Saturday, October 22, 2022 // (IG): BB // INTSUM // Coffee for Bob
US might expand Chinese export ban to include quantum tech
FROM THE MEDIA: Sources say the White House is considering new export controls limiting China’s access to quantum computing technologies. Individuals close to the situation (who asked to remain anonymous) told Bloomberg that industry experts are being consulted on how best to implement restrictions on the burgeoning, powerful technology. The move would come on the heels of sweeping regulations banning the sale to China of chips and other equipment related to semiconductor production and would be part of an effort to hamper China’s progress as a major world superpower in the field of technology.
READ THE STORY: The Cyberwire
Norway PM: Russia poses ‘real and serious’ cyber threat to oil and gas industry
FROM THE MEDIA: Norway’s prime minister Jonas Gahr Støre warned on Thursday that Russia poses “a real and serious threat” to the country’s oil and gas industry amid criticisms that the Scandinavian country has acted too slowly to protect its petroleum sector from cyberattacks. In a speech explaining the threats, Støre announced the country’s counterintelligence and cybersecurity agencies were “now working more closely together to defend us against digital threats.”
READ THE STORY: The Record
WarHawk: the New Backdoor in the Arsenal of the SideWinder APT Group
FROM THE MEDIA: Recently, Zscaler ThreatLabz discovered a new malware being used by the SideWinder APT threat group in campaigns targeting Pakistan: a backdoor we’ve called “WarHawk.” SideWinder APT, aka Rattlesnake or T-APT4, is a suspected Indian Threat Actor Group active since at least 2012, with a history of targeting government, military, and businesses throughout Asia, particularly Pakistan. The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as KernelCallBackTable Injection and Pakistan Standard Time zone check in order to ensure a victorious campaign.
READ THE STORY: Security Boulevard
Russian influence ops play defense; China plays offense
FROM THE MEDIA: Mandiant has released the second issue of its Cyber Snapshot report, looking at the proliferation of information operations (IOs), threats to NFTs and cryptocurrency, and enterprise security best practices. The researchers note that Russian state-sponsored threat actors are currently “conducting widespread IO campaigns to bolster the positive perception of the Russian invasion of Ukraine to the Russian people.”
READ THE STORY: The cyberwire
SpyderLoader active in Hong Kong
FROM THE MEDIA: “The victims observed in the activity seen by Symantec were government organizations, with the attackers remaining active on some networks for more than a year. We saw the Spyder Loader (Trojan.Spyload) malware deployed on victim networks, indicating this activity is likely part of that ongoing campaign. While we did not see the ultimate payload in this campaign, based on the previous activity seen alongside the Spyder Loader malware it seems likely the ultimate goal of this activity was intelligence collection.”
READ THE STORY: The Cyberwire
Firmware Attacks: An Endpoint Timeline
FROM THE MEDIA: One of the most common questions I’ve heard regarding the need for firmware security is “Could you provide examples of real-world attacks”? I began to research the history of attacks against firmware inside your computer and uncovered quite a list of various pieces of malware with firmware-based attack capabilities. For many, the firmware attack vector falls into the “out of sight, out of mind” category.
READ THE STORY: Security Boulevard
‘FurBall’ Spyware Being Used Against Iranian Citizens
FROM THE MEDIA: Analysts at ESET have found a new Android malware variant dubbed FurBall being used to target and spy on Iranian citizens. The spyware’s deployment is likely an extension of the wider Domestic Kitten campaign launched by the threat actor APT-C-50. Although the spyware has undergone some new scripts and changes, the basic functionality matches that used by the APT-C-50 group and much remains unchanged from previous versions.
READ THE STORY: OODALOOP
Hackers exploit critical VMware flaw to drop ransomware, miners
FROM THE MEDIA: Security researchers observed malicious campaigns leveraging a critical vulnerability in VMware Workspace One Access to deliver various malware, including the RAR1Ransom tool that locks files in password-protected archives. The issue leveraged in the attacks is CVE-2022-22954, a remote code execution bug triggered through server-side template injection.
READ THE STORY: Bleeping Computer
Professionalizing ransomware: Threat actors adopting legitimate business practices
FROM THE MEDIA: Ransomware has long been among the most significant threats to the modern enterprise. First with encrypting data and extorting a fee for the key – where the term “ransomware” comes from – to now double and triple extortions becoming increasingly common. These changes have driven the rise in ransom demands to an average of over $800,000 according to Sophos data and contributed to the more than 1,100 attacks that LookingGlass tracked in the first half of 2022.
READ THE STORY: SCMAG
The ‘Text4Shell’ vulnerability is not a sequel to Log4Shell
FROM THE MEDIA: News this week of the critical Apache vulnerability now known as "Text4Shell" raised great concern among some security pros that another Log4Shell event was at hand, but it turned out those fears were overblown. In blog posts by Rapid7 and Checkmarx, researchers made clear that while CVE-2022-42889 should still be considered severe, it's not on the same level as Log4Shell.
READ THE STORY: SCMAG
Medibank data breach worsens
FROM THE MEDIA: As we noted yesterday, Australian health insurer Medibank was hit with a cyberattack in which a hacker claims to have stolen 200GB of data, offering a database of one hundred customers as evidence. CRN Australia reports that Medibank has confirmed the data in the hacker’s possession are indeed linked to its customers.
READ THE STORY: The Cyberwire
Role Of Cyber In Interstate Conflict – Analysis
FROM THE MEDIA: Since the Maidan Revolution in 2014, Ukraine has been subject to an unprecedented barrage of cyberattacks. Russian government-linked hackers infiltrated Ukraine’s electricity infrastructure, interrupting supplies in a first-of-its-kind attack. In 2017, they also targeted the country with sophisticated malware, which spread across the globe to become the most destructive attack in history.
READ THE STORY: EurasiaReview
Ursnif malware switches from bank account theft to initial access
FROM THE MEDIA: A new version of the Ursnif malware (a.k.a. Gozi) emerged as a generic backdoor, stripped of its typical banking trojan functionality. This change could indicate that the operators of the new version are focusing on distributing ransomware. Codenamed “LDR4,” the new variant was spotted on June 23, 2022, by researchers at incident response company Mandiant.
READ THE STORY: Bleeping Computer
OldGremlin Ransomware Ups Ante Against Russian Targets
FROM THE MEDIA: A ransomware group which unusually targets Russian organizations has upped its efforts this year, demanding larger ransoms from its victims and developing new malware for Linux, according to Group-IB. The security vendor yesterday released what it claimed was the first comprehensive report on the group known as “OldGremlin,” which was first spotted in 2020.
READ THE STORY: InfoSecMag
Facebook and TikTok are approving ads with ‘blatant’ misinformation about voting in midterms, researchers say
FROM THE MEDIA: Facebook and TikTok failed to block advertisements with “blatant” misinformation about when and how to vote in the US midterms, as well as about the integrity of the voting process, according to a new report from human rights watchdog Global Witness and the Cybersecurity for Democracy Team (C4D) at New York University. In an experiment, the researchers submitted 20 ads with inaccurate claims to Facebook, TikTok and YouTube. The ads were targeted to battleground states such as Arizona and Georgia.
READ THE STORY: CNN
Another US hospital system reports a Meta Pixel breach
FROM THE MEDIA: US healthcare system Advocate Aurora Health (AAH), has disclosed that a breach compromised the data of 3 million patients, Bleeping Computer reports. The 26-hospital system based in the states of Wisconsin and Illinois, says the breach was caused by the improper use of Meta Pixel, a Facebook-powered JavaScript tracker that helps website operators understand how visitors interact with the site in order to make targeted enhancements.
READ THE STORY: The Cyberwire
Space Force’s ‘Digital Bloodhound’ project will sniff out cyberthreats
FROM THE MEDIA: The Space Force hopes to choose a developer next June for its nascent Digital Bloodhound program, aimed at improving detection of cyber threats to space ground systems, according to senior Space Systems Command officials. Brig. Gen. Tim Sjeba, SSC’s program executive officer for space domain awareness and combat power (SSC/SZ), said on Thursday that the project is a reflection of the fact that cyber defense is a requirement across the military’s entire space architecture, both in orbit and on the ground.
READ THE STORY: Breaking Defense
Google Announces New Open-source OS for RISC-V Chips
FROM THE MEDIA: Researchers at Google recently announced a mathematically-secure platform, KataOS, optimized for embedded ML applications. The Alphabet giant has shared some early details on this project (which is still under development) and is inviting others to collaborate on its open-source platform.
READ THE STORY: All About Circuits
FBI Warns of Iranian Cyber Firm's Hack-and-Leak Operations
FROM THE MEDIA: Previously known as Eeleyanet Gostar and Net Peygard Samavat, Emennet Pasargad is an organization that often changes its name to avoid US sanctions, and which is known for providing cybersecurity services to government entities in Iran. In November 2020, the US warned that Iranian hackers exploited known vulnerabilities to access voter registration data, and in November 2021 the US Treasury announced sanctions against five Iranians and Emennet Pasargad, the company they worked for.
READ THE STORY: SecurityWeek
A Quick Look at the "Strengthening America's Cybersecurity" Initiative
FROM THE MEDIA: Acknowledging that you have a problem is the first step to addressing the problem in a serious way. This seems to be the reasoning for the White House recently announcing its "Strengthening America's Cybersecurity" initiative. The text of the announcement contains several statements that anyone who's ever read about cybersecurity will have heard many times over: increasing resilience, greater awareness, countering ransomware attacks – the list goes on.
READ THE STORY: THN
BlackByte ransomware uses new data theft tool for double-extortion
FROM THE MEDIA: A BlackByte ransomware affiliate is using a new custom data stealing tool called 'ExByte' to steal data from compromised Windows devices quickly. Data exfiltration is believed to be one of the most important functions in double-extortion attacks, with BleepingComputer told that companies are more commonly paying ransom demands to prevent the leak of data than to receive a decryptor.
READ THE STORY: Bleeping Computer
A Resurgent Chinese Cyber Espionage Group Hacked a U.S. State Legislature
FROM THE MEDIA: Symantec recently warned about the return of a Chinese cyber espionage group behind cyber attacks on a U.S. state legislature. The endpoint solutions company attributed the attack to APT27, also known as Budworm, Bronze Union, Emissary Panda, Lucky Mouse, Iron Tiger, and TG-3390 (Threat Group 3390). During its six years of absence on U.S. soil, the threat actor was responsible for various attacks in Southeast Asia, the Middle East, and Europe.
READ THE STORY: CPO
Internet connectivity worldwide impacted by severed fiber cables in France
FROM THE MEDIA: A major Internet cable in the South of France was severed yesterday at 20:30 UTC, impacting subsea cable connectivity to Europe, Asia, and the United States and causing data packet losses and increased website response latency. Cloud security company Zscaler reports that they made routing adjustments to mitigate the impact. However, users still face problems due to app and content providers routing traffic through the impacted paths
READ THE STORY: Bleeping Computer // ABC
Inside the White House's plans for an "Energy Star for cyber"
FROM THE MEDIA: The Biden administration is barreling ahead with the rollout of a new consumer product label by the spring that measures the security of smart devices — but affected companies still don't know what to expect. The administration is trying to rein in the rising number of cyberattacks and espionage campaigns that rely on insecure internet-connected devices, such as routers and smart cameras.
READ THE STORY: Axios
Cyber surveillance grids double up as cyberattack facilitation infrastructure
FROM THE MEDIA: Large-scale domestic and international surveillance and activity-tracking grid operated by a large South East Asian country are also enabling its APT teams to strike deep into the digital territories of other countries. This country has invested extensively in promoting cost-effective surveillance technologies around the world using its diplomatic levers and economic dominance.
READ THE STORY: Security Boulevard
Why Aussies hit harder by major cyber attacks than other countries
FROM THE MEDIA: With Aussie companies reeling from major hacks that put hundreds of customers’ personal information at risk, one expert has revealed the one thing they should be doing to safeguard their data. The head-scratching breach at Optus – where hackers claimed to have stolen the data of 10 million current and former customers before releasing the information of 10,000 Australians, then bizarrely backing down and apologizing – kicked off an industry-wide panic as people questioned whether their details were really secure.
READ THE STORY: PerthNow
Russia-Ukraine Conflict Heightens Wariness of Nation-State Attacks
FROM THE MEDIA: A survey from cybersecurity firm Venafi finds that the Russia-Ukraine conflict is having a substantial impact on how businesses view their defenses and protect themselves from internet-based threats. 64% of respondents believe that their organizations have either been targeted or impacted by nation-state attacks, and just about as many say that the Ukraine invasion and subsequent activity has directly caused them to change their cybersecurity strategy.
READ THE STORY: CPO
German-Based Company Allegedly Helps Iran To Restrict Internet
FROM THE MEDIA: With high volumes of sensitive data and intellectual property coursing through a vast supply chain, the space development industry faces accelerated cyber risk, IronNet asserts. Correspondingly, the IronNet Collective Defense Platform provides detection of new and unidentified cyberattack behaviors. It also provides a secure environment for real-time collaboration based on actionable attack intelligence.
READ THE STORY: MSSP Alert
Beyond supply and demand: Addressing the multidimensional workforce gaps
FROM THE MEDIA: The global cybersecurity workforce gap – the shortfall between supply and demand for cybersecurity professionals – was estimated at 2.72 million in 2021. This is a notable improvement from 2020, where the need for cyber talent was estimated to be at 3.12 million. While this is a step in the right direction, it is expected that the demand for skilled cybersecurity professionals will continue to grow for the foreseeable future as the cybersecurity market becomes worth more than $370 billion by 2029.
READ THE STORY: European Sting
Wordfence researchers warn of exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell
FROM THE MEDIA: Experts at WordPress security firm Wordfence reported exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. GitHub’s threat analyst Alvaro Munoz this week disclosed a remote code execution vulnerability, tracked as CVE-2022-42889 (CVSS score 9.8), in the open-source Apache Commons Text library. Apache Commons Text is a library focused on algorithms working with strings.
READ THE STORY: Security Affairs
The Drone Cyberattack That Breached a Corporate Network
FROM THE MEDIA: Security researcher Greg Linares, aka @Laughing_Mantis, explains the drone-based cyberattack in a string of recent tweets. Although not directly involved with the investigation, Linares said he interacted with those involved, as part of his work in the finance sector. Linares says things first escalated when the target, a U.S. East Coast financial firm specializing in private investments, detected some unusual activity on the company’s internal Atlassian Confluence page.
READ THE STORY: BlackBerry
The Global DDoS Threat Landscape
FROM THE MEDIA: Every month in this space, we will post the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks continue to pose a significant risk to businesses it is critical that we regularly communicate our Threat Research team’s findings to help the cybersecurity community stay prepared for the next DDoS attack.
READ THE STORY: Security Boulevard
Japan pins years of cyberattacks on North Korea’s Lazarus Group
FROM THE MEDIA: Lazarus Group, the cybercrime group linked to the North Korean government, has been targeting Japanese entities for years, the country’s police service and financial regulator have claimed in a joint statement. Japan’s National Police Agency (NPA) published a public advisory alongside the Financial Services Agency (FSA) claiming that Lazarus has primarily targeted digital asset companies as they are believed to be laxer with their security.
READ THE STORY: CoinGeek
Items of interest
Interpol Wants in on the ‘Metaverse’
FROM THE MEDIA: Everything we’ve seen from tech companies’ ideas of the so-called “metaverse” have been incredibly boring. Every inch of Meta’s virtual reality playspace Horizon Worlds, for instance, is a starched, corporate rendition of a 3D, interactive space. The world’s largest entity of international law enforcement has apparently watched all those boring demonstrations and said “think your metaverse is boring? Hold my beer.”
READ THE STORY: Gizmodo
Forbes accuses TikTok of tracking specific US citizens, latter denies (Video)
FROM THE MEDIA: A recent report published in Forbes alleged that TikTok and its parent company ByteDance, wanted to use the app to monitor the location of some specific US citizens. TikTok hit back at Forbes and said that it does not collect precise GPS location information from its users.
How to Track TikTok Ads: TikTok Pixel VS Custom Tracking Solution (Video)
FROM THE MEDIA: In this video, we are going to breakdown the two methods to track TikTok Ad Conversions. Measuring the results of your TikTok advertising campaigns is crucial to control the performance and improving the targeting and optimization.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com