Daily Drop (385)
1-28-23
Saturday, January 28, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
How to Respond to the New North Korean Threat From UAVs
FROM THE MEDIA: In 2022 North Korea launched multiple cruise and ballistic missiles and then sent five unmanned aerial vehicles (UAVs) into South Korean airspace. This caused a political impact and revealed holes in South Korea's military's integrated air defense system. President Yoon instructed the South Korean military to respond by sending UAVs into North Korean airspace, and the opposition party has characterized this as an offensive move. In response, the South Korean government has ordered the military to accelerate the establishment of a specialist joint UAV unit and the development of anti-UAV weapons systems. North Korea's use of UAVs for reconnaissance and potential attack purposes is a clear violation of the Armistice Agreement and raises the issue of countermeasures. South Korea must acquire or develop an anti-UAV defense system and consider other non-traditional approaches to ward off potential UAV attacks. It is of utmost importance that the South Korean military be better prepared to effectively deal with North Korean UAVs in order to keep the region secure.
READ THE STORY: 38North
China’s cornered the IoT market. That could be a cybersecurity nightmare
FROM THE MEDIA: This month, the British government discovered a geo-locating SIM card inside a sealed part of one of its diplomatic cars, believed to be placed by its Chinese manufacturer. This discovery has far-reaching implications for the security of politicians, civil servants and other individuals who use government vehicles, as it raises the possibility that their movements could be tracked by a third party with access to the component. Charles Parton, a former British diplomat in China and national security analyst, has since published a report identifying the spread of Chinese-made cellular IoT modules as a serious cybersecurity challenge for Western nations, as nearly half of the market share for their production is in the hands of three Chinese companies. This could be exploited by cybercriminals and hostile nation-states and has prompted a response from the UK government to ban the acquisition of new Hikvision cameras. Despite this, the IoT sector in China is heavily subsidized, allowing it to undercut its international competitors on price and create dependencies in the West on Chinese production capabilities and technical expertise.
READ THE STORY: TechMonitor
Coast Guard Releases New Guide to Help Maritime Cybersecurity Assessments
FROM THE MEDIA: The U.S. Coast Guard has released a guide to help maritime transportation system stakeholders establish baseline cybersecurity assessments and develop cyber security planning and response to meet the challenges posed by evolving threats. The Maritime Cybersecurity Assessment & Annex Guide offers an additional resource for Maritime Transportation Security Act (MTSA)-regulated facilities to enhance and expand on their current efforts as they assess cyber risks and vulnerabilities. It is useful for any MTS stakeholders interested in conducting a baseline cybersecurity risk assessment, developing plans, as well as continued improvement of existing plans. The guide focuses on three primary recommendations: identifying a Cybersecurity Officer, defining cybersecurity vulnerabilities and protections based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and mapping physical security vulnerabilities to related cybersecurity vulnerabilities. This guide provides a valuable tool to help maritime entities protect against cyber threats and remain compliant with maritime security regulations.
READ THE STORY: HSToday
Ukraine Hit with New Golang-based 'SwiftSlicer' Wiper Malware in Latest Cyber Attack
FROM THE MEDIA: In recent years, Ukraine has been the target of multiple cyber attacks from Russia. This week, the Slovak cybersecurity company ESET identified the use of a previously undocumented data wiper, SwiftSlicer, by the nation-state group Sandworm. Sandworm has a history of launching destructive cyber campaigns since 2007, and its recent attacks have included WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, Industroyer2, Prestige, and RansomBoggs. In addition, Ukraine's Computer Emergency Response Team of Ukraine (CERT-UA) linked Sandworm to a recent cyber attack on the national news agency Ukrinform, which involved the use of multiple data wiping programs. This latest attack is yet another example of the sophistication of Sandworm and other Russian state sponsored actors targeting Ukraine, and it serves as a reminder of the global threat posed by nation-state actors.
READ THE STORY: THN
Cyber attacks in space: How safe are our satellites
FROM THE MEDIA: As space exploration and technology continues to advance, the importance of satellites in our day to day life is becoming more and more evident. With 10,352 satellites currently orbiting the Earth, the potential for malicious cyber-attacks is a growing concern. Countries such as Russia and China have already demonstrated their capability to disrupt satellite infrastructure and communication systems with cyberattacks, and with the growth of private companies entering the space race the stakes are even higher. Governments are now taking action to protect their precious satellites by introducing initiatives such as the Space Information Sharing and Analysis Center and the Hack-A-Sat competition. With the potential for catastrophic damages if systems are breached, it is clear that cybersecurity in space must remain a top priority as we continue to explore the unknown.
READ THE STORY: Metro
The Dilemma of Science Diplomacy: Between Advancement of Humanity and The Source of Rivalry
FROM THE MEDIA: Science diplomacy has become increasingly prominent in recent years as the world faces more complex global challenges. It is seen as a way to bridge the gap between policy-making and science, and has been used in many different areas, such as global health, economics, and the environment. Science diplomacy can be used to improve human lives by providing scientific advice and networks that can help build a better world, but it can also be used as a tool for states to pursue their own interests. This article examines the dilemma of science diplomacy, which is the tension between the use of science for the benefit of global citizens and the use of science to promote national interests. The article also looks at the extent of science diplomacy in international affairs, and how science can be used to create power and rivalry between states.
READ THE STORY: Modern Diplomacy
Racial slurs discovered in leaked Yandex source code
FROM THE MEDIA: Yandex, a major Russian tech giant, recently came under fire when screenshots surfaced online showing multiple references to the N-word in the company's source code. Yandex responded with an apology and an internal review to understand how this happened and to prevent it from happening again. The code was leaked online, and while the company claims it is not the current version, a former Yandex systems administrator believes it may be up to 90% similar. This incident serves as a reminder of the power of words and the potential harm that can come from their misuse.
READ THE STORY: Cyberscoop
Target says data sold on dark web is ‘outdated,’ likely ‘released by third party’
FROM THE MEDIA: This week, Target denied allegations that an alleged database of customer information had been posted on a hacker forum. They claim that the data is outdated and was not taken from their systems. Additionally, Target has stated that no current or personal guest information was included in the data. This follows a busy month for data breaches, with over 422 million records having been leaked in 2022. The Identity Theft Resource Center has noted that the data breach notices have become increasingly less informative, making it harder for consumers, businesses and government entities to make informed decisions about the risk of a data compromise.
READ THE STORY: The Record
#GermanyRIP. Kremlin-loyal hacktivists wage DDoS attacks to retaliate for tank aid
FROM THE MEDIA: In recent weeks, Germany has been targeted by cyberattacks allegedly orchestrated by Kremlin-linked threat actors, including DDoS attacks against major German airports, the Deutsche Bank, and other organizations. The attacks have been in response to Berlin’s decision to send Leopard 2 tanks to Ukraine. The Federal Cybersecurity Agency (BSI) has said that the attacks have caused small outages but did not cause any major damage. Furthermore, there is difficulty in attributing authorship of these attacks due to the involvement of a group claiming to be the Sudanese version of Anonymous, indicating the ability of Russian-language hacktivist groups to collaborate on an international level. Additionally, researchers at security firm Eset reported that Kremlin-backed threat actors unleashed a never-before-seen data wiper on Ukrainian targets. Despite these threats, the BSI has said that no major damage should occur as long as the usual protective measures are followed.
READ THE STORY: arsTECHNIA
Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service
FROM THE MEDIA: Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona "badbullzvenom". It is suspected that this threat actor, known as Frapstar or "Chuck from Montreal", is the sole proprietor of a small business and is responsible for attacks resulting in an estimated total of $1.5 billion in losses. eSentire's Threat Response Unit (TRU) has uncovered a new attack campaign targeting e-commerce companies, with malware such as VenomLNK, More_eggs, and TerraLoader being utilized to target recruiters and gain access to victim machines. Organizations should be cautious of potential phishing attempts, as the Golden Chickens malware suite is still under active development and being sold to other threat actors.
READ THE STORY: THN
New iOS Tech Makes difficult to Hack Your iCloud Login
FROM THE MEDIA: The recent introduction of hardware security keys to Apple devices is a sign of the industry-wide shift towards a more secure authentication system. These physical keys, which communicate with USB or Lightning ports or with NFC wireless data connections, offer an added layer of protection from hackers, identity thieves, and snoops. The requirement of physical possession of these keys effectively thwarts hackers trying to gain access remotely and also protects against phishing attacks. Alongside this, Apple has also added an iPhone Lockdown Mode and Advanced Data Protection program to further strengthen security. Though these measures offer better security, it is important to note that Apple can no longer help users regain access to their accounts if they are locked out. Yubico, the top maker of hardware security keys, has two new FIDO-certified models suited for consumers, alongside the passkey technology being developed by Google, Microsoft and Apple, which may eventually replace passwords altogether.
READ THE STORY: CNET
Charter Communications says vendor breach exposed some customer data
FROM THE MEDIA: Charter Communications, one of the largest telecommunications companies in the United States, recently reported a data breach in which personal information belonging to their customers was exposed. The breach was discovered after the data was posted on a hacking forum, and the company believes a third-party vendor was the cause of the breach. In response, the Federal Communications Commission has voted unanimously to investigate potential changes to the breach notification rules for telecommunications companies. The investigation is meant to better protect consumers and strengthen reporting requirements, and is a reminder of the need for more vigilance in the modern digital world.
READ THE STORY: The Record
Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices
FROM THE MEDIA: Recently, a malicious variant of the PlugX malware was discovered which has the capability to infect attached removable USB media devices, thereby propagating itself to other systems. This variant employs sneaky methods to conceal itself from the Windows operating file system, allowing it to be used to exfiltrate data from its target networks. Other malicious tools that have been used in the same attack chain include the Gootkit malware loader and the Brute Ratel C4 red team framework. Additionally, the malware uses a Unicode character to hide files in USB devices, as well as a Windows shortcut to execute the malware from hidden directories. This indicates the threat actors' attempt to jump over air-gapped networks in order to exfiltrate specific files of interest. Therefore, it is clear that PlugX remains an active threat and is being developed by technically skilled attackers.
READ THE STORY: THN
Satellite billed as the ‘future GPS’ begins key tests
FROM THE MEDIA: The U.S. Air Force has contracted L3Harris to build the Navigation Technology Satellite-3 (NTS-3) for their research experiment, which is planned to launch in late 2023. The 1,250-kilogram satellite will broadcast positioning, navigation, and timing (PNT) signals from geostationary Earth orbit, demonstrating next-generation PNT technologies for the U.S. military and providing an alternative to GPS. The satellite is currently undergoing a series of tests at Kirtland Air Force Base and will soon head to Edwards Air Force Base for radio frequency testing. It is built using a Northrop Grumman ESPAStar commercial bus and if successful, may transition some of the NTS-3 payload and signal processing technology to GPS, as well as consider buying more satellites to augment the GPS constellation.
READ THE STORY: SN
Mon Dieu! Suspected French ShinyHunters gang member in the dock
FROM THE MEDIA: The US court is set to hear the case of Sebastien Raoult, a French citizen accused of being part of the ShinyHunters cybercrime gang. The gang is alleged to have trafficked in identity and corporate data theft and used targeted phishing emails to steal login credentials and access keys. They have also allegedly extorted victims with ransom payments and publicly leaked data. Raoult faces nine counts related to his involvement, including conspiracy to commit computer fraud and abuse, conspiracy to commit wire fraud and three counts of aggravated identity theft. If found guilty, Raoult could be facing a lengthy prison sentence. Two other French citizens are also charged in the indictment.
READ THE STORY: The Register
China consortium to develop lithium deposits in Bolivia
FROM THE MEDIA: The Bolivian government has chosen a Chinese consortium led by battery giant Contemporary Amperex Technology to invest upward of $1 billion to develop untapped lithium deposits, with the ambitious goal of producing lithium batteries in the country by 2025. Bolivia has the largest lithium reserves in the world but little local means to develop them. The state-owned Bolivian Lithium Deposits (Yacimientos de Litio Bolivianos), known as YLB, has signed agreements with the consortium, CBC, to jointly exploit, refine, process and market lithium resources, the country's Ministry of Hydrocarbons and Energy said on Jan. 20.
READ THE STORY: Nikkei Asia
Diversification Isn’t Enough to Cure Europe’s Economic Dependence on China
FROM THE MEDIA: In the EU Strategic Dependencies document, the term "diversification" is pervasive, suggesting that it is a key component of policy responses to dependence on Chinese supplies. Vulnerability, however, is the real issue, as it is not dependent upon dependence. The European Commission has conducted analysis of EU vulnerabilities, but individual countries must do more. Diversification has drawbacks, including high costs, potential for protectionism and subsidies, and lack of focus on conservation, substitution, and recycling. Stockpiling is an effective and more sustainable alternative that should be explored, and the IEA's Emergency Oil Sharing System could be a model for Europe.
READ THE STORY: The Diplomate
Mastermind in JPMorgan Hack Left US for Israel, His Father Says
FROM THE MEDIA: Gery Shalon, the alleged mastermind of a sweeping US financial system hack early last decade, is back in Israel after being allowed to leave US custody two years ago. Although he was facing 23 counts and potentially decades in prison, he was never put on trial. Documents show that in 2017, he pleaded guilty to all 23 counts and agreed to forfeit more than $400 million. It is speculated that he must have provided substantial cooperation to US authorities in exchange for leniency. His father, a former member of the Georgian Parliament, recently revealed in an interview that his son had been released without any restrictions on his freedom. Shalon's co-conspirator, Andrei Tyurin, was arrested in the Republic of Georgia in 2018 and extradited to the US, where he was sentenced to 12 years in prison.
READ THE STORY: Bloomberg
ISC Releases Security Patches for New BIND DNS Software Vulnerabilities
FROM THE MEDIA: The Internet Systems Consortium (ISC) has released patches to address four security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite. If exploited, these vulnerabilities could lead to a denial-of-service (DoS) condition. The open source software is widely used by major financial firms, ISPs, retailers, manufacturers, educational institutions, and government entities, and the vulnerabilities affect versions 9.16.0 to 9.16.36, 9.18.0 to 9.18.10, 9.19.0 to 9.19.8, and 9.16.8-S1 to 9.16.36-S1. Successful exploitation of the vulnerabilities could cause the named service to crash or exhaust available memory on a target server. Although there is no evidence that any of these vulnerabilities are being actively exploited, users are recommended to upgrade to the latest version as soon as possible to mitigate potential threats.
READ THE STORY: THN
Not a cyberattack, but an IT failure: the FAA's NOTAM outage.
FROM THE MEDIA: The US Federal Aviation Administration experienced a 90-minute outage of the Notice to Air Missions system (NOTAM) due to a technical failure, rather than a cyberattack, early Wednesday morning. The cause of the outage was found to be a damaged database file, and the FAA has since identified an IT contractor error as the source of the issue. The incident serves as a reminder of the importance of cyber preparedness, as the reliance on third-party systems and the outdated infrastructure of the FAA can have serious consequences on air operations. The Moody's Investors Service wrote that while the incident may be credit neutral, the system's exposure to cyber risk was clearly in evidence. Egnyte's Neil Jones emphasizes the need for viable incident response plans and the additional impact of technical debt on cybersecurity.
READ THE STORY: The Cyberwire
How Kevin Rose got duped into giving away valuable NFTs
FROM THE MEDIA: On Wednesday night, Kevin Rose, a serial entrepreneur, was tricked into giving away a bunch of very valuable NFTs. This multi-part scheme, which began with a seemingly mundane airdrop, serves as a reminder of how easily even those founder of an NFT-focused company could be lured into a trap. As Rose admitted in his Twitter Spaces discussion, multitasking is never a good idea when dealing with NFTs. Arkham Intelligence estimated the lost NFTs at $1.09 million in value. This case serves as a warning of the dangers of cyber crime and the importance of remaining aware of how miscreants are manipulating others out of money and valuable goods. Rose, now the founder of an NFT-focused company called PROOF Collective, is planning on releasing a post-hack trouble shooting guide to help other victims.
READ THE STORY: AXIOS
Attorney General Josh Stein Warns Against Hacking and Phishing Scams on Data Privacy Day
FROM THE MEDIA: On the occasion of Data Privacy Day, North Carolina's Attorney General Josh Stein released the 2022 data breach report, which revealed that 1,900 data breaches occurred in the state last year, affecting 3 million North Carolinians. 90% of these breaches were caused by hacking and phishing scams, with ransomware being responsible for 45%. To avoid such attacks, Stein offers a few tips such as not opening emails from unverified senders and using strong passwords. Moreover, he recommends that organizations back up their data, participate in regular trainings to identify signs of ransomware attacks, and have a plan in place to notify customers if a ransomware attack occurs, warning that his office will investigate and hold accountable any companies who fail to protect and store people's data.
READ THE STORY: DoJ
Inside TikTok’s proposal to address US national security concerns
FROM THE MEDIA: TikTok, a popular social media platform owned by Chinese company ByteDance, is facing scrutiny from the U.S. government over security concerns. To address these concerns, the company has proposed "Project Texas," a detailed plan relying heavily on the American tech giant Oracle to mitigate perceived security risks of the viral video app. The proposal includes localizing the app's data access, algorithms and source code, and placing these under the supervision of a U.S. government approved board of directors. Oracle would be responsible for operating the gateways at the app's border and for auditing the source code and recommendation algorithm. However, there is ongoing debate over whether this proposal is sufficient to address the fears that China could subvert the app. A ban on TikTok and other foreign-based technology applications is also being discussed, raising concerns about the impact this could have on the open internet.
READ THE STORY: Cyberscoop
On Data Privacy Day, Organizations Fail Data Privacy Expectations
FROM THE MEDIA: Data privacy is an increasingly pressing concern for organizations around the world, with breaches of data privacy legislation resulting in significant fines. Omdia's Security Breaches Tracker has found that two-thirds of security breaches involve data exposure, and Cybersecurity Decision Maker survey revealed that only a third of organizations are "extremely confident" in their security controls. Data Privacy Day serves to highlight the inadequacies of data protection and to support the confidentiality of information by encouraging organizations to practice good cyber hygiene. This includes timely patching, password management, and backups. However, it is not a one-and-done task, as malicious actors are also constantly updating their offensive capabilities. Organizations must remain vigilant and take data privacy personally, focusing on data security to ensure the confidentiality of their customer's information.
READ THE STORY: DARKreading
US Treasury Sanctions Chinese Firm Supplying Intelligence to Russia
FROM THE MEDIA: The U.S. Treasury Department recently announced sanctions against Chinese satellite manufacturer Spacety, which has been found to be supplying satellite imagery to Russia in order to aid the war in Ukraine. An independent investigation has revealed strong ties between Spacety and China’s military, People’s Liberation Army (PLA), and the Military-Civil Integration (MCI) platform, a Chinese regime strategy to modernize its military. The company’s top-level managers have deep personal ties to China’s military and space programs, and the MCI platform has been targeted by both the Trump and Biden administrations. This case has revealed the true nature of China’s support for Russia’s invasion of Ukraine. This is yet another example of the Chinese regime’s attempts to advance further its military capabilities and to gain further influence in the world.
READ THE STORY: The Epoch Times
Items of interest
Russian tech tycoon heads to trial over insider trading hacking scheme
FROM THE MEDIA: Vladislav Klyushin is set to go on trial on Monday in a federal court in Boston as part of an alleged global hacking and insider trading scheme. Federal prosecutors allege that Klyushin, a millionaire with a law degree, conspired with four codefendants, including a former Russian military intelligence officer, to hack into the servers of two vendors that publicly traded companies use to make filings to the Securities and Exchange Commission. The conspirators allegedly used the information they obtained to make stock trades that led to millions of dollars in illegal profits. He faces multiple charges including conspiracy, wire fraud, unauthorized access to computers, and securities fraud. Klyushin's case is of particular interest due to his political ties, and there is speculation that the Russian government may attempt to negotiate his release if he is convicted. The trial is expected to be closely watched as it may yield valuable information about the scope of data privacy violations in the United States.
READ THE STORY: BostonGlobe
ChatGPT (Fad or Future?) - Practical use-cases for Power BI (with Mathias Halkjær) (Video)
FROM THE MEDIA: Chatbots are a new technology that is still evolving, and there are a variety of ways to use them. Some of the practical uses of chatbots include automating customer service, providing customizable responses to questions, and managing customer data. It is important to use chatbots in the right way to prevent misuse and offensive content.
Using ChatGPT to make an app in a language I don't know (Video)
FROM THE MEDIA: The video demonstrates how to use ChatGPT to create an app in a language the presenter does not know. The presenter first sets up multi-stream and stream chat, then shows how to capture and play a video. Next, the presenter highlights a chat box and sends a message. Finally, the presenter talks about how he is going to use ChatGPT today to experiment with coding.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com