Friday, Sept 09, 2022 // (IG): BB //Sponsor: VetSec
I'm reminded of 'The Early Bird", 'cept your posts are seemingly on semantically-enhanced steroids. - 2600hz
To control the rare earth market, CCP cyber army attacks overseas rivals’ supply chains
FROM THE MEDIA: Rare earth elements, known as an industrial vitamins, are not only important components in the production of defense products such as missile guidance systems and aircraft engines, but also electric vehicles, and a key raw material for the production of permanent magnets used in wind turbines. In order to continue to control the global rare earth supply chain, the CCP manipulates the media and social media under its control to create public opinion on the internet, slander competitors, and obstruct and destroy the establishment of rare earth supply chains outside China by Western countries.
READ THE STORY: The BL
Ransomware Campaigns Linked to Iranian Govt's DEV-0270 Hackers
FROM THE MEDIA: Security researchers have linked multiple ransomware campaigns to DEV–0270 (also known as Nemesis Kitten). The threat actor, widely considered a sub–group of Iranian actor PHOSPHORUS, conducts various malicious network operations on behalf of the Iranian government, according to a new write–up by Microsoft. However, judging from the threat actor’s geographic and sectoral targeting (which often lacked a strategic value for the regime), Microsoft also speculated that some of DEV–0270’s attacks might be a form of moonlighting for personal or company–specific revenue generation.
READ THE STORY: InfoSec Mag
Initial access broker repurposes Conti's old playbook for use against Ukraine
FROM THE MEDIA: Google's Threat Analysis Group (TAG) has discerned a pattern in Russia's war against Ukraine. "As the war in Ukraine continues, TAG is tracking an increasing number of financially motivated threat actors targeting Ukraine whose activities seem closely aligned with Russian government-backed attackers." Specifically, it's one threat actor, and its activities overlap with a group that CERT-UA tracks as UAC-0098.
READ THE STORY: The CyberWire
Iranians surveilling phones, locations to target westerners, cyber firm warns
FROM THE MEDIA: Iran-sponsored hackers used malware to track locations, record phone calls, and extract text messages from targets, according to cybersecurity firm Mandiant. People in the U.S., U.K. and Israel are particularly at-risk, as the cyberattackers aim to victimize western government officials, Iranian dissidents, and academics and journalists. Mandiant said it assessed the hacking group APT42 to be operating on behalf of the Iranian government.
READ THE STORY: Washington Times
North Korean state-sponsored hacker group Lazarus adds new RAT to its malware toolset
FROM THE MEDIA: Security researchers have discovered a new remote access Trojan (RAT) being used in attack campaigns this year by Lazarus, a threat actor tied to the North Korean government. The new RAT has been used alongside other malware implants attributed to Lazarus and it's mainly used in the first stages of an attack. Dubbed MagicRAT, the new Lazarus malware program was developed using Qt, a framework commonly used to develop graphical user interfaces for cross-platform applications. Since the Trojan doesn't have a GUI, researchers from Cisco Talos believe the reason for using Qt was to make detection harder.
READ THE STORY: CSO // National Cyber Security News
Return of Russian ransomware group REvil
FROM THE MEDIA: REvil, a notorious ransomware gang, has been resurrected after it was supposedly squashed by Russian authorities back in July. REvil websites disappeared from the internet in mid-July after President Joe Biden pressured his Russian counterpart, Vladimir Putin, to shut down the Russian-speaking ransomware group. REvil had previously gone dark for several months in late 2021 and early 2022 after a major ransomware attack on information technology management software provider Kaseya.
READ THE STORY: Washington Examiner
“One-Click” TikTok Hack Discovered That Put 2 Billion App Users at Risk, but No Reports Yet of Account Takeover in the Wild
FROM THE MEDIA: A severe “one-click” TikTok hack that Microsoft discovered and reported to the social media giant was reportedly patched without incident, but a hacker has popped up on an underground forum to claim that they have stolen data for sale. The attack impacts the Android app version of the service and allows for an account takeover when a victim clicks on a malicious URL. If the hacker’s story is to be believed, the information from two billion profiles could have been stolen.
READ THE STORY: CPO
US recovers $30 million stolen from Axie Infinity by Lazarus hackers
FROM THE MEDIA: With the help of blockchain analysts and FBI agents, the U.S. government seized $30 million worth of cryptocurrency stolen by the North Korean threat group 'Lazarus' from the token-based 'play-to-earn' game Axie Infinity earlier in the year. The news about the retrieval was announced during the AxieCon event today, where the hosts highlighted it as a community achievement and the result of a large-scale collaboration between multiple law enforcement authorities and private entities.
READ THE STORY: BleepingComputer // The Record
GIFShell attack creates reverse shell using Microsoft Teams GIFs
FROM THE MEDIA: A new attack technique called ‘GIFShell’ allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using ... GIFs. The new attack scenario, shared exclusively with BleepingComputer, illustrates how attackers can string together numerous Microsoft Teams vulnerabilities and flaws to abuse legitimate Microsoft infrastructure to deliver malicious files, commands, and perform exfiltrating data via GIFs.
READ THE STORY: BleepingComputer
LockBit gang leads the way for ransomware
FROM THE MEDIA: LockBit is currently the most prolific ransomware strain in the world. That's according to Malwarebytes' Threat Intelligence Team, which reported that from March to August, the LockBit ransomware crew amassed more confirmed infections -- 430 -- than its next four closest competitors combined. In a blog post Thursday, the antimalware vendor estimated that LockBit has been able to establish a steady pace of attacks, bringing in around 70 victims monthly. By comparison, the number two ransomware strain, Conti, only pulled in 127 total infections between March and the end of August, which represents less than two months of normal LockBit operation.
READ THE STORY: TechTarget
LAUSD Ransomware Attack: A Wake-Up Call for Policymakers
FROM THE MEDIA: Describing the Labor Day weekend ransomware attack and response at Los Angeles Unified School District, Superintendent Alberto M. Carvalho, during a Tuesday press conference, referred to the events as “unprecedented.” Unfortunately, ransomware attacks at school districts are not at all unprecedented: Hundreds of K–12 school districts have publicly disclosed ransomware attacks since 2016. That’s likely just the tip of the iceberg, too, cybersecurity expert say; most states do not require public schools to disclose cyberattacks, let alone the ransomware incidents.
READ THE STORY: The Journal
Suspected Ransomware Attack on InterContinental Hotels Affected Over 4,000 Guests
FROM THE MEDIA: ICH confirmed the attack in a filing submitted to the London Stock Exchange, where it is listed. However, the company didn’t reveal the type of the attack, leading stakeholders to speculate the precise scope of what “unauthorized access” of its technology systems constitutes. Based on what is known so far, a theory that cybersecurity experts are floating is the possibility of the incident being a ransomware attack. Drew Perry, CEO of Tiberium.io, told Spiceworks, “While it is unconfirmed, the attack does look like it’s ransomware, and IHG will likely be in negotiations with the attackers to try to restore access and get their systems back up and running.”
READ THE STORY: SpiceWorks
The Russia-Ukraine War Exemplifies the Rise of Hybrid Conflicts: Latin America Should Pay Attention
FROM THE MEDIA: Long before Russian forces physically entered Ukrainian territory on February 24, 2022, the Kremlin had already launched its war of aggression on a different battleground: cyberspace. From the significant increase in malware attacks in early January against Ukraine’s banks and government sites to a direct assault on the country’s power grid. Some of these attacks were highly sophisticated with serious technical implications, which, combined with their intended psychological effects, made for a highly effective war device.
READ THE STORY: The Global Americans
Albania Cuts Ties with Iran Over Cyberattack
FROM THE MEDIA: Albania has severed diplomatic relations with Iran over a cyberattack two months ago targeting members of opposition group the Mojahedin-e Khalq Organization (MEK). In the first gesture of its kind to be made by a state in response to a cyberattack, all staff at the Iranian Embassy in Tirana including security personnel have been expelled, with 24 hours to leave the country. It came a day after the White House issued a statement saying its own experts were confident the “reckless, irresponsible” hack-and-leak operation on July 15 had been ordered by the Islamic Republic. US advisors have been in Albania, a fellow NATO member, for weeks to help investigate.
READ THE STORY: IranWire
Bumblebee malware adds post-exploitation tool for stealthy infections
FROM THE MEDIA: A new version of the Bumblebee malware loader has been spotted in the wild, featuring a new infection chain that uses the PowerSploit framework for stealthy reflective injection of a DLL payload into memory. Bumblebee was discovered in April, involved in phishing campaigns believed to be orchestrated by the same actors behind BazarLoader and TrickBot, i.e., the Conti syndicate. As Bumblebee is an evolved loader with advanced anti-analysis and anti-detection features, it was assumed that it would replace other loaders, such as BazarLoader, in initial compromise attacks followed by ransomware deployment.
READ THE STORY: BleepingComputer
Mandiant ‘highly confident’ foreign cyberspies will target US midterm elections
FROM THE MEDIA: Mandiant is "highly confident" that foreign cyberspies will target US election infrastructure, organizations, and individuals in the run-up to the November midterm elections. Based on recent activity by various threat groups, as well as previous election targeting, the security firm expects nation-state backed gangs in Russia, China, and Iran will attempt to pull off cyberespionage against US government and election-related outfits.
READ THE STORY: The Register
“Dude, Where’s My Data?” — How Data Is Lost in the Cloud
FROM THE MEDIA: The adoption of Software-as-a-Service (SaaS) has grown rapidly over the past decade, and since the COVID-19 pandemic, its implementation has reached new heights. Some of the top reasons behind the increasing popularity of this cloud-based service are ease of use, flexibility, scalability and cost-effectiveness. According to Gartner, Inc., worldwide end-user spending on public cloud services is expected to reach nearly $600 billion in 2023.
READ THE STORY: SecurityBoulevard
Akamai: Layer 7 DDoS Attacks on the Rise
FROM THE MEDIA: As network-layer denial-of-service (DDoS) attack trends continue, Akamai Technologies’ recent research showed a significant uptick in application-layer attacks. Despite layer 7 DDoS being more expensive and difficult to execute, researchers found the number and scale of this type of attack increased significantly. “DDoS extortion, application assaults, and targeted attacks against internet-facing infrastructure continue to pose a threat to organizations across all industries globally,” the Akamai security research team wrote in a blog post.
READ THE STORY: SDX Central
North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies
FROM THE MEDIA: Security researchers have linked a new cyber espionage campaign targeting U.S., Canadian and Japanese energy providers to the North Korean state-sponsored Lazarus hacking group. Threat intelligence company Cisco Talos said Thursday that it has observed Lazarus — also known as APT38 — targeting unnamed energy providers in the United States, Canada and Japan between February and July this year.
READ THE STORY: TechCrunch
State Department bounty program for cybercriminal tips has 'born fruit,' top FBI official says
FROM THE MEDIA: The State Department’s program offering rewards of up to $10 million for tips leading to the apprehension of cybercriminals is paying off, FBI Assistant Director for Cyber Bryan Vorndran said Wednesday. “Recently the US government has also started to leverage something that was traditionally used in counterterrorism, Rewards for Justice,” Vorndran said. “It’s essentially incentivizing individuals who have intimate knowledge of a criminal conspiracy, whether nation-state or not, to report to the U.S. government. … That has actually born fruit at this point.”
READ THE STORY: CyberScoop
How Gaming Cheats Are Cashing In Below the Operating System
FROM THE MEDIA: Cheating has been around since the beginning of electronic gaming, dating back as far as 1981. Players have always wanted to use shortcuts or aids as an advantage to clear the game faster or gain an advantage over other players. Yet, despite the evolution of “gaming cheats,” the motivation has always remained the same – people just like to do things the easy way – and without getting caught.
READ THE STORY: Security Boulevard
The Russia-Ukraine War Exemplifies the Rise of Hybrid Conflicts: Latin America Should Pay Attention
FROM THE MEDIA: Long before Russian forces physically entered Ukrainian territory on February 24, 2022, the Kremlin had already launched its war of aggression on a different battleground: cyberspace. From the significant increase in malware attacks in early January against Ukraine’s banks and government sites to a direct assault on the country’s power grid. Some of these attacks were highly sophisticated with serious technical implications, which, combined with their intended psychological effects, made for a highly effective war device.
READ THE STORY: The Global Americans
Data breach exposes records of 2.5 million student loan borrowers
FROM THE MEDIA: A data breach of student loan servicer Nelnet Servicing (Nelnet) has affected over 2.5 million student loan borrowers throughout the United States. The breach affected individuals whose students loans are serviced by the Oklahoma Student Loan Authority (OSLA) and Edfinancial Services (Edfinancial) and compromised the names, addresses, email addresses, phone numbers and Social Security numbers of borrowers.
READ THE STORY: SECMAG
Coinbase employees, Ethereum supporters sue U.S. Treasury
FROM THE MEDIA: Coinbase employees and long-term Ethereum supporters are suing the U.S. Treasury over its decision last month to sanction the crypto service Tornado Cash, Fortune reports. The case could have an impact across the cryptocurrency industry for the foreseeable future as it will likely determine if the U.S. government can impose sanctions on crypto services. Six cryptocurrency supporters filed the lawsuit against the treasury at a federal court in Texas Thursday, CNBC reports.
READ THE STORY: AXIOS
US citizenship systems vulnerable to ‘major’ malicious cyberattacks, Homeland Security watchdog finds
FROM THE MEDIA: The Department of Homeland Security inspector general said sensitive data held by United States Citizenship and Immigration Services systems could be vulnerable to cyberattacks by malicious actors, saying deficiencies in the agency’s IT security could "limit" DHS’s capability to "overcome a major cybersecurity incident." Fox News Digital exclusively obtained the report by DHS Inspector General Joseph Cuffari. The Office of Inspector General notified USCIS of the findings and recommendations to improve controls to restrict unauthorized access to its systems and information.
READ THE STORY: Fox News
Algeria turns to China for enhanced electronic warfare capability
FROM THE MEDIA: China has reinforced the Algerian military’s electronic warfare (EW) capability with the supply of a CEW-03A Mobile 6×6 truck EW system. The CEW-03A EW module are a type of equipment used to take control of the magnetic spectrum (Cyber Domain) to carry out Radio Jammer, Jammer Radar, spy on radio frequencies and also have IRCM capabilities against infrared guided missiles. CEW-03A truck-mounted EW system is an integrated electronic warfare system manufactured by Chinese companies ELINC and CEIC.
READ THE STORY: Military Africa
U.S. ban on Nvidia, AMD chips seen boosting Chinese rivals
FROM THE MEDIA: The U.S. ban on exports to China of Nvidia and AMD's flagship artificial intelligence chips will create new business opportunities for domestic startups jockeying for a piece of China's fast-growing data center chip market, industry executives and analysts told Reuters. The ban is part of a longer effort by the U.S. government to crack down on U.S. contributions to Chinese artificial intelligence and high-performance computing, or supercomputing.
READ THE STORY: Reuters
China launches mysterious new spy satellite
FROM THE MEDIA: China launched a mysterious spy satellite that will "monitor land, crop yield and natural disasters" but could also gather military intelligence, analysts think. The Yaogan 33 (02) satellite lifted off atop China's Long March 4C rocket from the Jiuquan Satellite Launch Center in the Gobi Desert at 7:44 p.m. on Friday, Sept. 2, (2344 GMT, or 7:44 a.m. Beijing time on Sept. 3) in what was the east-Asia's space power's 35th successful launch this year.
READ THE STORY: Space
Can mathematical formulas identify disinformation and precisely predict elections?
FROM THE MEDIA: Understanding the human mind and behavior lies at the core of the discipline of psychology. But to characterize how people’s behavior changes over time, I believe psychology alone is insufficient – and that additional mathematical ideas need to be brought forward. My new model, published in Frontiers in Psychology, is inspired by the work of the 20th-century American mathematician, Norbert Wiener.
READ THE STORY: GLP
The Ukraine war and Russia's disinformation campaign in the Middle East
FROM THE MEDIA: It has long been known that Russia is trying to create discord in Europe with disinformation. However, it is no longer just European countries being overrun with Kremlin-subsidised fake news. Russian media, dubious channels, and trolls on social networks are now also spreading propaganda about the Ukraine war - in Arabic. For years, disinformation and propaganda from Russia have posed a serious threat to Europe.
READ THE STORY: The New Arab
Items of interest
The Handbook of Terrorism Prevention and Preparedness: An Interview with Alex P. Schmid
FROM THE MEDIA: This Handbook has been long in the making. It has been on my personal agenda for more than twenty years – ever since I was Officer-in-Charge of the Terrorism Prevention Branch of the UN Office on Drugs and Crime in Vienna (1999-2005). In those days, I had neither the mandate, the money nor the time to assemble an authoritative volume on terrorism prevention. Once I retired from the universities of St. Andrews (2009) and Leiden (2018), I had the time to produce such a Handbook, writing six of the 35 chapters myself and inviting colleagues in the field of terrorism studies to provide the others.
READ THE STORY: EER
Are Deepfakes a Cyber Security Threat (Video)
FROM THE MEDIA: Deepfakes pose a cyber security risk to businesses by increasing the effectiveness of phishing and BEC attacks, making identity fraud more straightforward, and manipulating company reputations to cause an unjustified drop in share value.
Hiding Malware in Space Pictures (Video)
FROM THE MEDIA: Hiding Malware in Space Pictures.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com