following events in Ukraine, where a Western-supported defender is facing a massed, multi-dimensional Russian assault. Strategies and tactics, weapons and technologies, are being put to the harshest test in a brutal contest of blood, gold, iron and will. Lessons are being drawn by politicians and diplomats, scientists and engineers, generals and corporals. Half a world away, quivering pundits have fretted that if Russian President Vladimir Putin prevails in Ukraine, Xi Jinping might be encouraged to launch a Chinese invasion of Taiwan.

READ THE STORY:   AsiaTimes

India: Supply chains must be both global and local

FROM THE MEDIA: The Covid-19 pandemic and the Russia-Ukraine war have exposed the fragility of global supply chains, prompting countries to look inwards increasingly. Calls for national self-sufficiency and near-shoring supply chains threaten to reverse the gains from globalization and an interconnected world economy. Global supply chains spanning multiple industries and dozens of countries have driven and defined globalization over the past few decades. Till recently, an estimated 70% of world trade was carried out through these supply chains.

READ THE STORY:   New Indian Express

US probes China's Huawei over equipment near missile silos

FROM THE MEDIA: The Biden administration is investigating Chinese telecoms equipment maker Huawei over concerns that United States cell towers fitted with its gear could capture sensitive information from military bases and missile silos that the company could then transmit to China, two people familiar with the matter said. The authorities are concerned Huawei could obtain sensitive data on military drills and the readiness status of bases and personnel via the equipment, one of the people said, requesting anonymity because the investigation is confidential and involves national security.

READ THE STORY:   StraitsTimes

Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists

FROM THE MEDIA: The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed DevilsTongue, a modular implant with Pegasus-like capabilities.

READ THE STORY:   THN

North Korean state-sponsored ransomware thwarted

FROM THE MEDIA: The Justice Department announced that it had disrupted the activities of a North Korean state-sponsored group deploying ransomware known as Maui. Thanks to rapid reporting and cooperation from a victim, the Justice Department not only recovered their ransom payment as well as a ransom paid by previously unknown victims but was also able to identify a previously unidentified ransomware strain.

READ THE STORY:   SecurityMag

Rick Scott blasts computer chip bill as giveaway to Big Tech: 'No return but inflation'

FROM THE MEDIA: Sen. Rick Scott took the White House and fellow Republicans to task Thursday for proposing to give billions in taxpayer money to profitable high-tech companies as part of President Biden’s plan to boost the U.S. semiconductor industry.  Scott, a member of the GOP Senate leadership, told Fox News Digital the $252 billion legislation being negotiated was not only likely to exacerbate inflation, but amounted to little more than a giveaway to big business. 

READ THE STORY:   Fox News

Official: White House to Meet with Rail Industry Before Issuing Cybersecurity Rules

FROM THE MEDIA:The White House plans to consult with leaders of the rail industry next month on a new cybersecurity directive, according to Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger.  Speaking at the Aspen Security Forum Wednesday, Neuberger said security directives the administration issued for the pipeline sector last year—in response to a ransomware attack that led to a run on fuel supplies along the East Coast—were “a major change which we then rolled on to additional sectors.”

READ THE STORY:   NEXTGOV

The SolarWinds hackers are back - and smuggling malware in Google Drive

FROM THE MEDIA: APT29, also known as Cozy Bear and Cloaked Ursa, is abusing cloud storage service Google Drive to distribute malware, researchers have warned. Earlier this week, Unit 42 (the cybersecurity arm of Palo Alto Networks) discovered that the group, allegedly backed by the Russian state, was using Google Drive to facilitate two campaigns targeting diplomats and embassies in Portugal and Brazil. “This is a new tactic for this actor and one that proves challenging to detect due to the ubiquitous nature of these services and the fact that they are trusted by millions of customers worldwide,” Unit 42 claims.

READ THE STORY:  TechRadar

US Cyber Command spots another 20 malware strains targeting Ukraine

FROM THE MEDIA: US Cyber Command has disclosed 20 new strains of malware among the numerous software nasties and cyberattacks being used against Ukrainian targets over the last few months. In an alert this week, the Pentagon's cyberspace wing made public indicators of compromise (IOC) associated with various malware strains that were found in Ukrainian networks by the country's security service. "Our Ukrainian partners are actively sharing malicious activity they find with us to bolster collective cyber security, just as we are sharing with them," US Cyber Command said in a statement on Wednesday.

READ THE STORY:   The Register

DOJ, SEC Charge Former Coinbase Product Manager With Insider Trading

FROM THE MEDIA: A former Coinbase product manager and two others together ran a year-long, insider-trading scheme that generated more than $1.1 million in profits, U.S. federal authorities today alleged. Ishan Wahi, while an employee at the San Francisco-based cryptocurrency exchange, allegedly provided information regarding upcoming token listings on Coinbase to his brother Nikhil Wahi, and his friend, Sameer Ramani.

READ THE STORY:   Decrypt

Mixed Messages as Neopets Scrambles to Respond to Mega Breach

FROM THE MEDIA: Tens of millions of users of a popular virtual pet site may have had their data compromised in the first known US mega breach of 2022. Neopets, which is owned by US giant Viacom, took to Twitter yesterday to confirm the news. “Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data,” it said.

READ THE STORY:   InfoSec Mag

Items of interest

Cyberattacks: How Putin Is Trying To Win The War In Ukraine?

FROM THE MEDIA: The war in Ukraine is about to enter its fifth month, and the Russian military and security services are using their whole arsenal in an attempt to achieve some semblance of victory after the humiliating failures of the past few months. Cyberattacks are some of the measures Moscow is using to disrupt and degrade the Ukrainian capabilities and those of its international allies and partners. The British government came out with a warning that Russian hackers—though it is unclear if it is part of the military or security services or just proxies—are taking down websites through Distributed Denial of Service (DDoS) attacks. 

“Cyber attacks orchestrated by pro-Russian criminal groups against UK allies since Russia invaded Ukraine are unacceptable. This is just one example of the growing threats facing democracies,” the British Foreign, Commonwealth, and Development Office stated.

READ THE STORY:   1945

Jon DiMaggio, NoStarch Press author of "The Art of Cyberwarfare" (Video)

FROM THE MEDIA: Jon DiMaggio, NoStarch Press author of "The Art of Cyberwarfare"

Conti Ransomware From High to Low (Video)

FROM THE MEDIA: The Conti ransomware group has been one of the most active groups in recent times. In April 2022 the Conti group published information about 46 victims on their leak site. In total, they published information about 859 compromised victims, but the real number of compromises is probably higher, as some have paid the demands and were not listed.

these open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com