Saturday, December 17, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
FBI: Criminals Using BEC Attacks to Scavenge Food Shipments
Analyst Comments: These actions are from Criminal Organizations (CO) and are scalable. Suppliers need to independently verify the contact information of new vendors or customers. These social engineering attacks will continue to be successful if proper processes are followed. Extending credit limits and “favors” can be limited if risk management protocols are used.
FROM THE MEDIA: Threat actors have typically used business email compromise (BEC) attacks to steal money from unwary organizations in recent years. But in a new twist, cybercriminals are using them to steal food shipments and ingredients from suppliers and distributors around the country. The FBI and the Food and Drug Administration Office of Criminal Investigations (FDA OCI) on Dec. 16 issued an alert warning that the attacks have been going on since at least the beginning of this year and have cost several organizations hundreds of thousands of dollars in losses so far. "While BEC is most commonly used to steal money, in cases like this, criminals spoof emails and domains to impersonate employees of legitimate companies to order food products," the two agencies said in the joint cybersecurity advisory.
READ THE STORY: DARKReading // PCMAG // SecurityWeek // The Record
DarkTortilla malware spreads on phishing sites masquerading as legitimate domains
FROM THE MEDIA: Researchers reported on a campaign where they observed threat actors dropping DarkTortilla malware on phishing sites masquerading as legitimate Grammarly and Cisco sites. In a Dec. 16 blog post, Cyble Research and Intelligence Labs (CRIL) described DarkTortilla as a complex, .Net-based malware that has been active since 2015. The researchers said that malware has been best known to drop malware stealers and remote access trojans (RATs) such as AgentTesla, AsyncRAT, and NanoCore. During the summer, security researchers at Secureworks published a blog about DarkTortilla and detailed its behavior. While the Secureworks researchers said DarkTortilla uses spam email with malicious attachments to reach users, it was CRIL researchers who found that the bad actors around DarkTortilla created phishing sites for distributing the malware.
READ THE STORY: SCMAG
How Instagram Ads (And My Cognitive Bias) Convinced Me To Buy $100 Leggings
Analyst Comments: Marketing is private sector PSYOPS. The ability to exploit public opinion via social media is nothing new - simply put it works. Self awareness and education is key to combat PYSOPS and IO campaigns.
FROM THE MEDIA: Humans are hard-wired with cognitive biases – the little shortcuts our brains take to help us sort through information and make quick decisions. The problem is, too often those biases can be erroneous, emotionally-driven, and fail to take in the nuance, research, and patience needed to make truly accurate conclusions based on critical thinking. Cognitive biases can be particularly troublesome when people are pressed for time, emotional, under stress, or feeling impulsive. In other words, during the holiday season. Everyone likes to believe that they have good judgment – be it about a political belief or confidence that they’ve made the best decision possible when purchasing goods or products. But the reality is that retailers and marketers have nearly perfected using our cognitive biases against us to drive sales and increase profits.
READ THE STORY: FORBES
Cyber Warfare Is Getting Real
FROM THE MEDIA: American dressed in his pajamas took down North Korea’s internet from his living room. Fortunately, there was no reprisal against the United States. But Kim Jong Un and his generals must have weighed retaliation and asked themselves whether the so-called independent hacker was a front for a planned and official American attack. In 2023, the world might not get so lucky. There will almost certainly be a major cyberattack. It could shut down Taiwan’s airports and trains, paralyze British military computers, or swing a US election. This is terrifying, because each time this happens, there is a small risk that the aggrieved side will respond aggressively, maybe at the wrong party, and (worst of all) even if it carries the risk of nuclear escalation.
READ THE STORY: Wired
Facebook to pay hackers up to $300,000 to uncover remote code execution bugs
FROM THE MEDIA: Meta has updated its bug bounty program to offer up to $300,000 to security researchers who report vulnerabilities allowing attackers to remotely execute code on its mobile apps, the company said on Thursday. In a newsroom post accompanying reports about the threats facing Facebook and Instagram users from spyware and covert information operations, Meta said it had so far this year paid out $2 million in rewards to researchers from more than 45 countries. Out of about 10,000 reports made to the company, Meta offered rewards to more than 750 submissions.
READ THE STORY: The Record
Meta removes hundreds of accounts tied to spyware
FROM THE MEDIA: Facebook's parent, Meta, removed hundreds of accounts in the last year across Facebook and Instagram tied to known spyware and surveillance-for-hire vendors, according to a report released Thursday. META has been investigating and taking action against commercial spyware vendors, the so-called surveillance-for-hire industry, for years. Since publishing their first threat research about this challenge last year, they have taken down more of these entities across our technologies and worked with researchers and our industry partners to tackle this growing challenge from multiple angles. When they uncover these entities, META takes down their accounts, blocks their online infrastructure and share their findings with security researchers, other platforms and policymakers.
READ THE STORY: AXIOS
Malicious drivers signed by Microsoft used in cyber attacks
FROM THE MEDIA: Microsoft says it has banned several third-party developer accounts who submitted malicious Windows drivers for the IT giant to digitally sign so the code could be used in cyberattacks. Along with the launch on Patch Tuesday this week, the tech giant also revoked certificates used to sign the bad drivers and vowed to take action to prevent organizations from loading the malicious code. The moves come after eggheads at Mandiant, SentinelOne, and Sophos, which are owned by Google, told Microsoft in October that several cybercrime gangs were using malicious, third-party, Microsoft-signed, kernel-mode hardware drivers to help spread ransomware.
READ THE STORY: WorldTimeTodays
Colombian energy supplier EPM hit by BlackCat ransomware attack
FROM THE MEDIA: Colombian energy company Empresas Públicas de Medellín (EPM) suffered a BlackCat/ALPHV ransomware attack on Monday, disrupting the company's operations and taking down online services. EPM is one of Colombia’s largest public energy, water, and gas providers, providing services to 123 municipalities. The company generated over $25 billion in revenue in 2022 and is owned by the Colombian Municipality of Medellin. On Tuesday, the company told approximately 4,000 employees to work from home, with IT infrastructure down and the company's websites no longer available.
READ THE STORY: Bleeping Computer
Digging into the numbers one year after Log4Shell
FROM THE MEDIA: A year ago, when the Log4Shell vulnerability was first disclosed, perhaps no sector responded as quickly and decisively as the federal government. Within days of the bug’s disclosure, the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security issued an emergency directive ordering civilian federal agencies to identify all software solution stacks accepting data input from the internet, map them to a government-run GitHub repository of known software assets using the vulnerable code, patch known affected instances and request additional scrutiny for internet connected solutions that were not on the list. Agencies were given less than week to patch their affected systems or pull them from the internet.
READ THE STORY: SCMAG
Microsoft has found a whole load of IoT and industrial cyber flaws
FROM THE MEDIA: Microsoft has identified a huge number of IoT security issues, finding unpatched, high-severity vulnerabilities in 75% of the most common industrial controllers in customer operational technology (OT) networks. The tech giant's research also found that 72% of the software exploits utilized by what Microsoft terms “Incontroller” are now available online. "Incontroller" is what the Cybersecurity and Infrastructure Security Agency (CISA) describes as a "novel set of state-sponsored, industrial control system (ICS) oriented cyberattack tools".
READ THE STORY: TechRadar
Hackers selling user data from CoWIN platform on DarkWeb
FROM THE MEDIA: Only a few weeks after hackers breached India's premier government hospital, AIIMS Delhi, they have moved on to the Indian government's web portal for COVID-19 vaccination, CoWIN.gov.in, selling sensitive information to the highest bidder on the Dark Web. The potential threat actor has claimed to have access to the CoWIN portal database in a post on a well-known hacker forum. The evidence provided by the hacker consists of screen captures of the portal's administrative interface, which display sensitive information such as patient IDs, sample IDs, secretariat names, citizen names, mobile numbers, and result dates. Information on vaccination clinics, administrators, and providers is included, among other things.
READ THE STORY: TIMESNOW
China issues new rules controlling regulation of online comments, says will protect national security
FROM THE MEDIA: The Cyberspace Administration of China drew strict regulations over governing online comments that came into effect on Thursday (Dec 16). The cyber department said that these rules will help in protecting national security, public interest and citizens. The rules were published last month. The new rules state, "Service providers shall... carry out a credit evaluation of users based on their commenting behavior." It further stated that individuals who have been "seriously discredited" will be under 'blackist,' prohibiting them from commenting not even if they make a new account. The Asian country with one of the most advanced technology has been under strict social media rules with a further threat to their freedom of expression.
READ THE STORY: WIONEWS
Bloodless hidden Cyber Wars against India
FROM THE MEDIA: Mass invisible bloodless cyber-attacks on our country’s institutions and organizations cripple our economy, industry, governance and national security. These attacks can be secretive, more often lethal and more severe than any military operation(s), which are more visible in physical deaths, bloodshed and destruction. These global and lower-scale attacks are becoming everyday occurrences like accidents, wars, fires, unauthorized access and excessively employed for sabotage, subversion and espionage through cyber warfare means of unlimited reach.
READ THE STORY: Frontier India
DOJ must aggressively target alleged Russian agents in effort to stockpile potential swap options, expert says
FROM THE MEDIA: The Department of Justice (DOJ) indicted five Russian nationals and two Americans with conspiracy and other charges in what appears to be a move aimed at potentially stockpiling some bargaining chips for future swap deals with Moscow. "It’s good to see that the Biden administration started to go more aggressively after the Russian criminals who violate the law and ultimately undermine U.S. security because, so far, they only have made bad deals with the Russians," Rebekah Koffler, president of Doctrine & Strategy Consulting and a former Defense Intelligence Agency officer, told Fox News Digital.
READ THE STORY: FOX
Navigating China Cross-border Data Transfer Rules
FROM THE MEDIA: The Cyber Security Law (CSL), Data Security Law (DSL) and Personal Information Protection Law (PIPL) together form China’s data governance regime, a key element of which is the regulation of data cross-border activities. In 2022, we saw significant legislative developments under the PIPL as the relevant Chinese authorities published further details elaborating on the cross-border transfer mechanisms. With the digital economy booming and cross-border data activities increasing, it has become more crucial than ever for organizations doing business in or with China to understand the new requirements and how to navigate through China’s complex data protection regulatory landscape.
READ THE STORY: Regulation Asia
Inside Twitter’s risky plan to force users to share data riles regulators
FROM THE MEDIA: Twitter’s risky plan for its ads business may actually end up doing more harm than good for advertisers still advertising on the social network. What now, you say? Well, earlier this week Platformer broke the news that Twitter’s controversial billionaire owner Elon Musk wants to force users to accept personalized advertising unless they pay for a subscription service that will let them opt-out of ads. Musk’s plan doesn’t stop there. He’s reportedly weighing whether to force users to share their location to Twitter (and its advertisers) alongside their contact phone numbers that they have already provided for two-factor authentication for ad targeting purposes.
READ THE STORY: DIGIDAY
Social Blade confirms breach after hacker posts stolen user data
FROM THE MEDIA: Social media analytics platform Social Blade has confirmed they suffered a data breach after its database was breached and put up for sale on a hacking forum. Social Blade is an analytics platform that provides statistical graphs for YouTube, Twitter, Twitch, Daily Motion, Mixer, and Instagram accounts, allowing customers to see estimated earnings and projects. The company offers an API allowing customers to integrate the Social Blade data directly into their own platforms.
READ THE STORY: bleeping Computer
Financially Motivated Hacker Behind Rackspace Ransomware Attack
FROM THE MEDIA: The recent ransomware attack on Rackspace was carried out by a financially motivated threat actor. Service disruptions knocked thousands of its Hosted Exchange customers offline. Rackspace hasn’t released any further information about the attacker. Earlier this week, Rackspace warned of the likelihood of phishing attacks exploiting the ransomware attack. “In situations like these, it’s common for scammers and cybercriminals to try to take advantage,” a Rackspace spokesperson said. “We currently have no evidence to suggest that customers are at increased risk as a result of this direct contact. However, we have reminded all of our customers of best practices around to keep their accounts safe.”
READ THE STORY: CF
Gemini, Uber data breaches show third-party risk can’t be ignored
FROM THE MEDIA: Third-party risk is one of the most overlooked threats in enterprise security. Research shows that over the past 12 months, 54% of organizations have suffered data breaches through third parties. This week alone, both Uber and cryptocurrency exchange Gemini have been added to that list.
Most recently, Gemini suffered a data breach after hackers breached a third-party vendor’s systems and gained access to 5.7 million emails and partially obfuscated phone numbers. In a blog post reflecting on the breach, Gemini acknowledged that while no account information or systems were impacted as a result, some customers may have been targeted by phishing campaigns following the breach.
READ THE STORY: VB
Veteran Cybersec Researcher Urges Work with Govt, Regulators
FROM THE MEDIA: The cybersecurity community needs to stop “arming” and normalizing cybercriminals, and accept a bigger role for government and regulation, veteran researcher Daniel Cuthbert told the audience at the recent Black Hat Europe conference. Cuthbert, global head of cybersecurity research at Banco Santander, took Halvar Flake’s 2017 talk “Why we are not building a defendable internet” as the starting point for his keynote at the conference, asking if we’d seen any progress since then. He said he’d seen how “My industry, and my friends and what we’re doing has moved away from that core group of curious kids doing stuff on the internet and the World Wide Web, to how external forces have taken what we were doing and causing a lot of havoc.”
READ THE STORY: The New Stack
Update on Little Rock School District breach
FROM THE MEDIA: As we previously noted, earlier this month the Little Rock School District, located in the US state of Arkansas, discovered unauthorized activity on its network indicating a data breach. There were few details at the time, but Arkansas Online now reports that the school district has finalized a settlement linked to the cyberattack. Little Rock School Board president Greg Adams posted on the district website: "We cannot share the details of this agreement but we are in the process of retrieving the data that was taken from our system.
READ THE STORY: The Cyberwire
Chinese are coming for biggest breach in India’s defenses. Our politics is far from ready for them
FROM THE MEDIA: What are the Chinese up to? Why is it that they are provoking Indian troops and thereby public opinion by activating almost the entire 3,488-km Line of Actual Control, and yet managing the escalation ladder below the firing threshold? What is their message and objective? Finally, how are we responding to it? Not militarily. That isn’t the question right now. India’s armed forces are dealing with this adequately and effectively on the ground. This can’t, however, be seen as a series of whimsical, sporadic fistfights or melees on a most lonely frontier.
READ THE STORY: The Print
New Botnet Targeting Minecraft Servers Poses Potential Enterprise Threat
FROM THE MEDIA: The persistence and spread of a newly identified botnet targeting private Minecraft Java servers has far wider ramifications for enterprises than bumming out a Biome. Microsoft researchers revealed in a report published Dec. 16 that this new botnet is used to launch distributed denial-of-service (DDoS) attacks on Minecraft servers, which might sound like kid stuff. But enterprises should take note because of the botnet's ability to target both Windows and Linux devices, spread quickly, and avoid detection, the Microsoft team added. It starts with a user downloading a malicious downloads of "cracked" Windows licenses.
READ THE STORY: DARKReading
How Well Is China Advancing Its Interests in Southeast Asia
FROM THE MEDIA: Xi Jinping traveled to Southeast Asia last month to attend the G20 summit in Bali before moving on to the Asia-Pacific Economic Cooperation (APEC) Economic Leaders’ meeting in Bangkok. The meetings came on the heels of Premier Li Keqiang’s appearance at the ASEAN summit, where he repeatedly underscored the “shared future” of Southeast Asia and China. But what does that shared future look like? For 13 years, China has been Southeast Asia’s largest trading partner. Chinese roads, Chinese factories, and Chinese infrastructure projects have spread across the region.
READ THE STORY: China File
Drones critical to US info-warfare playbook
FROM THE MEDIA: The three-star general spearheading the U.S. Air Force’s information warfare efforts foresees a sustained future for drones in the military, as nations monitor, analyze and attempt to outfox each other from greater and greater distances. Asked Dec. 15 if he thinks uncrewed aerial systems will “become important” to his organization, Lt. Gen. Kevin Kennedy, the commander of the 16th Air Force (Air Forces Cyber), told the Department of Defense Intelligence Information System Worldwide Conference in San Antonio: “Yes.”
READ THE STORY: C4ISRNET
Items of interest
MasterCard and Azerbaijani banks test new service against cyber threats
FROM THE MEDIA: MasterCard, in cooperation with the Azerbaijani banks, started to implement a project to prevent cyber threats, General Manager of Mastercard in Azerbaijan and Türkiye Avsar Gurdal told Trend. According to him, pilot work is being done on the testing and integration of a service that is able to identify the activities done either by an outside cybercriminals or bank customers. "MasterCard, like Azerbaijani banks, is aimed at ensuring a sustainable digital monetary environment, as well as the security of performing transactions on them.
READ THE STORY: Trend
Self-Learning Reverse Engineering in 2022 (Video)
FROM THE MEDIA: There exist some awesome tools nowadays to accelerate your self-education for reverse engineering. godbolt and dogbolt are amazing to quickly learn basic assembly and reversing.
Google CTF - BEGINNER Reverse Engineering w/ ANGR (Video)
FROM THE MEDIA: BEGINNER Reverse Engineering w/ ANGR.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com