Tuesday, November 08, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Ukrainian hacktivists claim to leak trove of documents from Russia’s central bank
FROM THE MEDIA: krainian hacktivists claim to have breached the Central Bank of Russia, stealing thousands of internal documents. A 2.6 GB folder released publicly on Thursday and partially reviewed by The Record contains 27,000 allegedly stolen files detailing the bank’s operations, its security policies, and the personal data of some of its current and former employees. “If Russia’s Central Bank cannot protect its own data, how can it guarantee the stability of the ruble?” hacktivists wrote on the Telegram messaging app.
READ THE STORY: The Record
Maple Leaf Foods suffers outage following weekend cyberattack
Analyst Notes: In 2021 JBS also a huge global meat distributor was compromised. National/Global security threats to the agricultural (ag) supply chain haven’t received enough attention. Attacks in the ag space are often dismissed or overlooked. This is likely a nation state event.
FROM THE MEDIA: Maple Leaf Foods confirmed on Sunday that it experienced a cybersecurity incident causing a system outage and disruption of operations. Maple Leaf Foods is Canada's largest prepared meats and poultry food producer, operating 21 manufacturing facilities, employing 14,000 people, and contracting over 700 barns. In 2021, the firm generated $3.3 billion in sales. Hackers often launch cyberattacks during weekends, hoping to find incident responders understaffed, and maximize their chances for success.
READ THE STORY: BleepingComputer // iTworld Canada // Bloomberg Law
Twitter’s blue check policy may be a blessing to Russian trolls
FROM THE MEDIA: Elon’s plan to charge users for Twitter verification could be quite the opportunity for Russia. The new owner’s subscription policy — $8 a month for that coveted blue checkmark — doesn’t start until after the midterms, but the national security world is already crafting doomsday scenarios. The dangers are much more worrisome than some of the threats of warfare from foreign adversaries, argued Glenn Gerstell , a senior adviser at the Center for Strategic and International Studies who served as general counsel of the National Security Agency and Central Security Service from 2015 to 2020.
READ THE STORY: Politico
The drone wars and their impact: An initial assessment
FROM THE MEDIA: Azerbaijan used the Turkish Baykar Bayraktar TB2 armed drone against the Armenian armed forces to great effect in the 2020 Nagorno-Karabakh war. Turkey also supplied the TB2 to Ukraine which successfully used them to strike Russian army formations. In Ukraine, the Russian armed forces are using the Iranian Shahed-136 drones to attack the power grid, water pipelines, rail lines, dams, and other critical infrastructure. Russia denied using them, while Iran was coy, official denials alternating with leaders bragging about the capability Iran’s weapons before the foreign minister finally admitted that a “limited number” of drones were supplied to Russia.
READ THE STORY: AZE.Media
Azov Ransomware is a wiper, destroying data 666 bytes at a time
FROM THE MEDIA: The Azov Ransomware continues to be heavily distributed worldwide, now proven to be a data wiper that intentionally destroys victims' data and infects other programs. Last month, a threat actor began distributing malware called 'Azov Ransomware' through cracks and pirated software that pretended to encrypt victims' files. However, instead of providing contact info to negotiate a ransom, the ransom note told victims to contact security researchers and journalists to frame them as the developers of the ransomware.
READ THE STORY: BleepingComputer
Black Basta Ransomware Attacks Linked to FIN7 Threat Actor
FROM THE MEDIA: SentinelLabs has released a new advisory that links the Black Basta ransomware to hacking operations conducted by the FIN7 threat actors. The Black Basta threat actors have allegedly used a custom defense impairment tool that has previously only been found in incident by FIN7. SentinelLabs reported several instances of the Black Basta ransomware using this tool, and therefore establishing a link between the groups. The security researchers at SentinelLabs stated that analysis of the tool led to additional samples containing a backdoor leveraged in multiple FIN7 operations.
READ THE STORY: OODALOOP
Exposing Emotet and its cybercriminal supply chain
FROM THE MEDIA: Emotet, one of the most evasive and destructive malware delivery systems, caused substantial damage during its initial reign. After a coordinated takedown by authorities in early 2021, Emotet has reemerged as a global threat that will persist for organizations. In this Help Net Security video, Chad Skipper, Global Security Technologist at VMware, unpacks insights learned from Emotet’s most recent resurgence in hopes that organizations can better understand and defend themselves against this resilient malware.
READ THE STORY: Helpnet Security
China is targeting smaller nations with Cyber Attacks
FROM THE MEDIA: Microsoft released its Digital Defense Report of 2022, in which it clearly specified that China was targeting smaller nations with intense digital attacks to gather intelligence via cyber espionage. Its actual aim behind this activity is to internationally strengthen the nation’s stand both economically and to attain an utmost position in military influence. Most of the companies that are being targeted were established and operating in Africa, the Caribbean, and the Middle East, along with Oceania. Namibia, Mauritius, Trinidad and Tobago were also the nations that were being targeted by Chinese military intelligence.
READ THE STORY: Cybersecurity Insiders
FBI: Russian hacktivists achieve only 'limited' DDoS success
FROM THE MEDIA: Pro-Russia hacktivists' recent spate of network-flooding bot traffic aimed at US critical infrastructure targets, while annoying, have had "limited success," according to the FBI. Historically, hacktivists time their distributed denial of service (DDoS) attacks to coincide with high-profile real-world events. And true to form, network flooding has followed the Kremlin's illegal invasion of neighboring Ukraine.
READ THE STORY: The Register
Cybersecurity is Uniquely Critical to the Space Domain, US Space Force Col. Smail Says
FROM THE MEDIA: “Our adversaries are coming after us in cyberspace,” U.S. Space Force Col. John Smail did not mince words in a Nov. 4 CyberSatGov keynote. The U.S. needs to be ready to defend itself in cyberspace against Russia and China’s cyber capabilities, said Smail, senior cyber officer for the Space Force. Smail, who advises the Chief of Space Operations on the U.S. Space Force’s cyber, spectrum and warfighting communications policy, strategy, and operations, said cyber operations are “critical” to the U.S. Space Force and to secure U.S. space power.
READ THE STORY: Via Satellite
Iranian actors targeting healthcare via spear-phishing, vulnerability exploit
FROM THE MEDIA: The Department of Health and Human Services Cybersecurity Coordination Center released an alert detailing the threat of Iranian nation state actors against the healthcare sector. The FBI thwarted an Iranian-backed cyberattack against Boston Children’s Hospital in June 2021. The white paper details the groups with a primary focus on the healthcare sector, as well as crucial mitigation factors and common exploits. Provider entities should review the insights to ensure they’re employing the necessary security measures.
READ THE STORY: SCMAG
Palestine’s Hamas moves online: researchers warn of cyber terrorism
FROM THE MEDIA: Hamas, a militant Palestinian group, will expand into the cyber domain, where it is slowly becoming a threat actor capable of executing offensive operations, a new report by the Atlantic Council think tank finds. The report urges the United States to look more closely at the growing offensive capabilities of militant and terrorist organizations. Hamas is designated as a terrorist organization by the US, Canada, the European Union, and other Western powers.
READ THE STORY: Cybernews
Android RAT Group Targets Indian Defense Personnel
FROM THE MEDIA: A malicious Android installation package has been spotted targeting Indian defense personnel since at least July 2021. The news comes from a report from external threat landscape management platform Cyfirma, which the company shared with Infosecurity over the weekend. “The APK [android package kit] file, in this case, is a decoy copy of a promotion letter to the ‘Subs Naik’ rank,” reads the technical write-up. “Once the victim falls prey to this malicious APK, and upon installation, this app appears as an Adobe Reader application icon (look-alike) on the device.”
READ THE STORY: InfoSecMag
Medibank Confirms Data Breach Impacts 9.7 Million Customers
FROM THE MEDIA: Medibank, an Australian health insurer, has confirmed that it suffered from a cyberattack that impacted the personal details of roughly 9.7 million customers. The attack was first identified in mid October. The health insurer stated that the threat actor behind the attack was not able to deploy ransomware, but they did access data from the company’s systems. Medibank reported that it immediately initiated security incident response protocol and started an investigation into the attack. According to the company, it was unable to determine whether customer data was access or not until the threat actor behind the attack contacted Medibank.
READ THE STORY: OODALOOP
Threat Group Continuously Updates Malware to Evade Antivirus Software
FROM THE MEDIA: Kaspersky researchers recently found evidence of an advanced threat group continuously updating its malware to evade security products, similar to a release cycle for developers. Kaspersky revealed that APT10, also known as the Cicada hacking group, has successfully deployed the LODEINFO malware in government, media, public sector, and diplomatic organizations in Japan. LODEINFO has been observed engaged in a spear-phishing campaign since December 2019 by JPCERT/CC. The sophisticated malware was hidden in malicious Word file attachments.
READ THE STORY: eSecurity Planet
Fortinet Warns of New Authentication Bypass Vulnerability
FROM THE MEDIA: The Fortinet CVE-2022-40684 vulnerability is being actively exploited and is defined as the exploit that can log in as an administrator on the vulnerable system because it is an authentication bypass vulnerability. The FortiOS, Forti Proxy, and Forti switch Manager appliances from Fortinet were found to be vulnerable. This vulnerability’s CVE number is 2022-40684 and its CVSS evaluation gave it a 9.6 rating. Customers of Fortinet have been privately informed of a security weakness affecting FortiGate firewalls and Forti Proxy web proxies that may allow an attacker to carry out unauthorized actions on vulnerable systems.
READ THE STORY: Security Boulevard
TikTok hires former intelligence officials
FROM THE MEDIA: ikTok, owned by Chinese company ByteDance, has been hiring former U.S. Intelligence from the CIA, NSA, FBI, U.S. Cyber Command, and State Department. Such officials have made the career swap in both the public and private eye. Sasha Ingber of Newsy explained that government websites have confirmed that an NSA target analyst recently took at job at TikTok, and past analysis has included at least three former CIA officers and three former FBI officers, including “a crisis management unit chief and supervisory special agents,” have also taken jobs with TikTok.
READ THE STORY: The Tartan
Australia's Medibank aware of hacker threat to leak data in 24 hours
FROM THE MEDIA: Australia's Medibank Private Ltd said on Tuesday it was aware of media reports about a criminal's threat to publish stolen customer data within 24 hours, a day after the health insurer refused to make a ransom payment to the hacker. Medibank on Monday informed that data, including name, date of birth, address, phone number, and email addresses, of about 9.7 million current and former customers had been compromised.
READ THE STORY: Yahoo Finance // Bleeping Computer
Hackers Attack AWS EC2 Workloads to Steal Credentials
FROM THE MEDIA: Cybersecurity experts at Trend Micro have recently identified that hackers are actively attacking the Amazon Web Services (AWS) EC2 workloads to steal credentials. By exploiting this tool, hackers get the ability to exfiltrate essential data like access keys and tokens. In this case, the hackers sent the stolen data to a domain under their control. On the AWS-owned domain, amazonaws.com to accomplish this task threat actors used the technique called typosquatting.
READ THE STORY: GBHACKERS
Robin Banks phishing-as-a-service platform continues to evolve
FROM THE MEDIA: The phishing-as-a-service (PhaaS) platform Robin Banks was originally hosted by Cloudflare provider, but the company in July disassociated Robin Banks phishing infrastructure from its services after being informed. The move caused a multi-day disruption to PhaaS operations, then the administrators of the platform made several changes, including migration of the infrastructure to the notorious Russian bulletproof hosting provider.
READ THE STORY: Security Affairs
Finnish energy companies prepare for sabotage
FROM THE MEDIA: Increasing disinformation, cyberattacks and drones have got Finland’s authorities worried while the country’s transmission system operator steps up security measures. Meanwhile, EU countries struggle to find a common vision for securing critical infrastructure in the short term. Sabotage against critical energy infrastructure cannot be ruled out this winter, an anonymous source working at an energy firm told Ilta-Sanomat in an interview on Monday, noting that technical “disruptions” had already occurred without elaborating details.
READ THE STORY: Euractiv
CISA, NSA and industry outline security responsibilities of software suppliers
FROM THE MEDIA: Software suppliers have unique responsibilities maintaining efficient delivery of their products while considering security risks, according to guidance the National Security Agency recently released, together with the Cybersecurity and Infrastructure Security Agency. “Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components and harden the build environment,” reads an Oct. 31 press release from NSA.
READ THE STORY: FCW
Oh, look: More malware in the Google Play store
FROM THE MEDIA: A quartet of malware-laden Android apps from a single developer have been caught with malicious code more than once, yet the infected apps remain on Google Play and have collectively been downloaded more than one million times. The apps come from developer Mobile apps Group, and are infected with the Trojan known as HiddenAds, said security shop Malwarebytes. It analyzed one of Mobile apps Group's products, Bluetooth Auto Connect, which ostensibly does what its name suggests but also much more
READ THE STORY: The Register
New ChromeLoader Malware Hijack Chrome Browser to Steal Credentials
FROM THE MEDIA: There is a malicious Chrome browser extension known as ChromeLoader that classified as a pervasive browser hijacker caught that modifies the browser settings to redirect users’ traffic to a malicious websites and stealing credentials. After first surfacing in January of this year, ChromeLoader has developed rapidly. The malware has now evolved a wide range of malicious variants that were discovered in the wild in the last several months.
READ THE STORY: CyberSecurityNews
Microsoft: China Flaw Disclosure Law Part of Zero-Day Exploit Surge
FROM THE MEDIA: The world’s largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. According to a new report released Friday by Microsoft, China’s government hacking groups have become “particularly proficient at discovering and developing zero-day exploits” after strict mandates around early vulnerability disclosure went into effect.
READ THE STORY: SecurityWeek
Threat group weaponizes employee trust with impersonation of healthcare software solutions
FROM THE MEDIA: The Zeon threat group is impersonating software solutions and targeting the healthcare sector, weaponizing the trust that is often inherent to the healthcare workforce and capitalizing on security failures. A recent alert to Health-ISAC members shows the targeted attacks began on Oct. 19 and were sent to 35,000 addresses, with another 480,000 addresses reached on Oct. 20 and 21. On Sept. 26, another member-alert warned the Roy/Zeon threat group was impersonating a Health-ISAC member by using fake invoices to lure victims to a malicious call center.
READ THE STORY: SCMAG
Google Says Cloud Division Now a Solana Validator, Reveals More Projects Designed for Top Ethereum Competitor
FROM THE MEDIA: Google Cloud, the cloud service provider behind leading corporate giants including Twitter, Deutsche Bank and United Parcel Service (UPS), says it’s working on several new projects that support the Solana (SOL) ecosystem. In a series of tweets, Google’s cloud computing division says that it is now running a validator node on the Solana blockchain to help support the network.
READ THE STORY: DailyHodl
Over $1B worth of stolen Bitcoin found in popcorn tin
FROM THE MEDIA: This could be my strong peasant heritage talking, but having a little cash squirrelled away for emergencies is always a good plan. A few bills stashed around the house in sock drawers, the back of a freezer, and in old food tins is fairly common practice for those of us who are ever ready for the proverbial rainy day. Making sure we'll be covered for a few essentials like some emergency food if we ever need is all I've ever been able to spare as far as hidden house money goes, and as it turns out my meagre funds are severely rookie numbers.
READ THE STORY: PCGAMER
Iranian ‘hacking’ video fabricated to push election disinfo
FROM THE MEDIA: A video shows an Iranian whistleblower demonstrating how they hacked a U.S. voter registration database during the 2020 election and created fraudulent overseas military ballots.
AP’S ASSESSMENT: False. A federal investigation found that the video was fabricated to make it appear foreign actors fraudulently cast overseas ballots. The falsified video was released by Iranian nationals who were later indicted on federal charges for attempting to push disinformation ahead of the 2020 election, according to court documents and statements released by the U.S. Justice Department and the FBI.
READ THE STORY: APNEWS
Tesla seeks CRTC telecom license — but don't look for Tesla cellphones
FROM THE MEDIA: Tesla Motors Canada ULC has applied to the Canadian Radio-television and Telecommunications Commission for a license “to manage or operate or resell” international telecommunications services, but it does not appear that the electric car maker has plans to start hawking cellphones. Documents filed with the CRTC on Sept. 15 say Tesla intends to use the license to provide machine-to-machine cellular data service to enable telemetry data and in-vehicle infotainment services access, including internet access.
READ THE STORY: Yahoo Finance
Items of interest
The message of Iran military unveilings
FROM THE MEDIA: Iran has resumed the development of its military capabilities amid a wave of unrest and a pause in talks over reviving the 2015 Iran nuclear deal. Iran unveiled two big military achievements in a matter of two days, accelerating the development of military capabilities in space and missile defense systems.
On Saturday, the Islamic Revolution Guards Corps Aerospace Force successfully test-launched a domestically-build space launch vehicle called Qaem-100, which uses a solid-propellant engine and can carry satellites weighing 80 kg into an orbit of 500 kilometers away from the Earth. The new SLV is expected to be used in launching another space achievement soon.
READ THE STORY: Modern Diplomacy
The Immediate Challenges to our Nation’s Food Supply Chain (Video)
FROM THE MEDIA: The Immediate Challenges to our Nation’s Food Supply Chain.
Global food supply straining under rising food, fuel costs (Video)
FROM THE MEDIA: According to a new report from the U.N. Food and Agriculture Organization (FAO). Europe's breadbasket is facing record food shortages. And it's been affecting American farmers.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com