Thursday, July 28, 2022 // (IG): BB //Buy Me: The Hawk Enigma
‘EvilNum’ malware targets European financial exchanges, crypto with backdoor attacks
FROM THE MEDIA: As if cryptocurrency and decentralized finance (DeFi) players didn't have enough to worry about with the recent market crash, these companies are again under assault from a new malware that creates a backdoor to steal data, according to research from Proofpoint. Threat actor dubbed TA4563 by researchers has been aiming its “EvilNum” malware at European financial and investment firms that specialize in foreign currency exchange and commodities, cryptocurrency and DeFi, placing a backdoor in their systems that allows cybercriminals to steal their valuable information or lay in wait for more opportunities to compromise these financial platforms.
READ THE STORY: SCMAG
How DDoSecrets built the go-to home for Russian leaks
FROM THE MEDIA: American investigative reporter Emma Best knows how arduous it is to ask for information from government agencies. She made more than 5,000 such requests during her career at MuckRock, a non-profit news site that publishes original government documents and conducts investigations based on them. Best was so persistent that the FBI temporarily banned her from filing any more information requests.
READ THE STORY: The Record
Lawmakers want to make mercenary spyware a riskier investment
FROM THE MEDIA: The spread of sophisticated commercial spyware may be impossible to stop, researchers told U.S. lawmakers in testimony Wednesday during a hearing on private vendors of digital surveillance tools. However, one way to slow the trade of such tools to governments and other buyers who may use them to abuse human rights, they argued, is to make it less lucrative.
READ THE STORY: The Record
Cyber Mercenary Leveraged Windows Zero Day in SubZero Malware Attack
FROM THE MEDIA: A cyber mercenary targeted European and Central American victims in “limited attacks” that leveraged multiple Microsoft and Adobe flaws - including a recently patched Windows zero-day bug - in order to deploy malware called Subzero. Microsoft said that the cyber mercenary, which it tracks as Knotweed, is an Austria-based private-sector offensive actor called DSIRF "that ostensibly sells general security and information analysis services to commercial customers." Cyber-mercenary threat groups typically develop and offer an array of hacking and surveillance services to individuals and governments globally.
READ THE STORY: DUO
FileWave fixes bugs that left 1,000+ orgs open to ransomware, data theft
FROM THE MEDIA: FileWave has fixed a couple vulnerabilities in its endpoint management software that could allow a remote attacker to bypass authentication and take full control of the deployment and associated devices. Industrial control system security firm Claroty discovered the two bugs, tracked as CVE-2022-34907 and CVE-2022-34906, and says they exposed organizations across sectors — from large corporations to schools and government agencies and even small businesses — to risks including ransomware infections, sensitive data theft, and even remote device control.
READ THE STORY: The Register
BlackMatter ransomware capabilities found in LockBit 3.0
FROM THE MEDIA: The Hacker News reports that the latest LockBit ransomware version, LockBit 3.0, also known as LockBit Black, has been discovered by Trend Micro researchers to have similarities with the BlackMatter ransomware strain. Aside from leveraging privilege escalation and harvesting techniques of BlackMatter for determining necessary APIs for process termination, LockBit 3.0 also uses the same tactics to evade analysis, a Trend Micro report showed. LockBit 3.0 also uses a "-pass" argument for main routine decryption, similar to the now-defunct Egregor ransomware, and seeks to prevent attacking systems based in the Commonwealth of Independent States.
READ THE STORY: SCMAG
Manufacturing industry hard hit by ransomware, Akamai finds
FROM THE MEDIA: Recent findings by Akamai Technologies has revealed that nearly 30% of ransomware attacks worldwide launched by the world's largest ransomware gang, Conti, targeted the manufacturing industry. The business services and retail industries were the next most frequently targeted at 13.37% and 11.14%, respectively. According to Forrester, as many as three in four manufacturers in Asia Pacific are prioritizing innovation and automation for greater operational efficiency and resilience.
READ THE STORY: Security Brief
LockBit Implements New Technique by Leaking Victim Negotiations
FROM THE MEDIA: While many ransomware groups come and go, LockBit seems to be the one that persists. First discovered in September 2019 using the name ABCD, and then gaining notoriety as LockBit in April 2020, the group has outlasted many of their competitors.[1] This is in part due to the innovation in the group’s tactics, techniques, and procedures (TTPs), as well as the group’s collective beliefs. An example of this is a decision made in relation to the Russia and Ukraine conflict. While groups such as Conti expressed their support for Russia during their invasion of Ukraine, and was subsequently hacked by a pro-Ukraine individual, LockBit took a different stance.
READ THE STORY: JDSUPRA
Ukraine’s tech excellence is playing a vital role in the war against Russia
FROM THE MEDIA: Russia’s invasion of Ukraine is now in its sixth month with no end in sight to what is already Europe’s largest conflict since WWII. In the months following the outbreak of hostilities on February 24, the courage of the Ukrainian nation has earned admiration around the world. Many international observers are encountering Ukraine for the first time and are learning that in addition to their remarkable resilience, Ukrainians are also extremely innovative with high levels of digital literacy.
READ THE STORY: Atlantic Council
Chinese spying and espionage has infiltrated our nation's central bank
FROM THE MEDIA: So, Jay Powell's Fed went ahead and raised their target rate 75 basis points to 2.5%, as the world expected. No big surprise. The stock market increased over 500 points. Bonds are basically flat with the 10-year at 2.79 and gold is up $18. I kind of think if he had a little more hair on his chest, he would've done 100. My theory is simply that the faster the Fed gets its target rate above inflation and drains excess cash from the economy and achieves price stability, then the faster the economy can start growing again.
READ THE STORY: Fox Business
Kansas MSP shuts down cloud services to fend off cyberattack
FROM THE MEDIA: A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services. According to an email sent to MyAppsAnywhere customers shared on Reddit, the company detected signs of a cyberattack on Tuesday morning and quickly shut down cloud services to prevent the attack's spread.
READ THE STORY: Bleeping Computer
Data Breach on Virtual Pet Website Neopets Affected 69 Million Users and Leaked Source Code
FROM THE MEDIA: Neopets virtual pet website suffered a data breach that allowed hackers to access the platform’s source code and personal information of 69 million users. A threat actor identified as “TarTarX” advertised the sale of the stolen website’s source code and database for four bitcoins, currently amounting to $96,000. Neopets acknowledged the breach and engaged forensics and law enforcement entities, although the hackers maintained persistence on the website.
READ THE STORY: CPOMAG
DUCKTAIL Malware Targeting HR Professionals Through LinkedIn Spear-phishing Campaigns
FROM THE MEDIA: The cybersecurity firm, WithSecure has recently discovered an active operation, called DUCKTAIL. The goal of this campaign is to take over the Facebook business accounts that are responsible for advertising for a company. While accomplishing this goal, the operators behind this campaign primarily targeted professionals on LinkedIn. Despite Ducktail’s narrow target scope and careful selection of their targets, the operators of Ducktail stay true to their own interests. Searching for people with admin privileges on the social media accounts associated with an employer to determine if they have admin rights.
READ THE STORY: CyberSecurityNews
U.S. Offers $10 Million Reward for Information on North Korean Hackers
FROM THE MEDIA: The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or Lazarus Group) and who are involved in targeting U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act, you may be eligible for a reward," the department said in a tweet.
READ THE STORY: THN
Follina exploit fuels ‘live-off-the-land’ attacks
FROM THE MEDIA: ReversingLabs analyzed three malicious payloads circulating online that have been linked to use of the newly discovered Follina exploit in Microsoft’s Support Diagnostic Tool (MSDT). ReversingLabs analyzed three attack chains that used the Follina exploit to gain a foothold within target systems. Our research revealed that the Follina exploit is being used to deliver a range of common exploitation and persistence tools including Cobalt Strike, Mimikatz (a credential harvesting utility) as well as PowerShell scripts used to obtain persistent access and harvest data and credentials from victim networks.
READ THE STORY: SecurityBoulevard
Inflation strikes the world of ransomware insurance, ups premiums
FROM THE MEDIA: As the price of ransomware protection sky rockets, some organizations are finding they’re even being denied renewal of insurance policies. If you think Ransomware doesn’t affect you, think back to the Colonial Pipeline attack or the attack on the JBS meats back in 2021 which affected one fifth of the country’s meat supply. If your personal data is lost in a ransomware attack on an educational institution or municipality, you may be affected on another level too. Not counting hardware replacement and downtime, the cost of ransomware attacks is escalating.
READ THE STORY: CBS17
UK NSA criticizes China, Russia use of space, cyber technologies
FROM THE MEDIA: While delivering his speech on Tuesday at the Center for Strategic and International Studies in Washington, UK National Security Advisor Stephen Lovegrove said that China and Russia's use and development of space and cyber technologies were weakening the global security architecture. “Now we face a much broader range of strategic risks and pathways for escalation. Driven by the developments of science and technology including rapid technological advancement, the shift to hybrid warfare, and expanding competition in new domains such as space and cyber.
READ THE STORY: Almayadeen
Feds, Private Industry Talk Sharing Emerging Technologies Info and Cyber Intelligence
FROM THE MEDIA: The United States is in a race with foreign adversaries, particularly China, to develop quantum computing, an evolving technology that can run exponentially faster than today’s systems and perform multiple computations at once and potentially can be used against the U.S.’s critical infrastructure. As such, Washington is pushing hard to beat Beijing to develop quantum technology that could advance artificial intelligence, driving innovations from energy to medicine and beyond, and other positive uses but also potentially deployed in code-cracking cyber warfare.
READ THE STORY: MSSP Alert
The rise of cyber wars in India
FROM THE MEDIA: Cyberattacks of all kinds are on the rise globally, and India is reportedly one of the biggest targets with its large and vulnerable tech-connected population. Data breaches and ransomware are two of the biggest ambush tactics, with well-known Indian companies such as Razorpay, Juspay, Pinelabs, and MobiKwik all suffering at the hands of cybercriminals, costing billions in damages, and exposing the sensitive data and credentials of millions of users.
READ THE STORY: CIO ET
US, Ukraine sign pact to expand cooperation in cyberspace
FROM THE MEDIA: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) signed an agreement Wednesday with Ukraine’s cybersecurity agency to strengthen cooperation between the two countries in the cyberspace, including the commitment to share more information and conduct training sessions together. CISA signed a memorandum of cooperation with the Ukrainian State Service of Special Communications and Information Protection of Ukraine (SSSCIP) amid the eastern European country’s ongoing war with Russia, an aggressor in the digital realm that has attacked both Ukrainian and American cyber networks and infrastructure in the past.
READ THE STORY: The Hill
Social Media User Information For Sale On The Dark Web
FROM THE MEDIA: In January, cybersecurity researchers at HackerOne warned of a vulnerability with Twitter that could allow an attacker to acquire the phone number and/or email address associated with user accounts – even if the user had hidden those fields in the platform's privacy setting. Twitter had responded with a patch, but this month it was reported that the database is now being sold on Breach Forums, a popular hacking forum on the nefarious Dark Web.
READ THE STORY: Forbes
Telegram and Discord bots used to deliver info-stealing malware
FROM THE MEDIA: Cybercriminals are using bots deployed in popular messaging apps Discord and Telegram to steal credentials, new research has revealed. Users of gaming platforms Roblox and Minecraft are also being targeted in similar attacks, according to a report from security vendor Intel471. The gangs are using info-stealing tools – trojan malware designed to swipe information from systems – which they attach to legitimate bots in the apps to lift credentials such as autofill data, bookmarks, browser cookies, card information and passwords, the report says.
READ THE STORY: TechMonitor
Wawa paying state prosecutors $8M to settle malware data breach
FROM THE MEDIA: Popular convenience store and gas station chain Wawa is paying $8 million to six state attorneys general, including Florida and Maryland, as well as the District of Columbia to settle a 2019 data breach incident. The December 2019 breach involved malware that involved hackers gaining access to Wawa’s point-of-sale (POS) terminals in the six states where it operates, according to Florida Attorney General Ashley Moody.
READ THE STORY: The Avenue News
Source code for Rust-based info-stealer released on hacker forums
FROM THE MEDIA: The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks. The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%. As the info-stealer is written in Rust, a cross-platform language, it allows threat actors to target multiple operating systems. However, in its current form, the new info-stealer only targets Windows operating systems. Analysts at cybersecurity firm Cyble, who sampled the new info-stealer and named it “Luca Stealer,” report that the malware comes with standard capabilities for this type of malware.
READ THE STORY: OODALOOP
FBI doubles down against cyber-crime in Nevada
FROM THE MEDIA: The FBI is stepping up its efforts and awareness campaign in an effort to curb the financial losses and number of victims targeted by cybercriminals. According to statistics compiled by the FBI through 2021, Nevada had landed in the 19th among states with the highest victim losses at more than $83.7 million, and in the fifth spot for total victims at 17,706. Spencer Evans, the FBI’s Special Agent in Charge of its Las Vegas field office, says Nevada could present some characteristics to explain those high rankings.
READ THE STORY: News 3
Survey reveals the important role of ‘malicious insiders’ in successful ransomware attacks
FROM THE MEDIA: Gigamon has published the State of Ransomware 2022 and Beyond report, aimed at providing valuable insights on how the ransomware threatscape is evolving. According to the global survey of IT and security leaders across the US, EMEA, and APAC, nearly one-third of organizations have suffered a ransomware attack enabled by a malicious insider - a threat seen as commonly as the accidental insider (35 percent). Furthermore, 59 percent of organizations believe ransomware has worsened in the last three months, with phishing (58 percent), malware/computer viruses (56 percent) and cloud applications (42 percent) cited as other common threat vectors.
READ THE STORY: Continuity Central
A ransomware attack cost this entrepreneur a year of his life and almost wrecked his business
FROM THE MEDIA: When ransomware bandits struck his business last June, encrypting all his data and operational software and sending him a skull-and-crossbones image and an email address to learn the price he would have to pay to restore it all, Fran Finnegan thought it would take him weeks to restore everything to its pre-hack condition. It took him more than a year. Finnegan’s service, SEC Info, went back online July 18. The intervening year was one of brutal 12-hour days, seven days a week, and the expenditure of tens of thousands of dollars (and the loss of much more in subscriber payments while the site was down).
READ THE STORY: LA Times
Items of interest
Ways Hackers Can Steal Information from Your Device
FROM THE MEDIA: The threats posed by hackers to organizations and individuals have become a major concern as those fraudulent elements keep on increasing and devising new methods of perpetrating their sinister acts.
According to research by a software testing firm, not less than 30,000 websites are hacked daily worldwide and every 39 seconds there is a new cyber-attack launched at someone on the web.
Let’s dig deeper into how hackers operate and how you can protect yourself from cyber attacks and scams.
Social Engineering
Social engineering is a tricky one! Hackers can manipulate you by posing as someone you know and compel you to take action if they want to steal your information. For example, they may send you a link from a hacked social media profile, and create urgency by asking you to take some action.
After you click the link, you will be taken to a page that will require you to sign in to your Google or Apple, or similar account. But the form does not login to your account, it will instead be a fake login page created by crooks to steal your login credentials.
A recent example of a successful social engineering attack includes the Singaporean identity fraud scammer Ho Jun Jia (a/k/a Matthew Ho, a/k/a, Prefinity a/k/a Ethereum Vendor) who is now in prison for scamming in the name of the co-founder and co-chairman of Riot Games Mr. Marc Merrill.
READ THE STORY: HackRead
The Market Downturn's Impact on Cyber Crime (Video)
FROM THE MEDIA: Palo Alto Network Senior Vice President and Head of Unit 42 Wendi Whitmore joins Emily Chang to talk about the company's latest report revealing new cyber crime trends and predictions, and diving deeper into how declining economic conditions could push more people into cyber crime to make ends meet.
Joe Biden Wants More Cyber Security Workers NOW (Video)
FROM THE MEDIA: The #BidenAdministration is pushing to fill hundreds of thousands of cybersecurity jobs in the United States as part of a bid to close a talent shortage US officials describe as both a national security challenge and an economic opportunity.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com