Tuesday, Aug 09, 2022 // (IG): BB //Sponsor: Zanes Hand Made
Orchard botnet uses Bitcoin Transaction info to generate DGA domains
FROM THE MEDIA: 360 Netlab researchers recently discovered a new botnet named Orchard that uses Satoshi Nakamoto’s Bitcoin account (1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa) transaction information to generate DGA domain name. “Another change relates to the use of the DGA algorithm employed in the attacks. While the first two variants exclusively rely on date strings to generate the domain names, the newer version uses balance information obtained from the cryptocurrency wallet address “1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa.” reads the analysis published by the researchers. “It’s worth pointing out that the wallet address is the miner reward receiving address of the Bitcoin Genesis Block, which occurred on January 3, 2009, and is believed to be held by Nakamoto.”
READ THE STORY: Security Affairs
U.S. imposes sanctions on virtual currency mixer Tornado Cash
FROM THE MEDIA: The United States on Monday imposed sanctions on virtual currency mixer Tornado Cash, accusing it of helping hackers, including from North Korea, to launder proceeds from their cyber crimes. A senior Treasury Department official said Tornado Cash, one of the largest mixers identified as problematic by the Treasury, has reportedly laundered more than $7 billion worth of virtual currency since it was created in 2019. Monday's move freezes any U.S. assets of the mixer and generally bars Americans from dealing with it.
READ THE STORY: Saltwire // Yahoo // Korea Herald
7-Eleven Stores in Denmark Close Down Following Cyberattack
FROM THE MEDIA: An ongoing cyberattack currently happening in Denmark is affecting one of the most popular convenience stores in the country. 7-Eleven stores in Denmark have recently shut down following a cyberattack disrupting their payment and checkout systems, per Bleeping Computer. 7-Eleven has yet to disclose the details of the attack and is working on the issue already, according to Security Week. 7-Eleven mentioned in its official Twitter account that it has been exposed to a cyberattack on August 8, preventing its stores to use checkouts and/or receiving payment.
READ THE STORY: iTECHPOST
Encevo stays resilient post-attack, but it’s still assessing the data damage
FROM THE MEDIA: Encevo is still working to restore systems and data made inaccessible last month by a ransomware attack. The parent company of a Luxembourg-based pipeline operator and electricity supplier said it was targeted by “specifically crafted sophisticated malware” that evaded antivirus detection. The delivery of energy and gas was, and remains, unimpeded, the company said Monday in a status update. Encevo’s quick and thus far effective response to a ransomware attack provides other organizations with a strategic blueprint to follow, assuming defenses hold up and contain the damage done.
READ THE STORY: Cyber Security Dive
Ransomware group claims to have hit operator of Eden Park stadium
FROM THE MEDIA: A ransomware gang claims to have hacked trans-Tasman hospitality company O’Brien Group, which operates Auckland’s Eden Park stadium and several major stadiums in Australia. A posting by the gang indicated that Melbourne-based O’Brien Group had been targeted by Lockbit 3.0 ransomware and that its computer files had been dumped online. Stuff has not accessed the files but their titles indicated they contained operational and financial information including payroll data.
READ THE STORY: Stuff
Phishers Swim Around 2FA in Coinbase Account Heists
FROM THE MEDIA: Threat actors are making their way around two-factor authentication (2FA) and using other clever evasion tactics in a recently observed phishing campaign aimed at taking over Coinbase accounts to defraud users of their crypto balances. Attackers are using emails that spoofed the popular cryptocurrency exchange to trick users into logging into their accounts so they could gain access to them and steal victim funds, researchers from PIXM Software have found.
READ THE STORY: Threatpost
10 Malicious Code Packages Slither into PyPI Registry
FROM THE MEDIA: Administrators of the Python Package Index (PyPI) have removed 10 malicious software code packages from the registry after a security vendor informed them about the issue. The incident is the latest in a rapidly growing list of recent instances where threat actors have placed rogue software on widely used software repositories such as PyPI, Node Package Manager (npm), and Maven Central, with the goal of compromising multiple organizations.
READ THE STORY: DarkReading
Email marketing firm hacked to steal crypto-focused mailing lists
FROM THE MEDIA: Using the internal tools, the threat actors downloaded marketing lists for thirty-eight customers who are in the cryptocurrency industry. "The threat actor used the internal customer support tools to search for primarily crypto related accounts and viewed list and segment information for 44 Klaviyo accounts. For 38 of these accounts, the threat actor downloaded list or segment information," explained a security notification from Klavyio.
READ THE STORY: BleepingComputer
deBridge Finance crypto platform targeted by Lazarus hackers
FROM THE MEDIA: Hackers suspected to be from the North Korean Lazarus group tried their luck at stealing cryptocurrency from deBridge Finance, a cross-chain protocol that enables the decentralized transfer of assets between various blockchains. The threat actor used a phishing email to trick company employees into launching malware that collected various information from Windows systems and allowed the delivery of additional malicious code for subsequent stages of the attack.
READ THE STORY: BleepingComputer
Twitter vulnerability risk resurfaces, testing the security of pseudonymous users
FROM THE MEDIA: The vulnerability was originally disclosed by a HackerOne user named Zhirinovskiy, and directly impacted users of Twittter’s Android client. RestorePrivacy, on July 21, discovered someone attempting to sell the information on Breached Forums, an infamous cybercrime forum. “We then downloaded the data sample that the seller provided and analyzed the data, ultimately concluding that it was legit and matched up with real Twitter users,” Sven Taylor, editor of RestorePrivacy.com, said via email.
READ THE STORY: Cyber Security Dive
Iraqi hacker group targets several Israeli websites, including Sderot municipality
FROM THE MEDIA: Sabereen News, a Telegram news channel associated with Iraqi Popular Mobilization Units (PMU), reported that the group, known as ALtahrea Team, managed to break into the websites on Monday, and took them down. Back on July 26, social media activists said various Israeli websites went offline due to a widespread cyber attack that was perpetrated by the same Iraqi group. Among the affected sites were the Lifters website, the Nadlan World website, and the website of the Liam Group.
READ THE STORY: PressTV
North Korea Tries Ransomware… Again
FROM THE MEDIA: The Department of Homeland Security recently published a joint advisory along with the Federal Bureau of Investigation (FBI) and the Department of Treasury on suspected North Korean state-sponsored ransomware campaign implementing the Maui malware. The campaign has been targeting healthcare-related organizations for the purposes of coercing compromised victims into paying ransoms. These operations have successfully disrupted some important healthcare functionality such as access to health records and imagining services.
READ THE STORY: OODALOOP
'We will spark a Kremlin revolution' Inside Ukraine's cyber army exposing oligarchs
FROM THE MEDIA: Ukrainian coder Vladyslav Huntyk has co-founded a new mobile app, Signal My Oligarch, which allows users across the world to flag assets they suspect belong to oligarchs under Western sanctions. The assets can include bank accounts, real estate, boats, planes and more. Putting the power in the hands of people helps authorities crowdsource their intelligence gathering at a scale that has never been done before.
READ THE STORY: Express UK
Rise of precision agriculture exposes food system to new threats
FROM THE MEDIA: Farmers are adopting precision agriculture, using data collected by GPS, satellite imagery, internet-connected sensors and other technologies to farm more efficiently. While these practices could help increase crop yields and reduce costs, the technology behind the practices is creating opportunities for extremists, terrorists and adversarial governments to attack farming machinery, with the aim of disrupting food production.
READ THE STORY: GCN
Linux SSH servers targeted by new RapperBot botnet
FROM THE MEDIA: BleepingComputer reports that Linux SSH servers have been besieged by brute-force attacks from the novel Mirai trojan-based RapperBot botnet since mid-June. More than 3,500 unique IP addresses around the world have been scanned by RapperBot as it sought to brute-force Linux SSH servers, according to a report from Fortinet. Despite being a forked version of Mirai, RapperBot was found to have unique functionality, as well as a dedicated command-and-control protocol and post-compromise activity mainly aimed at achieving initial server access.
READ THE STORY: SCMAG
Finding Bugs Faster Than Hackers
FROM THE MEDIA: Malware, viruses, spyware, bots and more! Hackers have many tools at their disposal to ruin your day through your vulnerable technology. As we become increasingly dependent on internet-driven products (ie, phone, computer, smart home), and everything from toasters to toothbrushes can be connected to the internet, we must be ever vigilant against malicious attacks. Preventing such attacks is the goal of a group of researchers in the Binary Analysis and Systems Security (BASS) group at USC Viterbi’s Information Sciences Institute (ISI). They will be presenting their new paper — written in collaboration with Arizona State University, Cisco Systems Inc. and EURECOM — at the upcoming 35th Annual USENIX Security Symposium, one of the premier conferences in the cybersecurity space, held August 10-12 in Boston, Mass.
READ THE STORY: USC
Release the Kraken: The Battle for the Russian Language Darknet
FROM THE MEDIA: On July 2, 2022, WayAWay, a defunct narco forum, resurfaced on the Russian-language dark web, after a long period of dormancy. While the return of a forum is usually not big news, WayAWay was co-administered with LegalRC. These two forums partnered in 2015 to form what would become the largest darknet marketplace, Hydra. The marketplace was shuttered by German and US law enforcement on April 5, 2022, leading to a competition for market share in the Russian language underground—which is quickly developing into a split between Russian and Ukrainian venues.
READ THE STORY: SecurityBoulevard
Justice Department’s Russia Indictment Reminds to Look Beyond Online Influence
FROM THE MEDIA: The U.S. Department of Justice (DOJ) unsealed an indictment last week of a Russian national who allegedly orchestrated a “years-long foreign malign influence campaign that used various U.S. political groups to sow discord, spread pro-Russian propaganda, and interfere in elections within the United States.” From “at least” December 2014 to March 2022, the document says, the Russian national coordinated with the Russian government to finance domestic U.S. political groups, used them to launder pro-Kremlin narratives, funded and coordinated these political groups engaging in “direct action” on the ground in the United States, and coordinated coverage of their activities in Russian media.
READ THE STORY: CFR
Russian Hacker Warns Cyberwarfare Will Turn Deadly
FROM THE MEDIA: The founder and former leader of Russian-based hacking group Killnet has stated that cyberwarfare will result in casualties, just days after threats against a major American weapons manufacturer reportedly came to fruition. On Sunday, that hacker, Killmilk, told the Russian news site Gazeta.Ru that he has helped galvanize countless other hackers who "for one reason or another, support Russia in the NWO [New World Order]," pledging to "be a pioneer" if pro-Russian and pro-Ukrainian hackers confront one another to the point where deaths occur.
READ THE STORY: Newsweek
China’s Huawei set to finalize data center location in Saudi Arabia
FROM THE MEDIA: China’s tech giant Huawei is soon to decide the location of its data center in Saudi Arabia, president of Huawei Cloud Middle East told Gulf News. The data center in Saudi Arabia will be Huawei’s second in the Middle East, following Abu Dhabi. “We are in the final stages of the Saudi decision — the investment decision has already been made,” Frank Dai explained. “All that’s left is where in Riyadh should the facility be built.” He added: “The Middle East remains central to our vision of how digital transformation can reshape economies, even change the world. This is only the beginning of what data-driven economies can achieve.”
READ THE STORY: ArabNews
Mandiant researchers uncover significant new disinformation campaign
FROM THE MEDIA: Researchers from Mandiant say they have uncovered a significant disinformation campaign from the Chinese Government in the wake of U.S. Speaker Nancy Pelosi's visit to Taiwan. They say that after undertaking research, they have identified around 72 websites that are purporting to be reputable media outlets but are actually controlled by the Chinese Communist Party. It is thought that the sites are being used to hype the danger associated with the trip and to smear Beijing's critics.
READ THE STORY: SecurityBrief
Attackers abuse open redirects in Snapchat and Amex in phishing attacks
FROM THE MEDIA: The term Open URL redirection, open redirects, refers to a security issue that makes it easier for attackers to direct users to malicious resources under the control of the attackers. Open redirect occurs when a website fails to validate user input, allowing attackers to manipulate the URLs of high reputation domains to redirect victims to malicious sites. Victims will trust the link because the first domain name in the manipulated link is a trusted domain like American Express and Snapchat.
READ THE STORY: Security Affairs // CyberScoop
Twilio employees duped by text message phishing attack
FROM THE MEDIA: Twilio was beaten at its own game. The platform’s application programming interface protocols are used by more than 275,000 customers to verify identity via two-factor authentication and engage customers in an automated manner. Many of today’s most popular apps, including Facebook and Uber, use Twilio to communicate alerts and important updates to customers via text messages, voice and video. The carry-on effect of a threat actor accessing customer data could be significant if Twilio’s customers are later compromised.
READ THE STORY: Cyber Security Dive
LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities
FROM THE MEDIA: Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection and response for Fortune 500’s, identified threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters to ultimately deliver phishing content. Using highly trusted service domains like Snapchat and other online-services, they create special URLs which lead to malicious resources with phishing kits. The kit identified is named LogoKit, which was previously used in attacks against the customers of Office 365, Bank of America, GoDaddy, Virgin Fly, and many other major financial institutions and online-services internationally.
READ THE STORY: Security Affairs
China steps up cyberattacks, disinformation campaigns targeting Taiwan
FROM THE MEDIA: Cyber attacks and a Chinese disinformation campaign targeting the democratic island of Taiwan throw the spotlight on Beijing's use of hybrid warfare in the wake of Pelosi's visit, a Taiwanese military official said on Monday. Maj. Gen. Chen Yu-lin, deputy director of the Political and War Bureau of Taiwan's Ministry of National Defense told journalists on Monday that the current wave of "cognitive operations" started before the military exercises were announced. Chen said the hybrid warfare campaign sought to create an atmosphere suggesting China might be invading Taiwan, to attack the public image of the government, and to disrupt civilian and military morale.
READ THE STORY: RFA
Darktrace and HackerOne Partner to Add AI to Attack Resistance
FROM THE MEDIA: Black Hat USA 2022 – Darktrace, a global leader in cyber security artificial intelligence (AI), and HackerOne, the leader in Attack Resistance Management, have partnered to combine Darktrace PREVENT/Attack Surface Management™ technology with the continuous security assessment capabilities of the HackerOne platform. The partnership expands HackerOne's OpenASM initiative and delivers on a shared vision with Darktrace to help organizations secure their digital estate through leading technology and a community of ethical hackers.
READ THE STORY: PR NEWSWIRE
Automotive needs to address infotainment cyber security
FROM THE MEDIA: In May 2022, a report by analysis firm Grand View Research estimated that the global infotainment market could grow from US$7bn to over US$13bn by 2030, a CAGR of 9.3%. Automakers are embracing infotainment as both a market differentiator and a means to transform the fundamental customer-vehicle relationship. A spokesperson for Mercedes-Benz tells Automotive World that the company’s aim “is to ensure that the driver feels happy and relaxed during even the most demanding or monotonous journeys.” Cars are becoming more than just transportation; they have the capacity to become mobile living spaces. However, as the amount of in-cabin tech and infotainment features increases, a significant issue arises: cyber security.
READ THE STORY: Automotive World
Prescribing a new paradigm for Cyber Competition
FROM THE MEDIA: Predictions about cyber war have ranged from the apocalyptic to the reassuring over the past decade, and the current war in Ukraine — beyond its horrific violence, dislocations, and criminality — provides a test case for those theories. Do cyber operations provide decisive advantages in war? Are they more escalatory or de-escalatory than other weapons? Or is it more appropriate to consider cyber capabilities primarily as instruments of interstate competition short of war?
READ THE STORY: War on the rocks
Iran-Israel shadow war escalating tensions
FROM THE MEDIA: With the stalling of the nuclear negotiations between the United States and Iran in Vienna, the U.S. wants to punish Iran through Israel. At this point, low and medium-profile death cases, assassinations, explosions, fires and accidents at various locations in Iran, especially in Tehran, are the possible consequences of the strategy pursued by Israel within the "Octopus Doctrine." The Octopus doctrine is a security strategy that Israeli Prime Minister Naftali Bennett brought to security and military policy applications in 2018 when he was the defense minister.
READ THE STORY: Daily Sabah
Items of interest
Artificial intelligence (AI) vs. machine learning (ML): Key comparisons
FROM THE MEDIA: Within the last decade, the terms artificial intelligence (AI) and machine learning (ML) have become buzzwords that are often used interchangeably. While AI and ML are inextricably linked and share similar characteristics, they are not the same thing. Rather, ML is a major subset of AI. AI and ML technologies are all around us, from the digital voice assistants in our living rooms to the recommendations you see on Netflix.
Despite AI and ML penetrating several human domains, there’s still much confusion and ambiguity regarding their similarities, differences and primary applications. Here’s a more in-depth look into artificial intelligence vs. machine learning, the different types, and how the two revolutionary technologies compare to one another.
AI is defined as computer technology that imitate(s) a human’s ability to solve problems and make connections based on insight, understanding and intuition.
The field of AI rose to prominence in the 1950s. However, mentions of artificial beings with intelligence can be identified earlier throughout various disciplines like ancient philosophy, Greek mythology and fiction stories.
One notable project in the 20th century, the Turing Test, is often referred to when referencing AI’ history. Alan Turing, also referred to as “the father of AI,” created the test and is best known for creating a code-breaking computer that helped the Allies in World War II understand secret messages being sent by the German military.
READ THE STORY: Venturebeat
The Most Hated Man on the Internet Darknet Diaries Ep. 34: For Your Eyes Only (Video)
FROM THE MEDIA: This episode is all about nude selfies. What happens if you take one and give it to a vengeful ex. What happens when a hacker knows you have them and wants to steal them from your phone. And why even celebrities aren't safe.
The Dark Web's Richest Drug Lord Made 1 Fatal Mistake Darknet Diaries Ep. 24: Operation Bayonet (Video)
FROM THE MEDIA: The online dark net market Alphabay was a haven for drugs, weapons, and forgeries that surpassed even The Silk Road. Its creator lived in secret for years, but one careless mistake lead the Feds to his door.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com