Tuesday, July 26, 2022 // (IG): BB //Buy Me: The Hawk Enigma
SmokeLoader Infecting Targeted Systems with Amadey Info-Stealing Malware
FROM THE MEDIA: An information-stealing malware called Amadey is being distributed by means of another backdoor called SmokeLoader. The attacks hinge on tricking users into downloading SmokeLoader that masquerades as software cracks, paving the way for the deployment of Amadey, researchers from the AhnLab Security Emergency Response Center (ASEC) said in a report published last week. Amadey, a botnet that first appeared around October 2018 on Russian underground forums for $600, is equipped to siphon crendentials, capture screenshots, system metadata, and even information about antivirus engines and additional malware installed on an infected machine.
READ THE STORY: THN
Senate Armed Services Committee concerned about DOD’s cyber mission force
FROM THE MEDIA: The Senate Armed Services Committee is looking to help the Department of Defense address and correct issues associated with the readiness of its cyber forces, according to new legislation and congressional aides. Committee aides told reporters on Monday that in discussions with cyber commanders, readiness problems — including recruiting and retention — became more apparent. The SASC version of the fiscal 2023 National Defense Authorization Act calls for a plan to address readiness shortfalls and a study on the responsibilities of the military services for organizing, training and presenting forces to U.S. Cyber Command.
READ THE STORY: FedScoop
Cyber-mercenaries for hire represent shifting criminal business model
FROM THE MEDIA: An emerging and fast-growing threat group is using a unique business model to offer cybercriminals a broad range of services that span from leaked databases and distributed denial-of-service (DDoS) attacks to hacking scripts and, in the future, potentially ransomware. The Atlas Intelligence Group – or AIG or Atlantis Cyber-Army – was first detected in May and initially appeared to be a run-of-the-mill data leakage gang, according to threat intelligence researchers at Cyberint. However, as a clearer picture of AIG emerged, it became obvious that the group's operations were anything but business as usual.
READ THE STORY: The Register
How the cyberwar between Iran and Israel has intensified
FROM THE MEDIA: In late June, Iran’s state-owned Khuzestan Steel Co. and two other steel companies were forced to halt production after suffering a cyberattack. A hacking group claimed responsibility on social media, saying it targeted Iran’s three biggest steel companies in response to the “aggression of the Islamic Republic.” Israel’s defense secretary then ordered an investigation into leaked video showing the damage to the steel plants, citing “operational events in a manner that violates Israel’s ambiguity policy.” This incident came close on the heels of a statement by the Israeli Security Agency, or Shin Bet, claiming a May cyberoperation by Iran was intended to generate actions outside of the cyber-domain.
READ THE STORY: Washington Post
Congress joins the fight over foreign spyware
FROM THE MEDIA: Congress has taken relatively little action so far to counter advanced foreign spyware that has eavesdropped on U.S. officials, activists and journalists. But that appears to be changing, with a rare open House Intelligence Committee hearing this week on the secretive industry. Companies such as Israel-based NSO Group sell software that can remotely snoop on mobile phones, and it doesn’t even require tricking a user into clicking on something for access. While NSO Group says it only authorizes sales of its Pegasus product to governments for fighting terrorism and crime, reporters and watchdog groups have nonetheless discovered abuses.
READ THE STORY: WashingtonPost
How a Nuclear Scientist got Assassinated by a Killer Robot Operated from 1K Miles Away
FROM THE MEDIA: On November 27th, 2021, the ‘father’ of Iran’s illegal atomic program,Mohsen Fakhrizadeh(62), was ambushed and killed by an A.I driven killer robot machine mounted on the back of a Ford. It was operated 1000 miles away by a Mossad sniper, communicating via satellite. The ‘ killer gun’ was kitted out with artificial intelligence and multiple cameras, capable of firing 600 bullets a minute. Fakhrizadeh didn’t stand a chance.
READ THE STORY: Medium
Cybersecurity lessons from Russia's war in Ukraine, according to Microsoft's president and vice-chair
FROM THE MEDIA: Since invading Ukraine, Russia has upped their cyberattacks on the United States and its allies, according to a report from Microsoft, and there are several lessons to help protect against these attacks in the future, Microsoft President and vice-Chair Brad Smith told Fox News Digital. A drastic cyberattack against the United States is not a far-reaching idea. In fact, according to the report "Defending Ukraine: Early Lessons from the Cyber War," Microsoft has tracked Russian cyber hacking in 42 countries, with the United States being the top target, followed by Poland.
READ THE STORY: Fox News
What the CIA Director Knows About the Russian President
FROM THE MEDIA: No one has described today’s Russian President Vladimir Putin better than CIA Director William J. Burns did last Wednesday at a security forum in Colorado. No American official other than Burns, who served as U.S. Ambassador to Russia from 2005-to-2008, Undersecretary of State 2008-2011, and Deputy Secretary of State 2011-2014, has had an equal long-term, personal experience with Putin. Most recently, as CIA Director, Burns met with Putin in the Kremlin on November 9, 2021 as President Biden’s personal envoy – making him the last American to speak to Putin before Russia invaded Ukraine on February 24.
READ THE STORY: TheCipherBrief
QBot Malware Using Windows Calculator to Deploy Payload on Infected Computers
FROM THE MEDIA: By using Windows Calculator, the QBot malware operators are able to side-load their malicious payload onto the computers that are compromised. In short, Windows Calculator is being used to distribute dangerous code. A method of attack known as DLL side-loading is a form of attack that is frequently used in Windows in order to exploit the way Dynamic Link Libraries (DLLs) are regulated. A spoof DLL is created by assuming the identity of a legitimate DLL, placing the false DLL in an operating system directory, and using the false DLL instead of the real one to load it.
READ THE STORY: CyberSecurityNews
Teenagers spotted the largest gas pipeline spill in US history
FROM THE MEDIA: A giant pipeline spewed millions of gallons of fuel into a nature preserve for more than two weeks until two teens on four-wheelers noticed the spill and alerted authorities. The teenagers discovered the leak in the Colonial Pipeline in August 2020 in the Oehler Nature Preserve outside Charlotte, North Carolina, E&E News reports. Just how massive the leak actually was — about 2 million gallons — came to light recently on Friday, July 22nd.
READ THE STORY: The Verge
European Cops Helped 1.5 Million People Decrypt Their Ransomwared Computers
FROM THE MEDIA: In the last six years, European cops estimate that they have helped around 1.5 million people and organizations decrypt files that were locked by hackers with ransomware, saving around $1.5 billion. Europol, the European Union law enforcement agency, announced the figures on Tuesday, a day that marks the sixth anniversary of the No More Ransom project, which brings law enforcement and private industry partners together with the goal of providing decryption tools and other support for ransomware victims.
READ THE STORY: VICE
Ransomware Attackers Double Down on Attacking Vulnerable Schools
FROM THE MEDIA: Ransomware attacks have been rising recently, and schools are not immune to them. In fact, schools are actually quite vulnerable to these types of attacks, as they often have limited IT budgets and staff. Ransomware is malware that encrypts a user's files and demands a ransom be paid to decrypt them. These attacks can be highly costly for schools that often lose essential data and files. Sophos, a cybersecurity company, revealed in a survey report that 3 out of 5 higher and lower education institutions faced a ransomware attack.
READ THE STORY: CDO Trends
VR Malware Lets Hackers Into Your Headset
FROM THE MEDIA: According to researchers at ReasonLabs, a leading cyber security company, hackers have developed a new form of VR malware for Android-based headsets like the Meta Quest that lets them record your headset screen. The “Big Brother” attack vector works by infecting unsuspecting PCs and lying dormant in the system waiting for a Developer Mode-enabled device to connect, at which point the program opens a TCP port. Hackers can then record your VR sessions remotely whenever the headset is connected to the same WiFi network as the PC that was originally infected.
READ THE STORY: VRSCOUT
Chinese kingpin of transnational call center gang arrested at Bangkok airport
FROM THE MEDIA: A Chinese man wanted for trafficking Chinese people across borders to work in call centre gangs in Laos and Cambodia was arrested at Suvarnabhumi Airport in Bangkok on Saturday. Chief of Police Suwat Chaengyordsook received a call on Friday, July 22, warning him that a Chinese fugitive wanted on an Interpol ‘Red Notice’ would be travelling to Suvarnabhumi Airport in Bangkok the next day. Zhou Dawei – age unknown – was wanted in China under suspicion of “trafficking people in and out of the country.”
READ THE STORY: The Thaiger
BlackCat attacks SRM Technologies then taunts victim on LinkedIn
FROM THE MEDIA: Indian IT services provider SRM Technologies appears to have been hit with a ransomware attack by the BlackCat gang. The group says a successful phishing attack enabled it to gain access to SRM’s systems. It is not yet clear how much damage has been inflicted on the company’s system in the attack, which was revealed overnight. SRM Technologies is an IT services provider based in India, with offices in the US and Japan. The company was founded in 1998 and works with customers in industries including automotive, industrial, retail and education on digital transformation and other IT projects.
READ THE STORY: TechMonitor
Critical Filewave MDM Vulnerabilities Allow Attackers Full Mobile Device Control
FROM THE MEDIA: Two vulnerabilities in FileWave's multiplatform mobile device management (MDM) system would have allowed malicious actors to bypass authentication mechanisms, taking control of the platform and the devices linked to it. FileWave's MDM platform allows admins to push software updates to devices, lock them or even remotely wipe devices. A report from Claroty's Team82 takes a closer look at CVE-2022-34907, an authentication bypass flaw, and CVE-2022-34906, a hard-coded cryptographic key — vulnerabilities that Filewave addressed with a recent update.of Investigation in the United States.
READ THE STORY: DarkReading
LockBit ransomware gang claims it ransacked Italy’s tax agency
FROM THE MEDIA: The LockBit ransomware crew is claiming to have stolen 78GB of data from Italy's tax agency and is threatening to leak it if a ransom isn't paid by July 31. The notorious gang put a notice on its dark-web site adding the agency – the Agenzia delle Entrate – to its growing list of victims. According to LockBit, the data stolen includes documents, financial reports, and contracts. The Euro nation's police are investigating the alleged security breach, which was revealed Monday by Pierguido Iezzi, CEO of Swascan, the cybersecurity unit of business services company Tinexta Group, according to Italian media.
READ THE STORY: The Register
Decentralized Music Platform Audius Identifies Source of USD 6M Exploit, Says it Applied a Patch
FROM THE MEDIA: Decentralized music platform Audius has identified the bug that had allowed a hacker to pass a malicious governance proposal and transfer tokens worth USD 6m, adding that they have applied a patch to regain control of the protocol. In a post-mortem, the protocol said that a vulnerability in its governance, staking, and delegation contracts on Ethereum (ETH) allowed a hacker to exploit the contract initialization code on July 23 and maliciously transfer AUDIO 18m (USD 6.075m) held by the community treasury.
READ THE STORY: CrytoNews
Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores
FROM THE MEDIA: Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company noted in an advisory published on July 22. PrestaShop is marketed as the leading open-source e-commerce solution in Europe and Latin America, used by nearly 300,000 online merchants worldwide.
READ THE STORY: THN
Ukraine Cyber War Fall-out and Ransomware Trends Areas of Focus in New CyberCube Research
FROM THE MEDIA: The insurance industry faces new ransomware tactics, the fallout from the war in Ukraine and threats created by unprecedented nation state activity in cyberspace, says a new report from cyber analytics company CyberCube. According to CyberCube’s H2 2022 Global Threat Briefing, ransomware continues to be largely responsible for the insurable cyber losses experienced by companies. CyberCube helps the insurance industry understand the key risks in today’s threat landscape. This report aims to enable more informed decision-making across broking, underwriting and reinsurance cyber policies.
READ THE STORY: BusinessWire
Lockbit Ramps Up Attacks on Public Sector
FROM THE MEDIA: The prolific Lockbit ransomware gang appears to have claimed another two scalps in recent days: the Canadian town of St Marys and the Italian tax agency. The local administration at St Marys explained in an update on Friday that the attack occurred last Wednesday, locking an internal server and encrypting data on it. “Upon learning of the incident, staff took immediate steps to secure any sensitive information, including locking down the town’s IT systems and restricting access to email. The town also notified its legal counsel, the Stratford Police Service and the Canadian Centre for Cyber Security,” a statement read.
READ THE STORY: InfoSec Mag
Putin’s propaganda machine hammers EU while Brussels sleeps
FROM THE MEDIA: Just as Sergey Lavrov, Russia’s foreign minister, was about to land in Africa on Sunday, he published an op-ed blaming the West for the looming global food crisis that put millions on the Continent on the brink of starvation. Scores of local media outlets swiftly picked it up. Thousands of people shared it on Facebook. Over the same time period, Josep Borrell — the European Union's chief diplomat in charge of pushing back against his Russian counterpart — was a virtual ghost online, based on data from CrowdTangle, a social media analytics tool owned by Meta. He garnered just one mention on Facebook about Africa compared to Lavrov's tidal wave of coverage.
READ THE STORY: Politico
Ukraine’s Disinformation Board: Terrible Idea, Terrible Results
FROM THE MEDIA: As we’ve recently debated here in the United States, government entities established to discern for the public what is truth and what is misinformation are a monumentally bad idea. That is particularly so since they will invariably attack opinions that differ from an incumbent government’s point of view, or which that government deems unhelpful to its policy aims. Government “truth bureaus” are simply incompatible with the very idea of a free society and liberal democracy.
READ THE STORY: CATO
CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China
FROM THE MEDIA: The researchers were not able to determine the initial attack vector, but the analysis of the malicious code allowed the experts to discover which devices can be infected by the CosmicStrand. The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, which are related to designs using the H81 chipset. The researchers speculate the existence of a common vulnerability that was exploited by the attackers to inject the rootkit into the firmware’s image.
READ THE STORY: SecurityAffairs
Hackers Paradise: It’s Cheap and Easy, HP Finds
FROM THE MEDIA: The age of cybercrime is evolving and industrializing. To combat threats that have become easier and cheaper than ever to deploy, enterprises need to think like hackers. Currently, 76% of malware advertisements and 91% of exploits retail for under $10, according to HP, Inc. Only 2% to 3% of threat actors today are advanced coders, highlighting the amateurism of attacks with this bargained accessibility. In a three-month dark web investigation, HP Wolf Security worked with Forensic Pathways to analyze over 35 million cybercriminal marketplaces and forum posts to publish a report on cybercrime’s evolution.
READ THE STORY: SDXCentral
‘I Never Had To Look Up’ Before: Top U.S. Special Ops General On Drone Threat
FROM THE MEDIA: The head of U.S. Special Operations Command, U.S. Army Gen. Richard Clarke, recently highlighted the threat that various tiers of unmanned aircraft pose to U.S. forces deployed overseas, as well as to military and other targets abroad and within the United States. He further underscored that these dangers are only likely to grow and diversify as time goes on.
READ THE STORY: The Drive
Russia steps up subversive activities against post-Soviet countries - Ukraine intelligence
FROM THE MEDIA: Russian special services are building up a network of agents of influence in the countries of the former USSR to run malign campaigns against the sovereignty and national interests of the targeted nations. That’s according to Oleksandr V. Danylyuk, Head of the Center for Defense Reforms, Coordinator of the Interdepartmental Platform for Combating Hybrid Threats, which operates within the framework of Ukraine-NATO cooperation, who delivered the news on Facebook, referring to the Ukrainian intelligence, Guildhall reports.
READ THE STORY: Ukrinform
Adkins and Alperovitch Talk About the Cyber Safety Review Board and Log4j
FROM THE MEDIA: The Cyber Safety Review Board issued its first major report this month, which focused on the Log4j disaster. So, what is the Cyber Safety Review Board, and what is Log4j? To answer these questions and others, Benjamin Wittes sat down with the deputy chair of the Cyber Safety Review Board, Heather Adkins, and board member Dmitri Alperovitch. They talked about what the board is, where it comes from, how it is composed, and what it does.
READ THE STORY: Lawfare Blog
Russian Forces Conducting Detentions and Forced Deportations Through Systematic Filtration Operations
FROM THE MEDIA: A National Intelligence Council memorandum assesses that Russia with the help of proxy groups almost certainly is using so-called filtration operations to conduct the detention and forced deportation of Ukrainian civilians to Russia. These operations have expanded during the course of the conflict to involve the screening of possibly thousands of individual Ukrainians.
READ THE STORY: HSTODAY
Items of interest
Google exploit used against journalists
FROM THE MEDIA: “We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East,” said the cybersecurity provider. “Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties.”
Avast said it reported the zero-day exploit – a weakness in an organization’s cyber defenses hitherto unidentified – to Google on July 4, with the big tech firm saying it has since been patched.
But prior to that, it is thought the weakness was “abused to achieve shellcode execution in Chrome’s renderer process,” allowing threat actors to remotely assume command of selected devices. Avast believes its users based in Lebanon, Turkey, Yemen, and Palestinian parts of Israel were attacked in such a way from March, and that “the attacks were highly targeted.”
READ THE STORY: CyberNews
New U.S. Cyber Strategy Disrupts North Korean Ransomware (Video)
FROM THE MEDIA: U.S. officials say they were able to disrupt a ransomware campaign from North Korean state sponsored hackers that targeted hospitals - and were even able to claw back some of the ransom that had already been paid in cryptocurrency. WSJ reporter Dustin Volz joins host Zoe Thomas to discuss the strategy U.S. law enforcement used and why they say the new approach could better protect Americans.
Anonymous Emergency Message : CYBER WAR (Video)
FROM THE MEDIA: CYBERWAR
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com