Monday, November 21, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild
FROM THE MEDIA: Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence (GCTI) team. The latest version of Cobalt Strike is version 4.7.2. Cobalt Strike, developed by Fortra (née HelpSystems), is a popular adversarial framework used by red teams to simulate attack scenarios and test the resilience of their cyber defenses.
READ THE STORY: THN
US offshore oil and gas installation at 'increasing' risk of cyberattack
FROM THE MEDIA: The US Government Accountability Office (GAO) has warned that the time to act on securing the US's offshore oil and natural gas installations is now because they are under "increasing" and "significant risk" of cyberattack. A report to Congress looked at a network of "more than 1,600 offshore oil and gas facilities," which the federal watchdog pointed out produce a "significant" amount of America's domestic oil and gas – and the operational technology (OT) tech that looks after and controls the physical equipment. The study also warned of a potential ecological (and energy) disaster on par with the 2010 Deepwater Horizon disaster.
READ THE STORY: The Register
Luna Moth ransomware group invests in call centers to target individual victims
FROM THE MEDIA: A new report today from Palo Alto Networks Inc.’s Unit 42 details the disturbing rise of a ransomware group that has invested in call centers and infrastructure to target individual victims. Luna Moth, also known as the Silent Ransom Group, has been active since March, starting with a campaign that breaches organizations with fake subscription renewals. The group used phishing campaigns that deliver remote-access tools to enable corporate data theft. Having stolen confidential data, the group threatens to make files publicly available unless a ransom is paid.
READ THE STORY: SiliconANGLE
Industrial systems under attack in Middle East, Africa regions
FROM THE MEDIA: Between January and September this year, industrial control systems (ICS) in the Middle East, Turkey and Africa (META) region were attacked using multiple means. Malicious tools were blocked on 38% of ICS computers that were protected by Kaspersky solutions, a number slightly higher than the global number of 31.8%. In SA specifically, the number sat at 36.1%. Of these, 14.6% came from the internet, 17.8% through e-mail clients, and 2.9% via removable media.
READ THE STORY: iTweb
Pak army using Chinese drones to crush rebellion in Balochistan
FROM THE MEDIA: The Pakistani army is using Chinese-origin combat CH-4B drones to crush the rebellion in Balochistan. While the Pakistani Army has used fighter jets and armed helicopters against Baloch rebels for several years, the use of combat UAVs is new and is continuously increasing, reported The Eurasian Times. Earlier this month, Pakistan allegedly conducted a massive military offensive against Baloch rebels in the Bolan region by deploying unmanned aerial vehicles (UAVs), fighter jets, and Gunship helicopters, along with SSG Commandos, according to Balochistan Post-English.
READ THE STORY: Business-Standard
Russia destroys its own air defense system with kamikaze drone
FROM THE MEDIA: Russian state media released on 16 November a statement saying: Russian Lancet kamikaze drone hit a Ukrainian 5N63S engagement radar of the S-300PS surface-to-air missile system. Footage released by the Russian media appears to show the targeting and destruction of the Ukrainian S-300’s radar, but OSINT experts drew attention to the vehicle missing many critical parts, such as power-supply units and a telescoping antenna. Citing a report from JB Schneider, Militarnyi reported that Russians have destroyed its own mock-up of 5N63S engagement radar with Lancet loitering munition.
READ THE STORY: Defense-Blog
PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online
FROM THE MEDIA: Proof-of-concept exploit code has been released online for two actively exploited vulnerabilities in Microsoft Exchange, known as ProxyNotShell.
READ THE STORY: Express (UK)
US intel says Iran agreed to help Russia build more drones
FROM THE MEDIA: Proof-of-concept exploit code has been released online for two actively exploited vulnerabilities in Microsoft Exchange, known as ProxyNotShell. The two flaws are: CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability, CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution on vulnerable servers.
READ THE STORY: Security Affairs
Chinese threat group spoofs Coca-Cola and McDonald’s in sophisticated phishing campaign
FROM THE MEDIA: The threat actor, dubbed as “Fangxiao,” is likely to be based in China and is financially rather than politically affiliated. It targets companies across various industries, including retail, banking, travel, pharmaceuticals, and others, and tricks victims via common sentiments – for example, fears surrounding the COVID-19 pandemic in 2020. Fangxiao operates by sending a link via a WhatsApp message, which redirects users to a fake page of a well-known brand. The group regularly changes its domains, with 300 unique domains reportedly used on one day in October 2022 alone.
READ THE STORY: Cybernews // GBhackers // HackRead // CySecurity
Royal Ransomware: New Threat Uses Google Ads and Cracked Software
FROM THE MEDIA: On November 17th, Microsoft Security Threat Intelligence tracked activity from a threat actor known as DEV-0569 regarding the development of new tools to deliver the Royal ransomware. Although Microsoft still uses a temporary ‘DEV-####’ designation for it, meaning that they are unsure about its origin or identity, the group is believed to consist of ex-Conti members.
READ THE STORY: HackRead
Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild
FROM THE MEDIA: The AXLocker ransomware encrypts victims’ files and steals Discord tokens from the infected machine. The analysis of the code revealed that the startencryption() function implements the capability to search files by enumerating the available directories on the C:\ drive. The malware only targets specific file extensions and excludes a list of directories from the encryption process. The AXLocker ransomware uses the AES encryption algorithm to encrypt files, unlike other ransomware it does not change the name or extension of the encrypted files.
READ THE STORY: Security Affairs
Criminals 'follow the money' by commercializing cybercrime, launching more 'innovative' ransomware attacks and doubling down on credential theft
FROM THE MEDIA: According to the 2023 Threat Report from Sophos ransomware remains one of the greatest cybercrime threats to organizations with operators innovating their extortion tactics, as well as how demand for stolen credentials continues to grow. Sophos says criminal underground marketplaces like Genesis have long made it possible to buy malware and malware deployment services (“malware-as-a-service"), as well as to sell stolen credentials and other data in bulk.
READ THE STORY: itWire
Personal data of AirAsia Malaysia, Indonesia and Thailand passengers allegedly leaked due to ransomware
FROM THE MEDIA: Personal data belonging to 5 million AirAsia passengers via AirAsia Malaysia, AirAsia Indonesia and AirAsia Thailand may have been leaked after the airline was hit by a purported ransomware attack. It was alleged that AirAsia was a victim of a Daixin Team ransomware attack and the attackers have shared two CSV files which contain personal details of passengers and employees.
READ THE STORY: Soyacincau
New Allegations on Wiretapping Scandal in Greece Add to Government Woes
FROM THE MEDIA: The government in Greece is facing growing pressure over the wiretapping scandal as media reports over the weekend alleged the intelligence services were orchestrating the surveillance of politicians and journalists. The government of Kyriakos Mitsotakis has been claiming that if surveillance had taken place it was done not by government agencies, but by “unknown” third parties.
READ THE STORY: Greek Reporter
Sovereign cloud features more frequently in future plans
FROM THE MEDIA: Cybersecurity will remain a top priority – indeed, perhaps the top priority – in cloud computing for the median term. When the data is sensitive or where laws require it, organizations are looking to sovereign cloud as part of the solution. (https://www.digitalnationaus.com.au/video/cover-story-the-market-and-other-forces-behind-the-rise-of-sovereign-cloud-587403) According to Nigel Pair, enterprise director, UNSW Institute for Cybersecurity, and also a non-executive director on a number of boards, “The whole business case surrounding sovereign cloud is that this information is so sensitive, is so serious that it should be domiciled, say, in our perspective, in the Australian environment,” he said.
READ THE STORY: itNews
‘Part of the kill chain’: how can we control weaponized robots
FROM THE MEDIA: The security convoy turned on to Tehran’s Imam Khomeini Boulevard at around 3:30pm on 27 November 2020. The VIP was the Iranian scientist Mohsen Fakhrizadeh, widely regarded as the head of Iran’s secret nuclear weapons programme. He was driving his wife to their country property, flanked by bodyguards in other vehicles. They were close to home when the assassin struck. A number of shots rang out, smashing into Fakhrizadeh’s black Nissan and bringing it to a halt.
READ THE STORY: The Guardian
Cyber Pirates
FROM THE MEDIA: Swashbuckling pirates and sabotage on the high seas have gone digital. Ransomware has replaced the cutlass. In fact, the entirety of modern conflict has evolved into Fifth Generation Warfare with information and perception as its framework. Often referred to as the "Gray Zone" or "hybrid warfare," the term encompasses cyberattacks, nonviolent economic pressure and disinformation campaigns. It’s the weaponization of anything.
READ THE STORY: Maritime-executive
Cyber specialist out to detect supply chains’ weakest links
FROM THE MEDIA: When Kaseya, a Miami-based software supplier, was hit by a cyber attack in July last year, it was not just a problem for the company itself. The hackers also managed to gain access to Kaseya’s customers and, after that, those customers’ own clients. Around 1,000 companies were affected in all. One of them — a Swedish grocery chain — had to close hundreds of stores. This is not an isolated example.
READ THE STORY: FT
Iraq's Parliament to discuss controversial cyber crimes bill
FROM THE MEDIA: Iraq’s Parliament is to revisit a cyber crime draft law on Monday despite widespread objections from campaigners who see it as a threat to freedom of expression. The bill was introduced in 2013, two years after it was drafted. But under pressure from local and international non-government organisations, Parliament shelved it. The Law on Information Technology Crimes draft will be presented to Parliament again in Monday's session, according to the legislative body's agenda.
READ THE STORY: MENA
Researchers Warn Of Hackers Dropping Malware Through Google Drive On Government Networks
FROM THE MEDIA: Researchers at Trend Micro are raising the alarm against Chinese hackers who are receiving support from the government.
The hackers are confirmed to have been taking part in spearphishing campaigns that deliver customized malware that's stored in Google Drive. This malware is dropped on specific locations such as government networks, research areas, and even academic organizations. Moreover, the researchers claim that such incidents were seen peaking during the period between March and October of this year. Security researchers have even gone as far as attributing the disturbing behavior to a cyber group named Mustang Panda.
READ THE STORY: Digital Information World
US govt to 'probe' Musk's Twitter as he plans more layoffs
FROM THE MEDIA: The US government is now looking into whether Elon Musk's foreign investment partners have access to users' private data on the micro-blogging platform, as he plans another round of layoffs. Bloomberg reported, citing sources, that the government is asking for more details about Musk's private agreements with global investors who hold stakes in the company. These investors include Saudi Arabia's Prince Al Waleed bin Talal Al Saud and the Qatar Investment Authority.
READ THE STORY: Investing
The feds warn that hackers could hold Midwestern harvests hostage with ransomware
FROM THE MEDIA: Ever fewer chores get done on a farm or ranch without some connection to the internet. Farmers use data, artificial intelligence and GPS to make decisions about where and when to water or fertilize their crops, the best time to inoculate their livestock or how to manage their feed. That use of technology has helped propel the U.S. to the top of the world’s agriculture exporters, but it’s also left farms increasingly vulnerable to cyberattacks. “Cyber criminals know this,” Omaha-based FBI Special Agent Eugene Kowel said. “They’re very savvy, and they know that hacking into U.S. agriculture can yield a big payday.”
READ THE STORY: IPR
This sneaky ransomware gang keeps changing tactics to spread its malware
FROM THE MEDIA: A new ransomware operation is using unusual techniques to breach networks and encrypt them with file-locking malware in order to hold victims to ransom. Royal ransomware first appeared in September this year and is being distributed by multiple threat groups, but one is showing what Microsoft Security Threat Intelligence describes as "a pattern of continuous innovation" to distribute and hide payloads, often until it's too late and the victim has had their network encrypted. The attacks, delivered in a variety of ways, are attributed to a group Microsoft tracks as DEV–0569 – a temporary name as the origin and identity of the group behind the activity is still uncertain.
READ THE STORY: ZDNET
The shifting cybersands
FROM THE MEDIA: Kaspersky shared the evolution of the digital threat landscape in Turkey and other parts of the Middle East and Africa (MENA) region, and worldwide during its annual Cyber Security Weekend – META, which took place in Jordan, a press statement said. It said Kaspersky experts discussed various topics and threats specifically facing enterprises, businesses, and industrial organizations, and shared threat predictions for the upcoming year.
READ THE STORY: Jordan News
Notorious Emotet Malware Returns With High-Volume Malspam Campaign
FROM THE MEDIA: The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "the new activity suggests Emotet is returning to its full functionality acting as a delivery network for major malware families." Among the primary countries targeted are the U.S., the U.K., Japan, Germany, Italy, France, Spain, Mexico, and Brazil.
READ THE STORY: THN
BeiDou-based applications replace GPS in China's railway surveying
FROM THE MEDIA: China's self-developed BeiDou Navigation Satellite (BDS) system has replaced GPS in railway survey and design, construction, operation, deformation monitoring, and other processes, a breakthrough in the country's self-dependent transportation, according to China's leading railway group on Friday. Self-dependent control is the main advantage brought by the BDS system in railway engineering and surveying, said Cao Chengdu, chief engineer of China Railway SIYUAN Survey and Design Group, which recently led and completed research on application technology in railway and shipping based on the BDS.
READ THE STORY: ECNS
Kayrros: from tracking oil by satellite to tackling the climate emergency
FROM THE MEDIA: The Soviet Union launched the first satellite into space in October 1957. The craft, Sputnik, was the size of a beach ball, weighed 83.6kg and orbited the Earth once every 98 minutes. Though it burnt up in the atmosphere four months later, Sputnik was the starting gun for the space race and the thousands of satellites that have launched since. Please use the sharing tools found via the share button at the top or side of articles. Today, scientists estimate that as many as 5,000 man-made satellites are circling the planet, transmitting messages and collecting vast seams of data about the Earth, its people, and the solar system.
READ THE STORY: FT
Iran determined to send more satellites to space
FROM THE MEDIA: Iran has reached new levels of missile, satellite and drone technology, according to Amir Ali Hajizadeh, commander of the IRGC’s aerospace force. Hajizadeh, a key figure in Iran’s missile and drone programs crucial to Iran’s technological successes, gave a speech over the weekend that was discussed in Iranian media. According to Tasnim, he said that Iran is determined to put more satellites into space using a new satellite launch vehicle.
READ THE STORY: JP
Items of interest
How Xi Jinping leveled-up China's hacking teams
FROM THE MEDIA: From the early 2000s to 2015, China’s hacking teams caused havoc for private companies and U.S. and allied governments. In a series of high-profile breaches, they poached government databases, weapon system designs and corporate IP. From the breach of the Office of Personnel Management, to Marriott, to Equifax, to many, many others, the People’s Republic of China’s digital warriors demonstrated the full potential digitally mediated espionage.
READ THE STORY: Cyberscoop
Phishing in Japan - Katsumi Ono, Economic & Financial Cybercrime Leader, Japan Cyber Crime Centre (Video)
FROM THE MEDIA: The event was organized by the Global Anti Scam Alliance (GASA) with the goal to share knowledge and insights on fighting online scams and defining concrete actions to combat online fraud more effectively and efficiently. The event combined presentations, lectures, and workshops.
Cybercrime In Chicago - Pig Butchering (Video)
FROM THE MEDIA: Pig Butchering is a relatively new social engineering scam where fraudsters contact people (the "Pigs") on social media and build trust by engaging in long-term communication, establishing the idea of a fabricated friendship or romantic partnership. Sometimes, the scammers impersonate real friends of the target.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com