Wednesday, October 05, 2022 // (IG): BB // INTSUM // Coffee for Bob
Poisoned' Tor Browser tracks Chinese users' online history, location
FROM THE MEDIA: A modified version of the Tor Browser collected sensitive data on Chinese users since at least March, maybe as early as January, that included browsing history, form data, computer name and location, user name and MAC addresses of network adapters, researchers with the cybersecurity firm Kaspersky said Tuesday.
READ THE STORY: Cyberscoop
‘New frontier’ of crypto laundering involves cross-chain bridges and DEXs: Elliptic
FROM THE MEDIA: New research from blockchain analytics and crypto compliance firm Elliptic has revealed the extent to which cross-chain bridges and decentralized exchanges (DEXs) have removed barriers for cybercriminals. In an Oct. 4 report titled “The state of cross-chain crime,” Elliptic researchers Eray Arda Akartuna and Thibaud Madelin took a deep dive into what they described as “the new frontier of crypto laundering.”
READ THE STORY: Coin Telegraph
Ferrari denies data breach and ransomware attack following gang’s online claims
FROM THE MEDIA: Luxury car maker Ferrari is denying that it was hit with a ransomware attack after a gang added the company to its list of victims this week. The ransomware group RansomEXX posted to its leak site on Sunday claiming to have stolen 7 GB of data from the company. The stolen documents allegedly include contracts, invoices, internal company information, repair manuals and more.
READ THE STORY: The Record
CSET on China’s Advanced AI Research and the China AI “Watchboard” Pilot Program
FROM THE MEDIA: The Center for Security and Emerging Technology (CSET) is one of the best policy research organizations that we track and analyze. They pursue bleeding edge subject matter, always take a fresh angle, and deliver really legible, actionable results. We have integrated CSET research into our OODA Loop research and analysis on topics ranging from artificial intelligence, dis- misinformation and information disorder (what we characterize as a crucial strategic need for National Cognitive Infrastructure Protection), technology talent retention, and the CHIPS Act.
READ THE STORY: OODA LOOP
Steganography used in campaigns targeting the Middle East and Africa
FROM THE MEDIA: Symantec says the Witchetty cyberespionage actor has been using the ProxyShell and ProxyLogon vulnerabilities to target "the governments of two Middle Eastern countries and the stock exchange of an African nation." Witchetty (also known as LookingFrog) has some tenuous links to the China-based APT10, although Symantec doesn't make any formal attribution. The researchers explain that one of the threat actor's new tools "leverages steganography to extract its payload from a bitmap image.
READ THE STORY: The Cyberwire
Hacktivists seek to aid Iran protests with cyberattacks and tips on how to bypass internet censorship
FROM THE MEDIA: Anonymous and other global hacking groups are engaged in a multipronged cyber assault on Iran, joining the fight with protesters on the ground in resistance to the country’s strict hijab laws. Thousands of amateur hackers have organized online to orchestrate cyberattacks on Iranian officials and institutions, as well as share tips on how to get around curbs on internet access by using privacy-enhancing tools.
READ THE STORY: CNBC
Banning TikTok won’t protect Americans’ sensitive data
FROM THE MEDIA: Once again, Washington is obsessing over TikTok. The White House is reportedly reviewing a draft agreement with the video app, according to The New York Times, that would involve the company changing its data security practices without officially cutting ties with its Chinese owner, ByteDance. And just days prior to that news surfacing last week, President Biden signed an executive order on CFIUS, the Committee on Foreign Investment in the United States, emphasizing the importance of data security in investment review decisions.
READ THE STORY: Cyberscoop
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
FROM THE MEDIA: From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to advanced persistent threat (APT) activity on a Defense Industrial Base (DIB) Sector organization’s enterprise network. During incident response activities, CISA uncovered that likely multiple APT groups compromised the organization’s network, and some APT actors had long-term access to the environment.
READ THE STORY: CISA
NATO struggles with how to protect vital undersea links after Nord Stream blasts
FROM THE MEDIA: NATO allies are struggling to work out how to better safeguard undersea critical infrastructure after the Nord Stream pipelines blasts laid bare the difficulty of monitoring facilities and identifying any attackers. The sheer scale and underwater depth of assets such as pipelines — or data cables that allow the internet to function — heighten the challenge for governments. With most systems owned by private companies, proving which government may have sponsored an attack is even more complex.
READ THE STORY: Seattle times
China's satellite ground stations in South America
FROM THE MEDIA: China has expanded its use of satellite ground stations in South America, leading multiple governments to express concern about Beijing's intentions, according to a new report. Why it matters: China's space program has close but opaque ties to the country's military, fueling concerns that ostensibly civilian facilities could also be used for intelligence collection and surveillance, according to the report.
READ THE STORY: AXIOS
‘Hybrid warfare’: Nord Stream attacks show how war is evolving
FROM THE MEDIA: It’s not yet clear who carried out the attacks on the Nord Stream gas pipelines in the Baltic Sea last week, although many Western nations are suspicious it was an act of sabotage by Russia. What is clear is that the ruptures have added to already heightened tensions and an impending energy crisis in the region. While further investigations are required, if Russia was behind such sabotage, we can view it as an evolution of “hybrid warfare”, because it would highlight how the energy sector and critical infrastructure can be strategically targeted as an unconventional warfare method.
READ THE STORY: The Conversation
Russian Host Says Foreign Media Stokes Panic, Urges Viewers to Self-Censor
FROM THE MEDIA: Amid mounting losses in Ukraine, a host on a Russian state-run media channel urged viewers to self-censor against foreign reporting. A clip of the host, Armen Gasparyan, was shared on Twitter on Monday evening by Julia Davis, a journalist and creator of the Russian Media Monitor watchdog group. In it, the host acknowledged that it can be hard for Russian citizens to make sense of the losses recently incurred in Ukraine, particularly the setback in Lyman over the weekend.
READ THE STORY: Newsweek
“The Long Cyber War”; Improving security across the enterprise; USCIS zero trust journey
FROM THE MEDIA: The Coast Guard, the National Nuclear Security Administration and the Internal Revenue Service all have cyber struggles according to overseers. Their challenges are representative of the issues every agency faces. Ron Marks, president of ZPN Cyber and National Security Strategies and visiting professor at George Mason University’s Schar School of Policy and Government, discusses the overarching theme of these cyber challenges and what organizations can do moving forward.
READ THE STORY: Fedscoop
Kaspersky uncovers new tactics used by DeftTorero
FROM THE MEDIA: In mid-2021, Kaspersky researchers discovered a wave of new attacks by the Middle Eastern Advanced Persistent Threat (APT) group, DeftTorero, also popularly dubbed as the Volatile Cedar. First detected in 2012, the APT group has been actively targeting the Government, Military, Education, Corporate and Telecommunication industries particularly across the UAE, Saudi Arabia, Egypt, Kuwait, Lebanon, Jordan and Turkey.
READ THE STORY: Tahawultech
Microsoft Updates Mitigation for Exchange Server Zero-Days
FROM THE MEDIA: Microsoft today updated its mitigation measures for two recently disclosed and actively exploited zero-day vulnerabilities in its Exchange Server technology after researchers found its initial guidance could be easily bypassed. Microsoft's original mitigation for the two vulnerabilities -- CVE-2022-41040 and CVE-2022-41082 — was to apply a blocking rule to a specific URL path using the URL Rewrite Module on IIS Server.
READ THE STORY: DarkReading
No Shangri-La for you: Top hotel chain confirms data leak
FROM THE MEDIA: Hotel chain Shangri-La Group has admitted to its systems being attacked, and personal data describing guests accessed by unknown parties, over a timeframe that includes the dates on which a high-level international defence conference was staged at one of its Singapore properties. “Shangri-La Group recently discovered unauthorized activities on our IT network,” states a notice from the chain that goes on to reveal that “between May and July 2022, a sophisticated threat actor managed to bypass Shangri-La’s IT security monitoring systems undetected, and illegally accessed …. guest databases”.
READ THE STORY: The Register
US Govt: Hackers stole data from US defense org using new malware
FROM THE MEDIA: The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector. The compromise lasted for about ten months and it is likely that multiple advanced persistent threat (APT) groups likely compromised the organization, some of them gaining initial access through the victim’s Microsoft Exchange Server in January last year.
READ THE STORY: Bleeping Computer
CISA orders federal IT overhaul with automated asset inventory, software scanning
FROM THE MEDIA: The Biden administration has taken major steps in recent months to implement parts of the president’s May 2021 Executive Order, which was enacted after the SolarWinds supply chain attack and ransomware attack on Colonial Pipeline. In mid-September the White House announced new guidelines for third-party software use, a move designed to get federal contractors to screen for vulnerabilities before their applications were loaded into federal computer networks.
READ THE STORY: CyberSecurityDive
Canadian National Sentenced in Connection with Ransomware Attacks Resulting in the Payment of Tens of Millions of Dollars in Ransoms
FROM THE MEDIA: A Canadian man was sentenced to 20 years in prison and ordered to forfeit $21,500,000 today for his role in NetWalker ransomware attacks. The Court will order restitution at a later date. According to court documents, Sebastian Vachon-Desjardins, 35, of Gatineau, Quebec, participated in a sophisticated form of ransomware known as NetWalker. NetWalker ransomware has targeted dozens of victims all over the world, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities.
READ THE STORY: DOJ
Cheerscrypt ransomware linked to a Chinese hacking group
FROM THE MEDIA: The Cheerscrypt ransomware has been linked to a Chinese hacking group named 'Emperor Dragonfly,' known to frequently switch between ransomware families to evade attribution. The ransomware gang is tracked under different names, such as Bronze Starlight (Secureworks) and DEV-0401 (Microsoft), and has been seen using a wide variety of ransomware families since 2021.
READ THE STORY: Bleeping Computer
Should we take comfort in knowing that threat actors are finding ways to bypass MFA
FROM THE MEDIA: Threat actors are starting to find ways to bypass multi-factor authentication, a sign that some security researchers say may demonstrate that MFA has become more mainstream, according to a report released Tuesday by Secureworks. “The fact that multi-factor itself is now a target is a good thing — it shows that it’s widespread enough to be disrupting the criminal access, so much so that the technology itself is under attack,” said Andrew Barratt, vice president at Coalfire.
READ THE STORY: SCMAG
BUMBLEBEE Loader Evolves to Drop New Payloads
FROM THE MEDIA: New research into the Bumblebee malware loader and the actors using it show that the payloads delivered vary depending on the type of machine on which the malware is running, and that the actors are continuing to modify the malware’s behavior to use new file formats and evasion techniques. Bumblebee is a relatively new malware loader that first emerged in March 2022 in a kind of beta form and the activity associated with it overlapped with intrusions that led to Conti and Diavol ransomware infections.
READ THE STORY: DUO
A new ransomware? Why cybercriminals may be giving up on encrypting
FROM THE MEDIA: Cybercriminals have been building up their toolbox for attacking individuals and businesses in recent months, and cybersecurity experts say there has been a fundamental change in the way that encryption malware is operating. Until now, most ransomware (malware designed to hold files hostage until the victim pays to get them back) encrypted the data on a victim's computer or a company's network and the cybercriminals then demanded payment to decrypt it.
READ THE STORY: DPA
Space Force awards rapid satellite launch demonstration contracts
FROM THE MEDIA: The U.S. Space Force said it awarded contracts to Millennium Space Systems and Firefly Space Transport Services to support a 2023 mission that will demonstrate the ability to rapidly develop and launch a satellite. Small satellite company Millennium Space Systems will deliver the on-orbit and ground segments for the mission, dubbed VICTUS NOX, and Firefly will provide the launch service, according to the Sept. 30 statement.
READ THE STORY: DefenseNews
John Deere opens RFP for satellite communications solution
FROM THE MEDIA: Deere & Company has issued a request for proposals (RFP) to secure a satellite communications solution that will further connect its fleet of intelligent machines. The solution will enhance the satellite connectivity that Deere is delivering to its customers. “We believe satcon will unlock significant opportunities in agriculture by enabling farmers to take advantage of innovative technologies that rely on real-time information and communication,” said Lane Arthur, vice president of Data, Applications and Analytics at John Deere.
READ THE STORY: GPS World
Conti Ransomware: The History Behind One of the World’s Most Aggressive RaaS Groups
FROM THE MEDIA: The Conti ransomware group has become one of the most notorious cybercrime collectives in the world, known for its aggressive tactics and large scale attacks against a wide range of public and private organizations. Along with other prominent ransomware groups, Conti has underlined the importance of preparing a strong response plan to mitigate the effects of what could be an incredibly damaging blow to a company’s assets, personnel, and reputation.
READ THE STORY: Security Boulevard
Space Force awards rapid satellite launch demonstration contracts
FROM THE MEDIA: The U.S. Space Force said it awarded contracts to Millennium Space Systems and Firefly Space Transport Services to support a 2023 mission that will demonstrate the ability to rapidly develop and launch a satellite. Small satellite company Millennium Space Systems will deliver the on-orbit and ground segments for the mission, dubbed VICTUS NOX, and Firefly will provide the launch service, according to the Sept. 30 statement.
READ THE STORY: DefenseNews
What Is Threat Modeling, and What Are Its Most Important Advantages
FROM THE MEDIA: Threat modeling is the process of defining an organization’s cybersecurity needs, threats, and vulnerabilities, and then suggesting ways to meet these needs and address these vulnerabilities. In his classic work of military strategy, The Art of War, Sun Tzu wrote that “if you know the enemy and know yourself, you need not fear the result of a hundred battles.”
READ THE STORY: EC-Council
BlackByte Ransomware Gang Adds Sophisticated “Bring Your Own Driver” Technique
FROM THE MEDIA: Sophos, a global leader in next-generation cybersecurity, today announced that BlackByte, one of the newer, “heavy-hitter” ransomware gangs, has added a sophisticated “Bring Your Own Driver” technique to bypass more than 1,000 drivers used by industry Endpoint Detection and Response (EDR) products. Sophos details the attack tactics, techniques and procedures (TTPs) in the report, “Remove all the Callbacks – BlackByte Ransomware Disables EDR via RTCore64.sys Abuse.”
READ THE STORY: GlobeNewswire
Cyber investors aren't worried about a recession — yet
FROM THE MEDIA: Forecasts of a years-long economic downturn aren't stopping cybersecurity investment funds from pouring money into both early- and late-stage security startups — at least for now. The big picture: As the country awaits a potential economic recession, venture capital deals have started to dry up and startup valuations have shrunk.
READ THE STORY: AXIOS
Why Should Twitter, or Investors, Trust Musk This Time
FROM THE MEDIA: Trying to guess what Elon Musk will do from day to day is like trying to hold a moonbeam in your hand. But the state of play, as of Tuesday, October 4, 2022, is that Elon Musk now wants to buy Twitter for the $54.20 he initially offered for the social-media company back in April, according to Bloomberg News.
READ THE STORY: Bloomberg
Sleuths of 'spooky' quantum science win Nobel physics prize
FROM THE MEDIA: Scientists Alain Aspect, John Clauser and Anton Zeilinger won the 2022 Nobel Prize in Physics for experiments in quantum mechanics that laid the groundwork for rapidly-developing new applications in computing and cryptography. "Their results have cleared the way for new technology based upon quantum information," the Royal Swedish Academy of Sciences said of the laureates -- Aspect, who is French, Clauser, an American and Zeilinger, an Austrian.
READ THE STORY: Reuters
Chinese government driving disinformation in the Solomon Islands by spreading anti-West commentary, report reveals
FROM THE MEDIA: The Chinese Communist Party (CCP) has boosted criticism of Australia and the West in the Solomon Islands by spreading false information around last year’s riots in the capital of Honiara. Analysis by the Australian Strategic Policy Institute (ASPI) revealed the Chinese government has been running a coordinated disinformation campaign in the South Pacific nation to undermine public perception of Australia, the United States and Taiwan.
READ THE STORY: SKYNEWS
Items of interest
The White House blueprint for AI
FROM THE MEDIA: The White House has some technical AI ideas for you
Almost a year ago, the White House Office of Science and Technology Policy promised the country an AI Bill of Rights, citing discriminatory and faulty AI unleashed by industry for use with no federal regulatory guidelines.
While not a rulemaking or enforcement body, OSTP might have offered more specific recommendations for future AI regulations or legislation. Instead, today the office unveiled a “blueprint” for an AI Bill of Rights.
Some civil rights and AI watchdogs said it does provide clear principles for AI protections all Americans should have. It lists five AI guidelines:
People should be protected from unsafe or ineffective automated systems.
They should not face discrimination enabled by algorithmic systems.
They should be protected from abusive data practices and unchecked use of surveillance technologies.
They should be notified when an AI system is in use and understand how it affects decisions.
They should be able to opt out from automation, and when appropriate, interact with a real person.
The document includes a lengthy “technical companion” intended to help incorporate the guidelines into AI design and use.
“Upwards of 80% of the document is about precise, prescriptive things that different stakeholders can do to ensure that people’s rights are protected in the design and use of technologies,” Alondra Nelson, the OSTP’s deputy director for science and society, told Protocol.
The design suggestions feature some things that are relatively standard in AI product development such as testing AI systems, and monitoring them after deployment.
Other suggestions aren’t so standard, such as providing mechanisms for people to opt out from automation in favor of human oversight.
Now, privacy and civil rights groups are watching to see if principles in the blueprint will be put into practice, including when it comes to U.S. government use of AI.
READ THE STORY: Protocol
China’s Unrestricted Warfare, Part 2 | Malicious Life podcast (Video)
FROM THE MEDIA: In the early 2000s, Nortel was consciously, intentionally, aggressively positioning itself as a partner and a friend of China. At the same time, it was China’s number one target for corporate espionage – and an early victim of its new ‘Unrestricted Warfare’ doctrine.
China’s Unrestricted Warfare, Part 3 | Malicious Life Podcast (Video)
FROM THE MEDIA: For more than a decade, China orchestrated a sophisticated espionage campaign against Nortel Networks, using Huawei, Chinese civilians working in Canada, and even organized crime gangs to steal important technical and operational information. When Nortel finally fell, the Chinese were there to reap the rewards of their death.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com