Monday, November 14, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
China’s new satellite-hunting radar aims to blind US
FROM THE MEDIA: China’s new electronically scanned array radar aims to blunt the military advantages long provided by satellite intelligence, raising proliferation concerns in Washington and other Western capitals. The 10-meter-tall SLC-1 radar unveiled at this year’s Zhuhai Airshow can detect and track low-orbiting satellites and predict their paths, its manufacturer China Electronics Technology Group Corporation (CETC) claimed at the show, the South China Morning Post reported last week. The state-owned Chinese company also claimed that the SLC-18 high-power, low-frequency P-band radar can function around the clock in all weather conditions and has an exceptionally large search range.
READ THE STORY: AsiaTimes
Psychological Warfare (PSYOPS)- The Pandora’s Box of Security Issues
FROM THE MEDIA: The world, functioning in its numerous forms and dimensions, is primarily perceived and misperceived by individuals through the faculty of the human Mind. A factor that creates a significant difference vis-a-vis human beings and other species is the complex cognitive ability possessed by humans. The mind is fundamentally an expression of thoughts circulated and imbibed through various means of communication. Deconstructing it further, thoughts portray the information consumed by an individual. In other words, this complex combination of the human mind, thoughts, and information shapes and reshapes our psychology.
READ THE STORY: ModernDiplomacy
Australia to 'stand up and punch back' against cyber crims
FROM THE MEDIA: Australia's government has declared the nation is planning to go on the offensive against international cyber crooks following recent high-profile attacks on local health insurer Medibank and telco Optus. The aggressive posture was expressed in the announcement of a "Joint standing operation" that will see the Australian Federal Police and the Australian Signals Directorate (Australia's GCHQ/NSA analog) run a team with a mission "to investigate, target and disrupt cyber-criminal syndicates with a priority on ransomware threat groups."
READ THE STORY: The Register
Renewed Strategy to Counter Piracy in Africa’s Maritime Domain
FROM THE MEDIA: Nigeria as a nation lays sovereign claim to 12 nautical miles (NM) of Territorial Seas and 200 nm of Exclusive Economic Zone (EEZ). This is according to the United Nations Convention on the Laws of the Sea. Meanwhile, with its coastline of about 420 nm (778km), which translates into about 5,040 square (sq) nm (272 km) of sovereign territory and 84,000 sq nm (4,528,000km) of Exclusive Economic Zone over, Nigeria has sovereign rights to all living and non-living resources. The Chief of the Naval Staff (CNS), Vice Admiral Awwal Zubairu Gambo (CFR), reiterated this at the recently held 17th Africa Security Watch Awards, Conference and Exhibition.
READ THE STORY: This Day
Rare earths should be included in AUKUS
FROM THE MEDIA: Former Defense minister Kim Beazley has called for critical minerals to be included as “another leg” of the AUKUS agreement to break the dependence of Western democracies on China, which currently dominates the rare earths supply chain. Mr Beazley told InnovationAus.com that there needed to be a strategic decision by the Commonwealth government to develop a domestic rare-earths processing capability. “We need to think of it in strategic not commercial terms, and that’s one of the reasons why I thought it would be useful to have that as a focus for AUKUS, and it’s not at the moment, Mr Beazley said.
READ THE STORY: InnovationAus
Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images
FROM THE MEDIA: A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to facilitate information theft. "What is noteworthy is data collection from victims' machines using DropBox repository, as well as attackers using DropBox API for communication with the final stage," the company said.
READ THE STORY: THN
China trying to use ‘coercive’ ways to ‘sabotage’ digital infrastructure of nations
FROM THE MEDIA: China is trying to use “coercive” ways to sabotage the digital infrastructure of nations that are least bothered about the growing threat of Beijing, Voice Against Autocracy reported. Chinese telecommunication firms like Huawei, Hik vision, ZTE Corps and others in the past 10 years have been funded by the Chinese Communist Party. According to the Voice Against Autocracy report, “China with its peculiar objectives is attempting to by-pass the obstacle of convincing nations to entrust its rise but, on a total contrary, is rather on the path of using coercive means to sabotage the digital infrastructure of nations that are least concerned about the rising Chinese threat.”
READ THE STORY: The Print
How North Korea became a mastermind of crypto cyber crime
FROM THE MEDIA: Created by a Vietnamese gaming studio, Axie Infinity offers players the chance to breed, trade and fight Pokémon-like cartoon monsters to earn cryptocurrencies including the game’s own “Smooth Love Potion” digital token. At one stage, it had more than a million active players. But earlier this year, the network of blockchains that underpin the game’s virtual world was raided by a North Korean hacking syndicate, which made off with roughly $620mn in the ether cryptocurrency.
The crypto heist, one of the largest of its kind in history, was confirmed by the FBI, which vowed to “continue to expose and combat [North Korea’s] use of illicit activities — including cyber crime and cryptocurrency theft — to generate revenue for the regime”.
READ THE STORY: FT
Increasingly visible nation-state actor footprint forces APT groups to increase stealth
FROM THE MEDIA: 2022 is turning out to be the year of nation-state actors. With attacks on wind turbine operations and public transit services in the Netherlands, utility firms in India, retail businesses in Taiwan, and stock markets in the US being traced to APT groups, this year has logged more APT activity than ever before. With the increasing realization of their capabilities as a source of rich data and disruption, nations are now growing increasingly comfortable with the use of APT groups to settle scores. This trend has had a complex impact on the security of cyberspace and the ramifications will play out more visibly in the days to come.
READ THE STORY: Security Boulevard
Power outage disrupts all trains to and from Utrecht Central Station
FROM THE MEDIA: A power outage caused a serious disruption to trains running to and from Utrecht Centraal on Sunday evening. The issue was first acknowledged by national rail operator NS at about 7:45 p.m. About 20 minutes later, the NS said, “The power outage at Utrecht Central has been partially repaired. Sprinters will continue to run on all routes as will Intercity trains, where possible.” The power was restored close to 8:45 p.m., the NS said, and added that the delays caused by the interruption would gradually decrease. it was not immediately clear how long it would take to restore all service.
READ THE STORY: NT Times
The Hunt for the FTX Thieves Has Begun
FROM THE MEDIA: Cryptocurrency has always offered a strange mix of temptations and challenges for anyone trying to steal it. As digital cash, held in multibillion-dollar sums on hackable, internet-connected networks, it presents a lucrative target. But once it's stolen, the blockchains that almost every cryptocurrency is built on make it possible to follow that money's every movement and, very often, to identify the thieves. So after a massive heist pulled nearly half a billion dollars worth of funds out of the already collapsing FTX cryptocurrency exchange yesterday, the world's crypto tracers are now closely tracking where that loot ends up—and looking for any clues that reveal the thief to be an FTX insider or just an opportunistic hacker.
READ THE STORY: Wired
Microsoft links Russia’s military to cyberattacks in Poland and Ukraine
FROM THE MEDIA: Microsoft on Thursday fingered Russia’s military intelligence arm as the likely culprit behind ransomware attacks last month that targeted Polish and Ukrainian transportation and logistics organizations. If the assessment by members of the Microsoft Security Threat Intelligence Center (MSTIC) is correct, it could be cause for concern for the US government and its European counterparts. Poland is a member of NATO and a staunch supporter of Ukraine in its bid to stave off an unprovoked Russian invasion. The hacking group the software company linked to the cyberattacks—known as Sandworm in wider research circles and Iridium in Redmond, Washington—is one of the world’s most talented and destructive and is widely believed to be backed by Russia’s GRU military intelligence agency.
READ THE STORY: HITB SECNEWS
OPM finalizes rules rescinding provisions of Trump’s firing executive order
FROM THE MEDIA: The Office of Personnel Management is set to publish final rules Thursday that will rescind policies established during the Trump administration aimed at making it easier to fire federal workers. In 2018, then-President Trump signed an executive order streamlining the discipline and removal of federal employees. OPM in November 2020 issued regulations to implement the edict, including requiring agencies to reform supervisors when the end of an employee’s one-year probationary period is three months and one month away, and clarified that agencies are not required to help underperforming employees to improve or provide a performance improvement longer than 30 days.
READ THE STORY: FCW
The psychological fallout of a ransomware crisis
FROM THE MEDIA: Northwave has conducted scientific research into the psychological fallout of a ransomware crisis on both organizations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn into disarray long after the problem has passed. In this Help Net Security video, Inge van der Beijl, Director Behavior & Resilience at Northwave, talks about the research findings and illustrates how the psychological impact of ransomware attacks can persist on people in affected organizations for a very long time.
READ THE STORY: HelpNetSecurity
No more ransom payment in ransomware spread say Australia
FROM THE MEDIA: Australian government has imposed a ban on ransom payments in cyber attack incidents as it fears that such payments can encourage crime affecting millions of populaces at a time. Already, from the past two months, the IT infrastructure owned by the government agencies such as telecom and insurance are being constantly targeted by state funded hackers. In case of ransomware, the victim is being asked to shell out millions to free up data.
READ THE STORY: Cyber Security Insiders
Twitter faces massive amounts of disinformation spread threat
FROM THE MEDIA: From Friday last week, contractors who battled disinformation spread were fired from their jobs and after getting confirmation from the senior management, nearly 89% of staff left the microblogging service office company on a permanent note. Thus, in the past few hours, misinformation spread is taking place on high, as most of the content monitoring staff were asked either to take leave or sacked on the permanent note. So, web development companies have employed bots to create fake twitter accounts and fill the social networking website with all illogical data such as blasphemy content, fake news, news related to politicians and celebrities to tarnish their images and what not.
READ THE STORY: Cyber Security Insiders
New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks
FROM THE MEDIA: A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to luxury car brands to security firms. "The botnet infects systems via an SSH connection that uses weak login credentials," Akamai researcher Larry W. Cashdollar said. "The malware does not stay persistent on the infected system as a way of evading detection."
READ THE STORY: THN
CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine
FROM THE MEDIA: The Government Computer Emergency Response Team of Ukraine CERT-UA is investigating multiple attacks against organizations in Ukraine that involved a new piece of ransomware called Somnia. Government experts attribute the attacks to the group ‘From Russia with Love’ (FRwL) (aka Z-Team, UAC-0118), which is believed to be a group of Pro-Russia hacktivists. “FRwL (aka Z-Team), whose activity is monitored by CERT-UA under the identifier UAC-0118, took responsibility for the unauthorized intervention in the operation of automated systems and electronic computing machines of the target of the attack.” reads the advisory published by CERT-UA.
READ THE STORY: Security Affairs
Ukrainian CERT Discloses New Data-Wiping Campaign
FROM THE MEDIA: Ukrainian cyber-experts have discovered a new attack campaign by suspected Russian threat actors that compromises victims’ VPN accounts to access and encrypt networked resources. The country’s Computer Emergency Response Team (CERT) noted in a new statement that the so-called Somnia ransomware was being used by the FRwL (aka Z-Team), also identified as UAC-0118. Initial compromise is achieved by tricking victims into downloading “Advanced IP Scanner” software which actually contains Vidar malware. CERTU-UA believes this was achieved by initial access brokers (IABs) working for the Russians.
READ THE STORY: InfoSecMag
The FBI Came Very Close to Deploying Spyware for Domestic Surveillance
FROM THE MEDIA: The FBI came very close to using commercial spyware to aid in its domestic criminal investigations, the New York Times has reported. The spyware was developed by the NSO Group, the notorious surveillance vendor from Israel whose products have been tied to spying scandals all over the world. In January, the Times broke the news that the FBI had been considering procuring a surveillance system called “Phantom” from NSO that could reportedly hack any phone in the United States. The tool was a variant of NSO’s more well-known malware Pegasus and had the ability to comprehensively infiltrate mobile devices and monitor their activities. At the time, it was reported that the FBI was considering using it in criminal investigations.
READ THE STORY: GIZMODO
Skilling SOF teams to exploit the cyber vector
FROM THE MEDIA: n 2007, Israeli special operations forces (SOF) teams penetrated Syria. According to a New York Times article published following the incursion, the special operations teams employed jamming capabilities against Syria’s anti-air systems, opening the way for targeted air strikes from the Israeli Air Force. Though the conceptual application of the SOF team was no different — that being the ability for small, yet highly trained teams to bring about operational and strategic level advantages often within the grey zone — the character of the application shifted from counterterror operations to an unmistakably cyber domain.
READ THE STORY: Defense Connect
China’s surveillance campaigns targeting Uyghurs
FROM THE MEDIA: Cybersecurity researchers uncovered two new surveillance campaigns that are targeting Uyghurs in China and abroad including messaging services, prayer time apps and dictionaries, according to Lookout report citing its Threat Lab. The two new surveillance campaigns are named as BadBazaar and MOONSHINE by the researchers on Thursday. The other employs a previously disclosed tool, MOONSHINE, which was discovered by Citizen Lab and observed targeting Tibetan activists in 2019.
READ THE STORY: The Print
FTX Hack: 'Unauthorized Transactions' Drained Millions From Embattled Crypto Platform
FROM THE MEDIA: Beleaguered crypto exchange FTX on Sunday admitted that "unauthorized transactions" have drained hundreds of millions of dollars from its wallets, saying the company has moved many digital assets to a new "cold wallet custodian". FTX, which last week filed for bankruptcy in the US, did not reveal how much it lost in unauthorized transactions but reports claimed the amount could be as high as $600 million. "We are in the process of removing trading and withdrawal functionality and moving as many digital assets as can be identified to a new cold wallet custodian. As widely reported, unauthorized access to certain assets has occurred," Ryne Miller, the general counsel at FTX US, said in a tweet.
READ THE STORY: abpLIVE
One Of The UK’s Largest Pig Farms Closes Down Following Animal Welfare Breaches
FROM THE MEDIA: One of the UK’s largest pig factory farms has been shut down following multiple allegations of animal welfare breaches. Flat House Farm, which is situated in Leicestershire, was the subject of an investigation by UK animal rights organization Viva! in 2020. Alan and Rachel Elvidge, who are directors of the farm’s owner Elvidge Farms Ltd, appeared in court following a Trading Standards investigation into their business. Elvidge Farms Ltd pleaded guilty to one count of breaching the Animal Welfare Act 2006 (Section 9 – duty of person responsible for animal to ensure welfare). The company was given a £4,500 fine. According to Viva!, court proceedings revealed that Flat House Farm is no longer farming pigs.
READ THE STORY: PlantBasedNews
Elon Musk heads to court over Tesla pay that made him world's richest person
FROM THE MEDIA: Tesla and CEO Elon Musk will spend this week in court to defend the massive compensation package that helped make him the world's richest man. The week-long trial in Delaware Court of Chancery will examine the 2018 compensation plan that the automaker's board of directors created for Musk. The automaker said at the time it could be worth nearly $56 billion, making it the largest compensation package for anyone on Earth from a publicly traded company, and the net value today is $50.9 billion. Even in the rarified air of CEO pay, Musk's compensation plan stood apart. Millions upon millions of dollars are often lavished on corporate executives of the biggest companies, but the plan to pay Musk initially totaled in the tens of billions, as long as he met performance goals.
READ THE STORY: KCRA
Is Iran’s quest for nuclear weapons breaching nuclear proliferation safeguards
FROM THE MEDIA: According to recent US intelligence reports, Iran is looking to Russia to help rebuild its nuclear program, in exchange for drones and missiles that would fuel the war in Ukraine. The 2015 nuclear arrangement, known formally as the Joint Comprehensive Plan of Action (JCPOA), was signed by several world powers – including the United States and the United Kingdom. After Iran’s years of efforts to develop nuclear weapons, the JCPOA placed significant restrictions on the country’s nuclear activity.
READ THE STORY: Innovation News Network
Cyprus still in the mix as Greece’s spyware scandal takes wider dimension
FROM THE MEDIA: Cyprus is still in the mix as Greece’s spyware scandal takes a wider dimension with an Israeli man with Cypriot nationality appearing to be among the main protagonists. He is Avraham Shahak Avni, a Jewish community leader who was granted Cypriot citizenship in 2015 as a foreign investor. He is the same man who was implicated in the infamous spy van probe in Cyprus, and an investigative report on Sunday in Greece’s ‘To Vima’ says he became active there in September 2019.
READ THE STORY: in-cyprus
The FBI Came Very Close to Deploying Spyware for Domestic Surveillance
FROM THE MEDIA: The FBI came very close to using commercial spyware to aid in its domestic criminal investigations, the New York Times has reported. The spyware was developed by the NSO Group, the notorious surveillance vendor from Israel whose products have been tied to spying scandals all over the world. In January, the Times broke the news that the FBI had been considering procuring a surveillance system called “Phantom” from NSO that could reportedly hack any phone in the United States.
READ THE STORY: GIZMODO
Resist the tech wizards’ spell
FROM THE MEDIA: I once had a colleague who was lazy, rude and prejudiced. But Reg, as I will call him, kept his job for a reason aside from the almost inexhaustible tolerance of our employer. Reg could accomplish feats on the clunky publishing system of that era that no one else could. When he placed his stubby fingers on the keyboard, he transformed from sleepy schlub into IT archmage. Reg, naturally, did not teach anyone else how to input the complex instructions that were more akin to coding than the intuitive commands on modern apps.
READ THE STORY: FT
Spy agency uses ‘computer network exploitation’ to take digital information
FROM THE MEDIA: One of the country’s two spy agencies has revealed it retrieves information directly from where it is stored or processed on computers. The “computer network exploitation” operations have been a highly-classified secret at the GCSB until now. US commentators refer to computer network exploitation as a form of cyber warfare, or the “theft of data”. “Our legislation ... allows us to access information infrastructures, which is more than just interception,” the director-general of the Government Communications Security Bureau, Andrew Hampton, said.
READ THE STORY: NZHerald
SpaceX just bought a big ad campaign on Twitter for Starlink
FROM THE MEDIA: Elon Musk’s aerospace business SpaceX has ordered one of the larger advertising packages available from Twitter, the social media business he just acquired in a $44 billion deal and where he is now serving as CEO. The campaign will promote the SpaceX-owned and -operated satellite internet service called Starlink on Twitter in Spain and Australia, according to internal records from the social media business viewed by CNBC. The ad campaign SpaceX is buying to promote Starlink is called a Twitter “takeover.”
READ THE STORY: CNBC
Launch success for Intelsat satellites
FROM THE MEDIA: A SpaceX Falcon 9 rocket successfully placed two important Intelsat satellites into orbit on November 12th. Galaxy 31 and Galaxy 32 were launched. They will help provide Intelsat’s replacement coverage to its client’s cable head-end with TV services and help guarantee Intelsat receives the FCC’s C-band compensation payment at the end of 2023. The launch, from Cape Canaveral Space Force Station in Florida, was the 14th flight for the Falcon 9 first stage booster. The booster previously supported Dragon’s first crew demonstration mission, the RADARSAT Constellation Mission, SiriusXM’s SXM-7, and 10 Starlink missions.
READ THE STORY: Advanced Television
Video Verification
FROM THE MEDIA: Today’s corporations are more digitized than ever before. Banks, financial institutions, and other corporations rely on remote video verification for client authentication, compliance screening and digital onboarding. It enables onboarding your customers more conveniently and helps secure the platform. With online fraud on the rise globally, businesses are highly targeted usually in the signup process. Cyber terrorists carry out targeted attacks on the smallest weaknesses in your system and cause revenue loss through fraud.
READ THE STORY: Security Boulevard
Items of interest
Australia will be “offensively attacking” ransomware cartels
FROM THE MEDIA: Hacking and leaking sensitive data from Australia’s second-largest telecoms provider Optus and largest health insurance company Medibank prompted the government to promise its citizens retaliation against cybercrooks. The nation’s government announced establishing a Joint standing operation against cybercriminal syndicates. The operation will involve a hundred cybersecurity practitioners and experts tasked with disrupting ransomware cartels. “What they will do is scour the world, hunt down the criminal syndicates and gangs who are targeting Australia in cyberattacks, and disrupt their efforts,” Australia’s Minister for Home Affairs and Cyber Security Clare O’Neil said.
READ THE STORY: Cybernews
Webinar: Anti-Money Laundering, Sanctions & ESG (Video)
FROM THE MEDIA: Hear what renowned industry expert Mark Anderson has to say about anti-money laundering and its recent growth, sanctions and ESG in the current world. Learn from practical market examples and case studies.
Encryption: Toolkits and Interventions for the Media (Video)
FROM THE MEDIA: The DNS Africa Resource Centre (DARC) is a digital learning space where reading, inquiry, research, thinking, imagination, and creativity are central to members information-to-knowledge journey. The existence of the DARC is to provide quality materials and resources to the digital communities.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com