Wednesday, Sept 21, 2022 // (IG): BB // Sponsor: Shadow News
American Airlines targeted by threat actor in July data incident
FROM THE MEDIA: American Airlines said it was the target of a July data breach after an outside actor compromised the accounts of a limited number of company workers. The airline notified customers last week regarding the incident, which compromised certain personally identifiable information, including names, addresses, emails, and other sensitive information such as driver’s license and passport numbers. Bleeping Computer previously reported the breach.
READ THE STORY: CYBERSECURITY DIVE
Gamaredon continues to target Ukraine
FROM THE MEDIA: Cisco Talos says the Russian threat actor Gamaredon (also known as Primitive Bear) continues to conduct espionage campaigns against Ukrainian organizations. The threat actor is using spearphishing emails to distribute malicious Microsoft Office documents: "Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. “
READ THE STORY: The Cyberwire
RedLine stealer disguised as game cheats
FROM THE MEDIA: Kaspersky warns that the RedLine Trojan is being distributed with a bundle of malware that can spread itself by posting YouTube videos with malicious links. The researchers note that while this technique is unusual, it's achieved by "using relatively unsophisticated software": "In addition to the payload itself, the discovered bundle is of note for its self-propagation functionality. “
READ THE STORY: The Cyberwire
Threat Group TeamTNT Returns with New Cloud Attacks
FROM THE MEDIA: A retired threat actor has returned with new attacks aimed at the cloud, containers – and encryption keys. The Aqua Nautilus research team observed three attacks that appeared very similar to those performed by TeamTNT, a threat actor specializing in cloud platforms and online instances such as Kubernetes clusters, Redis servers, and Docker APIs.
READ THE STORY: eSecurity Planet
2K Games says hacked help desk targeted players with malware
FROM THE MEDIA: American video game publisher 2K has confirmed that its help desk platform was hacked and used to target customers with fake support tickets pushing malware via embedded links. "Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers," 2K's support account tweeted on Tuesday after BleepingComputer broke the story on the security breach.
READ THE STORY: Bleeping Computer
SIM Swapping Attacks – What They Are and How to Protect Yourself
FROM THE MEDIA: The inadequacy of passwords alone to protect logins to applications and services led many businesses to strengthen access using extra authentication factors. In trying to balance security with user experience, many businesses opted for one-time codes sent to smartphones as a second, convenient way to verify user identities. Ever keen to adapt their tactics, today’s threat actors have devised a way to exploit the prevalence of smartphones in cyber risk management through SIM swapping attacks.
READ THE STORY: Security Boulevard
Commerce lacks intelligence resources to keep U.S. tech from fueling Chinese cyberthreat, experts warn
FROM THE MEDIA: The Commerce Department unit that approves sensitive U.S. technology exports does not have the intelligence resources to fully realize the national security consequences of selling advanced equipment and software to China, several experts and a former agency official told CyberScoop. These critics are especially alarmed by the high percentage of technology approved for the Chinese market and question whether the Bureau of Industry and Security has the staffing and Intelligence Community connections to carry out its mission to safeguard U.S. national security and protect economic interests.
READ THE STORY: CyberScoop
The aftermath of China’s largest data leak
FROM THE MEDIA: In July this year, we wrote about what was possibly the biggest data leak in the modern history of China — one billion Chinese citizens’ data was found for sale on the dark web. The breach was followed closely by another leak of close to 50 million unique users’ data obtained from Shanghai’s health code, Suishenma. For a country like China that usually keeps cyber breaches under wraps, the exposure was a rare one indeed, and fast forward a few months later, the dust is far from settled.
READ THE STORY: TECHWIRE ASIA
As John Deere digitizes, some experts worry about cyber risks
FROM THE MEDIA: If you can jailbreak a phone, you can jailbreak a tractor. And if you can jailbreak a John Deere tractor, you can play Doom on its touchscreen. At DefCon in August, Australian hacker Sick Codes showed how to do just that on John Deere’s 2630 and 4240 model tractors. While playing a video game on a tractor’s computer system may just seem like a stunt, the demonstration brought up important questions about John Deere’s cybersecurity practices—questions made all the more urgent by its ongoing push to pivot its business model toward software and digital subscriptions.
READ THE STORY: EmergingTech Brew
LastPass confirms hackers had access to internal systems for several days
FROM THE MEDIA: The attacker that recently breached LastPass lurked around the network for days before being spotted and eliminated, the company has confirmed. A blog post(opens in new tab) published by the password manager's CEO Karim Toubba revealed that the attacker spent some four days on the compromised network. During that time, though, the attacker did not access customer data, or encrypted password vaults, the investigation has shown.
READ THE STORY: TechRadar
ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat
FROM THE MEDIA: Security researchers are sounding the alarm on the malware tool dubbed ChromeLoader. It first surfaced in January as a consumer-focused, browser-hijacking credential stealer but has now evolved into a widely prevalent and multifaceted threat to organizations across multiple industries. In an advisory released Sept. 19, researchers from VMware's Carbon Black managed detection and response team said they have recently observed the malware being used to also drop ransomware, steal sensitive data, and deploy so-called decompression (or zip) bombs to crash systems.
READ THE STORY: DARKReading
Critical Vulnerability in Oracle Cloud Infrastructure Allowed Unauthorized Access
FROM THE MEDIA: A new vulnerability in Oracle Cloud Infrastructure (OCI) would allow unauthorized access to cloud storage volumes of all users, hence violating cloud isolation. The flaw, discovered by secure cloud experts at Wiz in June and dubbed AttachMe, is now being discussed in a new advisory the company published today. The company said that within 24 hours of being informed by Wiz, Oracle patched the flaw for all OCI customers without any customer action required.
READ THE STORY: InfoSecMag
Developing a Hidden Virtual File System Capability That Emulates the Uroburos Rootkit
FROM THE MEDIA: A few years ago, I read the “Uroburos: The Snake Rootkit” [1] paper written by Artem Baranov and Deresz and was captivated by the hidden kernel-mode Virtual File System (VFS) functionality implemented within Uroburos. Later, I decided to learn Windows device driver programming and thought replicating this functionality within my own rootkit would be an exciting learning experience. I got busy over the next few years, but recently found time to finish the rootkit and to open-source my proof-of-concept implementation.
READ THE STORY: Security Boulevard
US Department of Defense rejects use of social media for disinformation
FROM THE MEDIA: An official stated on Tuesday that the US Department of Defense had initiated a review of its psychological warfare activities following the discovery of bogus social media accounts pushing pro-Western disinformation. Pat Ryder, a spokesman for the Department of Defense, confirmed the review following a story in The Washington Post that social media giants Facebook and Twitter had suspended several bogus accounts, fearing the United States military created them.
READ THE STORY: BOLNEWS
Hackers steal $162 million from Wintermute crypto market maker
FROM THE MEDIA: Digital assets trading firm Wintermute has been hacked and lost $162.2 million in DeFi operations, the company CEO, Evgeny Gaevoy, announced earlier today. Wintermute provides liquidity to over 50 cryptocurrency exchanges and trading platforms, including Binance, Coinbase, Kraken, and Bitfinex. The company remains solvent, holding twice the stolen amount in equity. A service disruption in the following days, though, is to be expected as the platform will work to restore all its operations.
READ THE STORY: Bleeping Computer
Reports Uber and Rockstar incidents work of same attacker
FROM THE MEDIA: Two highly impactful cyber attacks on ride-sharing service Uber and video game developer Rockstar Games that unfolded over the space of three days are being tentatively linked after a threat actor going by the handle teapotuberhacker claimed to be behind both incidents. Details of the Uber incident first emerged on Thursday 15 and Friday 16 September, while the attack on Rockstar – developer of some of the most high-profile and impactful franchises in contemporary gaming – unfolded on 18 and 19 September.
READ THE STORY: ComputerWeekly
Greenpeace: Social media the new battle ground for climate disinformation by brands
FROM THE MEDIA: Social media appears to be the new frontier of climate disinformation and deception as two-thirds of oil and gas (72%), auto (60%), and airline (60%) companies use social media to paint a “green innovation” narrative on their businesses. According to a study done by Greenpeace for the European market, this ratio of ‘green-to-dirty’ in each industry’s public communications misrepresents companies’ commitments to decarbonization.
READ THE STORY: Marketing Interactive
Ransomware as a Service: A new wrinkle on an old threat
FROM THE MEDIA: Ransomware attacks have been damaging to their victims and profitable for the perpetrators. Unlike crimes driven by passion or dire need, they tend to be calculated, cynical and carried out by criminals and scammers who would likely be successful if they chose to start up legitimate businesses and work as hard as they do on their ransomware campaigns.
READ THE STORY: Security InfoWatch
Uber pins security breach on Lapsus$ ransomware group
FROM THE MEDIA: Ride-sharing firm Uber released a statement late Monday saying that although its investigation is ongoing, the company blames last week’s breach of its systems on the same hacking group responsible for a number of ransomware attacks. “We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so.”
READ THE STORY: SCMAG
Ionic propulsion drone test cheered by Undefined Technologies developer
FROM THE MEDIA: Florida startup Undefined Technologies says it has taken a major step in developing a drone it believes could change the entire blossoming UAV service industry by using quieter, powerful ionic propulsions systems rather than rotors to drive UAVs. Undefined Technologies says it passed a testing milestone this month with a 4.5-minute flight of its drone using ionic propulsion, emitting just 75 dB of noise in the process.
READ THE STORY: DroneDJ
Free Decryptor Released for LockerGoga Ransomware
FROM THE MEDIA: The family of ransomware known as LockerGoga has finally been neutralized with the release of a free decrypter capable of unlocking a victim's files. The decryptor(Opens in a new window) was developed as a joint effort between Bitdefender, Europol, the NoMoreRansom Project, the Zürich Public Prosecutor's Office, and the Zürich Cantonal Police. Bitdefender released a detailed PDF guide(Opens in a new window)
READ THE STORY: PCMAG
IHG attackers phished employee to deploy destructive wiper
FROM THE MEDIA: The attackers who broke into the systems of multinational hospitality operator IHG Hotels & Resorts at the beginning of September 2022 have claimed they attempted to stage a ransomware attack but instead used a data wiper malware to wreak havoc. The attack rendered parts of IHG’s customer-facing website inoperable for a time, causing disruption to online bookings and a number of other applications, although the organization’s site is now functioning normally.
READ THE STORY: Computer Weekly
Another mind-blowing deal for Lior Suchard: CrowdStrike acquiring Reposify
FROM THE MEDIA: Cybersecurity giant CrowdStrike is acquiring Israeli startup Reposify, which develops an external attack surface management (EASM) platform. Reposify’s platform scans the internet for exposed assets of an organization to detect and eliminate risk from vulnerable and unknown assets before attackers can exploit them. The deal is estimated at several tens of millions of dollars.
READ THE STORY: CTECH
L.A. Unified cyberattackers demand ransom
FROM THE MEDIA: The hackers who targeted the Los Angeles Unified School District have made a ransom demand, officials confirmed Tuesday, an indication that the attackers have extracted sensitive data or believe they can bluff the district into thinking that they have. “We can confirm that there was a demand made,” L.A. schools Supt. Alberto Carvalho said. “There has been no response to the demand.”
READ THE STORY: LA Times
US Treasury official says crypto mixers are a 'concern' in enforcing sanctions
FROM THE MEDIA: Elizabeth Rosenberg, the assistant secretary for terrorist financing and financial crimes at the United States Department of the Treasury, suggested sanctioning cryptocurrency mixers could help strengthen the government’s response to foreign entities looking to use digital assets for illicit means.
READ THE STORY: Coin Telegraph
Hackers share personal data of 1.5 million TAP passengers
FROM THE MEDIA: Ransomware gang Ragnar Locker has said today that it continues to have access to the IT systems of Portugal’s ‘flagship’ airline TAP. In a hugely embarrassing twitter post, the group has actually accused TAP of reacting to its cyberattack by trying “to do anything but actually protect customer data”. “In an attempt to hide the truth they even attacked our resource, “very reasonable” solution for such a serious company. They are much closer to hackers, scammers or abusers than to legal business”.
READ THE STORY: Portugal Resident
Alternative payment apps such as AliPay a boon for cybercriminals, experts tell Congress
FROM THE MEDIA: Experts warned members of Congress against a myopic focus on the illicit role of cryptocurrencies, instead pointing to how payment apps developed in China and Russia pose a national security threat. “Focusing only on cryptocurrency risks misunderstanding this global, thriving ecosystem,” Scott Dueweke, global fellow at the Wilson Center, told members of the House Financial Services subcommittee on National Security, International Development, and Monetary Policy on Tuesday.
READ THE STORY: CyberScoop
Space Force procurement chief criticizes over-engineered satellite programs
FROM THE MEDIA: The U.S. Space Force is buying billion-dollar satellites that on average take seven years to develop while China is moving to build new constellations at a rapid pace. This is a problem that calls for new ways of doing business, said Frank Calvelli, assistant secretary of the Air Force for space acquisition and integration. Speaking on a panel Sept. 20 at the Air, Space & Cyber conference, Calvelli said satellites need to be smaller, cheaper and made more rapidly.
READ THE STORY: SpaceNews
Russia in the Balkans After Ukraine: A Troubling Actor
FROM THE MEDIA: The Kremlin has demonstrated repeatedly that the Balkans are a conducive environment for punching back against the United States and the European Union (EU). The region’s ample ethnic, political, and social fractures, along with widespread disenchantment with the slow pace of Euro-Atlantic integration, create easy opportunities for Moscow to disrupt the post–Cold War European order.
READ THE STORY: Carnegie Endowment For International Peace
Cyber loot: Conti RaaS reaped US$180 million in 2021 from ransom payments
FROM THE MEDIA: The prolific RaaS (Ransomware-as-a-Service) group Conti, which has been bringing governments and businesses throughout the world to their knees with their RaaS model, have made a mountain of money as high as US$ 180 million last year, says an Akamai report.
READ THE STORY: The Tech Panda
UK and allies expose Iranian state agency for exploiting cyber vulnerabilities for ransomware operations
FROM THE MEDIA: The UK and international allies have issued a joint cyber security advisory highlighting that cyber actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) are exploiting vulnerabilities to launch ransomware operations against multiple sectors. Iranian-state APT actors have been observed actively targeting known vulnerabilities on unprotected networks, including in critical national infrastructure (CNI) organizations.
READ THE STORY: NCSC
US To Sentence Ukrainian Hacker Vasinskyi Over Ransomware Attacks
FROM THE MEDIA: A US court will sentence Ukrainian hacker Yaroslav Vasinskyi on March 22, 2023, in connection to multiple ransomware attacks he carried out against companies, including the software firm Kaseya, US District Judge Karen Scholer's courtroom deputy told Sputnik on Tuesday. Scholer moved Vasinskyi's sentencing hearing from December 15 to March 22, 2023, according to the court official.
READ THE STORY: URDUPOINT
Quantum computing risks
FROM THE MEDIA: Deloitte has published the results of a survey on awareness of cybersecurity risks related to quantum computing. The survey found that just over half (50.2%) of respondents are aware of “harvest now, decrypt later” attacks. These attacks involve stealing encrypted data and storing it until a quantum computer is developed that can break the encryption. 26.6% of respondents said their organization has already conducted a risk assessment on quantum computing risks, while 18.4% plan to conduct an assessment within one year.
READ THE STORY: The Cyberwire
Items of interest
China surveillance policies follow facial recognition spread along Silk Road: activists
FROM THE MEDIA: Chinese technologies and tactics to tackle dissent and control internet use are spreading to countries along its Digital Silk Road, according to activists speaking to the Thomson Reuters Foundation (TRF), the charitable arm of Thomson Reuters, who fear that China itself may be amassing data.
The TRF report includes the case of people protesting job losses at a Hong Kong-listed casino in Phnom Penh, where drones hovered above them as they spoke out. Cambodian activists say they are under constant surveillance, by technology supplied by China via digital surveillance packages.
Activists state the technologies are deployed without a legal framework, without public consultation. They claim the technologies such as AI facial recognition that were used for discriminating against Uyghurs in smart city projects in China.
READ THE STORY: BIOMETRIC UPDATE
TSMC: The Real World Superpower (Video)
FROM THE MEDIA: Semiconductor manufacturing is the most sophisticated, unforgiving high volume production technology that has ever been done successfully. You need a lot of practice. The more chips that TSMC makes, the better it gets at it.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com