Wednesday, November 09, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Putin’s nuclear threats may hint at an electromagnetic pulse strike
FROM THE MEDIA: So far, Russia’s threats of escalation against Ukraine have been largely interpreted as a veiled reference to the use of traditional nuclear weapons. But there is another tool which Vladimir Putin may be considering: a tactical electromagnetic pulse, or EMP, strike. These weapons — designed to create a powerful pulse of energy which short-circuits electrical equipment such as computers, generators, satellites, radios, radar receivers and even traffic lights — could disable Ukraine’s military and civilian infrastructure at a stroke and leave the country without light, heat, communications or transport.
READ THE STORY: FT
How to beat China's propaganda machine
FROM THE MEDIA: Studying Xi Jinping’s manipulation of language is a disorienting mental exercise. It is nonetheless crucial since Xi and the Chinese Communist Party routinely co-opt and redefine concepts the West generally agrees on in order to undermine U.S.-Western prestige, credibility, and predominance. In Beijing, the meaning of words is shamelessly subordinated to the political, geopolitical, and military goals of the regime. Propaganda is a fundamental tool in China’s playbook, and the use of words as weapons is key to that effort.
READ THE STORY: Washington Examiner
Insider threats: seasonal and secular trends
FROM THE MEDIA: Researchers at DTEX have published a study on insider threats, finding that unsanctioned third-party work on corporate devices has risen by nearly 200% over the past twelve months. The researchers warn that workforce engagement declines by up to 50% in the weeks before the holiday season. Additionally, engagement is affected during the first week back after the holidays. Departing employees represent a distinct challenge. DTEX observed that research and creation of resignation letters increased by 20% in the first half of 2022, increasing the potential for disgruntled employees to cause harm to the business. The study also found that 12% of departing employees take sensitive information with them when they leave the company.
READ THE STORY: The Cyberwire
Treasury Designates DPRK Weapons Representatives
FROM THE MEDIA: Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is designating two individuals for engaging in transportation and procurement activities on behalf of the Democratic People’s Republic of Korea (DPRK). These individuals have acted on behalf of Air Koryo, an entity previously designated by OFAC for operating in the transportation industry in the DPRK economy. OFAC also delisted and simultaneously redesignated Tornado Cash under Executive Order (E.O.) 13722 and E.O. 13694, as amended. The redesignation takes into account additional information and also includes an additional basis for the designation of Tornado Cash regarding its support for DPRK activities.
READ THE STORY: Treasury.gov
APT10 uses LODEINFO to target Japan
FROM THE MEDIA: Researchers at Kaspersky continue to track LODEINFO, a malware family used by the Chinese threat actor APT10 to target "media, diplomatic, governmental and public sector organizations and think-tanks in Japan." The malware is distributed via spear phishing emails: "In March 2022, we observed a Microsoft Word file that was used as the infection vector in some attacks. In June of the same year, a SFX file was discovered targeting the Japanese government or related organizations using a decoy file with Japanese content, as well as utilizing the name of a famous Japanese politician in the filename."
READ THE STORY: The Cyberwire
Taiwan is on the frontlines of China’s worldwide cyberwar
FROM THE MEDIA: As China ramps up its cyberattacks on Taiwan’s democracy, the island’s leaders are building both the infrastructure for defense and the capabilities to fight back. One of the Taiwanese government’s major projects is preparing a backup system to keep the country online if China tries to cut it off from the internet altogether. Beijing is deploying cyber campaigns in many countries but nowhere as intensively as in Taiwan. After House Speaker Nancy Pelosi (D-Calif.) visited Taiwan in August, the Chinese government took its tactics to a new level.
READ THE STORY: WP
Satellite Warfare is a Distinct Possibility
FROM THE MEDIA: Countries increasingly rely on satellites as a crucial part of their national security strategies. As a result, large parts of defense budgets are being allocated toward space technologies and satellite superiority. Space is a realm where an arms race could not have been imagined decades ago but it is now a distinct possibility. Satellites are not just tools that help us find the nearest Starbucks, but they also assist in countering the changing dynamics of the world. Military forces today rely on space-based equipment for a variety of purposes including intelligence gathering on adversaries.
READ THE STORY: International Policy Digest
Elon Musk May Put All of Twitter Behind Paywall
FROM THE MEDIA: Elon Musk has discussed putting all of Twitter behind a paywall even as the number of users has reportedly soared. After laying off thousands of staffers days following his $44 billion purchase of the platform, and then announcing that Twitter “Blue” will increase its price to $7.99 per month from $2.99 and automatically provide account verification in the form of a “blue check” to anyone who pays the fee, the hands-on Musk is discussing making Twitter a subscription service, according to Platformer, a Silicon Valley substack run by former editor of The Verge Casey Newton.
READ THE STORY: Yahoo
Hackers Are Posting Australian Health Insurance Data on the Dark Web
FROM THE MEDIA: The health conditions and personal details of hundreds of Medibank customers, which may even include prime minister Anthony Albanese, have been published to a blog on the dark web by a Russian ransomware group, after the private health insurer refused to pay ransom. The data was first dumped in the early hours of Wednesday morning, AEDT, along with a blog post where the alleged hackers said they were having trouble releasing the full load all at once, because the data was being stored in a “not very understandable format (tables dumps)”.
READ THE STORY: VICE // Bloomberg
Machine-on-machine cyber defence edges closer
FROM THE MEDIA: As hackers increasingly use automation and machine learning to launch cyber attacks at scale, cyber security defenders, too, are turning to artificial intelligence to detect hacks — and, in some cases, kill them dead automatically. But the use of AI for cyber defense is still nascent, according to many experts, and must be deployed with care. Some argue there is a tendency for the cyber security industry to exaggerate AI’s potential and successes, and use it as a buzzword.
READ THE STORY: FT
Patches for 6 zero-days under active exploit are now available from Microsoft
FROM THE MEDIA: It’s the second Tuesday of the month, and that means it’s Update Tuesday, the monthly release of security patches available for nearly all software Microsoft supports. This time around, the software maker has fixed six zero-days under active exploit in the wild, along with a wide range of other vulnerabilities that pose a threat to end users. Two of the zero-days are high-severity vulnerabilities in Exchange that, when used together, allow hackers to execute malicious code on servers. Tracked as CVE-2022-41040 and CVE-2022-41082, these vulnerabilities came to light in September.
READ THE STORY: arsTechnica
Malicious extension lets attackers control Google Chrome remotely
FROM THE MEDIA: A new Chrome browser botnet named 'Cloud9' has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim's browser in DDoS attacks. The Cloud9 browser botnet is effectively a remote access trojan (RAT) for the Chromium web browser, including Google Chrome and Microsoft Edge, allowing the threat actor to remotely execute commands. The malicious Chrome extension isn't available on the official Chrome web store but is instead circulated through alternative channels, such as websites pushing fake Adobe Flash Player updates.
READ THE STORY: Bleeping Computer
Nvidia makes new chip for China to bypass updated US restrictions
FROM THE MEDIA: A company spokesperson told iTWire in response to a query: "The Nvidia A800 GPU, which went into production in Q3, is another alternative product to the Nvidia A100 GPU for customers in China. "The A800 meets the US Government’s clear test for reduced export control and cannot be programmed to exceed it." Reuters was the first to report about the new chip, saying on Monday, "Chinese computer sellers are advertising products with the new chip".
READ THE STORY: iTWire
Moscow Pushes Claims of British Complicity in Black Sea, Baltic Attacks
FROM THE MEDIA: Russia dropped a bombshell late last month when it claimed an attack on its Black Sea Fleet had been carried out with the aid of “British specialists.” Moscow went on to assert that the same unit of “specialists” had also played a leading role in a September attack on its Nord Stream gas pipeline. London, for its part, has dismissed Moscow’s assertions as “false claims of an epic scale.” According to Fereydoun Barkeshli, head of the Vienna Energy Research Group, the UK and Russia have a history of shared animosity in which “finger-pointing is the name of the game.”
READ THE STORY: The Epoch Times
LockBit affiliate uses Amadey Bot malware to deploy ransomware
FROM THE MEDIA: A LockBit 3.0 ransomware affiliate is using phishing emails that install the Amadey Bot to take control of a device and encrypt devices. According to a new AhnLab report, the threat actor targets companies using phishing emails with lures pretending to be job application offers or copyright infringement notices. The LockBit 3.0 payload used in this attack is downloaded as an obfuscated PowerShell script or executable form, running on the host to encrypt files. The Amadey Bot malware is an old strain capable of performing system reconnaissance, data exfiltration, and payload loading.
READ THE STORY: Bleeping Computer
Putin Ally’s Big U.S. Meddling Operation Is Actually a ‘Sloppy’ Mess
FROM THE MEDIA: Yevgeny Prigozhin, Russian President Vladimir Putin’s chef notorious for interfering in U.S. elections, boasted Monday that he has interfered, is currently interfering, and will interfere in U.S. elections. But according to researchers tracking his current meddling operations targeting Americans, Prigozhin’s interference operations might not be as well-resourced or formidable as they once were. His comment, which came just one day before U.S. midterm elections, is the first time Prigozhin has appeared to fess up to meddling. Prigozhin has been indicted in the United States for interfering in U.S. elections in 2016.
READ THE STORY: The Daily Beast
Precise ransomware strikes boost threat actors’ success rate
FROM THE MEDIA: Ransomware has evolved from a single group developing and distributing a ransomware payload to the ransomware as a service model. This shift allows threat actors to be more strategic in identifying targets, which increases their rate of success. Unlike commodity ransomware attacks, human-operated ransomware is “driven by humans who make decisions at every stage of the attacks based on what they discover in their target’s network,” Microsoft said in the report.
READ THE STORY: CyberSecurity Dive
More details about Azov ransomware data wiper emerge
FROM THE MEDIA: Widely distributed data wiper Azov ransomware has been developed to enable data corruption, BleepingComputer reports. Devices infected with Azov Ransomware had all their data corrupted upon the end of the malware's dormancy until Oct. 27 at 10:14:30 AM UTC, according to Checkpoint security researcher Ji Vinopal, who added that Azov overwrites and corrupts data in alternating 666-byte chunks. "This works in a loop, so wiped file structure would look like this: 666 bytes of garbage, 666 bytes original, 666bytes of garbage, 666 bytes original, etc," said Vinopal.
READ THE STORY: SCMAG
Owner of Sobeys, Safeway stores tight-lipped on IT problems impacting pharmacies
FROM THE MEDIA: Two major Canadian food companies continue to keep mum about information technology problems that have plagued their operations for days and as the silence drags on, some experts say a ransomware attack could be behind the issues. Empire Company, which owns 1,500 stores across Canada, including Sobeys, Lawtons, IGA, Safeway, Foodland, Needs and other grocery outlets, said Monday an "information technology systems issue" was causing some of its pharmacies to experience difficulty fulfilling prescriptions. Signs posted at some stores also said the gift card and Scene points systems were down.
READ THE STORY: CBC
Robin Banks crooks back at the table with fresh phish from Russia
FROM THE MEDIA: Robin Banks, the phishing-as-a-service (PHaaS) platform that was kicked off Cloudflare for malicious activity, is back in action with a Russian service provider and new tools to make it easier to bypass security measures. IronNet's Threat Research unit first wrote about Robin Banks in July, detailing a threat group that was selling phishing kits to cybercriminals who then would use those tools to steal credentials and financial data of people in the US, the UK, Canada, and Australia.
READ THE STORY: The Register
What Ukraine’s cyber defense tactics can teach other nations
FROM THE MEDIA: One of the surprises of the Russia-Ukraine war has been that Ukraine’s cyber security has, so far, proved as resilient as its military. Kyiv’s cyber tactics — including switching data to the cloud, partnerships with western companies, and using Elon Musk’s mobile Starlink terminals to connect to the internet via satellite — have proved highly effective. Ukraine’s defenses have also been shored up by a £6mn package of IT support and help in detecting Russian cyber threats provided by the UK, according to an statement earlier this month.
READ THE STORY: FT
White House Summit on Ransomware Attacks Brings Global Leaders Together To Discuss Information Sharing, Defense Frameworks
FROM THE MEDIA: The second International Counter Ransomware Initiative Summit took place last week, bringing together leaders from over 30 countries in the first in-person meeting of this nature to discuss a global response to the threat of ransomware attacks. The White House summit discussed the development of an international information sharing platform, standardized investigative toolkit and task force among other measures.
READ THE STORY: CPOMAG
Mississippi Hit With Cyberattack After Russian Hackers Call for Strike
FROM THE MEDIA: Mississippi election officials confirmed the state was hit with a coordinated cyberattack Tuesday that disrupted their website's operations periodically throughout Election Day. In a statement from the Mississippi secretary of state's office late Tuesday night, officials claimed to have experienced an "abnormally large increase in traffic volume due to DDoS activity" that caused the office's website to be inaccessible throughout the day.
READ THE STORY: Newsweek
Russian Hackers Threaten DNC Website as Election 'Gift' to GOP
FROM THE MEDIA: A group of Russian hackers has allegedly threatened to target a major Democrat website as a "gift" to Republicans. The threat from the unspecified hacking outfit was published Tuesday on the cyber security blog Cyber Shafarat. The brief message said that the group will work to target the official website of the Democratic National Committee (DNC) in an explicit effort to benefit the GOP on the day of the midterm elections.
READ THE STORY: Newsweek
The Secret Wars: anti-Russian bot army exposed by Australian researchers
FROM THE MEDIA: A team of researchers at the University of Adelaide have found that as many as 80% of tweets about the 2022 Russia-Ukraine invasion in its early weeks were part of a covert propaganda campaign originating from automated fake ‘bot’ accounts. An anti-Russia propaganda campaign originating from a ‘bot army’ of fake automated Twitter accounts flooded the internet at the start of the war. The research shows of the more than 5 million tweets studied, 90.2% of all tweets (both bot and non-bot) came from accounts that were pro-Ukraine, with fewer than 7% of the accounts being classed as pro-Russian.
READ THE STORY: MichaelWestMedia
VMware fixes three critical auth bypass bugs in remote access tool
FROM THE MEDIA: VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin. Workspace ONE Assist provides remote control, screen sharing, file system management, and remote command execution to help desk and IT staff remotely access and troubleshoot devices in real time from the Workspace ONE console.
READ THE STORY: Bleeping Computer
Hacktober Finished With $657 Million Losses From Crypto Exploits
FROM THE MEDIA: Last month was quite spooky for the crypto industry as it saw the highest number of DeFi hacks this year. While October was expected to be “Uptober,” it quickly turned to “Hacktober” as cyber criminals ransacked top crypto projects for hundreds of millions of dollars. A recent tweet by the blockchain security company PeckShield pointed out that October was the biggest month for hacking activities this year.
READ THE STORY: OODALOOP
Ukrainian soldiers have captured Russian UAV with chips from western home appliance and inscription “USSR”
FROM THE MEDIA: Ukrainian soldiers from Kharkiv territorial defense have captured the Russian UAV Hranat-4 which is reportedly the first case of capturing this UAV. Interestingly, Russians wrote on it “Z”, “V”, “USSR”, and “For peace.” The word “peace” means also “world” and “church community” in Russian. Ukrainian soldiers who captured the drone said that the UAV included chips from various home appliances.
READ THE STORY: Euromaidan Press
China conflicts prompt chip manufacturing battles in Europe
FROM THE MEDIA: China is at the center of two conflicts in Europe as the continent strives to shore up domestic chip manufacturing capabilities. German chip manufacturer Elmos Semiconductor says it was informed by the government that the planned $85 million sale of its wafer fab to Chinese-owned Silex Microsystems "will most likely be prohibited." Silex Microsystems is a Dutch subsidiary of China's Sai Microelectronics. Elmos, which focuses on automotive chips, said the move was a surprise, given that Germany's Ministry of Economics and Climate Protection had previously indicated the sale would "most likely be approved."
READ THE STORY: The Register
Faster and more efficient computer chips thanks to germanium
FROM THE MEDIA: Our current chip technology is largely based on silicon. Only in very special components a small amount of germanium is added. But there are good reasons to use higher germanium contents in the future: The compound semiconductor silicon-germanium has decisive advantages over today's silicon technology in terms of energy efficiency and achievable clock frequencies.
READ THE STORY: Science Daily
Coinbase Falls Afoul of German Regulators as Platform Experiences Outage
FROM THE MEDIA: The regulator instructed the crypto exchange to put a “proper” business structure in place after the audit found deficiencies in Coinbase Germany GmbH’s organizational structure. The censure comes to bring Coinbase’s German operations in line with Section 25a Paragraph 2 Sentence 2 of the German Banking Act ( KWG ). Section 25a of the Act primarily lays out rules for “appropriate and effective risk management” to ensure that a business is well-capitalized.
READ THE STORY: BeinCrypto
Saudis are increasingly worried about their devices being hacked: Cisco
FROM THE MEDIA: Ahead of the Global Cybersecurity Forum that will be held in Riyadh, Cisco has revealed the results of its recent consumers’ security survey in Saudi Arabia which shows that 73 percent of Saudis are worried about their connected devices being hacked or attacked. The study shows that 54 percent said corporate cybercrime has made them think their personal data is more at risk now than 12 months ago.
READ THE STORY: ArabNews
Chinese Chip Designers Are Lowering Clock Speeds Amid US Sanctions
FROM THE MEDIA: China’s semiconductor industry is facing significant problems in the wake of US-imposed export controls. Companies like Alibaba and Biren have been developing chips that could compete with the most powerful designs from AMD and Nvidia, but the restrictions have halted production at Taiwan-based TSMC. Engineers are now looking at ways to dumb-down these chips to skirt the rules, hoping that TSMC will restart production. It’s going to be an uphill battle, though.
READ THE STORY: Extreme Tech
Items of interest
Beam-hopping JoeySat has shipped
FROM THE MEDIA: The beam-hopping satellite – nicknamed JoeySat after a baby kangaroo – will be used to connect thousands of people on ships at sea, on planes in flight and while travelling over land, demonstrating next-generation 5G connectivity from low Earth orbit. Its fully digital beam-hopping and beam-steering payload can switch between different places on Earth up to 1000 times per second and adjust the strength of the communications signals to meet demand. Developed under the Sunrise Partnership Project between ESA and telecommunications operator OneWeb, JoeySat will demonstrate key technologies for OneWeb’s second-generation constellation, as part of the ESA Sunrise project with support from the UK Space Agency.
READ THE STORY: The European Space Agency
Hacking the Supply Chain (Video)
FROM THE MEDIA: In this webinar JSCM Group President & CEO John Stengel will discuss how to build redundancy into your supply chain.
China's 5 Cent Army E Commerce Click Farming Business (Video)
FROM THE MEDIA: If there is a way to scam the system, the Chinese economy will find it. Amazon has become a flea market for counterfeit Chinese products.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com