Monday, October 03, 2022 // (IG): BB // INTSUM // Coffee for Bob
Lockbit 3.0 Ransomware Gang Emerges as Leading Threat Actor
FROM THE MEDIA: The organized cybercriminal group behind Lockbit is becoming more effective. Now known as Lockbit 3.0, the gang surged to the top among threat actors in August, registering 64 incidents – 40% of all ransomware attacks recorded for the month. And it wasn’t just the volume that makes it important: The group continued its streak of undesirable innovation with a new triple extortion model, along with novel methods of ransom payments.
READ THE STORY: ITPro Today
Cyber Espionage and Information Warfare in Russia
FROM THE MEDIA: Where Russia may fall behind other countries around the world regarding military capabilities and combat resources, Russia’s continued cyber espionage and information warfare campaign has been developed to balance out power with the rest of the world. This technological battle, which is usually conducted remotely, without a spy ever leaving their home country (Terry, 2018) has become the future of warfare.
READ THE STORY: Small Wars Journal
Reflected XSS bugs in Canon Medical ’s Vitrea View could expose patient info
FROM THE MEDIA: During a penetration test, Trustwave Spiderlabs’ researchers discovered two reflected cross-site scripting (XSS) vulnerabilities, collectively as CVE-2022-37461, in third-party software for Canon Medical’s Vitrea View. The Vitrea View tool allows viewing and securely share medical images through the DICOM standard. An attacker can trigger the flaws to access/modify patient information (i.e. stored images and scans) and obtain additional access to some services associated with Vitrea View.
READ THE STORY: Security Affairs
Mandiant uncovers malware ecosystem deployed on VMware hypervisors and guest systems
FROM THE MEDIA: Mandiant research has uncovered a novel malware ecosystem that was found deployed on VMware hypervisors and guest systems by an advanced and suspected China nexus threat actor. The company says it has identified a unique technique in which a threat actor used malicious vSphere Installation Bundles (VIBs) to install multiple persistent backdoors on ESXi hypervisors, which are used across a variety of large organizations in various industries like government, finance, defense, and technology.
READ THE STORY: Security Brief
Russians dodging mobilization behind flourishing scam market
FROM THE MEDIA: Ever since Russian president Vladimir Putin ordered partial mobilization after facing setbacks on the Ukrainian front, men in Russia and the state's conscript officers are playing a 'cat and mouse' game involving technology and cybercrime services. More specifically, many Russian men eligible for enlistment have resorted to illegal channels that provide them with fabricated exemptions, while those fleeing the country to neighboring regions turn to use identity masking tools.
READ THE STORY: Bleeping Computer
Two Microsoft Exchange zero-days exploited in the wild
FROM THE MEDIA: Late Friday Microsoft disclosed that two zero-days afflicted three versions of its widely used Exchange Server. Redmond's initial disclosure said: "Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker.
READ THE STORY: The Cyberwire
DPRK Hackers Lacing Legit Software with Malware
FROM THE MEDIA: Microsoft threat hunters discovered a new phishing campaign launched by a North Korean government-backed hacking group involving the use of weaponized open-source software. The malware is laced with extensive capabilities, including data theft, spying, network disruption, and financial gains. In the new campaign, hackers are weaponizing famous open-source software, and their primary targets are organizations in the aerospace, media, IT services, and defense sectors.
READ THE STORY: Hackread
What business and government leaders need to know about Putin’s declared intent
FROM THE MEDIA: Putin’s annexation speech of 30 September 2022 (see Kremlin website) included declarations of his view of the world that make it clearer than ever that he wants all of Russia to believe the West is at war with them. He also made his best case for other nations globally that Russia is on their side in opposition to an evil alliance of Western powers led by the US. It is propaganda, but insightful for business and government leaders seeking to understand global geopolitical risks.
READ THE STORY: OODALOOP
Luxury hotel chain hacked
FROM THE MEDIA: A DATABASE breach has occurred at luxury hotel chain Shangri-La Group, potentially exposing the personal information of guests who had stayed at its hotels in Singapore, Hong Kong, Chiang Mai, Taipei and Tokyo. In an email informing affected guests on Friday, the group’s senior vice-president for operations and process transformation, Brian Yu, said: “A sophisticated threat actor managed to bypass Shangri-La’s IT security monitoring systems undetected and illegally accessed the guest databases.”
READ THE STORY: The Star
Cybercriminals behind Los Angeles Unified School District ransomware attack release hacked data, superintendent says
FROM THE MEDIA: Cybercriminals who targeted the Los Angeles Unified School District, the second largest in the nation, with a ransomware attack have released some of the hacked data online, according to a tweet from LAUSD Superintendent Alberto M. Carvalho. “Unfortunately, as expected, data was recently released by a criminal organization,” the tweet read. “In partnership with law enforcement, our experts are analyzing the full extent of this data release.” A hotline has been set up to assist those who have questions or need support, according to the tweet.
READ THE STORY: CNN
BlackCat ransomware gang claims to have hacked US defense contractor NJVC
FROM THE MEDIA: The ALPHV/BlackCat ransomware gang claims to have breached the IT firm NJVC, which supports the federal government and the United States Department of Defense. The company supports intelligence, defense, and geospatial organizations. The company has more than 1,200 employees in locations worldwide. BlackCat added NJVC to the list of victims on its Tor leak site and is threatening to release the allegedly stolen data if the company will not pay the ransom.
READ THE STORY: Security Affairs
Continuous attack attempts discovered on Atlassian Confluence zero day
FROM THE MEDIA: Following a coordinated disclosure of a zero-day vulnerability by Volexity in Atlassian Confluence, now known as CVE-2022-26134, attackers went wild to exploit it, according to Barracuda. Since the original disclosure and subsequent publication of various proofs of concept, researchers at Barracuda have analyzed data from their installations worldwide and discovered large numbers of attempts to exploit this vulnerability.
READ THE STORY: ITBrief AUS
How cyber governance and disclosures are closing the gaps in 2022
FROM THE MEDIA: Cybersecurity is reaching an inflection point. Risks are growing and broader regulations are looming. Some companies are keeping pace, but others are lagging, both in disclosures and warding off threats. To close these gaps, directors should foster a culture of cooperation while elevating the tone at the top. This is the year for directors to double down on closing the gaps in the company’s cybersecurity defense and disclosure practices.
READ THE STORY: Harvard Law
Algorithmic Warfare: Zero Trust Architecture Rises Across Industries
FROM THE MEDIA: Government agencies and businesses around the world are moving rapidly to adopt the cybersecurity practice zero trust, a change from just a few years ago, according to a new report. Information technology company Okta recently released its annual global snapshot of zero trust implementation across industries and found that 72 percent of government organizations surveyed were already employing zero trust methods.
READ THE STORY: National Defense Magazine
How to Halt North Korean Cyber Aggression
FROM THE MEDIA: Amid growing threats in cyberspace, the Republic of Korea (ROK) under President Yoon Suk-yeol is likely to deepen its cyber cooperation with the United States. Unlike his predecessor, who had been criticized for being soft on Pyongyang, Yoon has made it clear that his administration will take a stern stance against North Korea’s aggression, including in cyberspace. Yoon’s administration has identified cybersecurity as one of the most pressing threats and designated it as a key national task.
READ THE STORY: National Interest
Rugged long-range RF-over-fiber systems for satellite communications (SATCOM introduced by ETL Systems
FROM THE MEDIA: ETL Systems Ltd. in Madley, England, is introducing the next evolution of StingRay, the company's RF-over-fiber range with additional functionality and flexibility for satellite operations. RF over fiber is a dependable and reliable way of moving satellite communications (SATCOM) signals over long distances than standard coaxial cable. With fiber modules that enable antennas and IRD modems to link from 100 meters to more than 500 kilometers, this is an efficient way to transport IF, L and C-band transmit and receive satellite signals.
READ THE STORY: Military Aerospace Electronics
Russia and China Challenging America for Space Supremacy
FROM THE MEDIA: Space could be the decisive theater of conflict in the next world war. Modern militaries, especially the major powers, are reliant upon satellite networks for communications, missile tracking and defense, integrated command and control and targeting systems. These systems enable nations to fight wars with high-tech armaments and nuclear weapons. Whoever controls space, or can destroy their adversaries’ satellite networks, gains a momentous advantage.
READ THE STORY: The Trumpet
Russia smuggling Ukrainian grain to help pay for Putin’s war
FROM THE MEDIA: When the bulk cargo ship Laodicea docked in Lebanon last summer, Ukrainian diplomats said the vessel was carrying grain stolen by Russia and urged Lebanese officials to impound the ship. Moscow called the allegation “false and baseless,” and Lebanon’s prosecutor general sided with the Kremlin and declared that the 10,000 tons of barley and wheat flour wasn’t stolen and allowed the ship to unload. But an investigation by The Associated Press and the PBS series “Frontline” has found the Laodicea, owned by Syria, is part of a sophisticated Russian-run smuggling operation that has used falsified manifests and seaborne subterfuge to steal Ukrainian grain worth at least $530 million — cash that has helped feed President Vladimir Putin’s war machine.
READ THE STORY: News 10
Securing Europe’s Critical Entities from Cyber Attacks
FROM THE MEDIA: On 28 October 2021, the Parliament of the European Union (EU) adopted the revised Network and Information Security (NIS) Directive, commonly referred to as NIS-2, which builds on and repeals Directive (EU) 2016/1148 on Security of Network and Information Systems (NIS Directive) (1). The NIS Directive initially implemented in 2016 is the first piece of EU-wide legislation on cybersecurity aimed at providing legal measures to boost the overall level of cybersecurity in the EU and its specific aim was to achieve a high common level of cybersecurity across the member states.
READ THE STORY: PharmTech
How US midterm elections renew cyber threat debate
FROM THE MEDIA: Are cyber threats poised to disrupt another American election? Ahead of this fall’s midterm elections, Meta, in accordance with a government directive, disclosed its plan to combat cyber threats and suppress disinformation on its platforms. To this end, the corporation is expanding features and security functions in order to remove misinformation about election dates, voting locations, voter eligibility and election outcomes.
READ THE STORY: JPOST
Chinese espionage, cyber programs pose major counterintelligence threat, Senate report warns
FROM THE MEDIA: China’s human spying, cyber espionage and more recently covert disinformation operations are a “600-pound gorilla in the room” of foreign counterintelligence threats, according to a Senate report on the growing problem of adversary spying. The heavily-redacted report by the Senate Select Committee on Intelligence warns that the U.S. government’s central counterintelligence agency and other components are ill-equipped and poorly structured to counter growing foreign spy threats.
READ THE STORY: Washington Times
US denies link between Iran's release of Americans and funds held abroad
FROM THE MEDIA: The United States on Sunday rejected Iranian reports that Tehran s release of two detained Americans will lead to the unfreezing of Iranian funds abroad. Baquer Namazi, 85, was permitted to leave Iran for medical treatment abroad, and his son Siamak, 50, was released from detention in Tehran, the United Nations said on Saturday. Now Iran is awaiting the release of about $7 billion in funds frozen abroad, Iranian state media said Sunday. "With the finalization of negotiations between Iran and the United States to release the prisoners of both countries, $7 billion of Iran s blocked resources will be released," the state news agency IRNA said.
READ THE STORY: Dunya News
Ukraine is Winning the Cyber War
FROM THE MEDIA: When Russia invaded, Ukrainian soldiers not only beat its tanks. They defeated Russia’s cyber soldiers, too, two experts said on the final day of the CEPA Forum. At the beginning of the war, Russia managed to disable Ukraine’s satellite communications. But the Ukrainians managed to restore it quickly, says Dimitri Alperovitch, chairman of Silverado Policy Accelerator, a geopolitics think-tank in Washington, DC, and a co-founder and former chief technology officer of a cybersecurity company Crowstrike. The country’s energy networks, banks, and other vulnerable targets continued to run.
READ THE STORY: SN
Inside The Mysterious IT Army Of Ukraine: A Group Admin
FROM THE MEDIA: When Russia invaded Ukraine in February, most thought it would be a short, bloody fight and a walkover for the superpower. But the war has dragged on and Ukrainians have virtually hollowed out the Russian forces. As Russia started its invasion of Ukraine, ordinary people took up arms to defend their country, but they are not the only ones fighting. Away from the trenches and artillery duels, many Ukrainians have joined the IT Army of Ukraine (ITAU), a volunteer cyber warfare organization created at the end of February, to fight against Russia in cyberspace.
READ THE STORY: SN
Chinese hacking group targeting US agencies and companies has surged
FROM THE MEDIA: An elite Chinese hacking group with ties to operatives indicted by a US grand jury in 2020 has surged its activity this year, targeting sensitive data held by companies and government agencies in the US and dozens of other countries, according to an expert at consulting giant PricewaterhouseCoopers. The findings highlight the biggest cyber-espionage challenge facing the Biden administration: combating a Chinese hacking program that the FBI has called more prolific than that of all other governments in the world combined.
READ THE STORY: SN
Items of interest
SpaceX repositions Starlink satellites over Florida to help provide internet
FROM THE MEDIA: Florida Gov. Ron DeSantis said that SpaceX CEO Elon Musk has agreed to help get internet to areas of Florida impacted by Hurricane Ian. In a news conference held Saturday, DeSantis announced that Musk and SpaceX were donating 120 large satellite units with a 13-mile service radius and could support over 1,000 internet users simultaneously, according to The Tampa Bay Times. “They’ve donated the cost associated with all of the coverage, so we want to thank SpaceX and thank Elon Musk for that. A large device, you can put it different areas in the community that are having problems and they can get a 13-mile radius and they can support over 1,000 users at a given time,” said DeSantis.
READ THE STORY: SN
Data Brokers: The Dark Industry of Selling Your Identity for Profit (Video)
FROM THE MEDIA: Data Brokers… a dark industry based on selling your identity for profit that is currently worth billions. When people say “data is the new oil” there’s no other industry that better illustrates this than the world of data brokers. In this video we’ll take a look at exactly how data brokers are taking your personal information and selling it off for a hefty profit… all behind your back.
The Secret Signals Hiding at Hacking's Biggest Conferences Darknet Diaries Ep. 43: PPP (Video)
FROM THE MEDIA: Most who go to big hacker conferences like DEFCON in Las Vegas attend talks or learn new skills. But some are following the clues to a parallel world.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com