Wednesday, December 28, 2022 // (IG): BB // THM:Windows RE // Coffee for Bob
Cargo ship grounding and AIS/GPS glitches
Analyst Comments: U.S. Maritime Advisory 2022-005 : Instances of significant GPS interference have been reported worldwide in the maritime domain. This interference can result in lost or inaccurate GPS signals affecting bridge navigation, GPS-based timing, and communications equipment (include satellite communications equipment). Over the last six months, areas from which multiple instances have been reported include the eastern and central Mediterranean Sea, Persian Gulf, and the Red Sea. The U.S. Coast Guard Navigation Center (NAVCEN) web page, https://navcen.uscg.gov/gps-problem-report-status, contains a chronological list of recently reported GPS problems. Noted interference but no persons or country has been identified.
FROM THE MEDIA: General cargo ship DOLPHIN 15 was reported by Armed Forces of Philippines Command to run aground on Balabac island SW coast, Palawan Province, Philippines, at night Dec 26. The ship according to report, was on her way to Vietnam and anchored off Balabac southwest coast as early as Dec 21, to wait out rough weather in South China sea. On Dec 26 her anchor dragged, and she drifted aground. All 17 crew were evacuated, all are safe. Interesting part is ship’s AIS track and latest AIS positions – according to them, DOLPHIN 15 is under way off southern Vietnam coast. AIS/GPS glitch? Probably. In Novorossiysk Russia, AIS ran amok and positioned seven crude oil tankers and three dry cargo ships in airport, on Dec 25-26. Glitches occur more and more often, in all parts of the world.
READ THE STORY: FleetMon
Russia and China are fueling web wars to divide Americans
FROM THE MEDIA: American adversaries not only hack our computers, but they also hack our minds. As Russian oligarch and Vladimir Putin confidant Yevgeny Prigozhin openly stated in early November regarding US elections, “Gentlemen, we interfered, we are interfering and we will interfere.” But Russia and China aren’t solely interested in elections. They want to destabilize American society by using our own freedoms against us. It is high time we call these foreign information operations what they are: psychological warfare against the United States. According to Russian Defense Minister Sergei Shoigu, “Propaganda should be smart, competent and effective.” To that end, in 2017, the Kremlin established special “information operations forces” within the Russian military to craft a “new cyber army.” Putin has also allocated increased resources to troll farms, such as the notorious Internet Research Agency (IRA); the IRA uses fake social media accounts to foment division abroad. These efforts are part of the Kremlin’s coordinated, heavily financed effort to undermine democracy.
READ THE STORY: NYPOST
BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
FROM THE MEDIA: BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web (MotW) protections. This includes the use of optical disk image (.ISO extension) and virtual hard disk (.VHD extension) file formats as part of a novel infection chain, Kaspersky disclosed in a report published today. "BlueNoroff created numerous fake domains impersonating venture capital companies and banks," security researcher Seongsu Park said, adding the new attack procedure was flagged in its telemetry in September 2022. Some of the bogus domains have been found to imitate ABF Capital, Angel Bridge, ANOBAKA, Bank of America, and Mitsubishi UFJ Financial Group, most of which are located in Japan, signaling a "keen interest" in the region.
READ THE STORY: THN // DECRYPT
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
FROM THE MEDIA: Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion vector. Weaponized Office documents delivered via spear-phishing emails and other social engineering attacks have remained one of the widely used entry points for criminal groups looking to execute malicious code. These documents traditionally prompt the victims to enable macros to view seemingly innocuous content, only to activate the execution of malware stealthily in the background.
READ THE STORY: THN
Piers Morgan’s Twitter Account Hacked, Spews Offensive Posts for Nearly an Hour
FROM THE MEDIA: Piers Morgan’s Twitter account was hacked overnight and spewed a series of crass and racist comments for nearly an hour before it was shut down and wiped clean. The feed for British TV commentator’s program on Sky, “Piers Morgan Uncensored,” posted a screenshot of his now-blank profile, stating, “In case you were wondering, @piersmorgan has been hacked.” In addition to removing the F-word and N-word strewn comments, Twitter wiped clean all other posts Morgan has shared with his 8.3 million followers since he joined the platform in November 2010. “Any chance of getting him back, @elonmusk?” the “Piers Morgan Uncensored” post asked Twitter’s owner.
READ THE STORY: Yahoo News
Okta Source Code Stolen in Raid on GitHub Repositories
FROM THE MEDIA: Third-party authentication service provider Okta is once again in cybersecurity trouble as the company’s GitHub repositories have been hacked. There does not appear to be any impact to Okta clients, but the service source code appears to have been stolen in the breach. An email notification sent from Okta’s Chief Security Officer (CSO) David Bradbury to a list of “security contacts” was leaked to the media, and it indicates that the Okta GitHub repositories were breached sometime in early December and that the activity indicates that service source code was stolen. The notification also reassures these contacts that customer information and logins were not impacted, and that there was no unauthorized access to the service.
READ THE STORY: CPOMAG
North Korea Hacked 892 South Korean Foreign Policy Experts
FROM THE MEDIA: North Korean hackers carried out cyberattacks on at least 892 South Korean foreign policy experts, and also attacked shopping malls with ransomware, South Korean authorities say. The attacks, which mainly targeted think tank experts and professors, tricked some of the victims into signing into fake websites that exposed their login details to attackers, the South China Morning Post reports(Opens in a new window). According to the National Police Agency, the hackers in May sent spear-phishing emails from accounts that posed as South Korean political figures, including a secretary from the office of Tae Yong-ho of the governing People Power Party. The emails included links to fake websites or a malware-laden attachments.
READ THE STORY: PCMAG
The new space race could turn science fiction into reality
FROM THE MEDIA: The last few years have been marked by trade wars and hot wars. This year may bring with it star wars, as space — the “final economic frontier” — becomes the focus of a global race for dominance by both public and private actors. Elon Musk’s SpaceX, Jeff Bezos’ Blue Origin, Orbital ATK, ViaSat, SES, OneWeb and more than 10,000 other commercial space companies have grown over the past two decades into a burgeoning sector known as “new space,” dedicated to growing private space access and space station servicing to satellite operations, defense technology, data analytics and even more speculative areas like space tourism, manufacturing and asteroid mining. SpaceX is the best known new space player, having launched thousands of satellites for both public and private use.
READ THE STORY: FT
Maritime safety information approved over Iridium and Inmarsat GMDSS
FROM THE MEDIA: International law requires mariners to have a terminal capable of receiving MSI such as navigation and meteorological warnings, throughout their voyage including when vessels move outside the range of services known as Navtex, which sends safety updates automatically via radio. Satellite services recognized by IMO are used beyond the range of Navtex. Inmarsat has provided these services through its constellation of geostationary orbit satellites since the introduction of GMDSS and Iridium has recently introduced an IMO-approved GMDSS service for emergency communications and MSI distribution over its low Earth orbit satellites.
READ THE STORY: Riviera
Ukraine aims to develop air-to-air combat drones, minister says
FROM THE MEDIA: Ukraine has bought some 1,400 drones, mostly for reconnaissance, and plans to develop combat models that can attack the exploding drones Russia has used during its invasion of the country, according to the Ukrainian government minister in charge of technology. In a recent interview with The Associated Press, Minister of Digital Transformation Mykhailo Fedorov described Russia’s war in Ukraine as the first major war of the internet age. He credited drones and satellite internet systems like Elon Musk’s Starlink with having transformed the conflict. Ukraine has purchased drones like the Fly Eye, a small unmanned aerial vehicle used for intelligence, battlefield surveillance and reconnaissance.
READ THE STORY: Boston Globe
Elon Musk’s Satellite Internet Receivers Are in Iran, but It’s Not a Definitive Solution
FROM THE MEDIA: The Iranian government restricts access to the internet to manipulate and control the narrative both inside and outside of the Islamic Republic. Close to 100 Starlink stations are in place in Iran to provide Iranians with internet service that is not subject to the Islamic Republic’s restrictions and control. “Approaching 100 Starlinks active in Iran,” Elon Musk tweeted on Monday. But the attempt to provide Iranians with restrictions-free internet faces various obstacles before it can become a real solution to the blockade on free information flow in the country. Starlink, operated by SpaceX, a company owned by Elon Musk, is a network of low-orbit satellites that transmit internet service to receivers on the ground. The satellites were activated in Iran in September, shortly after the beginning of the protests sparked by the death of the young Kurdish Iranian woman Mahsa Amini while in the custody of the morality police. According to reports, the receivers, which Elon Musk says now number almost 100, began to be smuggled into Iran in October.
READ THE STORY: The Media Line
Canada’s largest children’s hospital struggles to recover from pre-Christmas ransomware attack
FROM THE MEDIA: Toronto’s Hospital for Sick Children, Canada’s largest pediatric health center, is still recovering from a ransomware attack that began on December 18. The hospital, which is attached to the University of Toronto, initially said the attack affected several network systems but did not discontinue patient care. Despite that, the healthcare organization declared the incident a “code grey” – which they said represented a “system failure.” Officials later confirmed that it was a ransomware attack but said there was “no evidence” that the personal information of patients had been compromised. “At this time, the incident appears to have only impacted a few internal clinical and corporate systems, as well as some hospital phone lines and webpages. Downtime procedures have been activated where needed,” the hospital said.
READ THE STORY: The Record
TikTok banned from House of Representatives devices
FROM THE MEDIA: TikTok will be banned from all devices managed by the House of Representatives, the chamber’s Chief Administrative Office announced Tuesday. The agency’s Office of Cybersecurity has “deemed The TikTok mobile application to be a high risk to users due to a number of security risks,” the CAO said in an email. Staffers “are NOT allowed to download the TikTok app on any House mobile devices” and the app is “NOT allowed on House mobile devices,” the message stated. “If you have the TikTok app on your House mobile device, you will be contacted to remove it,” the email warned. Earlier this year the CAO warned that TikTok posed a risk on Capitol Hill because it “actively harvests” biometric data and other sensitive user information. TikTok refuted the claims, writing in a response letter that the advisory contained “factual inaccuracies.”
READ THE STORY: The Record
Russia winning the electronic war in Ukraine
FROM THE MEDIA: Russia may already be gaining the upper hand over the electronic war in Ukraine, knocking out the latter’s drones and potentially blinding its artillery. In an article this month in Forbes, David Axe cites a November report by the Royal United Services Institute (RUSI) that Russian electronic warfare (EW) capabilities have knocked out the majority of Ukraine’s drones, with the average lifespan of a small quadcopter drone reduced to three flights, and that of fixed-wing models to six. According to the RUSI report, 90% of the thousands of drones Ukraine managed to amass before Russia’s invasion in February were shot down or crashed by summer, forcing Ukraine to request replacement drones and fighter jets from the US and the North Atlantic Treaty Organization.
READ THE STORY: Asia Times
Attacks on U.S. power grid surges to new peak
FROM THE MEDIA: Attacks on the U.S. power grid increased in 2022, and local electric utility companies are preparing their security systems for any threats. According to reporting by Politico, there have been 101 physical and cyber attacks on equipment that delivers electricity nationwide just through August of 2022, which is the highest number of attacks since 2012. In 2021, 97 attacks were recorded throughout the entire year. This year’s data does not include a recent shooting on two substations in North Carolina, which left 45,000 people without power, or a physical attack on four substations in Washington, which left 14,000 people without power on Christmas Day. Northern Electric Communications Director Ben Dunsmoor said these attacks have caught electric utility companies’ attention.
READ THE STORY: Dakota News Now // CBS 58 // Cyber Security Insiders
Ransomware Attack on The Guardian Hits Print Production, Internal Business Systems
FROM THE MEDIA: One of Britain’s most popular newspapers, The Guardian, is reporting that a suspected ransomware attack is causing some internal network trouble. The online publishing component does not appear to be impacted, but a recent article indicates that some of its infrastructure has been disrupted. The article did not provide full details, but implied that print production may have been affected in some way. However, it also offered the assurance that print runs would likely make it to market as scheduled. Staff were instructed to work from home for the week as the incident was remediated by the in-house IT team. The paper’s report on the ransomware attack characterized it as “serious” despite it seemingly not stopping online or offline production of the paper, and only alluded to parts of the internal IT infrastructure being impacted.
READ THE STORY: CPOMAGAZINE
Albania and Iran in cybersecurity stand-off – September 2022 in review
FROM THE MEDIA: A cybersecurity showdown between two national governments made a splash in September. We start our look at September 2022’s headlines in Tirana. Cyber warfare spilled over into real life in September, when an empty Iranian embassy building in Albania’s capital city Tirana was raided by counter-terrorism police as officers searched for evidence of links to a cyberattack carried out on the Baltic nation in July. The hack caused Albania to sever diplomatic ties with Iran. The Albanian government decided to take bold action after the hack, which forced the government to shut down a number of services and saw politicians’ data released to the public.
READ THE STORY: TechMonitor
DOJ launches criminal investigation into FTX hack
FROM THE MEDIA: The U.S. Department of Justice has launched a criminal probe into the November hacking of FTX Trading Ltd., Bloomberg reported today. The probe is reportedly separate from the criminal charges brought against FTX founder Sam Bankman-Fried. Following the cryptocurrency exchange’s collapse last month, the Justice Department filed an eight-count indictment against Bankman-Fried. Two other senior executives at FTX and its sister hedge fund Alameda Research have since pleaded guilty to fraud. FTX filed for bankruptcy protection on Nov. 11 after a bank run exposed a $8 billion shortfall in its balance sheet.
READ THE STORY: SiliconAngle
Russia Is Conducting A Relentless Cyberattack Against Ukraine
FROM THE MEDIA: The cybersphere is quickly emerging as one of the primary theatres for hybrid combat. Due to the increased reliance on communications and information technology, malicious actors have developed a keen interest in the online world, giving rise to terms like “cyberattacks,” “cyberwarfare,” and “cyberterrorism.” An Increased emphasis on cyberattacks is necessary in light of the developing Ukrainian conflict. Over the past ten years, there have been a significant surge in cyberattacks on a global scale. Over the past ten years, Ukraine has consistently been the target of cyberattacks, many of which are ascribed to Russia. It experienced 397,000 assaults in 2020 and about 280,000 assaults in the first 10 months of 2021. Because of how widespread the attacks were, the EU dispatched a Cyber Rapid Response Team to offer assistance. How frequently cyberattacks will be utilized in the ongoing conflict in Ukraine is yet unknown.
READ THE STORY: Eurasia Review
Russian Foreign Ministry: NATO distributing digital weapons uncontrollably through Ukraine
FROM THE MEDIA: Russia said Wednesday that the NATO was carrying out an uncontrolled distribution of digital weapons through Ukraine.
Russian Deputy Foreign Minister Oleg Syromolotov believed that Ukraine poses threats in the information space and they are of a "universal nature."
He said that NATO "in fact, is carrying out an uncontrolled distribution of digital weapons through this country today." "This is fraught with unpredictable consequences for all members of the international community: today Russia is in sight, and tomorrow any other state objectionable to Washington could be in our place," Syromolotov told RIA Novosti news agency.
Syromolotov previously noted a multiple increase in cyber attacks against Russian information resources and infrastructure facilities after the start of the Russian military operation in Ukraine. According to him, most attacks are recorded from North America and the European Union.
READ THE STORY: Gulf Times
Cyberattacks are already deadly in the U.S. — at hospitals
FROM THE MEDIA: Cyberattacks are getting deadlier — and hospitals on the frontline are straining under increasing attacks. As the Covid-19 pandemic swept the world over the past three years, cybercriminals took advantage of the chaotic situation and repeatedly shut down hospitals’ networks at a time when they were least able to respond. That has meant curtailed emergency services, canceled operations and more deaths. As cyberstrikes take lives, it’s changing the calculation for how to respond to devastating hacks both at facilities inside the U.S. and in international conflicts like Ukraine. Cyberattacks have long been treated as a lower level of warfare than missile strikes, but as they hit hospitals and get more lethal, that could be changing.
READ THE STORY: POLITICO
Rogue geoengineering startup attempts to affect atmosphere despite warnings
FROM THE MEDIA: Crossing a controversial barrier in the realm of solar geoengineering, Make Sunsets claims to have launched weather balloons that may have sprayed reflective sulfur particles into the stratosphere. Geoengineering, which imitates a natural process that takes place in the wake of significant volcanic eruptions, refers to purposeful efforts to modify the climate by reflecting more sunlight back into space. Spraying significant amounts of sulfur and related particles has, In theory, the ability to reduce global warming. Technically, releasing such substances into the stratosphere is not difficult, but a vast majority of scientists have avoided performing even small-scale outside studies. It's unclear whether anyone has yet conducted research on geoengineering that involves injecting materials into that particular stratum of the atmosphere.
READ THE STORY: JPOST
Items of interest
Russia and Africa: Who is Courting Whom
FROM THE MEDIA: The South African Institute of International Affairs has put into circulation its latest policy report on Russia-African relations. In the introductory chapter, Steven Gruzd, Samuel Ramani and Cayley Clifford – have summarized various aspects of the developments between between Russia and Africa over the past few years and finally questioned the impact of Russia’s policy on Africa. According to Steven Gruzd, Samuel Ramani and Cayley Clifford, this special far-reaching policy report includes academic research from leading Russian, African and international scholars. It addresses the dimensions of Russian power projection in Africa, new frontiers of Russian influence and provides a roadmap towards understanding how Russia is perceived in Africa.
READ THE STORY: Modern Diplomacy
Automating My Life with Python: The Ultimate Guide (Video)
FROM THE MEDIA: We are going to be building some fun things with Python that can actually help automate tasks in your life!
Ghidra — Beyond the Code (Video)
FROM THE MEDIA: Dr. Josiah Dykstra, host of NSA's Cybersecurity Speaker Series, speaks with NSA Senior Researcher and member of the Ghidra development team, Brian Knighton, about Ghidra. The free and open source reverse engineering tool was developed at NSA and has seen many uses over the past few years. From research on the resilience of vehicles to cyber-threats, to making cybersecurity more accessible to students from all backgrounds, Dr. Dykstra and Knighton discuss it all.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com