Tuesday, January 03, 2023 // (IG): BB // THM:Windows RE // Coffee for Bob
Let’s call AI what it really is: Faux Intelligence
FROM THE MEDIA: Pomona College business and investments prof Gary Smith warns Salon readers not to be too gullible about what human-sounding chatbots really amount to. He notes that in the 1960s, a pioneer chatbot called ELIZA convinced many psychiatric patients that they were interacting with a real psychiatrist. The machine simply repeated back their statements as questions, a popular psychiatric technique at the time because it generated more and more discussion — from the patient. The patients’ belief that they were interacting with a human being came to be called the Eliza effect. Has much changed? “If you play around with GPT-3 (and I encourage you to do so) your initial response is likely to be astonishment—a full-blown Eliza effect. You seem to be having a real conversation with a very intelligent person. However, probing deeper, you will soon discover that while GPT-3 can string words together in convincing ways, it has no idea what the words mean. Predicting that the word down is likely to follow the word fell does not require any understanding of what either word means — only a statistical calculation that these words often go together…”
READ THE STORY: MindMatters
RedZei Chinese Scammers Targeting Chinese Students in the U.K.
FROM THE MEDIA: Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei (aka RedThief). "The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation," cybersecurity researcher Will Thomas (@BushidoToken) said in a write-up published last week. The most notable aspect about the operation is the steps taken by the threat actors to bypass steps taken by users to prevent scam calls, using a new pay-as-you-go U.K. phone number for each wave so as to render phone number-based blocking ineffective. Thomas, pointing out the meticulous tradecraft employed by the scammers, said the threat actor alternates between SIMs from several mobile carriers such as Three, O2, EE, Tesco Mobile, and Telia.
READ THE STORY: THN
Ransomware impacts over 200 govt, edu, healthcare orgs in 2022
FROM THE MEDIA: Ransomware attacks in 2022 impacted more than 200 hundred larger organizations in the U.S. public sector in the government, educational, and healthcare verticals. Data collected from publicly available reports, disclosure statements, leaks on the dark web, and third-party intelligence show that hackers stole data in about half of these ransomware attacks. Based on available data, the ransomware threat in the U.S. struck 105 counties, 44 universities and colleges, 45 school districts, and 24 healthcare providers. Cybersecurity company Emisoft compiled these statistics underlining that not all victims - less in the public and to a higher degree in the private sector - disclose such incidents and some of them may have missed the researchers. As such, the numbers in the end-of-the-year report on the state of ransomware in the U.S. should be considered conservative as they cannot be used to accurately form a trend.
READ THE STORY: BleepingComputer
LockBit ransomware attacks port infrastructures, releases free decryptor for children's hospital
FROM THE MEDIA: LockBit is a "ransomware-as-a-service" operation where the malware creators and operators manage the backend, while affiliated "partners" breach victims' networks. Sometimes, this chain of operations can lead to a clash between parties – especially when the affiliates go against the ransomware's formal business policy. It's been a busy end of year for LockBit, the infamous ransomware operation offering its encryption capabilities to script kiddies and other interested partners in crime. The ransomware was first responsible for an attack against the Port of Lisbon Administration, which manages Portugal's third-largest port and one of the most accessed ports in Europe. The Port of Lisbon was targeted by LockBit on December 25, but according to the port's administration, no operational activity was compromised.
READ THE STORY: TechSpot // engadget
Check Point teams with Intel for processor-level anti-ransomware security
FROM THE MEDIA: Cybersecurity firm Check Point Software Technologies Ltd. has extended a collaboration with Intel Corp. to offer enhanced anti-ransomware capabilities for Check Point Harmony customers. Under the collaboration, the Intel vPro platform’s threat detection technology will be available within Check Point Harmony Endpoint. The pairing provides enterprises with processor-level anti-ransomware security at both the hardware and software levels at no extra cost. The problem being addressed is a well-known one: Cyber criminals are becoming more creative in their attacks. Check Point recorded a 42% global increase in cyberattacks in 2022, with ransomware identified as the No. 1 threat. The company argues that “prevention first” continues is the best cybersecurity strategy because once an attack happens, it can be challenging to repair the damage to the victim and its reputation.
READ THE STORY: siliconANGLE
PyTorch Machine Learning Framework Compromised with Malicious Dependency
FROM THE MEDIA: The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a dependency confusion attack. "PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary," the PyTorch team said in an alert over the weekend. PyTorch, analogous to Keras and TensorFlow, is an open source Python-based machine learning framework that was originally developed by Meta Platforms. The PyTorch team said that it became aware of the malicious dependency on December 30, 4:40 p.m. GMT. The supply chain attack entailed uploading the malware-laced copy of a legitimate dependency named torchtriton to the Python Package Index (PyPI) code repository.
READ THE STORY: THN
Ransomware Gang Says It Leaked Data from Xavier University Students, Staff
FROM THE MEDIA: A ransomware gang with international reach is claiming that it leaked sensitive personal data belonging to Xavier University students and employees, apparently after university officials refused to meet their demands. Vice Society, which is known for targeting school systems and higher education institutions, made that claim around Dec. 20, according to Brett Callow, a threat analyst with the cybersecurity firm Emsisoft who monitors ransomware attacks. The breach occurred on Nov. 22, according to Xavier President Reynold Verret's email to the university community on Dec. 22. Based on past cases, Callow said the information could include payroll, personal finances, Social Security numbers, disciplinary actions and misconduct allegations. Xavier officials declined comment about the alleged leak.
Callow said those affected could now be exposed to a range of identity-related fraud crimes. He said it is critical that the university notify the affected people of the specific information that was stolen, so they can assess their risk.
READ THE STORY: GOVTECH
Experts Warn ChatGPT Could Democratize Cybercrime
FROM THE MEDIA: A new artificial intelligence bot that has quickly become very popular could be utilized by cybercriminals for nefarious purposes, including learning how to craft attacks and write ransomware. ChatGPT was released last month and has already surpassed one million users on the platform. The chatbot leverages vast volumes of data spanning the internet to answer questions with apparent authority in natural language. Security researchers have warned that the software could be leveraged by aspiring cybercriminals. Picus Security co-founder Suleyman Ozarslan was able to use the ChatGPT bot to create a convincing World Cup phishing campaign and write macOS ransomware. The bot did flag that the phishing script could be used for bad purposes, however, the script was still produced. ChatGPT is programmed not to write ransomware directly, but Ozarslan stated that he was still able to get results.
READ THE STORY: OODALOOP
Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients
FROM THE MEDIA: A healthcare provider located in southwest Louisiana has reportedly suffered from a data breach that compromised patient medical and personal information. The Lake Charles Memorial Health System (LCMHS) is informing patients that their data was exposed during the attack, which was identified on October 25. The healthcare provider began notifying patients on December 23. LCMHS posted a notification to its website confirming the attack and stating that an unauthorized third party had gained access to its network in the days before it identified the attack. Stolen information allegedly includes details such as names, addresses, birth dates, health insurance information, medical record numbers, patient identification numbers, payment data, treatment details, and in some cases, Social Security numbers. Roughly 270,000 individuals were impacted by the incident. Although LCMH has not confirmed the culprit or type of attack, the Hive ransomware gang claimed responsibility.
READ THE STORY: OODALOOP
North Korean hackers are posing as venture capital firms to steal crypto
FROM THE MEDIA: North Korea's infamous Lazarus Group is mimicking venture capital firms and banks to steal cryptocurrency, according to a report from cybersecurity company Kaspersky. The state-sponsored cybercrime group, which was was behind the $625 million Axie Infinity hack in April, is creating domains that present themselves as well-known Japanese, US and Vietnamese companies. Kaspersky said Lazarus' BlueNoroff subgroup is using new types of malware delivery methods that bypass security warnings about downloading content. They can then "intercept large cryptocurrency transfers, changing the recipient's address, and pushing the transfer amount to the limit, essentially draining the account in a single transaction." While BlueNoroff has been quiet for most of the year, Kaspersky researchers said there's been a recent uptick in activity. The FBI flagged the North Korean group in an alert in April.
READ THE STORY: Business Insider (South Africa)
Hacking Device Causes Bomb Scare in Paris, Leaves More Questions Than Answers
FROM THE MEDIA: On December 30, 2022, French authorities were conducting a security checkpoint outside of the Strasbourg Saint-Denis metro station in Paris when they stopped a vehicle for a routine check. Upon inspecting the vehicle, officers discovered a suitcase in the trunk that contained wires and antennas, according to the French media outlet el Parisien. Bomb squad units, unaware of what the device was at the time, decided to do a controlled detonation to destroy it, believing it was an explosive device. The driver, an unidentified woman, was arrested for being under the influence of narcotics. The vehicle, which was not registered under her name, was confiscated by authorities. The next day, French journalist Amaury Bucco reported on Twitter that police launched an investigation into the incident because “the box contained professional spy equipment.”
READ THE STORY: Atlas News
North Korea Earns Foreign Currency Through a Shadow IT Industry
FROM THE MEDIA: The South Korean government recently announced a warning regarding North Korea IT personnel with the goal of preventing North Korea from earning foreign currency through cyberspace. North Korean IT personnel reportedly account for a growing portion of the country’s effort to secure cash for its nuclear and missile programs. So, what are these IT experts doing? And how are they living? In December 2022, Daily NK interviewed Mr. A, a cadre who monitors North Korean IT personnel in China. He is tasked with surveilling the movements of North Korean IT personnel, who operate in small groups of 10 to 20, as well as those of the cadres who manage them, and reporting his findings up the chain of command. Since Mr. A regularly watches over how they live, he could tell Daily NK in detail how North Korean IT personnel in China are earning foreign currency, what their living environment is like, and which difficulties they must contend with.
READ THE STORY: The Diplomat
The spy agency origins of NASA’s next powerful planet-hunting observatory
FROM THE MEDIA: A Former spy satellite is now being overhauled by NASA to search for planets beyond the solar system. Once operational—the space agency plans to launch the craft within the next five years—it could reveal the origins of life itself by hunting for planets in the distant reaches of their solar systems. Now that the James Webb Space Telescope has finally launched and is in full science operation mode, the astronomical community is looking with eager anticipation to the next major launch, the Nancy Grace Roman Space Telescope. Among other directives, the Roman will be an exoplanet hunter extraordinaire, revealing key information about the formation of solar systems and planets like our own. But, initially, it looked like the mission would never happen.
READ THE STORY: POPSCI
Russia slams Eutelsat over channel bans
FROM THE MEDIA: Russia says the banning by regulators of broadcasting Russian channels by the likes of Eutelsat is a restriction on the freedom of speech. Russian Foreign Ministry spokeswoman Maria Zakharova, speaking on December 29th, said that the West’s crackdown on Russian media was not only “a flagrant violation” of freedom of speech, but was also “discriminatory in nature.” In December French media regulator Arcom ordered satellite operator Eutelsat to stop broadcasting Channel One Russia, Rossiya 1, and other NTV channels. Zakharova said the French operator was “under apparent pressure from the authorities.” Zakharova said the ban was “another testament that the Western ideal democratization model is in fact no more than a tool for achieving foreign policy goals,” adding, “Moscow is outraged by the new steps taken by Paris aimed at introducing more and more broadcasting bans on Russian media, both on its territory and in the EU as a whole.”
READ THE STORY: Advanced Television
Uttarakhand cyber cell identifies 80 fake loan apps with links to 'Chinese handlers'
FROM THE MEDIA: Uttarakhand state cyber cell has received a total of 246 complaints of fraud related to loan apps in the last two years, as per police. Upping the action, the cell has now identified at least 80 such loan apps, with links to "Chinese handlers", to get them blocked from the Centre. The information was shared by an officer of the state cyber cell during which he said that the "extensive probe" was initiated after the cell received a complaint from a Dehradun man who was "harassed by the loan app firms for repaying the loan he took from them at an interest of 50%." The officer, requesting anonymity, said that while probing the case, the cyber cell filtered around 80 such loan apps. "Once the victims fall into their trap, these apps harass them to repay the loan at a hefty interest rate.
READ THE STORY: The Times of India
Germany is prepared for projected increase in Russian spy activity
FROM THE MEDIA: Russian FI activities in Germany have increased exponentially since the start of the war in Ukraine, and are projected to further-increase in 2023, according to the head of German counterintelligence. In an interview on Monday with the German Press Agency (DPA), Thomas Haldenwang, director of the Federal Office for the Protection of the Constitution (BfV), also warned that China, Iran and Turkey are intensifying their intelligence activities inside Germany. In April of last year, the German government expelled 40 members of the diplomatic staff from Russia’s embassy in Berlin. It is believed that the majority of those expelled were intelligence officers operating under official cover. According to Haldenwang, the Kremlin has taken steps to compensate for the loss of its intelligence presence in Germany.
READ THE STORY: Intelnews
How toxic is TikTok to America’s national security
FROM THE MEDIA: National security has made its way out of the five walls of the Pentagon into our daily lives as it’s plastered all over mainstream media with global conflicts, including the high-profile war in Ukraine. While most people tend to associate national security and defense with the military-industrial complex, missiles, weapons, fighter jets, etc., space and cyber domains are the future of warfare, and both have a significant impact on our critical infrastructure. Critical infrastructure encompasses everything from banking and finance to electricity and health care, which would leave us paralyzed as a country if a breach occurs in any of these branches. So how does this all relate to a commercial company called TikTok?
READ THE STORY: Washington Times
Los Angeles’ Housing Authority hit by LockBit
FROM THE MEDIA: If folks in Los Angeles were upset about the ransomware incident involving the Los Angeles Unified School District, they might want to buckle up before reading this: It appears that LockBit 3.0 has managed to compromise and exfiltrate data from the Housing Authority of the City of Los Angeles (HACLA). Municipal housing authorities collect and store a great deal of personal information on residents and landlords, and HACLA’s site can be used to apply for housing, pay rent, or other functions that involve personal data. The screencaps LockBit posted as proof of access suggest that this leak, if and when it happens, may affect many people who sought housing assistance from the city and may also impact employees.
READ THE STORY: Data Breaches
The Importance of Cyber Threat Intelligence
FROM THE MEDIA: As a result of collecting, analyzing, and processing information security or cybersecurity — data, cyber threat intelligence is compiled into aggregated knowledge and insight. In order to shift a company's cybersecurity stance from a reactive to a proactive stance, an organization must analyze threat actors' behavior (both passive and active), attack targets, and motives. When addressing cyberattacks, threat intelligence allows organizations to make quick, data-driven, real-time security decisions. With this advanced knowledge, the security team can make preemptive changes before an attack actually crosses the threshold of an organization, creating custom barriers specifically for the suspected attackers.
READ THE STORY: Enterprise Security
What is the Pentagon Doing with Record R&D Appropriations
FROM THE MEDIA: House and Senate conferees on their own, upped the Defense Department’s fiscal 2023 research and development appropriations to $140 billion. That’s $10 billion higher than the Biden administration’s original request of $130 billion, which already was the largest R&D budget number in DoD history. The DoD R&D amount in the omnibus spending bill that President Biden signed December 29 was $5 billion more than the figure earlier approved by the Senate and $8 billion above the amount that passed the House. That unusual action of the conferees is one of a number of interesting issues raised in the 329-page summary statement released last week describing what was done in the Defense Department fiscal 2023 appropriations section of the 4,155-page Consolidated Appropriations Act of 2023.
READ THE STORY: The Cipher Brief
Items of interest
MasquerAds — The Latest Malware Campaign That Leverages Google Ads
FROM THE MEDIA: MasquerAds uses the reach and credibility of the most powerful search engine (Google) and well-regarded software firms (such as Grammarly) to inflict lethal attacks. It further uses reputable file-sharing services (such as Dropbox) to carry the downloadable, malicious malware. Intended victims of this campaign are primed users looking for a direct, free solution to an existing problem. For instance, users who download Grammarly to quickly correct errors on a file. Few would ever suspect the top findings on Google’s SERP to be fake — the kind of trust level in these services that the threat actors seek to exploit through a simple redirect. This campaign is far from trivial, considering Google Ads revenue was USD 209 billion in 2021. Since businesses of all types rely on Google Ads to market their services, campaigns like these contain far-reaching business implications. In such circumstances, business owners and network administrators have a vital role to play.
READ THE STORY: TechGenix
HackadayU: Reverse Engineering with Ghidra Class 1 (Video)
FROM THE MEDIA: HackadayU: Reverse Engineering with Ghidra Class 1.
HackadayU: Reverse Engineering with Ghidra Class 2 (Video)
FROM THE MEDIA: This is Class 2 in Reverse Engineering with Ghidra taught by Matthew Alt. Learn with us: https://www.hackaday.io/u.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com