Daily Drop (212)
Tuesday, Aug 02, 2022 // (IG): BB //Buy Me: The Hawk Enigma
Over 3,200 apps leak Twitter API keys, some allowing account hijacks
FROM THE MEDIA: Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app. The discovery belongs to cybersecurity firm CloudSEK, which scrutinized large app sets for potential data leaks and found 3,207 leaking a valid Consumer Key and Consumer Secret for the Twitter API. When integrating mobile apps with Twitter, developers will be given special authentication keys, or tokens, that allow their mobile apps to interact with the Twitter API.
READ THE STORY: BleepingComputer
Luxembourg energy supplier Encevo hit by ransomware attack
FROM THE MEDIA: ALPHV is the latest rebrand of the DarkSide ransomware group that attacked Colonial Pipeline in May 2021. It also attacked the Germany-based gas distributor Oil tanking in November 2021 and Swissport in February 2022. The group claims it exfiltrated more than 150 gigabytes of sensitive data from Creos, including contracts, passports, bills and emails. ALPHV historically demands a ransom as part of its cyberattacks, but no figure has yet been reported.
READ THE STORY: CyberSecurityDive
Threat Actors Merging Malicious Activity With Cryptocurrency Show How the Attack Landscape is Developing in Decentralized Finance
FROM THE MEDIA: Widespread implementation of decentralized finance (DeFi) systems since 2020 has created new fertile ground for a variety of threat actors to shift the development of cyberattack tactics, techniques, and procedures (TTPs). The number of threat actors participating in DeFi activity has grown substantially over the past two years. Current threat actor activity is incentivized by a broad attack surface represented through high volumes of users and systems, and high potential profits represented through the variety of cryptocurrency offerings. Types of threat actors range from advanced persistent threat (APT) groups and small loosely organized groups of cybercriminals to individual threat actors of varying skills.
READ THE STORY: SecurityBoulevard
North Korean cyber attackers use ‘SharpTongue’ spyware to hack into Gmail accounts
FROM THE MEDIA: In the latest spyware attacks, operated from North Korea, hackers are using malicious Google Chrome or Chromium-based Microsoft Edge extension to hack into user email accounts. According to the latest reports, the malicious extension by the hacker group titled ‘SharpTongue’ is capable of stealing email content from Gmail and AOL, according to cybersecurity firm Volexity. “This actor is believed to be North Korean in origin and is often publicly referred to under the name Kimsuky. The definition of which threat activity comprises Kimsuky is a matter of debate among threat intelligence analysts,” a cybersecurity research platform said.
READ THE STORY: TechObserver // TechCircle // InfoSec Mag
Public transit agencies are vulnerable to cyber threats, researchers warn
FROM THE MEDIA: Transit agencies are unprepared for hacks and ransomware attacks and must think more strategically to deal with cyber threats, according to a report published late last month. Researchers at the Mineta Transportation Institute at San Jose State University found that the entire industry needs a “twenty-first century security upgrade” as it cannot currently cope with the myriad cyber threats it faces.
READ THE STORY: GCN
The Blocksize War’s Cyber-Soldier Freedom-Fighters
FROM THE MEDIA: Words. How do you describe with words the things that we don’t have words for? Words describe things we’re familiar with. But we’ve never seen anything like Bitcoin before. That’s why it’s so hard to describe it. So we use metaphors, which are still just old words for other things. The same is true when you yourself take part in something that’s never happened before — something that nobody’s familiar with.
READ THE STORY: BitCoin Mag
How cyber attackers are using the Twitter blue badge verification process for phishing attacks
FROM THE MEDIA: Fraudsters are targeting verified Twitter accounts — the ones that come with a blue badge — sending fake but well-written messages threatening to suspend the account or deactivate the verification badge in an attempt to steal verified users’ credentials. Twitter verifies accounts if they are considered notable influencers, celebrities, politicians, sportspersons, journalists, activists, government, and private organizations.
READ THE STORY: GadgetsNow
US-Japan will Set Up Next-Gen Semiconductor Research Hub
FROM THE MEDIA: At Friday’s inaugural U.S.-Japan Economic Consultative Committee, leaders from both countries discussed supply chains and emerging technologies, as well as efforts to counter China and Russia. As part of that discussion, the countries agreed to expedite an international research hub for next-generation semiconductors to help create a secure source for this important tech component.
READ THE STORY: NEXTGOV
Phishing attack results in data breach at Pittsburgh-based health system
FROM THE MEDIA: A Pittsburgh-based health system has suffered a data breach with protected health information stolen. Described by the Allegheny Health Network as a “data security incident,” the data was compromised between May 31 and June 1. In a July 29 statement to patients, the health system said the compromise occurred after an employee was sent a malicious phishing email link that led to the employee’s email account being compromised. The threat actor is then said to have obtained access to files relating to about 8,000 patients.
READ THE STORY: SiliconAngle
Notes on Russia- Ukraine Cyberwarfare
FROM THE MEDIA: Russia has shown how not to use cyber operations to gain advantage in armed conflict, but its efforts highlight best practices. The most obvious lesson is the need for adequate preparation to generate coordinated, simultaneous strikes on critical targets. The second is to achieve cyber superiority by crippling cyber defenders. The third is to prepare the battlefield politically and psychologically and to control the public narrative of the campaign as much as possible. Some call Vladimir Putin’s Ukraine invasion as the world’s 1st full-scale cyberwar.
READ THE STORY: ResonantNews
SEC Charges Eleven Individuals in $300 Million Crypto Pyramid Scheme
FROM THE MEDIA: The Securities and Exchange Commission today charged 11 individuals for their roles in creating and promoting Forsage, a fraudulent crypto pyramid and Ponzi scheme that raised more than $300 million from millions of retail investors worldwide, including in the United States. Those charged include the four founders of Forsage, who were last known to be living in Russia, the Republic of Georgia, and Indonesia, as well as three U.S.-based promoters engaged by the founders to endorse Forsage on its website and social media platforms, and several members of the so-called Crypto Crusaders—the largest promotional group for the scheme that operated in the United States from at least five different states.
READ THE STORY: SEC
A Frontier Without Direction? The U.K.’s Latest Position on Responsible Cyber Power
FROM THE MEDIA: The U.K.’s attorney general, delivered a highly anticipated speech to Chatham House, building on the U.K.’s position on the applicability of international law to offensive cyber operations conducted during peacetime. Such public statements have become essential in the U.K.’s ongoing efforts to develop its credentials as a “responsible, democratic cyber power” that includes an overt offensive cyber capability in its newly avowed National Cyber Force (NCF). For the U.K. to be seen as credible in its effort to responsibly deploy offensive cyber capabilities and uphold accountability in its pursuit of cyber power, articulating a clear legal position is crucial.
READ THE STORY: Lawfare Blog
Securing Our Nation: How the Infrastructure Investment and Jobs Act Delivers on Cyber Resiliency
FROM THE MEDIA: Attacks and intrusions on our nation’s vital infrastructure — our electrical grid, water systems, ports and oil supply — are on the rise. For example, as reported by the Pew Charitable Trust in March 2021, hackers changed the chemical mixture of the water supply in Oldsmar, Fla., increasing by 100 times the level of sodium hydroxide (lye) in the water supply. In June 2021, Reuters published an article about how poor cyber hygiene, ineffective cybersecurity practices and the danger of stolen credentials impacted millions of people when a cyberattack interrupted the flow of fuel on the East Coast of the United States. As we hyperconnect our cities and communities, security must be at the forefront of every plan and design.
READ THE STORY: CrowdStrike
How North Korea Infiltrated The Crypto Industry Using Fake LinkedIn Resumes
FROM THE MEDIA: Per a Bloomberg report, North Korean-backed hackers might be stepping up their efforts and attack vectors against the crypto industry. Bad actors seem to be stealing resumes and information from major job listings websites to apply for jobs in the nascent sector. The report claims that attackers are taking legitimate data from LinkedIn and other major websites to create fake profiles as software engineers, developers, or software with vast experience working in IT. In that way, they can infiltrate crypto companies or projects.
READ THE STORY: BITCOINIST
The ALPHV/BlackCat ransomware gang claims to have breached the European gas pipeline Creos Luxembourg S.A.
FROM THE MEDIA: The ALPHV/BlackCat ransomware gang claims to have hacked the European gas pipeline Creos Luxembourg S.A. Creos Luxembourg S.A. owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. In this capacity, the company plans, constructs and maintains high, medium and low-voltage electricity networks and high, medium and low-pressure natural gas pipelines, which it owns or which it is responsible for managing.
READ THE STORY: SecurityAffairs
Windows Defender hacked to deploy this dangerous ransomware
FROM THE MEDIA: Log4j vulnerabilities are now being used to deploy Cobalt Strike beacons through the Windows Defender command line tool, researchers have found. Cybersecurity researchers from Sentinel Labs recently spotted a new method, employed by an unknown threat actor, with the endgame being the deployment of LockBit 3.0 ransomware. It works like this: the threat actor would leverage log4shell (as the Log4j zero-day is dubbed) to gain access to a target endpoint, and obtain the necessary user privileges.
READ THE STORY: TechRadar
Hack-and-leak operation against Lockheed Martin threatened
FROM THE MEDIA: Sputnik tells the story from the side of the threat actors, who in this case represent the front group KillNet. The Kremlin outlet quotes the group's leader, known by the nom-de-hack "KillMilk, "Starting today, defense industry corporation Lockheed Martin will be a target of my cyberattacks... I am against weapons! I am against merchants of death." Lockheed Martin produces HIMARS rockets. Newsweek quotes another statement by the group: "The notorious HIMARS multiple launch rocket systems, supplied to Ukraine by the aforementioned military-industrial corporation, allow the criminal authorities of the Kiev regime to kill civilians, destroy the infrastructure and social facilities of the still temporarily occupied Ukraine."
READ THE STORY: The CyberWire
Killnet's leader departs, probably to form a new group
FROM THE MEDIA: The nominally hacktivist group Killnet, which since the beginning of the war against Ukraine has attacked Western targets in the Russian interest, may be undergoing a reorganization, or at least a change in leadership. SC Magazine reports that the threat actor's founder and leader, KillMilk, has said he intends to leave Killnet to form a new group. He'll be succeeded by someone with the nom-de-hack "BlackSide." BlackSide is said to be the administrator of a criminal special-access forum hosted on Tor. He's supposed to be a specialist in "ransomware, phishing, and theft from European cryptocurrency exchanges.
READ THE STORY: The CyberWire
Defense against the dark arts of ransomware
FROM THE MEDIA: WEBINAR It's just any old Monday, already you are mentally ticking off the to do list, and then, as you reach for your morning coffee and switch on your screen. Devastation. You've been hacked. You won't be alone. Cyber-crime never takes a holiday and according to Rubrik, Ransomware alone jumped by 700% in 2021. What's even more disturbing is that two out of three ransomware attacks hit back up systems. Cyber security is, of necessity, an absolute priority for many organizations. Diligent safeguards need to be locked in from the get-go and that means Zero Trust principles applied to every aspect of security, network, data security, and security architecture.
READ THE STORY: The Register
Ukraine Minister Shares Thoughts On Crypto Assets
FROM THE MEDIA: Crypto industry supported Ukraine during War Ukraine has allowed the use of crypto while Russia is banning the same. The major advantage of availing of crypto is it’s one of the characteristics which makes the cross- border transactions easier. The process is instant, easy, and pocket friendly. One more reason to praise decentralized money is to keep the details of users private. With anonymity, one can do transactions without making their identity public. However, the digital method of payment is not accepted widely as it has been found that the mode indulged in encouraging money laundering and other illegal and criminal cyber activities.
READ THE STORY: The Coin Republic
Iran arrests alleged ‘Israeli spy network’
FROM THE MEDIA: “The arrested five members of this spy network were given various pledges from (Israel’s) Mossad, including financial promises, to gather information from important areas across the country,” the law enforcement intelligence organization said in a statement reported by the semi-official ILNA news agency last Thursday.
Iranian Minister of Intelligence Esmail Khatib claimed a day earlier that Tehran had foiled subversive actions from the “Zionist regime” and that his nation’s security forces have successfully carried out a number of operations against Israel over the last few months, although he failed to provide details of his proclamations.
READ THE STORY: Israel News
Iran gains foothold in South America as Biden admin pursues nuclear deal
FROM THE MEDIA: Iran has been seeking to increase its influence in South America and undermine American interests and security, drawing little response from the Biden administration as it tries to salvage the Obama-era nuclear agreement with the country. "The Iranian Revolutionary Guards are much more actively involved in subversive and assassination issues," James Phillips, the senior research fellow for foreign policy at the Heritage Foundation, told Fox News.
READ THE STORY: FoxNews
Items of interest
Space Force Looks to Put Space Attaches in Embassies
FROM THE MEDIA: The Space Force is in the process of establishing a program that will bolster the new service’s diplomatic outreach with its very first attaches in select U.S. embassies across the world, Air Force Magazine has confirmed.
The Regional Space Advisor program will “develop a cadre of space professionals focused on strengthening Allied and Partner relationships,” Space Force spokesperson Lt. Col. Brooke Davis said in a statement. As part of that process, the program will place space attaches in a variety of countries, “both established and emerging space powers,” Davis said.
The process for selecting which countries get space attaches will require coordination with the State Department, the host country, and Air Force International Affairs, Davis added, and no final decisions have been made. But there is one country that seems likely to be at or very near the top of the list—the United Kingdom.
“The Space Force just stood up in the past two or three years, but they’re going through their personnel and deciding how they want to work on the diplomatic side. London will probably be the first embassy to get a Space Force attache,” USAF Col. Charles E. Metrolis, the air attache at the U.S. embassy in London, said in an interview.
READ THE STORY: AirForce Mag
Malicious Use of AI: Legal and Ethical Implications (Video)
FROM THE MEDIA: Malicious Use of AI: Legal and Ethical Implications.
Cyber War - Dot of Documentary (Video)
FROM THE MEDIA: Tapping into the geopolitics of hacking and surveillance, Ben Makuch travels the world to meet with hackers, government officials, and dissidents to investigate the ecosystem of cyberwarfare.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at firstname.lastname@example.org