Monday, Sept 26, 2022 // (IG): BB // Sponsor: Buy me a whiskey
Threat actors target GitHub users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform
FROM THE MEDIA: GitHub is warning of an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The company learned of the attacks against its users on September 16, it pointed out that the phishing campaign has impacted many victim organizations except GitHub. Phishing messages claims that a user’s CircleCI session expired and attempt to trick recipients into logging in using GitHub credentials.
READ THE STORY: Security Affairs
New hacking group ‘Metador’ lurking in ISP networks for months
FROM THE MEDIA: A previously unknown threat actor that researchers have named 'Metador' has been breaching telecommunications, internet services providers (ISPs), and universities for about two years. Metador targets organizations in the Middle East and Africa and their purpose appears to be long-term persistence for espionage. The group uses two Windows-based malware that have been described as "extremely complex" but there are indications of Linux malware, too.
READ THE STORY: Bleeping Computer
Ransomware data theft tool may show a shift in extortion tactics
FROM THE MEDIA: Data exfiltration malware known as Exmatter and previously linked with the BlackMatter ransomware group is now being upgraded with data corruption functionality that may indicate a new tactic that ransomware affiliates might switch to in the future. The new sample was spotted by malware analysts with the Cyderes Special Operations team during a recent incident response following a BlackCat ransomware attack and later shared with the Stairwell Threat Research team for further analysis (Symantec saw a similar sample deployed in a Noberus ransomware attack).
READ THE STORY: Bleeping Computer
Duchess of York ‘among famous faces whose details have been spread on Dark Web by Russian hackers’
FROM THE MEDIA: The Duchess of York is among a group of famous faces who have reportedly had their personal details leaked by Russian hackers on the so-called ‘Dark Web’. Prince Andrew’s ex-wife Sarah Ferguson, 62, along with 58-year-old Lady Sarah Chatto – King Charles’ cousin – and Sir David Attenborough, 96, were targeted by a group known as the ‘Snatch Team’, The Mail on Sunday (25.09.22) said. Also on a list of celebrities hit are tennis star Tim Henman, 48, snooker champion Ronnie O’Sullivan, 46, according to the publication. The Mail on Sunday says the hackers hacked their data when they targeted luxury organic food company Daylesford, a favourite of the rich and powerful and dubbed “Britain’s poshest farm shop”.
READ THE STORY: Yakima Herald
Ransomware bill reintroduced by Coalition
FROM THE MEDIA: Shadow home affairs minister Karen Andrews has reintroduced the former government’s ransomware bill without significant alterations and criticized the Albanese government for a lack of action on cybersecurity reform. The private members bill was introduced to Parliament on Monday, just days after a significant data breach at Optus exposed the personal information of 9.8 million customers. The bill was initially introduced by the Coalition government in February but was not debated before parliament was dissolved in April, ahead of the election.
READ THE STORY: Innovation Aus
Australia makes ‘great progress’ addressing security threats against economy
FROM THE MEDIA: Following amendments made to the Security of Critical Infrastructure Act 2018 (SOCI Act), which took effect on 8th July, many more Australian businesses are now subject to strict 12-hour cyber incident reporting requirements - and furthermore, the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) from April 2022 introduced a new obligation for responsible entities to create and maintain a critical infrastructure risk management program. However, a global report by Thales – Cyber Threats to Critical Infrastructure 2022 - has found that critical infrastructure industries around the world are still facing major challenges and gaps in their approach to protection and risk management.
READ THE STORY: ITwire
Minister hits out at Optus after breach
FROM THE MEDIA: Home Affairs Minister Clare O'Neil has delivered a scathing attack on Optus in the wake of the data breach of millions of customers. Ms. O'Neil said responsibility for the breach laid squarely at the feet of the telco giant and that the government was looking at ways to mitigate the fallout from the breach. Optus revealed on Thursday it had been the target of a cyber attack that exposed the personal information of up to 9.8 million Australians, including details such as driver's license and passport numbers.
READ THE STORY: The Leader
Malware Drawback in the Zoom Websites
FROM THE MEDIA: People around the globe have relied heavily on the Zoom meetings feature during the pandemic. It is deemed to be the most trusted app while working from home. However, the sources have warned people from downloading the legitimate version of Zoom meetings. Multiple criminal gangs are making fake versions of the app to download their IP address and steal banking data with other information. The problem could lead you to download nasty viruses and malware into phones and laptops. Threat Researchers at Cybersecurity firm Cyble have found six fake zoom sites.
READ THE STORY: Digital Information World
‘Anonymous’ Releases Data Of All MPs, Urges Iranians Not To Stop ‘Revolution’
FROM THE MEDIA: Hacktivist group ‘Anonymous’ has hacked the database of Iran’s parliament and the Supreme Audit Court, releasing the phone numbers and other data of all lawmakers. In a video message published on Sunday, the group announced it has hacked the website of the parliament as part of its ongoing operation against the government of Iran in solidarity with the popular protests triggered by the death in custody of the 22-year-old woman Mahsa Amini. “Our support for the Iranian protests will continue. As you all know, the government is trying everything to stop you. Don’t give up,” said a distorted voice on the video. “Do not leave the streets. Do not stop the revolution.”
READ THE STORY: Iran International
Ukraine Arrests Cybercrime Group for Selling Data of 30 Million Accounts
FROM THE MEDIA: Ukrainian law enforcement authorities on Friday disclosed that it had "neutralized" a hacking group operating from the city of Lviv that it said acted on behalf of Russian interests. The group specialized in the sales of 30 million accounts belonging to citizens from Ukraine and the European Union on the dark web and netted a profit of $372,000 (14 million UAH) through electronic payment systems like YooMoney, Qiwi, and WebMoney that are outlawed in the country. "Their 'wholesale clients' were pro-kremlin propagandists," the Security Service of Ukraine (SSU) said in a press release. "It was them who used the received identification data of Ukrainian and foreign citizens to spread fake 'news' from the front and sow panic."
READ THE STORY: THN
T-Mobile has agreed to pay $350 million to settle complaints from last year’s data breach
FROM THE MEDIA: Wireless service provider T-Mobile has agreed to pay $350 million to settle complaints resulting from a significant data breach that happened last year. The plaintiffs claim that the theft exposed data on millions of customers.
The settlement was initially made public by the Securities and Exchange Commission (SEC) in a filing in July. Payments to present and past T-Mobile customers may be a part of the settlement. Naturally, not the entire $350 million will be given to customers. Lawyers need to be paid. In addition, $150 million will be used to enhance T-Mobile security, which the hacker referred to as “awful” in a Wall Street Journal confession.
READ THE STORY: The Tech Outlook
U.S. Treasury issues sanctions on virtual currency mixers
FROM THE MEDIA: Since May 2022, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two virtual currency mixers in an effort to combat money laundering and terrorism financing. The Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said, “Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests. We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”
READ THE STORY: AUSTRAC
Our Conflict With Iran Is Unparalleled', Say Israel's Elite Cyber Unit Commanders
FROM THE MEDIA: Unit 8200, once cautiously dubbed “the central intelligence collection unit of the Intelligence Corps,” is today a huge information enterprise. The number of soldiers serving there, both enlisted and career soldiers, is larger than the workforce of the Mossad or the Shin Bet security service. And counting all the unit’s active reservists, its manpower outnumbers both of those agencies put together.
READ THE STORY: Haaretz
Wall Street Banks Prep for Grim China Scenarios Over Taiwan
FROM THE MEDIA: Global financial firms, still smarting from multi-billion dollar losses in Russia, are now reassessing the risks of doing business in Greater China after an escalation of tensions over Taiwan. Lenders including Societe Generale SA, JPMorgan Chase & Co. and UBS Group AG have asked their staff to review contingency plans in the past few months to manage exposures, according to people familiar with the matter. Global insurers, meanwhile, are backing away from writing new policies to cover firms investing in China and Taiwan, and costs for political risk coverage have soared more than 60% since Russia’s invasion of Ukraine.
READ THE STORY: Bloomberg
US senators seek review of Chinese chip firm after Apple hints at use
FROM THE MEDIA: In a statement, Mark Warner (Virginia) and Marco Rubio (Florida) wrote to the director of National Intelligence, Avril Haines, seeking a review of alleged risks that YMTC poses to US national security. Over the last few years, the US has sought to cut off Chinese companies' access to advanced semiconductors. One of the firms affected has been Huawei Technologies, once a leader in the smartphone industry in China, but now reduced to a bit player. The letter was also signed by Democrat majority leader in the House, Chuck Schumer of New York, and Senator John Cormyn, a Republican from Texas.
READ THE STORY: ITwire
VPN Companies Plug Out Servers in India as New Data Rules Are Imposed
FROM THE MEDIA: Expanded data privacy laws in India drove a slew of VPN companies out. This follows recent Ministry of Electronics and Information Technology (MeitY) rulings requiring VPN companies and other online platforms to collect critical information from clients under the pretext of a cyber security procedure. VPN providers in India did not bother to wheel and deal with the country's information technology agencies because doing so would be a direct violation of their own privacy protection standards. Based on a Wired report, VPN companies are now intending to unplug their servers in the South Asian country.
READ THE STORY: TechTimes
Indonesia Launches Information Aggregator Website
FROM THE MEDIA: The information from numerous ministries and institutions, even local governments, will now be combined into one website. The aggregator website Indonesiakini.go.id has been launched by the Ministry of Communication and Information. This action will make it simpler for the public to obtain reliable information on the numerous policies and initiatives that the government has implemented and will continue to implement. “We hope that with this website, the public can find out the current situation, and condition of Indonesia by just clicking on one website.
READ THE STORY: Open Gov Asia
Cyber war could be approaching; are you ready
FROM THE MEDIA: The past few years have brought us some frightening and unprecedented circumstances which most of us have felt unprepared to handle. From the pandemic to massive inflation and then a war that threatens to engage the whole world, we’ve seen crisis after crisis at a seemingly heightened rate, and it seems unclear at best as to when this onslaught will end. One of the most alarming aspects of recent events involves the initiation of Russia’s war on Ukraine. Hours before the invasion began, Russia deployed a new kind of cyber war that was intended to destroy data…and it did.
READ THE STORY: TECHAERIS
North Korean hackers using NFTs to steal and launder funds
FROM THE MEDIA: North Korea’s cyber warriors have leveraged the craze over nonfungible tokens, or NFTs, to help launder the proceeds of cyber crime and generate funds for its weapons of mass destruction programs, a forthcoming U.N. report seen by NK Pro states. According to information from an unnamed country provided to the U.N. Panel of Experts on North Korea, several “NFT incidents” linked to the DPRK began cropping up near the end of 2021. The report offers little additional information about the specific incidents aside from the widely reported $620 million mega-heist from Axie Infinity earlier this year
READ THE STORY: NKNEWS
Iran’s pro-government counter-protesters try to change narrative
FROM THE MEDIA: The calls to gather have been coming through announcements and mass text messages. But with international attention on the protests that have rocked Iran following the death of a woman in the custody of the country’s “morality police”, the mass gatherings called for in the messages have been to show support, not opposition, to the Iranian government. The calls followed a similar effort two days ago following Friday prayers, which saw thousands join. The demonstrations are part of an effort by Iran’s authorities to push back against what they have termed the “norm-breaking” behavior exhibited during nine days of protests across the country since the death of 22-year-old woman Mahsa Amini.
READ THE STORY: Jago News 24
‘Don’t pay cyber ransoms’ – Garda warning as it’s revealed a third of SMEs have paid criminal groups this year
FROM THE MEDIA: A third of Irish small and medium-sized firms have paid ransoms to cyber criminals this year, a study has found, down from over half last year. The average cost of each ransom paid was €22,773, the survey found. Almost three-quarters (74pc) of firms that have paid ransoms have done so on multiple occasions, the survey from IT services firm Typetec shows. The news comes just weeks after the National Cyber Security Centre and the Garda National Cyber Crime Bureau warned small-business owners that they are increasingly being targeted by ransomware groups.
READ THE STORY: Independent IE
Forescout researchers identify prominent cyberthreat trends, popular hacking groups, and evolving extortion techniques
FROM THE MEDIA: Forescout Technologies, the global leader in automated cybersecurity, recently analyzed and chronicled various the evolving complexity of the cyberthreats landscape – with ransomware being the main threat targeting most organizations nowadays. The new threat report highlights a series of observations about the most relevant activity they have seen during the 2022H1, and also the ways to bolster the current defensive strategies to account for these developments.
READ THE STORY: Express Computer
Items of interest
Morgan Stanley Hard Drives Got Auctioned
FROM THE MEDIA: Federal regulators accused Morgan Stanley on Tuesday of “astonishing” failures that led to the mishandling of sensitive data on some 15 million customers. Morgan Stanley was slapped with a $35 million fine from the Securities and Exchange Commission for extensive failures to safeguard personal identifying information on its clients. Since at least 2015 Morgan Stanley did not properly get rid of devices holding sensitive customer data, according to the settlement. In one episode described by the SEC, Morgan Stanley hired a moving company – one that had “no experience or expertise” in data destruction – to decommission thousands of hard drives and servers holding customer data.
READ THE STORY: CNN
How To Build Community (Video)
FROM THE MEDIA: What are the business fundamentals to building an online community? How do you choose the right platform to grow in? How do you even begin growing your community?
Why Corruption is China's Secret Weapon (Video)
FROM THE MEDIA: A huge part of this video is based on Yuen Yuen Ang’s great book “China's Gilded Age: The Paradox of Economic Boom and Vast Corruption”.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com