Tuesday, October 18, 2022 // (IG): BB // INTSUM // Coffee for Bob
How to Close the Cyber Data Gap
FROM THE MEDIA: How many cyber attacks happen in the United States each year? How many Americans are affected? Right now, we have little idea about answers to basic questions such as these. That is about to change. With a flurry of new regulations over the last year, U.S. companies will now be subject to expanded cyber-incident reporting requirements mandating them to submit information to the federal government about cyber attacks, data breaches, and other occurrences that compromise information systems. As such, the government is about to gain a valuable resource that offers unprecedented insight into the state of cyber security in the United States.
READ THE STORY: War on the Rocks
Chinese chipmakers, U.S. suppliers caught in crosshairs of new export restrictions
FROM THE MEDIA: Over the last week and a half, the Chinese semiconductor industry’s circumstances have taken a sharp turn for the worse. The Biden administration announced on October 7 a sweeping set of export restrictions that prevent the export of certain chips and, more important, the sale of tools using certain technologies to Chinese chipmakers. The rules go well beyond those introduced during the Trump administration and are likely to keep Chinese companies several generations behind the leading edge.
READ THE STORY: Yahoo News // Reason // iTwire
Prestige Ransomware Hits Targets in Ukraine and Poland
FROM THE MEDIA: A previously unseen threat group has hit a number of organizations in Poland Ukraine with a new strain of ransomware called Prestige, deploying the ransomware in all of the victim networks within about an hour and using several separate deployment methods. The ransomware attack affected several organizations in the transportation and logistics sectors, and Microsoft researchers who observed evidence of the attacks said the intrusions don’t appear to be connected to any of the known ransomware groups that the company tracks. Although the Prestige ransomware itself is new, the victims and geography overlap with operations by known Russian-aligned threat actors.
READ THE STORY: DUO
Ducktail Infostealer Casts Its Fowl Malware Campaign At Facebook Users
FROM THE MEDIA: Researchers at the cybersecurity company Zscaler have discovered a new version of the Ducktail Infostealer in a malware campaign seeking to steal Facebook Business account credentials. Cybersecurity researchers first identified the Ducktail Infostealer in 2021, attributing the bit of malware to a Vietnamese threat actor. The earlier version of this malware was built on .NET Core and targeted specifically higher-level employees with Admin and Finance access to their companies’ Facebook Business accounts.
READ THE STORY: Hot Hardware
OPM hack $63M settlement approved by federal judge
FROM THE MEDIA: A federal judge has given final approval for a proposed $63 million settlement to bring to an end a class action lawsuit brought over the Office of Personnel Management data breaches in 2015. U.S. district judge Amy Berman Jackson in a hearing on Oct. 14 said the agreed-upon figure was fair and gave approval for the settlement to proceed. Judge Jackson in June gave preliminary approval for the settlement to proceed, and at the time described the terms as “fair, reasonable, and adequate, and in the best interest of named plaintiffs and class members.”
READ THE STORY: Fedscoop
Tactics Tie Ransom Cartel Group to Defunct REvil Ransomware
FROM THE MEDIA: Although the REvil ransomware-as-a-service operation appeared to evaporate last October, analysts have found the group's influence is still considerable. Notably, threat researchers from Unit 42 reported finding connections between REvil activities and that of ransomware group Ransom Cartel, an up-and-coming cybercrime group claiming to offer "the same, yet improved software" as REvil.
READ THE STORY: DARKReading // InfoSecMag
Malware dev claims to sell new BlackLotus Windows UEFI bootkit
FROM THE MEDIA: A threat actor is selling on hacking forums what they claim to be a new UEFI bootkit named BlackLotus, a malicious tool with capabilities usually linked to state-backed threat groups. UEFI bootkits are planted in the system firmware and are invisible to security software running within the operating system because the malware loads in the initial stage of the booting sequence. While cybercriminals who want a license for this Windows bootkit have to pay $5,000, the threat actor says rebuilds would only set them back $200.
READ THE STORY: Bleeping Computer
What Schools Need to Know Before a Ransomware Attack
FROM THE MEDIA: For the past two years, ransomware attacks have been on the rise in K–12, and districts are struggling to keep up. Ransomware can be debilitating to districts and can impact the availability of services to educate students. Ransomware encrypts targeted systems, rendering files and applications useless. Having encrypted a district’s data, cybercriminals demand a ransom to decrypt the files. In the past, that would have been the end of the attack. The school could choose to pay and retrieve the data or not.
READ THE STORY: EdTech
How Onetime Crypto Titan Do Kwon Became a Fugitive
FROM THE MEDIA: South Korean Do Kwon presided over one of the biggest busts ever seen in the volatile cryptocurrency sector. His Terraform Labs Pte created the TerraUSD stablecoin, which was meant to have a constant $1 value via a complex mix of algorithms and trader incentives involving a sister token, Luna. Their combined value soared past $60 billion until confidence in the ecosystem evaporated in May, prompting investors to flee and leaving the tokens almost worthless.
READ THE STORY: Washington Post
Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software
FROM THE MEDIA: HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems. Cobalt Strike is a commercial red-team framework that's mainly used for adversary simulation, but cracked versions of the software have been actively abused by ransomware operators and espionage-focused advanced persistent threat (APT) groups alike.
READ THE STORY: THN
Drones embody an Iran-Russia alliance built on hostility to the US
FROM THE MEDIA: The Iranian-made drones that Russia sent Monday to divebomb Ukraine’s capital delivered the most emphatic proof yet that Tehran has become a rare, increasingly close ally to the Kremlin, offering both weapons and international support that Russia sorely lacks. There is no deep love between Russia, newly a pariah for attacking another country, and Iran, for decades one of the most strategically isolated nations in the world. But the two authoritarian governments, both chafing under Western sanctions, share a view of the United States as their great enemy and a threat to their grip on power.
READ THE STORY: Indian Express // Euractiv
Imagine surviving a wiper attack only for ransomware to scramble your restored files
FROM THE MEDIA: Organizations hit earlier by the HermeticWiper malware have reportedly been menaced by ransomware unleashed this month against transportation and logistics industries in Ukraine and Poland. Though there is an overlap in victims, it's unclear whether this Prestige ransomware and HermeticWiper are controlled by the same masterminds, according to researchers at the Microsoft Threat Intelligence Center (MSTIC).
READ THE STORY: The Register
White House cyber director defends 'tough' national cybersecurity strategy ahead of release
FROM THE MEDIA: National Cyber Director Chris Inglis is expected to release the Biden administration’s first comprehensive national cybersecurity strategy in the coming days, a document that many expect will meet industry pushback as it could expand the government’s role in protecting the nation’s digital infrastructure. The Biden administration issued its national security strategy last Wednesday, clearing the way for the imminent release of Inglis’s document. The strategy will be the first since the Trump administration released its national cybersecurity strategy in 2018.
READ THE STORY: Cyberscoop
Interpol busts global 'Black Axe' cyber-fraud suspects
FROM THE MEDIA: Interpol arrested 75 suspected members of the Black Axe West African crime syndicate, and intercepted over $1 million in various bank accounts as part of a wide-ranging multi-country operation aimed at thwarting the group's cyber-fraud efforts that fund its criminal operations. According to the international police agency, Operation Jackal spanned 14 countries on four continents targeting Black Axe and related crime groups in the region.
READ THE STORY: The Register
MyDeal data breach impacts 2.2M users, stolen data for sale online
FROM THE MEDIA: Woolworths' MyDeal subsidiary has disclosed a data breach affecting 2.2 million customers, with the hacker trying to sell the stolen data on a hacker forum. MyDeal is an Australian retail marketplace that connects online shoppers with local retailers. Retail giant Woolworths purchased 80% of the company in September but said their systems are on a completely different platform and unaffected by the incident.
READ THE STORY: Bleeping Computer
Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684
FROM THE MEDIA: Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number of devices that have yet to be patched is still high. “After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party of POC code, there is active exploitation of this vulnerability. Based on this development, Fortinet again recommends customers and partners take urgent and immediate action as described in the public Advisory.” reads the advisory published by the company.
READ THE STORY: Security Affairs
Public Remote Desktop services under attack from Venus ransomware
FROM THE MEDIA: Windows devices are being encrypted by the new Venus ransomware, which has been compromising publicly exposed Remote Desktop services, according to BleepingComputer. Windows Remote Desktop protocol has been leveraged by threat actors behind Venus ransomware to infiltrate corporate networks, even in the event of non-standard port number usage for the service. Thirty-nine processes related to Microsoft Office apps and database services are being attempted to be terminated upon the execution of Venus ransomware, which will also proceed with event log and Shadow Copy Volume deletion, as well as Data Execution Prevention deactivation.
READ THE STORY: SCMAG
New UEFI rootkit Black Lotus offered for sale at $5,000
FROM THE MEDIA: Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums. The powerful malware is offered for sale at $5,000, with $200 payments per new updates. The researcher warns that the availability of this rootkit in the threat landscape represents a serious threat for organizations due to its evasion and persistence capabilities.
READ THE STORY: Security Affairs
Starlink satellite support of Ukraine shows value of government–private sector cooperation
FROM THE MEDIA: Technology mogul Elon Musk hasn’t won himself many new fans in the national security community over the past fortnight with his suggestions about pathways forward on Ukraine and Taiwan. He would do well to stay out of peace negotiations on Twitter and stick to his brilliance at engineering and entrepreneurialism. Musk has, however, secured a hardcore fan base among Ukrainian and American military planners who are relying heavily on his Starlink satellite network.
READ THE STORY: ASPI
Words Disappear from the Chinese language - Online at Least
FROM THE MEDIA: On October 13, days before the Chinese Communist Party Congress’s scheduled fifth-year meeting, Peng Lifa, (online, Peng Zaizhou) stood on an overpass in Beijing — dressed as a construction worker — and unfurled two banners demanding an end to zero-COVID policies and the removal of Xi Jinping as CCP leader. With security cameras everywhere, he was certain to be noticed. There was also an apparent tire fire on the bridge, which created a great deal of attention-riveting smoke.
READ THE STORY: Mindmatters
Risk of Russia cyber ops amps up before midterms
FROM THE MEDIA: Experts warn Russia could escalate its cyber efforts in the November midterms as retaliation for the United States’ ongoing military and economic aid to Ukraine. Meanwhile, Chinese hackers are reportedly scanning Democratic and Republican state headquarters for vulnerabilities in their systems ahead of the midterm elections. With Russia continuing to face setbacks in its war against Ukraine, experts warn that Russian President Vladimir Putin may escalate his cyber operations in the November midterms as retaliation for U.S. involvement in the conflict.
READ THE STORY: The Hill
Australian Insurer Medibank Says Incident Was Ransomware
FROM THE MEDIA: Australian insurer Medibank says the cybersecurity incident on Wednesday that caused it to suspend stock trading and take public-facing systems offline was likely a ransomware attack. The provider of private health insurance for nearly 4 million Australians now says normal operations have resumed and trading resumed Monday.
READ THE STORY: GovInfoSec
Meta Found More Than 400 Malicious Apps Designed To Steal Facebook Login Information on Official App Stores
FROM THE MEDIA: Meta has made public an internal security report that has found apps designed to steal Facebook login information are rampant on both of the big two app stores. The company says that it has found over 400 malicious apps of this nature between Android and iOS, which manage to stay afloat with a combination of professional art and fake positive reviews to lend them an appearance of legitimacy.
READ THE STORY: CPO
How to safeguard your brand from spoofing attacks
FROM THE MEDIA: It can take years of work to establish a world-renowned brand, but just one malicious email to destroy it. Email- and web-borne brand exploitation attempts are on the rise. Mimecast’s 2022 State of Email Security Report found that more than 90% of organizations experienced an email- or web-based spoofing attack in the previous 12 months. These types of attacks are increasing for 46% of organizations, compared to just 19% who say they are declining. Brand spoofing attacks can lead to the loss of revenue and consumer trust and have long-term negative outcomes. That means cyber risk is business risk, and protecting your brand is paramount to protecting your reputation and bottom line.
READ THE STORY: SECMAG
Combining Cybersecurity with Gaming: Cheats, Insider Threats, Ransomware and More
FROM THE MEDIA: The video game industry has grown considerably since its introduction in the early 1970s, with analysts believing the market to be worth $321 billion by 2026. As such, the gaming industry faces a wide range of cyber and even physical threats as malicious actors are attracted by rising profits. Whether it be in the form of vulnerabilities, account takeovers, distributed denial-of-service (DDoS) attacks, software piracy, or in-game cheats and hacks—recent events like the Grand Theft Auto 6 data breach show that gaming companies can find themselves in the crosshairs of sophisticated cybercrime gangs and other malicious actors.
READ THE STORY: Security Boulevard
Ransomware attack impacted some CommonSpirit sites, but few details released
FROM THE MEDIA: Now into its third week of care disruptions, a new update from CommonSpirit Health confirms that only a portion of its 700 care sites and 142 hospitals in 21 states have been impacted by the ransomware attack and subsequent IT and network outages. “There is no impact to clinic, patient care and associated systems at Dignity Health, Virginia Mason Medical Center, TriHealth or Centura Health facilities,” officials said in a statement. “Patients continue to receive the highest quality of care, and we are providing relevant updates on the ongoing situation to our patients, employees, and caregivers. Patient care remains our utmost priority.”
READ THE STORY: SCMAG
DOJ crypto enforcement director talks dark web markets, criminal activity, and hacks
FROM THE MEDIA: U.S. Department of Justice National Cryptocurrency Enforcement Team Director Eun Young Choi speaks with Yahoo Finance's David Hollerith at the All Markets Summit about how the Department of Justice is investigating cybercrime and crypto criminal activity.
READ THE STORY: Yahoo Finance
LDS Church discloses March computer breach affecting member data
FROM THE MEDIA: On Thursday, after several months of church and government investigation, The Church of Jesus Christ of Latter-day Saints revealed it had been involved in an extensive data breach in March. A church statement noted that, “In late March 2022, The Church of Jesus Christ of Latter-day Saints detected unauthorized activity in certain computer systems that affected personal data of some Church members, employees, contractors, and friends. The affected data did not include donation history or any banking information associated with online donations.”
READ THE STORY: Standard
Russia Sets Back Global Progress On Internet Freedom: Study
FROM THE MEDIA: A Russian crackdown has driven a global decline in internet freedom although a number of smaller countries are making headway, Freedom House said in a study Tuesday. The US democratic advocacy and research group found that internet freedom at the global level fell for the 12th straight year, led by Russia as well as by worsening conditions in Myanmar, Sudan and Libya. But the report also found that a record 26 nations have made progress, with notable upticks in The Gambia, which is shaking off two decades of dictatorship, as well as often-criticized Zimbabwe, which has moved forward with a new law on data protection.
READ THE STORY: Barrons
U.S. ‘going to sanction’ Iran for helping Russia
FROM THE MEDIA: Officials on both sides of the Atlantic are weighing how to punish Iran for planning to give missiles and more drones to Russia. Our own NAHAL TOOSI spoke to a U.S. official Monday who said the administration is “absolutely going to sanction anybody who’s helping Iranians help Russians kill Ukrainians.” Export controls would almost certainly be part of any reprimand. A National Security Council spokesperson also told NatSec Daily that “we will continue to vigorously enforce all U.S. sanctions on both the Russian and Iranian arms trade, make it harder for Iran to sell these weapons to Russia.
READ THE STORY: Politico
Items of interest
The Cyber Wild West
FROM THE MEDIA: Walter Pincus — Two events last week made me more aware than ever of the danger to individuals and to governments from the internet. First, I was hacked by a scam that froze my computer and then, hackers claiming to be contractors for my service, wanted several hundred dollars to provide a firewall that I already had. It took assistance from my local Computer Geeks group to clean up the problem and explain how often such scams take place.
Second, was a revelation I had after a Center for Strategic and International Studies (CSIS) webinar featuring Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) and General Paul M. Nakasone, who runs both U.S. Cyber Command and the National Security Agency (NSA). When asked what responses have been put in place if a major event such as the May 2021 Colonial Pipeline hacking took place again, Easterly referred to what was done when “Log4Shell” occurred – which was a serious vulnerability contained in open source software that was incredibly easy to exploit.
READ THE STORY: The Cipher Brief
TITAN RAIN: How Chinese Cybercriminals Infiltrated The United States Cyberspace (Video)
FROM THE MEDIA: In this documentary, we look at the Titan Rain hack, which took place between the years 2003 - 2006, and how the story of how an internet vigilante: Shawn Carpenter, stumbled upon them.
Cyber Collaboration in the Age of Hybrid Warfare: A Conversation with Jen Easterly and Paul Nakasone (Video)
FROM THE MEDIA: Cyber Collaboration in the Age of Hybrid Warfare: A Conversation with Jen Easterly and Paul Nakasone.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com