Monday, July 25, 2022 // (IG): BB //Weekly Sponsor: The Fintel Brief
Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France
FROM THE MEDIA: he mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week. Attack chains involving Roaming Mantis, a financially motivated Chinese threat actor, are known to either deploy a piece of banking trojan named MoqHao (aka XLoader) or redirect iPhone users to credential harvesting landing pages that mimic the iCloud login page.
READ THE STORY: THN
Double extortion ransomware and patient data protection
FROM THE MEDIA: With access to a network and holding data for ransom, it’s no surprise that ransomware is one of the most pressing and diabolical threats faced by cybersecurity teams. Causing billions in losses around the world, it has stopped critical infrastructure like healthcare services in its tracks, putting the lives and livelihoods of many at risk. To better understand how ransomware attackers think, what they value and how they approach applying the most pressure on their victims to get payment, Rapid7 recently released a report titled ‘Paint Points: Ransomware Data Disclosure Trends’, revealing insights on the data that threat actors prefer to collect and release.
READ THE STORY: Hospital Health
QBot Malware Takes Advantage of Windows Calculator to Infect Devices
FROM THE MEDIA: Qbot malware now spreads through the Windows Calculator app. The QBot malware has been infecting devices with Windows operating systems by masking itself as a legitimate app. Qbot, also known as Qakbot, has been utilizing the Windows 7 Calculator software for DLL side-loading hacks since at least July 11. The QBot malware's authors have been utilizing the Windows Calculator to side-load the malicious payload onto affected devices. DLL side-loading is a prevalent form of attack that makes use of the way Dynamic Link Libraries (DLLs) are managed within Windows.
READ THE STORY: Itechpost // BleepingComputer
Americans offer $15m reward to catch HSE hackers
FROM THE MEDIA: US authorities have offered a $15 million (€14.7 million) reward for information leading to the arrest or conviction of members of the Conti group, the criminals blamed for last year’s crippling ransomware attack on the HSE. The US State Department has also offered a bounty of up to $5 million for information on anyone who has conspired with the collective of Russian and Ukrainian hackers. The Conti group is being investigated by the Garda National Cyber Crime Bureau (GNCCB), working alongside Britain’s National Crime Agency and the Federal Bureau of Investigation in the United States.
READ THE STORY: The Times UK
'Living off the cloud': Hackers modernize an old-school tactic
FROM THE MEDIA: IN THE LEAD-UP An old threat is new again — or never really went away. As governments and other players increasingly turn to the cloud, malicious actors are following, adding "living off the cloud" attacks back into their repertoires. Living off the land ploys see hackers use phishing or other methods to gain access to a victims' networks, then use the victims' own tools and services for malicious purposes. These attacks are particularly subtle and date back to at least 2013, according to cybersecurity firm Darktrace. A newer subset of this is living off the cloud, which uses victims' cloud services.
READ THE STORY: The Star
US bolsters cyber alliance to counter rising Iran threat
FROM THE MEDIA: President Biden vowed to expand cyber cooperation with Israel and Saudi Arabia on his trip to the Middle East last week, a move experts see as a direct response to the rising digital threat from Iran. The U.S. and Saudi Arabia signed bilateral agreements to strengthen their cybersecurity partnership and share information related to cyber threats and malicious actors, while Israel and the U.S. pledged to ramp up collaboration to combat cyber crime. “In both cases, we have to acknowledge that Iran is the primary driver of a lot of what happened during Biden’s trip, and this extends to cyber space as well,” said Jason Blessing, a research fellow at the American Enterprise Institute.
READ THE STORY: The Hill
Cyber criminals continue to find new methods of attack
FROM THE MEDIA: ForgeRock, the global digital identity specialist, has announced findings from its 2022 Consumer Identity Breach Report, revealing an unprecedented 297% surge in breaches caused primarily by security issues associated with supply chain and third-party suppliers, and representing almost 25% of all breaches. The report also found unauthorized access was the leading cause of breaches for the fourth consecutive year, steadily increasing to account for 50% of all records compromised during 2021.
READ THE STORY: SecurityBrief
Think tank promotes cyber insurers' ransomware role
FROM THE MEDIA: A new report from The Geneva Association has highlighted cyber insurers’ crucial role in dealing with ransomware attacks. The research group says the growing risk posed by cyber criminals requires insurers to have an increasingly vital presence in preventing and protecting potential victims. The report says a sharp uptick in ransomware attacks has impacted current cyber insurers’ underwriting performances, with the attacks accounting for nearly 75% of all cyber insurance claims in 2020.
READ THE STORY: InsuranceNews AU
Now that BITCOIN is Considered Property in the UK, Reclaiming Ransomed Assets Sent to Exchanges is Much Easier
FROM THE MEDIA: With all the available cryptocurrencies, including anonymity-designed bytecoin, monero and zcash, ransomware attackers continue to demand bitcoin and some reports show darknet markets are fuelled by bitcoin transactions (see pages 54 and 109 of the Chainalysis 2022 Crypto Crime Report). Seemingly, bitcoin remains one of the most valuable assets for criminals utilizing blockchain technology given its relative stability, price and relevance.
READ THE STORY: BITCOIN MAG
DHS Rolls Out New Cybersecurity Rules for Pipeline Owners, Operators
FROM THE MEDIA: The Department of Homeland Security (DHS) has issued a memorandum detailing new cybersecurity rules for owners and operators of pipelines, a decision seen as a victory by the pipeline industry. The Security Directive Pipeline-2021-02C (SD02C) is applicable to operators or owners of hazardous liquid and natural gas pipelines or a liquefied natural gas facility who have already been notified by the Transportation Security Administration (TSA) that their “pipeline system or facility is critical,” the memorandum states. The new rules take effect on July 27. The TSA is an agency of the DHS.
READ THE STORY: The Epoch Times
China plans three-tier data strategy to avoid US delistings
FROM THE MEDIA: China is preparing a system to sort US-listed Chinese companies into groups based on the sensitivity of the data they hold, in a potential concession by Beijing to try to stop American regulators from delisting hundreds of groups. The system is designed to bring some Chinese companies into compliance with US rules that require public companies to allow regulators to inspect their audit files, according to four people with knowledge of the situation. Chinese companies listed in the US would be divided into three broad categories, two people said. The groups would be companies with non-sensitive data, those with sensitive data and others with “secretive” data which would have to delist.
READ THE STORY: FT
Why CNN's report on Chinese espionage is just propaganda (CCP Poss. Propaganda)
FROM THE MEDIA: In July 23, CNN published a report claiming that Chinese-made Huawei equipment posed a threat to U.S. nuclear arsenal communications, citing a so-called FBI investigation, and national security speculation from several U.S. officials. "The FBI determined the [Huawei equipment on top of cell-towers] was capable of capturing and disrupting highly restricted Defense Department communications, including those used by U.S. Strategic Command, which oversees the country's nuclear weapons," claims the report.
READ THE STORY: CGTN
The Art and Science of Hybrid War
FROM THE MEDIA: The concept of hybrid war is not new, rather its tenets include all shades of kinetic and non-kinetic warfare. However, what is new is its scientific application artistically. The artistic mannerism of hybrid war deals mainly with intangible elements: psycho-social, mind-making, negative perception development and management. The primary objective of the executioner remains to create uncertainty and dissatisfaction about the future of the state among the majority of the population.
READ THE STORY: DailyTimes PK
Items of interest
The Dark Web: An Overview – Analysis
FROM THE MEDIA: Many observers of the World Wide Web (web) have described it as having layers. One layer, the surface web, contains indexed content easily accessible with a traditional search engine such as Google. Another layer, the deep web, contains unindexed content that cannot be accessed with a simple Google search. Within the deep web is a segment known as the dark web—a layer where content is intentionally concealed. The dark web may be used for legitimate purposes as well as to conceal criminal or otherwise malicious activities. It is the exploitation of the dark web for illegal practices that has garnered particular interest from law enforcement officials and policymakers.
READ THE STORY: EurasiaReview
Zelenskiy fires Ukraine’s spy chief and state prosecutor, citing collaboration with Russia (Video)
FROM THE MEDIA: Volodymyr Zelenskiy has fired the head of Ukraine’s powerful domestic security agency, the SBU, and the state prosecutor general, citing dozens of cases of collaboration with Russia by officials in their agencies.
How To Rebuild a Vintage Television using Modern Technology (Video)
FROM THE MEDIA: Instead of throwing away this 1976 Sony Trinitron TV, I add some new technology to rebuild it back to working condition with lots of new bells and whistles. They couldn't do this in 1976!
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com