Friday, Sept 16, 2022 // (IG): BB // Sponsor: Shadow News
China can destroy US space assets, Space Force ops nominee warns
FROM THE MEDIA: The Biden-nominated chief of space operations for the USA's Space Force (USSF) rates China his greatest challenge, as the Middle Kingdom has developed technologies to destroy space assets. "The most immediate threat, in my opinion, is the pace with which our strategic challengers – first and foremost the Chinese – are aggressively pursuing capabilities that can disrupt, degrade and ultimately even destroy our satellite capabilities and disrupt our ground infrastructure."
READ THE STORY: The Register
Uber hacked, internal systems breached and vulnerability reports stolen
FROM THE MEDIA: Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server. The screenshots shared by the hacker and seen by BleepingComputer show what appears to be full access to many critical Uber IT systems, including the company's security software and Windows domain.
READ THE STORY: Bleeping Computer
Akamai announced to have recently blocked a new record-breaking distributed denial-of-service (DDoS) attack
FROM THE MEDIA: On Monday, September 12, 2022, Akamai mitigated the largest DDoS attack ever that hit one of its European customers. The malicious traffic peaked at 704.8 Mpps and appears to originate from the same threat actor behind the previous record that Akamai blocked in July and that hit the same customer. Unlike the July attack, this time the attackers launched the attack against six data center locations from Europe to North America.
READ THE STORY: Security Affairs
Hackers are reviving a long-forgotten malware to help evade detection
FROM THE MEDIA: A known Chinese threat actor is recycling old malware(opens in new tab), in an attempt to evade detection, cut down on costs, and send researchers on a wild goose chase. A report from Symantec says the group, known as Webworm, has used at least three ancient malware variants (and by “ancient”, we mean from 2008 - 2017), modified them a little bit, and then tested them out against IT service providers in Asia to see how they work.
READ THE STORY: Techradar
Learning lessons from Ukraine's influence operations
FROM THE MEDIA: Ukrainian influence operations, including rumor control, marketing, and countering of adversary messaging, have been surprisingly successful, especially when compared to the heavy-handed tone and limited effect of the Russian opposition's information operations. Observers of the hybrid war are looking for lesson to be learned, and nowhere is the influence campaign being more closely studied than in Taiwan. Taiwan and Ukraine have been increasingly bracketed together.
READ THE STORY: The Cyberwire
Chinese hacking group targets government officials in several countries
FROM THE MEDIA: A hacking group with suspected ties to the Chinese government is targeting government officials in several countries with malware that can log keystrokes and capture screen images, according to a cybersecurity vendor. The hacking group, called Bronze President or Mustang Panda, is using a version of PlugX, a 14-year-old piece of malware, to target government officials in Europe, the Middle East, and South America, said researchers with Secureworks.
READ THE STORY: Washington Examiner
Russian disinformation seeks allies in the Global South
FROM THE MEDIA: Russian propaganda seeks to shift blame for food shortages to Ukraine and (especially) the EU. The British Ministry of Defense over the weekend described recent Russian messaging: "On 07 September 2022, President Putin said that only 60,000 tons of the grain exported from Ukraine since August had been sent to developing countries, and that the majority had been delivered to EU states. Putin's claim is not true.
READ THE STORY: The Cyberwire
Alleged US cyberattacks against Chinese university detailed
FROM THE MEDIA: The U.S. National Security Agency's Tailored Access Operations has been accused by China's National Computer Virus Emergency Response Center to deploy 41 different cyber weapons in cyberattacks against the Northwestern Polytechnical University in the city of Xi'an, ZDNET reports. In a new report, the CVERC claimed that TAO leveraged the "Suctionchar" program to facilitate account and credential theft from remote management and file transfer services.
READ THE STORY: SCMAG
White House issues software supply chain security memorandum
FROM THE MEDIA: he White House has released new federal software security requirements following the SolarWinds attack, Federal News Network reports. The Office of Management and Budget has released the new guidance, “Enhancing the Security of the Software Supply Chain to Deliver a Secure Government Experience” which grows on the cybersecurity order issued last year, and applies to third-party software usage.
READ THE STORY: The Cyberwire
Senate confirms first-ever cyber ambassador
FROM THE MEDIA: The Senate on Thursday unanimously confirmed Nathaniel Fick to head the State Department’s new cyber bureau. Fick will be the bureau’s first-ever ambassador-at-large following its launch in April. The bureau was established to deal with international issues related to cyber and emerging technologies. It has three policy units: international cyberspace security, digital freedom, and international information and communications policy.
READ THE STORY: The Hill
Notepad++ Plugins Allow Attackers to Infiltrate Systems, Achieve Persistence
FROM THE MEDIA: Threat actors may abuse Notepad++ plugins to circumvent security mechanisms and achieve persistence on their victim machine, new research from security company Cybereason suggests. “Using an open–source project, Notepad++ Plugin Pack, a security researcher that goes by the name RastaMouse was able to demonstrate how to build a malicious plugin that can be used as a persistence mechanism,” the company wrote in an advisory on Wednesday.
READ THE STORY: InfoSecurity
Hearings in the US Senate suggest an enduring tension between content moderation and free speech
FROM THE MEDIA: Hearings this week before the Senate Judiciary Committee (which featured testimony by Twitter whistleblower Peiter "Mudge" Zatko) and the Senate Homeland Security Committee (with appearances by present and former executives of Twitter, Facebook, TikTok, and other social media platforms) took up, inter alia, issues of dis- and misinformation. The Homeland Security Committee especially was concerned with what a number of Senators perceived as social media's failure to address content moderation adequately.
READ THE STORY: The Cyberwire
'Humor over rumor': Taiwan eyes Ukraine messaging model if China attacks
FROM THE MEDIA: Taiwan is looking at Ukraine’s ways of communicating its message to the outside world at a time of conflict, by making use of tools such as satellites and deploying humor, the digital minister said this week. China’s war games and blockade drills around Taiwan last month, following a visit to Taipei by U.S. House Speaker Nancy Pelosi, have heightened concerns on the island about the prospect of an attack by its giant neighbor.
READ THE STORY: Japan Times
Egypt's submarine cable stranglehold
FROM THE MEDIA: The world’s digital infrastructure has been built by the paranoid. At every turn, equipment is duplicated, routes are triplicated, fuel reserves are over-filled. Astronomical sums are spent on building layers and layers of safety into the system, as suspicious minds game out various scenarios that could put the precious flow of data at risk. And yet, there remains one giant bottleneck, a quirk of geography and geopolitics, that is anything but redundant.
READ THE STORY: DCD
Western orgs warned about mounting Russian industrial espionage
FROM THE MEDIA: Western companies have been warned by experts to be vigilant for possible Russian industrial espionage efforts after Russia acknowledged lacking technological development as a result of mounting sanctions amid its ongoing war with Ukraine, reports The Record, a news site by cybersecurity firm Recorded Future. Russian President Vladimir Putin's pronouncements on the role of the country's Foreign Intelligence Service or SVR in fostering technological advancements in Russia should worry Western organizations, according to Keir Giles, a senior consulting fellow at Chatham Houses Russia and Eurasia Program.
READ THE STORY: SCMAG
Webworm Attackers Deploy Modified RATs in Espionage Attacks
FROM THE MEDIA: The threat actor known as Webworm has been linked to several Windows–based remote access Trojans, suggests a new advisory by Symantec, a subsidiary of Broadcom Software. The group reportedly developed customized versions of three older remote access Trojans (RATs): Trochilus, Gh0st RAT and 9002 RAT. The first of these tools, first spotted in 2005, is a RAT implemented in C++, and its source code is available for download on GitHub. Gh0st, on the other hand, was released in 2008 and has since been used by advanced persistent threat (APT) groups. In the advisory, Symantec did not specify how both these malware tools were modified by Webworm.
READ THE STORY: INFOSEC MAG
Malware on Pirated Content Sites a Major WFH Risk for Enterprises
FROM THE MEDIA: The conventional wisdom about there being no such thing as a free lunch appears to be especially true for those visiting websites offering "free" (read: pirated) movies, TV shows, and other entertainment content. A joint investigation by the consumer-oriented Digital Citizens Alliance, piracy and brand protection firm White Bullet, and security firm 221B found that most pirate sites generate a substantial portion of their revenues from serving malware-infused ads on the systems of users who visit them.
READ THE STORY: DarkReading
Topical phishbait for credential harvesting
FROM THE MEDIA: As is usually the case with any high-profile event that touches many people, the funeral of Queen Elizabeth II has been exploited by criminals who are using it for phishbait. In a tweeted series of posts, Proofpoint describes a credential phishing campaign in which messages that misrepresent themselves as coming from Microsoft invite recipients to visit an "artificial technology hub" established in Her Majesty's honor. The url redirects to a credential-harvesting site. The threat actors are using the EvilProxy phishing kit.
READ THE STORY: The Cyberwire
US Charges 3 Iranian Hackers Over Ransomware Attacks
FROM THE MEDIA: The US Treasury Department’s Office of Foreign Assets Control has announced extensive sanctions against three Iranian nationals, and two Islamic Revolutionary Guard Corps (IRGC) sponsored firms for launching ransomware attacks against US-based and other international companies since October 2020. In an indictment unsealed this Wednesday, the US Department of Justice (DoJ) shared the details of a group of Iranian hackers who targeted hundreds of organizations in the USA and worldwide to extort their victims and make money.
READ THE STORY: Hackread
Hive ransomware claims cyberattack on Bell Canada subsidiary
FROM THE MEDIA: The Hive ransomware gang claimed responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS). BTS is an independent subsidiary with more than 4,500 employees, specializing in installing Bell services for residential and small business customers across the Ontario and Québec provinces. While the Canadian telecommunications company didn't reveal when its network was breached or the attack happened, Hive claims in a new entry added to its data leak blog that it encrypted BTS' systems almost a month ago, on August 20, 2022.
READ THE STORY: Bleeping Computer
CISA Recommends Automating Threat Testing to Prepare for Advanced Threats (US-CERT AA22-257A)
FROM THE MEDIA: In light of the ongoing cyber threat posed by the Iranian Islamic Revolutionary Guard Corps (IRGC) and other highly motivated nation-state actors, the Cybersecurity and Infrastructure Security Agency (CISA) is exhorting enterprises to choose a more proactive approach to defend themselves. This is the first time CISA and cybersecurity agencies around the world are recommending enterprises automate continuous validation of security controls to protect against the constantly evolving threat landscape.
READ THE STORY: Security Boulevard
Satellite operators weigh strategies for an industry in transformation
FROM THE MEDIA: The satellite industry’s largest and most established operators are bracing for major disruption as consolidation and new entrants shake up the state of play. “The way the industry looks today with the core players may or may not look the same in the next couple of years,” Intelsat CEO David Wajsgras said during a Sept. 13 World Satellite Business Week panel here. The entry of Starlink’s low Earth orbit constellation is increasing competition in the broadband market, which has become an important source of growth for the industry amid declining revenues from broadcast services.
READ THE STORY: Space News
Starlink, Amazon Are Racing To Fill The Sky With Bigger Satellites To Deliver Mobile Coverage Everywhere On Earth
FROM THE MEDIA: Starlink claims the network is already servicing more than 30 countries with high-speed internet, including the United States, parts of Australia and most of the United Kingdom. There are about 2,500 Starlink satellites in orbit, with plans to eventually create a constellation of 42,000. The satellites are in “low Earth orbit” at an altitude of about 550 kilometres. This relative proximity provides the benefit of low latency (less delay in data processing), faster internet, and service for areas that cable internet can’t service.
READ THE STORY: Tech Financials
Will deterrence have a role in the cyberspace ‘forever war’
FROM THE MEDIA: At a time of growing concern about possible nuclear threats from Russia, some prominent defense strategists are arguing for a new theory of deterrence. They argue that military conflict is now so pervasive in cyberspace that the United States should seek to shift away from deterrence in this domain — and more aggressively exploit the opportunities it presents. Beware, reader, in exploring this topic: Deterrence strategy is one of the wooliest and most abstract areas of defense analysis.
READ THE STORY: Washington Post
New US Anti-Russian Sanctions Put in Place
FROM THE MEDIA: According to a Treasury Department statement, the move comes in conjunction with the Commerce Department imposing new export controls on Russia and the State Department targeting Russian defense and high-tech industries. Vladimir Valerievich Komlev, general director of the National Payment Card System of Russia (NSPK), which manages the Russian Mir payment card network, and Viktor Zhidkovis, director of the central securities depository, are included in OFAC's list of Specially Designated Nationals (SDN).
READ THE STORY: TeleSUR
Taiwan Ups The Ante On Defence As China Resorts To Cyber Attacks Amid Bid To Gain Control
FROM THE MEDIA: Tensions between Taipei and Beijing have been at an all-time high since US House of Representatives Speaker, Nancy Pelosi's visit to the self-ruled Island nation on August 2, 2022. The visit itself had garnered much international attention, considering Pelosi's arrival in Taiwan in spite of repeated warnings from Beijing that there would be 'serious consequences'. China has been outspoken regarding its intention relating to Taiwan and displeasure with US’ interference on the Taiwan issue.
READ THE STORY: Republic World
How America’s Airports Defend Against Cyberthreats
FROM THE MEDIA: The U.S. aviation industry has been largely spared from major cyberattack thus far. No one expects it to stay that way. Recent incursions have focused on airline reservation systems. In 2017, the widely used Saber booking platform was hacked, leading to the crash of reservations for 20 airlines. The breach included the loss of customers’ credit card data and personal information. Another flaw in airline reservation systems, discovered in 2019, affected half of world carriers but was patched before it could be exploited.
READ THE STORY: StateTech
Iran signs memorandum to join Shanghai Cooperation Organization
FROM THE MEDIA: Iran has officially joined the countries under the central Asian security group, the Shanghai Cooperation Organization. Tehran signed the memorandum of obligations this week during a summit in Uzbekistan. Iranian foreign minister Hossein Amirabdollahian announced that Tehran had signed the Memorandum of Obligations to become part of the eight-member Shanghai Cooperation Organization or SCO.
READ THE STORY: ECONOTIMES
Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government
FROM THE MEDIA: Iranian threat actors have been on the radar and in the crosshairs of the US government and security researchers alike this month with what appears to be a ramp-up in and subsequent crackdown on threat activity from advanced persistent threat (APT) groups associated with the Iran's Islamic Revolutionary Guard Corps (IRGC).
READ THE STORY: DarkReading
Ukraine’s cyberwar chief sounds like he’s winning
FROM THE MEDIA: The head of the Derzhspetszviazok, Ukraine’s version of the US Cybersecurity and Infrastructure Security Agency, can be forgiven for working speedily. His country is under attack—and with it, the world order. “This is the first time ever in history that we’ve had such a full-fledged cyberwar happening right now in Ukraine,” says Shchyhol, who’s tasked with keeping Ukraine’s cyber territory safe in the same way president Volodymyr Zelensky oversees the country’s physical armed forces.
READ THE STORY: Arstechnica
Russia and China are the biggest threats in cyberspace, says British cybersecurity director
FROM THE MEDIA: Russia poses Britain’s most acute immediate threat in cyberspace, while China’s ambition to be dominant in a host of new technologies will transform the world, the director of Britain’s cybersecurity center said. “In cyberspace, as in other areas of security, Russia represents the most acute and immediate threat to the UK,” Lindy Cameron, director general of the National Cyber Security Center (NCSC), the security department, said on Friday. British technology.
READ THE STORY: Market Research Telecast
Supply chain woes hurting nuclear modernization, Cotton tells Senate
FROM THE MEDIA: The nominee to lead the U.S. nuclear arsenal said Thursday that supply chain snags that are pummeling the defense industrial base are also hurting Washington’s plans to modernize its aging nuclear arsenal. “I would venture to say that it’s probably being seen across the Department of Defense, but in particular for the nuclear portfolio,” Air Force Gen. Anthony Cotton, nominated to lead U.S. Strategic Command, told the Senate Armed Services Committee, at his confirmation hearing.
READ THE STORY: C4ISR NET
White House takes on online extremism
FROM THE MEDIA: The White House announced updates from YouTube, Meta and more tech companies aimed at combatting violent extremism as part of a Thursday summit. We’ll also explore the takedown of harassment website Kiwi Farms and a newly signed California law establishing guidelines for kids’ online safety and data privacy. YouTube, Twitch, Microsoft and Meta launched updates aimed at combating violent extremism online, the White House announced Thursday as part of a summit to counter hate-fueled violence.
READ THE STORY: The Hill
Items of interest
NATO Documents Stolen in Breach of Portuguese Armed Forces, Found for Sale on Dark Web
FROM THE MEDIA: A theft of NATO documents of “extreme gravity” from the government of Portugal appears to have been caused by a breach in security protocol, allowing files that should have been air-gapped to be accessible via the internet. The documents later surfaced for sale on a dark web site. Hundreds of documents were reportedly stolen and made available in this way, and the Portuguese government is facing tough questions about why the breach was not discovered for weeks. The incident was not discovered until United States intelligence came across the pilfered NATO documents on the dark web.
READ THE STORY: CPO
Wake up and smell the fraud | Planet Money (Video)
FROM THE MEDIA: Sometimes online shopping can feel a little unsavory. There are the listings that make you question if you'll really be getting exactly what's advertised.
The salvage car Silk Road | Planet Money (Video)
FROM THE MEDIA: High gas prices have fueled speculation and investigations — is anyone raising prices and keeping prices high for profit? To find out, we break down the price of gas, piece by piece, to show you how we get to the price we see at the pump and how much everyone profits at each step of the way.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com