Monday, January 09, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
FROM THE MEDIA: In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles. The malicious code, as is increasingly the case, is concealed in the setup script (setup.py) of these libraries, meaning running a "pip install" command is enough to activate the malware deployment process. The malware is designed to launch a PowerShell script that retrieves a ZIP archive file, install invasive dependencies such as pynput, pydirectinput, and pyscreenshot, and run a Visual Basic Script extracted from the archive to execute more PowerShell code.
READ THE STORY: THN
America’s Aggressive Chip Strategy Forces China Into a Corner
FROM THE MEDIA: China’s government is protecting some of its chipmakers by spending lavishly to shore them up, just as weak demand is making it hard for chip manufacturers across the globe. But China’s semiconductor industry also faces a problem that its counterparts elsewhere don’t have to worry about: unremitting hostility from the US government. Beijing could try to spend its way out of that problem, too, but there may be things about cutting-edge semiconductor production that money can’t buy. China’s chip industry has always lagged behind the US’s, and it has relied on Western technologies for the most advanced semiconductors, chipmaking equipment and knowledge. After years of mounting tension, the Biden administration spent much of 2022 coming up with ways to cut off China from such technology, as it attempted to slow down its advancement in chips, artificial intelligence applications and military tech.
READ THE STORY: Bloomberg
Threat Actors Spread RAT Via Pokemon NFT Card Site
FROM THE MEDIA: Security experts have warned of a new phishing campaign which uses the popularity of Pokemon and NFT to lure users into unwittingly downloading a remote access tool (RAT). The spoofed Pokemon card game page was spotted by South Korea’s AhnLab Security E-response Center (ASEC). As well as the game itself, the site reportedly offers links to purchase Pokemon-branded NFTs. ASEC said the “Play on PC” button located on the phishing page covertly installs a version of the popular RAT NetSupport. However, the vendor described it as “malware” because the tool “was not distributed in a form used for normal purposes but rather in a form designed for the threat actor to control the infected system.” Also distributed via spam emails and other impersonated brands such as Visual Studio, the malicious tool has apparently been in circulation since around December 2022.
READ THE STORY: InfoSecMag
Hack The Box Raises $55 Million From One of the Mega-Funds in the World
FROM THE MEDIA: Founded in 2017 by Haris Pylarinos (CEO), Aris Zikopoulos (CCO), and James Hooker (CTO), Hack The Box has to date raised nearly $15M from international VCs including Osage University Partners, the first and biggest Edtech VC in Europe – Brighteye Ventures, and the early-stage Greek investor – Marathon Venture Capital. Hack the Box was launched with the idea that cybersecurity skills should be developed through hands-on practice rather than by reading books and obtaining certifications, and the co-founders did that by creating an online space, imitating a computer system that can be hacked into, and adding gamification features on top. The online platform for cybersecurity training Hack the Box offers individuals, universities, and companies a chance to game up their hacking skills by giving them access to virtual experiential hacking labs where they learn by doing and rewarding them with points and badgers for advancing in their training.
READ THE STORY: The Recursive
Dridex Malware Targeting macOS Platform Using New Entry Method
FROM THE MEDIA: By using email attachments that resemble regular documents, a variant of Dridex (aka Bugat and Cridex), which is a banking malware is spreading to others through macOS. Prior to now, the malware had been targeting Windows, but now it has been switched to attacking macOS instead, as reported by security researchers at Trend Micro. As one of the most common and dangerous information stealers, Dridex takes advantage of infected machines to access sensitive data, and not only that it also delivers and executes malicious programs. A cybercrime group called Evil Corp (aka Indrik Spider) is suspected of being responsible for this attack chain and this malware. As well as being a successor to Gameover Zeus, the malware is a new threat.As Trend Micro has identified, the Dridex malware sample consists of an executable Mach-O file, which can be run on both macOS and iOS platforms.
READ THE STORY: GBhackers
Malware Threat Feeds On Escalating Narrative Warfare
FROM THE MEDIA: State-sponsored efforts to increase malware attacks and seek ransoms are again on the rise. This type of cybercrime is increasing as certain countries feel more economic woe and displacement from the West. Poorly performing economies, due to sanctions, ineptitude or both, are increasing the likelihood of malware attacks and aggressive coding by state-supported criminal actors as part of a wider spree designed to disrupt the ability to closely examine indicators. Cybercriminals and hackers are launching new campaigns of aggression by surveilling who is on their webpages. A normal practice perhaps in some countries, but when weaponized it turns into a potential revenue stream. Several countries around the world are beginning to support such practices. As international criminal investigations close one case, they uncover a multitude of new hacks. It is an internet-wide phenomenon exacerbated by the clashing narratives emerging across the social media landscape that amplify events on the ground.
READ THE STORY: Eurasia Review
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions
FROM THE MEDIA: A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks. The technique "could act as an entry point for an attack on many organizations," Aqua security researcher Ilay Goldman said in a report published last week. VS Code extensions, curated via a marketplace made available by Microsoft, allow developers to add programming languages, debuggers, and tools to the VS Code source-code editor to augment their workflows. "All extensions run with the privileges of the user that has opened the VSCode without any sandbox," Goldman said, explaining the potential risks of using VS code extensions. "This means that the extension can install any program on your computer including ransomwares, wipers, and more."
READ THE STORY: THN
Taiwan Passes Its Chips Act, Offers Tax Credits to Chipmakers
FROM THE MEDIA: Taiwanese lawmakers have passed new rules that let local chip firms turn 25% of their annual research and development expenses into tax credits, part of efforts to keep cutting-edge semiconductor technologies at home and maintain the island’s technology leadership. Officials there have repeatedly said they will ensure the latest chip technologies remain in Taiwan, a point that has been reaffirmed by executives at Taiwan Semiconductor Manufacturing Co. and other local chip giants. While Taiwan’s assisted local chipmakers in the past with infrastructure construction and other measures, the island is now stepping up its efforts. Shares of TSMC and United Microelectronics Corp. were up more than 4% in Taipei on Monday, the first trading day after the announcement of the new rules.
READ THE STORY: Bloomberg
US Experts Flag The Threat Of EMP Attack By China
FROM THE MEDIA: As EurAsian Times reported recently, Japan, one of the major US allies in the Indo-Pacific, has plans to acquire countermeasures against EMP attacks at five bases of the Japan Air Self-Defense Force by the end of the fiscal year 2029. However, according to Christian D. Orr, a former US Air Force (USAF) Security Forces officer, Federal law enforcement officer, and private military contractor, the Biden administration seems to neglect this threat. “A successful EMP strike against the US would be a catastrophe beyond measure or comprehension, essentially ushering in “The End of the World as We Know It” (TEOTWAWKI). Yet, the Biden Administration is failing to do anything about it,” wrote Orr in a recent article for 19FortyFive. An EMP attack involves detonating a thermonuclear weapon at an altitude of around 40 kilometers or more above the Earth’s atmosphere, unleashing a strong electromagnetic wave that can wipe out a country’s electrical grid for weeks and maybe even months.
READ THE STORY: Eurasian Times
China cyberwar: Beijing’s dominance in IoT & smart technology & vulnerabilities for India
FROM THE MEDIA: In recent years, there has been an explosion in the adoption of advanced technologies like the Internet of Things (IoT) and smart products in India. While they seemingly make everyday life easier – they are fraught with risks, especially risks associated with hacks and data leaks to China. This has consequences in both India’s civil and military domains. An Israeli cyber firm Toka is reportedly selling technology that can alter digital realities. Essentially, products that can hack surveillance cameras and completely alter their feeds. Chinese video and surveillance technology and hardware are being banned by the US due to vulnerabilities in their design that allow data to be extracted. Such cyber technology developments are ominous for India.
READ THE STORY: The Print
Is Russia losing the cyber warfare
FROM THE MEDIA: Many peculiarities are coming out of this strange war as Russia’s invasion of Ukraine enters its eleventh month. The reason why a strong cyber warfare power like Russia has launched so few and hence ineffective cyber-attacks against Ukraine and its allies is one of the most perplexing. The digital conflict over Ukraine is examined by New Horizons, along with any potential long-term effects. On February 24, 2022, when Russia invaded Ukraine, many analysts anticipated a conflict far different from the one that is currently being waged. Not only was the invasion expected to be a four-day blitzkrieg, but many experts predicted that Russia would wage such a fierce cyber war against Ukraine that an invasion might not even be necessary to force Kyiv to comply with Moscow’s demands.
READ THE STORY: Modern Diplomacy
Kyiv argues Russian cyberattacks could be war crimes
FROM THE MEDIA: One of Ukraine's top cyber officials said some cyberattacks on Ukrainian critical and civilian infrastructure could amount to war crimes. Victor Zhora, chief digital transformation officer at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, said Russia has launched cyberattacks in coordination with kinetic military attacks as part of its invasion of Ukraine, arguing the digital warfare is part of what Kyiv considers war crimes committed against its citizens. “When we observe the situation in cyberspace we notice some coordination between kinetic strikes and cyberattacks, and since the majority of kinetic attacks are organized against civilians — being a direct act of war crime — supportive actions in cyber can be considered as war crimes,” Zhora told POLITICO in an interview.
READ THE STORY: Politico
Russian Hackers Targeted Three US Nuclear Research Labs
FROM THE MEDIA: In its latest report released this Friday, Reuters revealed surprising details of how a group of Russian hackers targeted three high-profile nuclear research laboratories. As per Reuters research, the hacking group is known as Callisto (aka Cold River), and they managed to target the Argonne, Brookhaven, and Lawrence Livermore National Laboratories. On the other hand, at least five prominent cybersecurity experts second these findings. It is worth noting that in December 2020, a group of Russian hackers were also blamed for targeting 40 agencies including US Nuclear Agency. The attacks, according to Reuters’ report, happened between August and September 2022. That’s when Russian president Vladimir Putin claimed Russia intended to use nuclear weapons for its defense. So, it seems likely that the three labs were targeted to steal crucial information.
READ THE STORY: HackRead
How should India Exploit Space for Military Advantage
FROM THE MEDIA: In December 2019, as per a declaration issued by the Heads of State and Government participating in the meeting of the North Atlantic Council in London, formally recognized space as an operational domain alongside land, sea, air and cyberspace, even though it did not announce any plans to weaponize space. Thinking of NATO on space warfare is largely influenced by the policy of the United States (US) on outer space. A 2018 US national strategy for space recognized that space is a war-fighting domain that needs to be guarded by a separate Space Force and at the end of 2019, the US Space Force (USSF) was established. Battlefield is now battle space and theatres of operations include space, which along with the intersecting cyberspace, promises to be the cause and the battle space for asymmetric conflicts in the near future.
READ THE STORY: iDR
Misinformation and disinformation leading to biased perspective building
FROM THE MEDIA: Misinformation is incorrect or misleading information unintentionally presented as fact. This is contrasted with disinformation which is deliberately deceptive. Both have become very common in today’s world playing a destructive role in the society, politically as well as socially. The most common source of information these days is News channels and media. In this era of social media, it has become so easy to spread any form of information or news without considering it to be true or not. As the audience is not very cautious about the authenticity of the information due to which they are unable to distinguish whether the news or information is the fact, opinion, scandal, allegation, or a propaganda. They just soak it in and build their perspectives and beliefs on them. Basically, they are unable to take the news as diversely as it is presented.
READ THE STORY: Modern Diplomacy
Pair of Chinese launches put classified and commercial satellites into orbit
FROM THE MEDIA: China conducted its first two launches of 2023 over the weekend, sending three classified payloads into geosynchronous transfer orbit and five commercial satellites into sun-synchronous orbits. A Long March 7A lifted off from the coastal Wenchang spaceport at 5:00 p.m. Eastern, Jan. 8, with unofficial, amateur video footage showing the rocket lifting off despite rain. The China Aerospace Science and Technology Corporation (CASC) confirmed launch success around 30 minutes later. The main payload sent into geosynchronous transfer orbit (GTO) was revealed to be the Shijian-23 satellite developed by Shanghai Academy of Spaceflight Technology (SAST), a major CASC subsidiary. The Shijian-23 satellite is mainly used for scientific experiments and technical verification.
READ THE STORY: SN
Hack-related cryptocurrency losses spike
FROM THE MEDIA: CyberScoop reports that cryptocurrency assets stolen in cyberattacks totaled $3.7 billion in 2022, which was 58% higher than in 2021, and accounted for more than 95% of all cryptocurrency theft incidents last year. Cryptocurrency hacking incidents also rose from 104 in 2021 to 134 in 2022, according to an Immunefi report, which showed that most cryptocurrency-targeted cyberattacks last year have been targeted at decentralized finance projects. Ronin Bridge incurred one of the largest hack-related cryptocurrency losses after North Korean hackers stole $625 million in cryptocurrency assets from the platform, while North Korean hackers were also associated with the $100 million hack of Harmony Bridge. Such attacks should prompt cryptocurrency developers to bolster cybersecurity defenses, said Immunefi Tech Lead Adrian Hetman.
READ THE STORY: SCMAG
Unregistered devices in hybrid work increase hacking risk in India
FROM THE MEDIA: As hybrid work empowers employees to work from anywhere and ensures business continuity for enterprises, the use of unregistered devices by employees has increased the risks around hybrid work in India, a new report showed on Monday. According to the networking giant Cisco report, over nine in 10 (95 %), respondents in the country say their employees are using unregistered devices to log into work platforms. About 82 % say their employees spend more than 10 per cent of the day working from these unregistered devices. “Today, disruption is happening faster than ever. It calls for a re-evaluation of the cybersecurity architecture to ensure that predictivity and intelligence are embedded at the core providing real-time visibility into distributed applications, security, networks, users, and services. Security resilience, preparedness, and response must be at the forefront in order to navigate through the intensifying threat landscape in 2023,” Samir Kumar Mishra, Director of Security Sales, Cisco India & SAARC, said in a statement.
READ THE STORY: The Statesman
Cybercriminals Using ChatGPT to Build Hacking Tools, Write Code
FROM THE MEDIA: Expert and novice cybercriminals have already started to use OpenAI’s chatbot ChatGPT in a bid to build hacking tools, security analysts have said. In one documented example, the Israeli security company Check Point spotted(Opens in a new window) a thread on a popular underground hacking forum by a hacker who said he was experimenting with the popular AI chatbot to “recreate malware strains.” The hacker had gone on to compress and share Android malware that had been written by ChatGPT across the web. The malware had the ability to steal files of interest, Forbes reports(Opens in a new window). The same hacker showed off a further tool that installed a backdoor on a computer and could infect a PC with more malware.
READ THE STORY: PCMAG
Elon Musk's Starlink and Dubai's Elcome join forces to provide internet to maritime sector
FROM THE MEDIA: Starlink, the satellite internet service operated by Elon Musk's aerospace company SpaceX, has linked up with Dubai-based marine electronics company Elcome International to provide internet services to the maritime industry. The service, which uses Starlink's low-Earth orbit satellites — the largest constellation of satellites at such an altitude — will connect vessels, such as merchant ships, oil rigs and luxury yachts, to internet speeds that are up to 100 times faster than traditional satellite services, Elcome said on Monday. Elcome will equip its customers with advanced solutions that leverage the capabilities of Starlink. Orders will be fulfilled from Elcome's logistics hubs in Dubai, Singapore and Spain with a variety of installation and support options available, the company added. "The UAE is a global hub of the maritime industry, and we are uniquely positioned and equipped to broaden the installed base of Starlink in vessels operating in the Middle East, the Mediterranean and Indian Ocean," Jimmy Grewal, executive director of Elcome, told The National.
READ THE STORY: The National News
Items of interest
Assessing the Iranian arms industry
FROM THE MEDIA: Tehran claims to have the most successful arms industry in the world despite decades of economic sanctions. The regime states that 5,000 knowledge-based companies are cooperating with its defense industry to develop innovative weapons. In November 2022, Iran launched a hypersonic ballistic missile for the first time. The aerospace commander of the Islamic Revolutionary Guard Corps (IRGC) General Amir Ali Hajizadeh described the event as “a great generational leap in the field of missiles.” International experts have greeted this news with skepticism, as they are accustomed to exaggerations and inaccurate information from the Iranian regime. Tehran declared that the missile flies between Mach 8 and Mach 10, meaning it could reach Jerusalem in 400 seconds. It did not specify whether it is a hypersonic glide vehicle or a hypersonic cruise missile – and only the cruise variant can adjust direction midair and lock onto a target. But one thing is certain: Iran is openly challenging United Nations Resolution 2231, which prohibits it from developing missile launches using ballistic technology.
READ THE STORY: GIS
What The Security Industry Should Know About Reverse Engineering (Video)
FROM THE MEDIA: What is one thing you wish your peers in the security industry knew about reverse engineering?
Do Companies Actually Pay Ransomware (Video)
FROM THE MEDIA: Do companies really pay ransomware? Do they buy bitcoin to pay? If they pay do they actually get their files back?
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com