Monday, February 13, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
Russian hackers Killnet disrupt NATO’s aid mission in quake-hit Turkey and Syria
Analyst Comments: Via proxy Russia demonstrates the effectiveness of distributed denial of service (DDoS) attacks and willingness to target humanitarian efforts which temporarily took down the website of NATO Special Operations Headquarters and the Strategic Airlift Capability, potentially hindering the relief efforts for the earthquake victims.
FROM THE MEDIA: A group of Russian hackers known as Killnet has disrupted communication between NATO and military aircraft providing aid to victims of the earthquake in Turkey and Syria. The hackers claimed responsibility for the DDoS (Distributed Denial of Service) attack on the NATO Special Operations Headquarters and the Strategic Airlift Capability website among others. The DDoS attack is aimed at making a website or service unavailable by overwhelming it with a large amount of traffic, causing the target to become overwhelmed and unable to handle legitimate traffic. Although the NATO website was down for only a couple of hours, the attack is believed to have hindered relief efforts. NATO's cyber experts are addressing the issue. The group is described as a loosely organized group of pro-Kremlin activists who engage in basic DDoS attacks against countries that support Ukraine. The group has not caused significant lasting damage so far.
READ THE STORY: FT
Ransomware hits Technion university, protests tech layoffs and Israel
FROM THE MEDIA: DarkBit, a new ransomware group, has attacked Technion - Israel Institute of Technology, a leading research university in Israel. The group demanded a ransom payment of $1.7 million and left a ransom note with anti-Israel messages and references to tech layoffs. The university is responding to the attack and its website is currently down. The origins and motivations of DarkBit are unclear, but the group has expressed anti-Israel sentiments and a desire to take revenge for layoffs, including those of technical employees. The group has threatened to impose a penalty on top of the ransom demand and to put any stolen data up for sale if the ransom is not paid.
READ THE STORY: BleepingComputer
Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails
FROM THE MEDIA: The Tonto Team, a suspected Chinese APT actor, attempted to attack cybersecurity company Group-IB in June 2022. The attack was unsuccessful as Group-IB detected and blocked the malicious phishing emails sent by the Tonto Team. This is the second attack aimed at the company, the first of which took place in March 2021. Tonto Team, also known as Bronze Huntley, has been linked to attacks on various organizations in Asia and Eastern Europe and is believed to have ties to the Third Department of the People's Liberation Army. The group is known for using spear-phishing emails containing malicious attachments created with the Royal Road Rich Text Format toolkit to drop backdoors like Bisonal. The Tonto Team also leveraged phishing emails to distribute malicious Microsoft Office documents with the Royal Road weaponizer to deploy the Bisonal malware, which provides remote access to the infected computer. The goal of Chinese APTs like Tonto Team is often espionage and intellectual property theft.
READ THE STORY: THN
Four misconceptions about data exfiltration
FROM THE MEDIA: In short, data exfiltration events should be taken just as seriously as ransomware attacks. Many organizations often have misconceptions about these types of cyber threats and do not take proper action to mitigate the risk. These misconceptions include thinking that IT is synonymous with security, that cyber insurance is a substitute for proper security measures, believing that being operational means the network is secure, and assuming that a single data breach is a one-time occurrence. It's important for organizations to understand the risks associated with data exfiltration events, have a clear understanding of their network, and take proper steps to secure their systems. This includes having a clear security strategy, engaging a digital forensics and incident response (DFIR) partner, deploying proper security tools, and regularly monitoring the network for indicators of compromise.
READ THE STORY: VB
Honeypot-Factory: The Use of Deception in ICS/OT Environments
FROM THE MEDIA: Industrial control systems (ICS) are increasingly being targeted by cyber attackers, and it is only a matter of time before they become a primary focus. It is important to have strong cybersecurity measures in place to protect these systems and prevent the halt of production and business operations. One potential solution is deception technology, such as honeypots, which can detect malicious activity and mislead attackers. However, implementing deception technology in ICS still faces several challenges, including the large number of different industrial control devices and protocols, limited simulation capabilities, and high maintenance costs. Despite these challenges, deception technology can play a crucial role in improving ICS security and defense capabilities. Further breakthroughs are needed to overcome these challenges and make deception technology more widely adopted in ICS environments.
READ THE STORY: THN
Hackers Targeting U.S. and German Firms Monitor Victims' Desktops with Screenshotter
FROM THE MEDIA: A threat actor called TA866 has been targeting US and German companies with a bespoke malware designed to steal confidential information. Enterprise security company Proofpoint is tracking the activity cluster, known as Screentime, and believes that the group is financially motivated. The attacks began in October 3, 2022 and are launched via emails with a booby-trapped attachment or URL that leads to malware. Executing the malware downloads a tool called WasabiSeed, which fetches next-stage malware such as Screenshotter, a utility that takes screenshots of the victim's desktop and transmits that information back to a command-and-control server. The origins of TA866 are unknown, but the group is suspected to have used similar malware as far back as April 2019. The findings come as threat actors are exploring new ways to execute code on targets' devices, including the abuse of novel file formats like Microsoft OneNote and Publisher documents for malware delivery.
READ THE STORY: THN
Disinformation researchers raise alarms about AI chatbots
FROM THE MEDIA: Researchers have warned that the artificial intelligence (AI) chatbot ChatGPT is a powerful tool for spreading misinformation. AI can produce disinformation in convincing, clean variations at scale within seconds, without disclosing its sources. Predecessors to ChatGPT have been used to spread comments and spam in online forums and social media platforms. ChatGPT has the potential to share conspiracy theories in increasingly credible and persuasive ways. Researchers predict that generative technology could make disinformation cheaper and easier to produce, and that no available mitigation tactics can effectively combat it. The underlying technology of ChatGPT, GPT-3, was found to have "impressively deep knowledge of extremist communities." OpenAI monitors the content that is fed into and produced by ChatGPT, but relies on both human AI trainers and user feedback to filter out toxic data. The company offers a free moderation tool to handle content that promotes hate, self-harm, violence or sex, but it offers limited support for languages other than English and does not identify political material, spam, deception, or malware.
READ THE STORY: IndianExpress
India's IT minister denies targeting Chinese apps for bans
FROM THE MEDIA: India's Minister for Electronics and Information Technology, Rajeev Chandrasekhar, has stated that the country does not target Chinese apps for law enforcement action or bans. However, the country has banned hundreds of apps linked to China in recent years, including the recent ban of 232 Chinese apps. India's electric vehicle (EV) market grew by 223% in 2022, with Tata leading the market with 86% share. The Quad (the US, Australia, India, and Japan) have launched a cyber challenge to promote better online habits and cyber security. Indian Railways' food services can now be ordered through an AI-powered chatbot on WhatsApp on selected trains.
READ THE STORY: The Register
How China Is Leveraging Its Belt & Road Initiative In Pakistan, Egypt To Expand Its Space Internet Edge In LEO
FROM THE MEDIA: China is developing a low-Earth orbit (LEO) broadband network that may be used both commercially and by the government. The US may lose its competitive advantage if China continues to advance in this area. China is utilizing its Belt and Road Initiative to gain market share for its LEO constellations, which will provide services throughout Asia, South America, and Africa, where there is currently a lack of internet infrastructure. China's heavy ICT presence in BRI countries creates path dependencies, spreads techno-authoritarian norms and standards, grows China's voice in international governance and standards bodies, and strengthens China's power over global networks. The successful proliferation of Chinese LEO broadband service could grant Beijing greater control over international data flows and extensive intelligence and coercive powers. China's ambitious space plans coincide with the creation of the Belt and Road Space Information Corridor, which amplifies the significance of space in Chinese thinking about national security and economic development.
READ THE STORY: Eurasian Times
Elon Musk defends limitations on Ukraine's military use of Starlink satellites
FROM THE MEDIA: SpaceX founder Elon Musk has defended the company's decision to limit Ukraine's military use of its satellite-internet service, Starlink. This comes after former astronaut Scott Kelly tweeted to Musk, urging him to restore the full functionality of Starlink to Ukraine. Musk responded to Kelly, saying that while Starlink is the communication backbone of Ukraine, especially at the front lines, where almost all other internet connectivity has been destroyed, they will not enable escalation of conflict that may lead to World War III. SpaceX President, Gwynne Shotwell, announced on Feb. 9 that the company was restricting Ukraine from using Starlink for military operations, but they could use it for typical communications and humanitarian relief. The terms of use for Starlink state that the internet connections are not for military engagements.
READ THE STORY: Yahoo finance
Disruption of GPS at airports increase risks of flight safety
FROM THE MEDIA: According to reports, the GPS signals at Allama Iqbal International Airport and Sialkot International Airport have been disrupted, increasing the risks to flight safety. The Global Positioning System (GPS) is used by pilots to navigate aircrafts along preferred routes from one waypoint to another. The system provides geolocation and time information to a GPS receiver anywhere on or near the Earth. The problem is being reported about 150-54 nautical miles from the airports and is causing difficulty for pilots during landing and takeoff due to the sudden disappearance of GPS signals. The Pakistan Civil Aviation Authority (PCAA) has issued a NOTAM for domestic and international flights, warning pilots about the GPS signal malfunction and advising them to seek guidance from air traffic controllers if there are any complications before landing. The GPS malfunction is a major concern and could result in a major accident if not fixed promptly, putting the lives of passengers at risk.
READ THE STORY: PakObserver
NameCheap's email hacked to send Metamask, DHL phishing emails
FROM THE MEDIA: Namecheap, a domain registrar, experienced a breach on Sunday night. The breach caused a flood of phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets. The phishing campaigns started around 4:30 PM ET and originated from SendGrid, an email platform used by Namecheap. The phishing emails were impersonating either DHL or MetaMask. The MetaMask phishing email asked the recipient to complete a KYC verification in order to avoid suspension of their wallet. The email contained a marketing link from Namecheap that redirected the user to a phishing page. This page prompted the user to enter their 'Secret Recovery Phrase' or 'Private Key,' which the threat actors could then use to import the wallet and steal all the funds and assets. Namecheap issued a statement saying that their own systems were not breached, but rather it was an issue at an upstream system they use for email. Namecheap stopped all emails and began investigating the attack with their upstream provider. Services were later restored that night. Twilio SendGrid stated that Namecheap's incident was not the result of a hack or compromise of the email service provider's systems.
READ THE STORY: BleepingComputer
Items of interest
Using the blockchain to prevent data breaches
FROM THE MEDIA: The use of blockchain technology may help prevent data breaches, as it provides a secure way to store data. Blockchain uses cryptographic algorithms, such as hash functions and asymmetric encryption, to protect stored data. It is also decentralized and immutable, making it less vulnerable to cyberattacks and data manipulation. The cryptographic security and decentralization of blockchains make them a promising solution for preventing data breaches, which can be costly and damaging to a company's reputation and customer trust.
READ THE STORY: VB
Sentiment Analysis with LSTM | Deep Learning with Keras | Neural Networks (Video)
FROM THE MEDIA: We shall train three separate Neural Networks, namely: a Simple Neural Net, a Convolutional Neural Net and a Long Short Term Memory Neural Net. LSTM networks are actually considered to be quite suitable for handling NLP problems, and by the end of this video, you will understand why. Sentiment Classification LSTM Model we shall be training as part of this tutorial is so good that it not only predicts the user movie review sentiment as positive/negative, it also does a fabulous job in predicting IMDb Rating itself corresponding to these reviews with mind blowing accuracy.
Using OpenAI to Perform Sentiment Analysis - A Step-by-Step Guide (Video)
FROM THE MEDIA: Jonathan uses open AI to detect the sentiment of a string of text or tweet using the API the completion API
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.