Tuesday, November 01, 2022 // (IG): BB // INTSUM // Coffee for Bob
Spy agency embraces meme culture and the internet is here for it
FROM THE MEDIA: If you didn’t know any better, you might think a teenage hacker commandeered Rob Joyce’s Twitter account. The cybersecurity director of the National Security Agency has posted one meme after another nearly daily over the month of October (yes, it’s for Cybersecurity Awareness Month). And he’s been hitting all the internet’s favorites: a cackling Leonardo DiCaprio, Elmo with mushroom cloud and celebrating squirrel, to name a few.
READ THE STORY: Cyberscoop
Russia Threatened U.S. Satellites—Here Are the Two Main Attack Options
FROM THE MEDIA: As geopolitical tensions surrounding the war in Ukraine rise, Russian threats have highlighted the possibility of the country attacking Western satellites. But how would such a move work in practice and what might the potential consequences be? Last week, a senior Russian foreign ministry official, Konstantin Vorontsov, told the United Nations that "quasi-civilian infrastructure may be a legitimate target for a retaliatory strike" and that the trend of Western satellites aiding the Ukrainian war effort was "an extremely dangerous trend."
READ THE STORY: Newsweek
Drone attack against Russian warships
FROM THE MEDIA: Early Saturday morning a combination of unmanned aerial and surface vehicles struck Russian warships in the occupied Crimean port of Sevastopol. Some accounts claimed damage to the frigate Admiral Makarov, the Moskva's successor as Black Sea Fleet flagship, the Guardian reports, but Russia's Defense Ministry acknowledged only “minor damage” to the minesweeper Ivan Golubets. Nine drones and seven unmanned surface vehicles are said to have been involved in the attack. TASS quotes Saturday's report by the Russian Ministry of Defense: "Today at 04:20 am, the Kiev regime carried out a terrorist attack on ships of the Black Sea Fleet and civilian ships.... All air targets were destroyed."
READ THE STORY: The Cyberwire
US sending satellite antennas to Ukraine after Musk’s Starlink U-turn
FROM THE MEDIA: The U.S. said it will send Ukraine satellite communications antennas that can work without Elon Musk’s Starlink network to assist the battered country in its fight against Russia. The four antennas, to be taken from the Department of Defense’s own shelves, were included in a $275 million aid package announced Oct. 28. It’s the Biden administration’s twenty-fourth drawdown of equipment for Ukraine since August 2021. “These SATCOMs are not intended to serve as a substitute for a service like Starlink,” she said during a Pentagon briefing. “They help increase communication efforts on the battlefield.”
READ THE STORY: C4ISRNET
Chief twit and master of the universe
FROM THE MEDIA: Just before Elon Musk finalised his purchase of Twitter, he shared a short video of him carrying a kitchen sink. "Entering Twitter HQ - let that sink in", Mr Musk said. He had also just changed his Twitter bio to "Chief Twit". Unfortunately, Mr Musk’s takeover of Twitter is no weak joke. While his brilliance as an innovative entrepreneur should be acknowledged, his erratic and self-centred nature is unsuited to ownership of a significant social media platform. If he does not get things right, Twitter - already under pressure as a "hellsite" - could go down that sink’s plug hole.
READ THE STORY: The Otago Daily Times
Critical Connectwise Remote Code Execution Bug Fixed
FROM THE MEDIA: ConnectWise, which provides IT management software for managed service providers, said it has fixed a critical-severity vulnerability that if exploited could allow a threat actor to remotely execute code or access confidential data. The vulnerability impacts the ConnectWise Recover (v2.9.7 and earlier) backup and disaster recovery tool and the R1Soft (v6.16.3 and earlier) server backup manager tool. For R1Soft, impacted users need to upgrade to v6.16.4, while ConnectWise said that impacted ConnectWise Recover server backup managers have automatically been updated to the latest version (v2.9.9).
READ THE STORY: DUO
Israel to give Ukraine military communication systems
FROM THE MEDIA: Israel will provide Ukraine with military communication systems that the country requested months ago, N12's Uvda investigative program reported on Monday evening. Uvda spoke with Ukrainian President Volodymyr Zelensky who told them that Ukraine had requested communication systems from Israel months ago, even before requesting air defense systems. Zelensky pointed to this request as showing that Israel's reluctance to provide defense assistance to Ukraine was not about national security and instead was about the "attitude toward [Russian President Vladimir] Putin."
READ THE STORY: JP
Fodcha DDoS Botnet Resurfaces with New Capabilities
FROM THE MEDIA: The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360's Network Security Research Lab said in a report published last week. Fodcha first came to light earlier this April, with the malware propagating through known vulnerabilities in Android and IoT devices as well as weak Telnet or SSH passwords.
READ THE STORY: THN
White House Kicks Off Second International Counter Ransomware Initiative Summit
FROM THE MEDIA: Combating illicit financial and digital asset transactions will dominate discussion at the International Counter Ransomware Initiative Summit, where 36 countries will strategize how to better combat growing cyber threats. A senior administration official told reporters on Sunday evening that the U.S. will join countries including Mexico, the Netherlands, New Zealand, Norway, Poland, France, Germany, Ukraine, the United Kingdom, and more in talks on how to prevent devastating ransomware attacks from disrupting nations’ critical infrastructure.
READ THE STORY: Nextgov // MTM // Fedscoop
China-US Tussle Over Semiconductors: What Does It Imply For India And The World
FROM THE MEDIA: China and the United States are embroiled in a full-fledged technology war with semiconductors at its core. What started as a round of tit-for-tat trade sanctions by former US President Donald Trump’s administration against Chinese products flooding US markets, offshoring of US manufacturing facilities, and a massive trade deficit, has now taken the form of a ‘strategic competition’ between the world’s top two economies.
READ THE STORY: Outlook India
Greater US action against ‘cyber-enabled economic warfare’ urged
FROM THE MEDIA: The U.S. has been urged by the Foundation for Defense of Democracies to strengthen efforts against cyber-enabled economic warfare techniques being employed by Russia, China, Iran, and North Korea, reports The Record, a news site by cybersecurity firm Recorded Future. Aside from bolstering coordination on such threats with the intelligence community, the U.S. should also enhance its partnership with the private sector to combat such tactics, establish economic contingency plans.
READ THE STORY: SCMAG
China Is Rewiring Minds Through Weaponized Technology: Cyber Security Expert
FROM THE MEDIA: The Chinese regime is using technology to intrude into the human consciousness and rewire it to meet its agenda of global subjugation, said a cyber expert. “Rewiring is actually rewiring the brain, and it’s called the psychological warfare. Cognitive warfare is the new term,” Casey Fleming, BlackOps Partners CEO told NTD Television. BlackOps specifically addresses cyber security threats facing companies, government agencies, military, universities, and research organizations worlwide.
READ THE STORY: The Epoch Times
British spies playing key role in defending Kyiv from Russian cyber attacks
FROM THE MEDIA: British cyber spies have been playing a key role in defending Ukraine from widespread Russian cyber attacks since the start of the invasion, it has been confirmed. The damage caused by Russian hackers would have been "very significant" without the British assistance, Leo Docherty, a junior foreign office minister, said. He told Sky News the UK has also bolstered its own cyber defences because of "a very significant cyber threat from Russia".
READ THE STORY: SKY
Apple supplier Foxconn quadruples bonuses to staff hit by Covid lockdown in China
FROM THE MEDIA: Apple supplier Foxconn said on Tuesday it has quadrupled bonuses on offer for workers at its Zhengzhou plant in central China as it works to quell employee discontent at the major iPhone manufacturing site over Covis curbs.
Daily bonuses for employees, who are part of a Foxconn unit responsible for making electronics including smartphones at the site, have been raised to 400 yuan ($54.72) a day for November from previously announced bonuses of 100 yuan, according to the official WeChat account of Foxconn's Zhengzhou plant.
READ THE STORY: ET
China Working To Undermine Midterm Elections, Cybersecurity Group Says
FROM THE MEDIA: Communist China is behind a massive online disinformation campaign aimed at undermining the upcoming U.S. midterm elections, according to findings by a cybersecurity group. China is using a network of social media accounts and altered news articles to "sow division both between the U.S. and its allies and within the U.S. political system itself," according to a threat assessment by Mandiant, a cybersecurity and intelligence organization that works with governments and the public sector.
READ THE STORY: The Washington Free Beacon
We’re Going Through A Machine Identity Crisis
FROM THE MEDIA: Zero trust is an acknowledgment that legacy network controls like firewalls and VPNs are not enough to secure the enterprise. This has become increasingly true due to digital transformation, cloud computing and DevOps trends. The framework is built on the notion of “never trust, always verify” and views trust as a vulnerability. This has left identity as one of the sole remaining tools for controlling access to services, applications and other business-critical operations.
READ THE STORY: Security Boulevard
Ukraine will deploy Starlink hotspots using Tesla Powerwall during outages
FROM THE MEDIA: In the event of power outages, Ukraine will deploy public Starlink hotspots powered by Tesla Powerwall. Starlink is providing a lifeline to Ukrainians as they fight to defend their homeland. SpaceX’s LEO satellite internet service offers vital connectivity within the country while ensuring the rest of the world can see the war crimes being committed by the Russian Federation. Russia has targeted Ukraine’s critical infrastructure since the beginning of the invasion on 24 February 2022—including attacks targeting the nation’s communications, energy, food, and water supplies.
READ THE STORY: TELECOMS
Starlink is powerful enough for cloud gaming, it’s official
FROM THE MEDIA: A team of researchers wanted to check Starlink’s performance in Europe and found great news: Elon Musk’s satellite Internet is fast enough to play cloud gaming without problems. Specifically, the service offers low enough latency so that users’ experience is not impaired. What is Starlink really worth? This is the question that everyone has been asking since the arrival of Elon Musk’s service in France.
READ THE STORY: Gear Rice
FBI Warns Poorly Protected VPN Servers Are Under Attack
FROM THE MEDIA: Rising ransomware and data extortion attacks on healthcare providers have prompted issuance of a joint Cybersecurity Advisory (CSA) by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Department of Health and Human Services (HHS). The agencies report that these attacks often focus on unsecured VPN servers and have been steadily increasing in frequency since June 2022. The joint advisory names “Daixin Team” as the threat actor behind this crime spree involving targeted ransomware and data extortion operations.
READ THE STORY: BlackBerry
Ransomware attack on Ascension St. Vincent’s legacy EMR spurs breach notice
FROM THE MEDIA: A “security event” deployed against several legacy systems, including an electronic medical record (EMR), at Ascension St. Vincent’s Coastal Cardiology in Georgia has led to the possible compromise of personal and health information tied to an undisclosed number of patients. First discovered on Aug. 15, the security team “immediately secured the legacy network” but not before ransomware was deployed, which encrypted some of its data. Ascension’s network, as well as Coastal Cardiology’s active EMR were not affected by the incident.
READ THE STORY: SCMAG
Chegg sued by FTC after suffering four data breaches within 3 years
FROM THE MEDIA: The U.S. Federal Trade Commission (FTC) has sued education technology company Chegg after exposing the sensitive information of tens of millions of customers and employees in four data breaches suffered since 2017. The agency's proposed order would require Chegg to shore up data security, implement multifactor authentication (MFA) to help users secure their accounts, limit collected and stored customer data, and allow customers to access and delete their data. "Chegg took shortcuts with millions of students' sensitive information," said Samuel Levine, Director of the FTC's Bureau of Consumer Protection, on Monday.
READ THE STORY: Bleeping Computer
Ransomware: 'Amateur' Tactics Lead Fewer Victims to Pay
FROM THE MEDIA: Why are so many ransomware-wielding attackers collectively shooting themselves in the foot? Ransomware victims who opt to pay a ransom have been seeing a "decline in quality and reliability" when it comes to quickly restoring affected systems, ransomware incident response firm Coveware reports. Blame, at least in part, a surge in groups wielding amateur tactics. Think crypto-locking malware that shreds rather than encrypts targeted files, leading to permanent data loss - unless the victim has working backups - and victims paying for decryption tools that fail to restore their files.
READ THE STORY: BankInfoSec
Microsoft Warns Attackers Now Leveraging Raspberry Robin to Distribute Clop Ransomware
FROM THE MEDIA: Microsoft has warned users that threat actors have deployed a Clop encryption malware to encrypt enterprise networks affected by the Raspberry Robin worm. The company detailed in a security advisory that the payload had infected around 3,000 devices in 1,000 organizations in the last month. Security firm Red Canary first discovered the Raspberry Robin worm in September 2021.
READ THE STORY: PETRI
Ransomware hackers hit Australian defense communications platform
FROM THE MEDIA: Hackers have targeted a communications platform used by Australian military personnel and defense staff with a ransomware attack, authorities said on Monday, as the country battles a recent spike in cyberattacks across businesses. The ForceNet service, one of the external providers that the defense department contracts to run one of its websites, has come under attack but so far no data have been compromised.
READ THE STORY: OODALOOP
Security researchers being implicated in creation of new Azov data wiper
FROM THE MEDIA: BleepingComputer reports that popular security researchers are being incriminated by the novel and widely distributed data wiper dubbed "Azov Ransomware." Aside from putting out false claims that security researcher Hasherazade developed the data wiper, Azov Ransomware also purports that other security researchers including Vitali Kremez, Michael Gillespie, Lawrence Abrams, and MalwareHunterTeam and BleepingComputer are part of its operation.
READ THE STORY: SCMAG
Britain’s tech experts fighting Russian hackers in biggest cyber war in history
FROM THE MEDIA: UK cyber warriors have been locked in a “geek battle” to protect President Zelensky from devastating attacks targeting key databases and infrastructure. The hidden enemy forces include a hacking group known as TURLA - considered Putin’s stealthiest cyber force - which once targeted Britney Spears Instagram account. They are focused on targeting “high value targets” to gain crucial and compromising information.
READ THE STORY: The Sun
Wannacry, the hybrid malware that brought the world to its knees
FROM THE MEDIA: Italy was also marginally affected by the attack and the case was dealt with by the Computer Crime Operations Centre of the Postal Police (CNAIPIC) https://www.commissariatodips.it/profilo/cnaipic/index.html, which promptly issued an alert https://www.commissariatodips.it/notizie/articolo/attenzione-false-e-mailmessaggi-relativi-ad-assunzioni-in-enel-green-power/index.html on the very day of the event, recommending some useful actions also to prevent further possible propagation.
READ THE STORY: Security Affairs
NSA shares supply chain security tips for software suppliers
FROM THE MEDIA: NSA, CISA, and the Office of the Director of National Intelligence (ODNI) have shared a new set of suggested practices that software suppliers (vendors) can follow to secure the supply chain. This guidance was developed through the Enduring Security Framework (ESF), a public-private partnership working to address threats to U.S. national security systems and critical infrastructure.
READ THE STORY: Bleeping Computer
Ukraine tracking thousands of war crimes despite judicial system woes: chief justice
FROM THE MEDIA: Violence in Ukraine has crippled the country's judicial system, the chief justice of its Supreme Court says, and left it struggling to handle tens of thousands of criminal reports arising from the war. In a presentation given to an Ottawa conference on Monday, Justice Vsevolod Kniaziev said that more than a tenth of Ukrainian courthouses have been damaged or destroyed since Russia's invasion of the country began earlier this year.
READ THE STORY: Yahoo News
Eternity Project MaaS: Watch Time Run Out on Eternity Malware
FROM THE MEDIA: It appears that Eternity is primarily distributed to its victims via YouTube videos, Discord links and email attachments. The toolkit, sold as malware-as-a-service (MaaS), is peddled by an entity collectively given the moniker, “Eternity Group.” This group appears to have ties to the Russian “Jester Group,” which has been active since July 2021. Researchers also noticed that the developer appears to use the source-code of Povlsomware as the base for the final product.
READ THE STORY: Blackberry
Andrea Mitchell, Ben Collins worry Elon Musk will enable ‘foreign interference’ on Twitter
FROM THE MEDIA: MSNBC host Andrea Mitchell and NBC News’ Ben Collins suggested that Twitter under Elon Musk can be used by nefarious actors both foreign and domestic to interfere with the course of American politics. The panel on "Andrea Mitchel Reports" discussed disinformation about the attack on Nancy Pelosi's husband spreading on Twitter, then the topic turned to foreign interference in elections.
READ THE STORY: Fox Business
Items of interest
Wagner Group lowers its recruiting standards
FROM THE MEDIA: The Wagner Group appears to have found it necessary to lower standards in its recruitment of convicts mercenaries. The UK's Ministry of Defense (MoD) wrote, in Sunday morning's situation report: "On 27 October 2022, Russian mogul Yevgeny Prigozhin posted online, admitting allegations that his private military company, the Wagner Group, had altered its standards & was recruiting Russian convicts suffering from serious diseases including HIV & Hepatitis C.
READ THE STORY: The Cyberwire
The SolarWinds Hack: The Largest Cyber Espionage Attack in the United States (Video)
FROM THE MEDIA: In December of 2020, one of the worst cyber espionage incidents in the United States was uncovered, this is the story of the SolarWinds hack.
Spies, informants and new enemies - Today’s intelligence agencies (Video)
FROM THE MEDIA: Intelligence agencies are influencing governments and spying on countries with no regard for the law. And they are able to remain nearly invisible, in the process. Are they the new superpowers?
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com