Wednesday, Sept 07, 2022 // (IG): BB //Sponsor: VetSec
I'm reminded of 'The Early Bird", 'cept your posts are seemingly on semantically-enhanced steroids. - 2600hz
PyPI contributors targeted by JuiceLedger in latest attack against open source
FROM THE MEDIA: JuiceLedger’s attacks come at a time of heightened concern about the security of open source software. Researchers from SentinelLabs in May investigated a supply-chain attack called CrateDepression, which targeted the Rust development community. The Rust Security Response Working Group issued an advisory about a malicious crate, called rustdecimal, which was used to deliver malware by typosquatting against rust_decimal. The threat actor JuiceLedger was initially observed in early 2022 targeting potential victims with fake crypto trading apps, including a bot called the Tesla trading bot.
READ THE STORY: Cyber Security Dive
Kaspersky reveals Kimsuky APT targets Korean media, think tanks
FROM THE MEDIA: Nearly 10 years since Kaspersky experts unmasked an active cyberespionage campaign primarily targeting South Korean think tanks, the state-sponsored group known as “Kimsuky” continues to show prolific updating of tools and tactics to victimize North Korea-related entities. Kaspersky’s senior expert revealed more of his findings about Kimsuky during the global cybersecurity company’s 8th Cyber Security Weekend where he answered the question: “What if we can have another dimension of cyberattacks?” Among his latest discoveries is the possibility of this Advanced Persistent Threat (APT) threat actor expanding its operations with its abundant capabilities.
READ THE STORY: Backend News
New EvilProxy service lets all hackers use advanced phishing tactics
FROM THE MEDIA: As the school year kicks off across the country, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to districts that threat actor group Vice Society is targeting their systems. The notice comes just hours after the Los Angeles Unified School District confirmed it was the target of a successful ransomware attack over the weekend. The K-12 school district, the second-largest in the US, has not yet recovered its systems fully, with its main student portal login page out of service, according to local parents speaking to Dark Reading.
READ THE STORY: DarkReading
The New DawDropper Android Malware Is Stealing Your Banking Data
FROM THE MEDIA: We have recently identified 14 malicious android apps that contain the banking malware, “DawDropper”, which aims to steal your data from the banking apps on your phone. The stolen data includes PIN codes, banking credentials, passwords etc. This malware can intercept communicated text and gain complete control of the affected device. In short, the threat actor behind it can steal money from your bank account. DawDropper is spread via malicious apps designed by malware authors that can bypass Google Play Store’s security checks by using a third-party cloud service. Following that, it drops banking trojans on compromised devices.
READ THE STORY: Trend Micro
The Ares Banking Trojan Learns Old Tricks: Adds the Defunct Qakbot DGA
FROM THE MEDIA: ThreatLabz observed an update to the Ares banking trojan that introduces a domain generation algorithm (DGA), which mirrors the Qakbot DGA. Based on analyzing the malware code, there does not appear to be a direct link between these two malware families. The Ares DGA may be an effort for the threat actor to maximize the lifetime of an infection, which provides more opportunities for monetizing compromised systems through attacks such as wire fraud and ransomware.
READ THE STORY: Security Boulevard
World heading towards a ‘perfect’ cybercrime storm, cybersecurity experts warn
FROM THE MEDIA: THE COMBINATION of mounting geopolitical tensions, the looming economic downturn and the push to digitalize business processes is creating a “perfect storm” for hackers, cybersecurity experts told City A.M. NCC chief executive Mike Maddison said the digitization agenda on the back of the global pandemic has created new opportunities for hackers in opening up new ways to infiltrate and take advantage of companies. The push to digitalize business processes comes as the Russia-Ukraine conflict and worsening relations with China have also led to an uptick in cyberattacks from state-backed hacking groups.
READ THE STORY: City AM
San Francisco crypto case gets another jolt of international intrigue
FROM THE MEDIA: Alexander Vinnik sits in an East Bay jail, awaiting a San Francisco court date later this month in what may be the most famous cryptocurrency criminal case in history. Vinnik, who is Russian, is accused of laundering billions of dollars in cryptocurrency and faces decades in prison and more than $100 million in fines. He was extradited to the United States from Greece last month. While the case has always been steeped in international intrigue, one of his attorneys just turned up the heat by asking for a prisoner exchange between Russia and the United States that would send Vinnik home for the first time in five years.
READ THE STORY: SF Examiner
Moobot botnet is coming for your unpatched D-Link router
FROM THE MEDIA: The Mirai malware botnet variant known as ‘MooBot’ has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits. MooBot was discovered by analysts at Fortinet in December 2021, targeting a flaw in Hikvision cameras to spread quickly and enlist a large number of devices into its DDoS (distributed denial of service) army. Today, the malware has refreshed its targeting scope, which is typical for botnets looking for untapped pools of vulnerable devices they can ensnare.
READ THE STORY: Bleeping Computer
What is the relation between Cambodia’s human trafficking scam and China’s Belt and Road Initiatives
FROM THE MEDIA: Thousands of victims across Asia have been lured by job scams and occasionally love cons, through messaging apps, kidnapped and forced to work for the scam network in Sihanoukville, Cambodia, a special economic zone under China’s Belt and Road Initiatives. Following the arrest of She Zhijiang, a wanted Chinese billionaire running a mega gambling ring across Asia, by Bangkok police in mid-August 2022, Cambodia’s human trafficking and scam operations dominated headlines in many Asia countries, including Hong Kong, Taiwan, mainland China, Malaysia, Vietnam and more, as their citizens have been conned and enslaved through a cross-border crime network.
READ THE STORY: Global Voices
New cyberespionage group surfaces following attacks on mostly Asian targets
FROM THE MEDIA: A previously unknown cyberespionage group has been using undocumented tools to go after high-profile Asian companies and local governments, researchers with cybersecurity firm ESET said Tuesday. The researchers dubbed the cyberespionage group “Worok” and say it’s been active since at least 2020, when it targeted an East Asia telecom, a Central Asia bank, Southeast Asian maritime firm, among other public and private targets. A “significant break in observed operations” took place between May 2021 and January 2022, the researchers said, but since then the group has homed in on a Central Asian energy company and a public sector entity in Southeast Asia.
READ THE STORY: CyberScoop
Treasury Reissues Rules to Enforce Cyber Sanctions on Foreign Adversaries
FROM THE MEDIA: The Treasury Department’s Office of Foreign Assets Control is adding new general licenses to the rules that determine whether they issue sanctions for undermining cybersecurity. “OFAC is adding three new general licenses to the regulations: a general license authorizing the investment and reinvestment of certain funds … a general license authorizing the official business of the U.S. government … and a general license authorizing certain official business of international entities and organizations,” reads a notice published in the Federal Register Tuesday. The rules were first published to implement President Barack Obama’s April 2015 executive order approving sanctions for malicious cyber activity. They are being reissued to account for subsequent related orders and laws regarding cybersecurity threats from foreign adversaries, including Russia.
READ THE STORY: NextGov
US government warns ransomware attacks on schools may increase
FROM THE MEDIA: Ransomware attacks on schools in the US may increase as children return to school and cybercriminals see more extortion opportunities, federal officials warned on Tuesday as the Los Angeles Unified School District grappled with a significant ransomware attack. A ransomware gang known as Vice Society, which emerged last year, has been “disproportionately targeting the education sector with ransomware attacks,” said the public advisory from the FBI, US Cybersecurity and Infrastructure Security Agency, and the MS-ISAC, a cyberthreat-sharing body.
READ THE STORY: CNN
Healthcare and education remain common ransomware targets
FROM THE MEDIA: Healthcare and education sectors accounted for most of the ransomware disclosures in August, a month that remained low for confirmed attacks compared with earlier this year. TechTarget Editorial began compiling a ransomware database in January that tracks public reports and disclosure notifications for each month. While organizations don't always confirm that the attacks have involved ransomware, there are some key factors, including the mention of encrypted services. Based on recent data, the slow summer of disclosures and confirmed attacks has continued.
READ THE STORY: Tech Target
AI-Powered Iranian Drones Capable of Hitting Any Target: IRGC Chief
FROM THE MEDIA: In an address to university professors in Mashhad on Tuesday, Major General Salami said Iran has made such progress in using modern technologies that manufacturing advanced military systems for it is as easy as producing bicycles. “Today, the accuracy of our weapons in hitting fixed and mobile targets is one hundred percent and our drones can target any location by using artificial intelligence,” the general added. He also noted that the Islamic Republic is the world’s top-ranking power in many technologies and has even overtaken major world powers in the air defense industry to the extent that a number of superpowers purchase Iranian arms and have proposed mutual cooperation.
READ THE STORY: Tasnim News Agency
Sanctions leakage: oil and gas
FROM THE MEDIA: Not only have the extreme sanctions imposed on Russia following its invasion of Ukraine in February not crushed the economy, but Russia is making a killing from the war thanks to the abundant leaks in the sanction regime. The ban on exporting technology and machines to Russia has been highly effective but the attempt to cut the Kremlin off from its energy revenue has backfired. Russia racked up around $97bn in revenues from its exports of oil, gas and coal in the first 100 days of the conflict, according to Finland’s Centre for Research on Energy and Clean Air. Some two-thirds of those revenues were derived from oil, and the balance mainly from natural gas.
READ THE STORY: BNE INTELLINEWS
Indonesia - Schneider Electric leads in digital transformation through innovation
FROM THE MEDIA: In an era when electricity and digital technology are interdependent and inseparable, technology have become integrated into almost all aspects of our day-to-day lives and revolutionized other sectors including education, commerce and transportation. However, many people are not confident about the inevitable transition to the New Electric World. Schneider Electric is leading the digital transformation to Electricity 4.0 by focusing on electricity distribution networks. In order to help society make the great leap, the company has realized that the future of the electricity sector depends on three key factors: the visibility of all network assets, remote distribution control and real-time analytical capabilities, and data security.
READ THE STORY: The Jakarta Post
Hive ransomware attacks Damart
FROM THE MEDIA: BleepingComputer reports that the Hive ransomware gang has launched an attack against French clothing firm Damart, from which it has demanded a $2 million ransom. Damart, which has more than 130 stores worldwide, had some of its data encrypted and services disrupted since Aug. 15, when it posted an unscheduled maintenance message on its website. Damart later confirmed that its IT systems are being subjected to attempted attacks, which it was able to avert, and that it purposely restricted some services temporarily to prevent further intrusion.
READ THE STORY: SCMAG
Devastating Ransomware Attacks on Chile, Montenegro Shut Down Government Agencies, Banks
FROM THE MEDIA: A set of ransomware attacks in Chile and Montenegro has caused substantial damage, shutting down banks and government agencies and even prompting a call to North Atlantic Treaty Organization (NATO) partners for emergency assistance. Montenegro is dealing with a brutal ongoing campaign of ransomware attacks that appears to be coming from criminal groups in Russia and targeting government websites. A member of NATO since 2017, Montenegro has requested help from the United States in fending off these attacks. Government agencies in Chile have also been hit by a new form of ransomware that targets Linux servers, and at least one has been threatened with a “double extortion” dump of stolen information.
READ THE STORY: CPO
Critical QNAP NAS Zero-Day Bug Exploited to Deliver DeadBolt Ransomware
FROM THE MEDIA: A critical zero-day security vulnerability in QNAP's network-attached storage (NAS) devices has been actively exploited in the wild to deliver the DeadBolt ransomware variant. The vendor warned that the exploitation was first spotted over the weekend, and that "the campaign appears to target QNAP NAS devices running Photo Station with internet exposure." Photo Station allows users to centrally store and manage full resolution photos across devices via QNAP NAS.
READ THE STORY: DarkReading
FBI seeks Bitcoin wallet information of ransomware attackers
FROM THE MEDIA: Three federal agencies in the United States — the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center — jointly issued an advisory seeking information to curb ransomware attacks. As part of the #StopRansomware campaign, the joint cybersecurity advisory alerted citizens of Vice Society, a ransomware-type program that encrypts data and demands ransom for decryption. The trio anticipates a spike in ransomware attacks, primarily aimed at educational institutions, adding that “School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable.”
READ THE STORY: Coin Telegraph
InterContinental Hotels Group cyberattack disrupts booking systems
FROM THE MEDIA: Leading hospitality company InterContinental Hotels Group PLC (also known as IHG Hotels & Resorts) says its information technology (IT) systems have been disrupted since yesterday after its network was breached. IHG is a British multinational company that currently operates 6,028 hotels in more than 100 countries and has more than 1,800 in the development pipeline. Its brands include luxury, premium, and essential hotel chains such as InterContinental, Regent, Six Senses, Crowne Plaza, Holiday Inn, and many others.
READ THE STORY: Bleeping Computer
China’s online learning classes reportedly hacked; teaching material replaced with vulgar content
FROM THE MEDIA: Several schools in China, conducting online classes over Tencent meetings, were targets of a ransomware attack, a China observer revealed on Tuesday, September 6. Reportedly, the hackers hijacked online classes and replaced teaching material with vulgar content. The incident was reported by Matthew Stinson, who writes for Forbes and is described as an educator, photographer, designer and blogger based in Tianjin, China, on his Twitter profile.
READ THE STORY: DailyO
What is 0ktapus? The ongoing campaign targeting customers of IAM giant, Okta
FROM THE MEDIA: On August 25, 2022, threat intelligence researchers from Group-IB attributed a recent SaaS attack campaign, codenamed 0ktapus. The 0ktapus campaign has been implicated in highly publicized SaaS breaches, such as those reported by Twilio and Cloudflare. Group-IB reported observations of several well-known organizations targeted in this massive phishing campaign, including Signal—the end-to-end encrypted messaging service. The attackers have a clear objective: get Okta identity credentials and multifactor authentication (MFA) codes from targeted organizations, thereby giving threat actors entrée to the victim’s global SaaS attack surface.
READ THE STORY: Security Boulevard
The National Academies Press | Estimating Human Trafficking in the United States
FROM THE MEDIA: The definitions vary greatly across countries and cultures, as well as among researchers. It can take the form of pimp control, commercial sex, exploitation, forced labor, modern slavery, or child labor. In the United States, the Trafficking Victims Protection Act is the cornerstone of counter-trafficking efforts. Internationally, the United Nations and the International Labour Organization are the leading voices on defining and addressing human trafficking. Learn More
READ THE STORY: National Academies
Items of interest
Three Types of Threat Intelligence: Defined and Explained
FROM THE MEDIA: n order for your security teams to effectively mitigate risk and stay ahead of cyber threats, it is essential for your organization to have a strong threat intelligence program. This threat intelligence, which is ideally made up from a variety of open and closed sources, is what gives your teams the information needed to proactively respond to threats and prevent attacks that bring harm to your organization’s assets, infrastructure, and personnel.
Building an effective cyber threat intelligence program requires a comprehensive view of the threat landscape your organization is facing. Depending on why it’s collected and what information it yields, the umbrella of threat intelligence can be divided into three major pillars: strategic, operational, and tactical.
Each type of threat intelligence provides a different aspect of understanding your organization’s risk apertures, plus how to defend against them. Having this understanding across all three pillars of threat intelligence allows you to target threats at different stages of their lifecycle, and provides insights to all of the stakeholders involved in your organization’s security, from executives to technical employees.
To get the most out of your threat intelligence, it is important to prioritize creating a program that is designed to utilize all three types.
READ THE STORY: Security Boulevard
What is dark web monitoring & how does it work? (Video)
FROM THE MEDIA: Dark Web Exposure Monitoring, Phishing Detection, and Monitoring, Domain Squatting Monitoring, Trademark Infringement Monitoring.
Inside the Underground Markets For Your Stolen Credit Cards Darknet Diaries Ep. 32: The Carder (Video)
FROM THE MEDIA: The U.S. Secret Service mostly protects presidents and public officials, but they're also in charge of investigating financial crimes. This is the story of how they tracked one hacker who stole millions of cards around the world and back again.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com