Saturday, October 29, 2022 // (IG): BB // INTSUM // Coffee for Bob
Largest EU copper producer Aurubis suffers cyberattack, IT outage
Analyst Notes: Copper buyers in Europe (other than China) have avoided buying from Russia: “We are going to meet all our commitments in metal supply in the next calendar year and thereafter without Russian cathodes,” Aurubis AG Chief Executive Officer Roland Harings said in an interview in London. “In the case of copper, there’s no need for Europe to take Russian metal.” This could be a coincidence but is highly an organized effort.
FROM THE MEDIA: German copper producer Aurubis has announced that it suffered a cyberattack that forced it to shut down IT systems to prevent the attack's spread. Aurubis is Europe's largest copper producer and the second largest in the world, with 6,900 employees worldwide, and produces one million tonnes of copper cathodes yearly. In an announcement published on their website, Aurubis says they shut down various systems at their locations but that it has not impacted production.
READ THE STORY: Bleeping Computer // Bloomberg
US Issued 155,000 Visas to Chinese Students Since Last Year
Analyst Notes: It’s a known secret that America's university system is considered a soft target in the global espionage war with China.
FROM THE MEDIA: China continues to be the leading country to send most international students to study in the United States. According to media reports, the US authorities have issued more than 155,000 visas to students from China since May last year despite tensions between the two countries. “People-to-people engagements enrich our countries … The diverse perspectives of students from countries around the world, including China, enrich US school and university campuses,” Director of Education USA Grayson Walker said as the South China Morning Post reports.
READ THE STORY: Erudera // OpIndia // New Yorker // NDTV
Twilio discloses another security incident that took place in June
FROM THE MEDIA: The Communications company Twilio announced that it suffered another “brief security incident” on June 29, 2022, the attack was conducted by the same threat actor that in August compromised the company and gained access to customers’ and employees’ information. In June, threat actors obtained the credentials of a Twilio employee through a ‘vishing‘ attack, then used it to access customer contact information for a limited number of customers.
READ THE STORY: Security Affairs // The Cyberwire // GovInfoSec
A massive cyberattack hit Slovak and Polish Parliaments
FROM THE MEDIA: A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. “The attack was multi-directional, including from inside the Russian Federation,” reads a statement published by the Polish Senate. Polish authorities argued that the attack may be linked to the Senate’s vote. Polish Senate speaker Tomasz Grodzki defined the Russian government as a “terrorist regime”.
READ THE STORY: Security Affairs
Crypto Vesting Platform Team Finance Loses $14.5M in Bug Exploit
FROM THE MEDIA: With “Hacktober” ending in a few days, yet another crypto platform has been added to the list of crypto protocols that have lost millions of dollars worth of digital assets to hackers this month. Earlier today, cryptocurrency vesting platform Team Finance announced it had become the latest victim after losing $14.5 million to a bug exploit. The platform added that the attackers stole the digital assets through its recently audited v2 to v3 migration function.
READ THE STORY: Cryptopotato
Misconfigured Thomson Reuters databases left unprotected
FROM THE MEDIA: The researchers at Cybernews have discovered that multinational media giant Thomson Reuters left exposed three public-facing ElasticSearch databases, one of which contained at least 3TB of sensitive customer and corporate data, including third-party server passwords. The names of the indices indicated that the company was using the database as a logging server to collect data gathered through user-client interaction, making it a tempting target for threat actors looking to launch a supply chain attack.
READ THE STORY: The Cyberwire // Security Affairs
FriesDAO hacked and $2.3 million stolen
FROM THE MEDIA: Since the beginning of one of the harshest crypto winters, investors have been inundated with negative news. FriesDAO has been compromised. Unknown assailants have stolen $2.3 million in tokens from FriesDAO, a decentralized autonomous organization. This comes amid a rush of breaches and attacks this month, as October appears to be an especially awful month for cryptocurrency ventures.
READ THE STORY: Cryptopolitan
FBI provided support to Ottawa police during convoy protest
FROM THE MEDIA: The U.S. Federal Bureau of Investigation provided support to the Ottawa Police Service (OPS) as it struggled to deal with the truck convoy protest that paralyzed the nation's capital last winter, according to a document tabled before the public inquiry investigating the federal government's response to the protest.
READ THE STORY: CBC
Mexico at risk of cyberattacks by China and Russia, says former U.S. official
FROM THE MEDIA: Mexico needs to do more to protect itself from cyberattacks that could be perpetrated by countries such as China and Russia, according to the former director of the United States Cybersecurity and Infrastructure Security Agency. Christopher Krebs, fired by former United States president Donald Trump shortly after the 2020 presidential election in that country, believes that infrastructure built in Mexico by foreign companies poses the greatest risk to the country’s cybersecurity.
READ THE STORY: Mexico News Daily
Worries build about winter cyber threats in Ukraine
FROM THE MEDIA: Ukraine and its NATO allies are girding for potential Russian government-backed hacks of electric grids and other critical infrastructure as winter closes in. It’s a threat that government officials and cybersecurity experts alike are growing increasingly worried about as the Russian ground invasion grinds on and Russian President VLADIMIR PUTIN grows more desperate to gain and hold territory. Russia has a long history of going after Ukraine’s critical infrastructure in the winter months (even temporarily turning off the lights for millions in Ukraine in attacks in 2015 and 2016).
READ THE STORY: Politico
Hostile countries, China and Russia are targeting Canadian activists, journalists, security agency says
FROM THE MEDIA: Hostile countries, a group that includes China and Russia, are targeting foreign nationals and diaspora populations in Canada, as well as activists and journalists, according to the Communications Security Establishment. “State-sponsored cyberthreat actors almost certainly” target those groups in order “to monitor and control these individuals,” Canada’s cyber defense agency said in a new report. The tools they use include “content monitoring on foreign-based applications, social media-enabled activity and espionage against individuals using spyware.”
READ THE STORY: National Post
Chinese Connected Cyber Crew Unleashes Disinformation Campaign ahead of U.S. Elections
FROM THE MEDIA: A Chinese connected cybercrime crew known as APT41 is engaging in a large-scale disinformation campaign dubbed Dragonbridge to negatively influence the upcoming U.S. midterm elections by using a wide variety of tactics, security provider Mandiant said in a new blog post. Mandiant said it assesses with “high confidence” the hackers attempting to create conflict between the U.S. and its allies for the benefit of China’s state-backed operatives. Similar activities occurred, with far less prior notice, in the 2016 presidential election with similar attempts made but blocked in the 2020 national election.
READ THE STORY: MSSP Alert
Despite China’s ‘Vast Capacity’ in Cyber Warfare, It Is an ‘Unknown Quantity’
FROM THE MEDIA: An expert on cyber warfare told a webinar in London that China has a “vast capacity” but is an “unknown quantity when it comes to execution.” Daniel Moore, the author of a new book called Offensive Cyber Operations: Understanding Intangible Warfare, said the recent experience of the Ukraine conflict had shown that Russian cyber warriors with “vast technical capabilities” could be let down “on the operational side.”
READ THE STORY: The Epoch Times
Exposed Credit Card Information Used in SIM Swap Attack on Verizon Prepaid Customers
FROM THE MEDIA: Attackers gained access to the last four digits of credit cards of Verizon prepaid customers and performed SIM swap attack, the U.S. largest carrier disclosed in a customer breach notification. Verizon disclosed that between October 6 and October 10, 2022, unauthorized third parties accessed customers’ accounts and used saved credit cards to initiate automatic payments and perform SIM swaps.
READ THE STORY: CPO
Microsoft, SOCRadar spar over data leak
FROM THE MEDIA: This Risk & Repeat podcast episode discusses the Microsoft data leak that was discovered and publicized by threat intelligence vendor SOCRadar. According to SOCRadar, the leak contained the data from "65,000+ entities in 111 countries" and was exposed via a misconfigured Azure Blob Storage instance. SOCRadar dubbed it -- and a series of other data leaks allegedly totaling 150,000 companies in 123 different countries -- as BlueBleed.
READ THE STORY: TechTarget
OpenSSL Warns of New Critical Security Vulnerability
FROM THE MEDIA: On October 25 The OpenSSL Project Team announced the forthcoming release of OpenSSL version 3.0.7. The team hasn't shared many details but does mention that the update comes on November 1 and will include a patch for a new critical CVE. This is one of the important and critical updates as the OpenSSL Project announced a “critical” vulnerability in versions 3.0 and above of the vastly-popular cryptographic library for encrypting communications on the Internet.
READ THE STORY: Cyber Kendra
Liz Truss's phone hacked by Putin's spies in search for 'embarrassing' secret information
FROM THE MEDIA: Former Prime Minister Liz Truss's phone was reportedly hacked by Vladimir Putin's agents. The breach, revealed by the Mail on Sunday, is said to have included about a year's worth of messages. The hack was discovered during the Tory leadership campaign when Ms Truss was Foreign Secretary. Former Prime Minister Boris Johnson and Cabinet Secretary Simon Case reportedly wanted to keep the hack under wraps.
READ THE STORY: Express // The Guardian
State-Sponsored Programs the ‘Greatest Strategic Cyber Threat to Canada,’ Says Cybersecurity Centre
FROM THE MEDIA: The federal cybersecurity centre warns that state-sponsored cyber threat activity from China, Russia, Iran, and North Korea “pose the greatest strategic cyber threats to Canada.” This activity is among five threat narratives considered “the most dynamic and impactful” by the Canadian Centre for Cyber Security (Cyber Centre), part of Canada’s Communications Security Establishment, in its newly released National Cyber Threat Assessment 2023–24.
READ THE STORY: The Epoch Times
New Version of Fodcha DDoS Botnet Adds Extortion
FROM THE MEDIA: Back in April of this year, 360 Netlab researchers reported on a new DDoS botnet with more than 10,000 daily active bots and over 100 DDoS victims per day, dubbed Fodcha due to its command and control (C2) domain name folded.in and its use of the ChaCha encryption algorithm. In response to 360 Netlab’s report, the author appeared to concede defeat by leaving the phrase “Netlab pls leave me alone I surrender” in a sample.
READ THE STORY: eSecurityPlanet
Who DDoS-ed Georgia/Bobbear.co.uk and a Multitude of Russian Homosexual Sites in 2009? – An OSINT Analysis
FROM THE MEDIA: Back in 2009 there was a major speculation that Russia indeed launched a massive DDoS (Distributed Denial of Service) attack against Georgia which was in fact true. What was particularly interesting about this campaign was the fact that the same DDoS for hire including the managed DDoS service that was behind the attack was also observed to launch related DDoS attack campaigns against bobbear.co.uk including a multi-tude of Russian homosexual Web sites where the actual Web sites indeed posted a message back then on their official Web sites signaling the existence of the DDoS attack targeting their Web sites.
READ THE STORY: Security Boulevard
7 Essential Burp Extensions for Hacking APIs
FROM THE MEDIA: Burp Suite is a powerful tool used by security professionals and hackers to test the security of web applications. It contains a variety of features that allow you to find vulnerabilities in web apps and APIs, and in turn, exploit them. While Burp Suite comes with a number of built-in tools, there are also a number of extensions available that can be used to extend its functionality. In this post, I’ll show you seven essential burp extensions every API hacker should consider using.
READ THE STORY: Security Boulevard
Australian Clinical Labs says patient data stolen in ransomware attack
FROM THE MEDIA: Australian Clinical Labs (ACL) has disclosed a February 2022 data breach that impacted its Medlab Pathology business, exposing the medical records and other sensitive information of 223,000 people. ACL is an Australian healthcare company that operates 89 laboratories and performs six million tests annually, offering its services to 92 private and public hospitals across Australia.
READ THE STORY: Bleeping Computer
After CommonSpirit ransomware attack: Why healthcare M&A is a ‘huge’ cybersecurity risk
FROM THE MEDIA: As CommonSpirit Health, formed by the merger of Dignity Health and Catholic Health Initiatives in 2019, continues to deal with the fallout from a ransomware attack three weeks ago, security experts say such tie-ups and acquisitions make healthcare systems more vulnerable to security breaches. M&A in healthcare “creates a huge risk” and a “huge opportunity for ransomware,” said Israel Barak, chief information security officer at Cybereason, a firm that helps companies defend against attacks.
READ THE STORY: HealthCareDive
Iran’s Secret Manual for Tracking and Controlling Protesters’ Mobile Phones
FROM THE MEDIA: AS FURIOUS ANTI-GOVERNMENT protests swept Iran, the authorities retaliated with both brute force and digital repression. Iranian mobile and internet users reported rolling network blackouts, mobile app restrictions, and other disruptions. Many expressed fears that the government can track their activities through their indispensable and ubiquitous smartphones.
READ THE STORY: The Intercept
Ransomware shifts toward destructive attacks as ‘geopolitical tensions’ take hold
FROM THE MEDIA: Some ransomware groups are shifting focus from financial gains to destructive attacks under growing geopolitical tension and economic turbulence. According to Dragos Q3 industrial ransomware analysis, ransomware trends are tied to “political and economic reasons,” such as the conflict between Russia and Ukraine and political tensions between Iran and Albania.
READ THE STORY: SCMAG
Blowing satellites up is harder than Putin would have you believe
FROM THE MEDIA: Russia’s invasion of Ukraine has shone a spotlight on the powerful new capabilities of commercial satellites—and painted a target on their back. Russian officials have mused about attacks on these spacecraft. Diplomat Konstantin Vorontsov told a UN meeting this week that “quasi-civilian infrastructure may become a legitimate target for retaliation.”
READ THE STORY: Yahoo Finance
Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware
FROM THE MEDIA: A previously undocumented dropper has been spotted installing backdoors and other tools using the new technique of reading commands from apparently innocuous Internet Information Services (IIS) logs. The dropper has been discovered by cybersecurity researchers at Symantec, who said an actor is using the piece of malware dubbed Cranefly (aka UNC3524) to install another piece of undocumented malware (Trojan.Danfuan) and other tools.
READ THE STORY: InfoSecMag // TechRepublic
Items of interest
More than one-third of OT/ICS organizations lack visibility into their networks
FROM THE MEDIA: A Nozomi Networks report conducted in tandem with the SANS Institute found that despite some progress on OT/ICS security, some 35% of organizations still don’t know whether their company had been compromised, and that attacks on engineering workstations doubled in the last 12 months.
The report, released Friday, found that ransomware and financially motivated attacks topped the list of threat vectors at 39.7%, followed by nation-state attacks at 38.8%. Non-ransomware criminal attacks came in third, cited by 32.1%, followed closely by hardware/software supply chain risk at 3.4%. While 62% of respondents rated the risk to their OT environment as high or severe, that figure is down from 69.8% in 2021.
READ THE STORY: SCMAG
Russian anti-satellite weapons test 'dangerous,' says U.S. (Video)
FROM THE MEDIA: An anti-satellite missile test Russia conducted on Monday generated a debris field in low-Earth orbit that endangered the International Space Station and will pose a hazard to space activities for years, U.S. officials said.
China is testing anti satellite nuclear weapons (Video)
FROM THE MEDIA: A capability that could knock out multiple enemy satellite constellations used to support military operations.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com