Tuesday, February 14, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
Cyber Threats to Pakistan’s National Power Grid
FROM THE MEDIA: Pakistan's cyber environment and engagement in the global IT market have left it exposed to cyber threats, including cybercrime, espionage, and cyber warfare. Cyber-attacks on vital infrastructure, including power and energy systems, military and government networks, and financial institutions, have resulted in power outages, financial losses, and disruptions to essential services. The recent blackout in Pakistan highlights the vulnerability of the country's power grid to cyber-attacks, and there is a growing evidence that these failures may be rooted in the cyber realm. It is essential to take proactive measures, such as regular assessments of potential vulnerabilities, developing adequate incident response plans, increasing public awareness, and investing resources in advancing cybersecurity measures to enhance the nation's resilience to cyber-attacks.
READ THE STORY: TGP
Cloudflare says it stopped largest DDoS attack on record
FROM THE MEDIA: Cloudflare, an internet infrastructure company, has detected and mitigated the largest distributed denial-of-service (DDoS) attack ever recorded, which peaked at 71 million request-per-second (rps). The DDoS attack targeted a popular gaming provider, cryptocurrency companies, hosting providers, and cloud computing platforms, originating from numerous cloud providers. Cloudflare has been working with these providers to crack down on the botnet behind the attack. The company claims that such attacks are getting "bigger, more sophisticated, and more frequent," with DDoS attacks increasing by 79% in 2022. The hackers behind the attacks often choose DDoS extortion attacks over ransomware attacks because they are cheaper and easier to carry out.
READ THE STORY: The Record
Satellite Data Analytics: The Future of Space Intelligence
FROM THE MEDIA: The satellite data analytics market is rapidly growing, with advancements in technology making it more accessible and actionable. Key players in the market include Planet Labs, Maxar Technologies, Airbus, DigitalGlobe, Astrium, CNSA, CAST, and e-Geos. The market is driven by the increasing demand for actionable insights, growing adoption of cloud computing, and advancements in remote sensing technologies. The United States and Europe are major players in the market, with increasing investment in the industry creating new opportunities for growth and innovation.
READ THE STORY: Newswires
Digital Yuan, Money From China: On To Africa
FROM THE MEDIA: The digital yuan, developed by the Chinese government and the People's Bank of China, is a potential game changer in the digital finance world, with advantages such as increasing access to banking services, reducing financial costs, and opening up markets to international trade for African countries. However, there are also challenges to address, such as security issues and concerns about government surveillance. To mitigate these risks, the digital yuan needs to be backed by gold or silver and made more secure against hackers. Despite these challenges, the digital yuan holds great potential for Africa and could help the continent unlock its financial potential.
READ THE STORY: BestStocks
Can Russia Afford To Keep Funding Its Space Program
FROM THE MEDIA: Despite the failures of Roscosmos and the economic troubles faced by the space corporation, Russia's budget for space programs has not significantly changed over the past few years, with the total annual expenditures on space programs remaining relatively stable. The military space program, which includes GLONASS and other military satellite networks, is estimated to have a share of no less than 110-120 billion rubles in 2023. The current plan for spending on GLONASS does not presume a significant increase in spending. The inertia of GLONASS may be considered an indicator of the actual situation within Russia's entire military space program. Some within Roscosmos still believe that Russia must maintain its space partnership with the United States and Europe.
READ THE STORY: Oilprice
Healthcare in the Crosshairs of North Korean Cyber Operations
FROM THE MEDIA: The US Cybersecurity and Infrastructure Security Agency, the FBI, the US Department of Health and Human Services, and South Korean intelligence agencies have warned that the North Korean government is using revenues from state-sponsored ransomware attacks on the US healthcare and public health sector to fund cyber operations including spying on US and South Korean defense sector and defense industrial base organizations. The advisory cautioned ransomware victims in healthcare and critical infrastructure sectors against paying ransoms, citing the risk of sanctions and no guarantee of recovery. North Korean cyber actors have used a variety of tactics, techniques, and procedures (TTPs) to execute ransomware attacks against healthcare targets and have exploited new software vulnerabilities, according to the advisory.
READ THE STORY: DARKReading
Chinese chip designer Unisoc seeks to raise $1.5 billion in private funding
FROM THE MEDIA: Chinese chip design company Unisoc is seeking to raise CNY10bn ($1.5bn) in a new funding round, which will value the company at CNY70bn ($10.3bn), according to anonymous sources. The company has approached several state-backed investment funds for the round, with the goal of reaching a shortlist of investors by mid-March and closing the round by the end of June. The fundraising is part of China's wider efforts to boost its domestic chip sector, as it aims to become more technologically self-sufficient, while the US has put in place export controls to limit Beijing's technological and military advances.
READ THE STORY: ET
Artificial intelligence now a match for natural ignorance
FROM THE MEDIA: The advancement of artificial intelligence (AI) has made traditional end-user security training less effective in protecting organizations from cyber attacks. AI-powered threats are becoming more sophisticated and harder to detect, which makes it difficult for even well-trained employees to spot them. As a result, organizations are finding that traditional end-user security training is becoming less effective in protecting against these types of threats. Tools like ChatGPT, an AI from OpenAI, have the potential to remove the last detectable element of many scams, spams, and phishes. However, we can still teach users to be suspicious and to verify communications that involve access to information or have monetary elements.
READ THE STORY: SCMAG
Lazarus hackers use new mixer to hide $100 million in stolen crypto
FROM THE MEDIA: North Korean hackers from the Lazarus Group have laundered around $100 million in stolen Bitcoin since October 2022 using a single crypto-mixing service called Sinbad, according to blockchain analysts. The Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against cryptocurrency mixing services Blender and Tornado Cash that Lazarus had used to launder close to $500 million in illicitly obtained cryptocurrency last year. Although OFAC sanctions did not stop Tornado Cash, they put a stop to Blender, whose operator reportedly disappeared after taking almost $22 million in Bitcoin. Elliptic co-founder and chief scientist, Tom Robinson, says that the Sinbad service is "relatively small" but has been used to launder funds stolen by the Lazarus group.
READ THE STORY: BleepingComputer
Pepsi Bottling Ventures says info-stealing malware swiped sensitive data
FROM THE MEDIA: Pepsi Bottling Ventures, America's largest manufacturer and distributor of Pepsi-Cola beverages, has notified customers that their network has been breached and sensitive personal and financial information has been stolen. The company discovered the unauthorized access on 10 January 2023 and has confirmed that the incident occurred around 23 December 2022. The intruders gained access to internal IT systems, installed malware and stole customer information such as names, addresses, email addresses, government-issued identification, social security numbers, and passport information. Additionally, they also stole a limited number of people's passwords, PIN codes, and other access numbers, as well as digital signatures, benefit and employment information, and health insurance claims and policy numbers. Pepsi Bottling Ventures has reported the attack to law enforcement and is offering customers a year's worth of free identity monitoring services from Kroll.
READ THE STORY: The Register
Israel’s top tech university postpones exams after ransomware attack
FROM THE MEDIA: Technion, Israel's leading technology university, suffered a cyberattack on Sunday by a previously unknown group called DarkBit, which left a ransom note demanding 80 bitcoins ($1.7 million) to recover the university's data. The attack appears to be ideological, and the group's message accuses Israel of "apartheid regime." Technion's systems were shut down, and exams scheduled for this week have been postponed. The university has disabled its networks and communication channels while the incident is investigated. The group threatened to increase the ransom if the university doesn't pay. The investigation is ongoing.
READ THE STORY: The Record
Chinese Tonto Team Hackers’ Failed Attempt On Group-IB Fails
FROM THE MEDIA: In June 2022, the Tonto Team, a suspected Chinese hacker gang, attempted to target the cybersecurity firm Group-IB but was unsuccessful. This group has been connected to attacks against a variety of Asian and Eastern European targets and is reported to have connections to the Third Department of the People’s Liberation Army’s Shenyang TRB. They have been active since at least 2009 and use spear-phishing enticements with malicious attachments made using the Royal Road Rich Text Format exploitation tools to drop backdoors like Bisonal, Dexbia, and ShadowPad. The group's primary objectives are espionage and intellectual property theft.
READ THE STORY: Information Security Buzz
Russia likely to spy more on Norway's energy industry, say Norway security police
FROM THE MEDIA: Russia is likely to increase efforts to gather intelligence about Norway's oil and gas infrastructure as part of a bid to pressure European energy supplies, according to a new annual threat assessment by the Norwegian police security agency. However, Russia is unlikely to conduct acts of sabotage in Norway in 2023. PST Chief Beate Gangaas noted that Moscow is likely to prioritize actions such as illegal gathering of intelligence, theft of information, cyber operations or cultivating sources, and that sabotage of Norwegian energy infrastructure is deemed a risky step for Russia. Norway has become Europe's largest gas supplier after a drop in Russian gas flows, following the war in Ukraine.
READ THE STORY: Market Screener
451 PyPI packages install Chrome extensions to steal crypto
FROM THE MEDIA: More than 450 malicious Python packages were discovered installing malicious browser extensions to hijack cryptocurrency transactions made through browser-based crypto wallets and websites. The malicious packages are being promoted through typosquatting, where threat actors impersonate popular packages with slight variations in names. They are also using a novel obfuscation method involving Chinese ideographs in function and variable names to evade detection. When a web browser is launched, the malicious extension will replace the copied cryptocurrency address with a set of hardcoded addresses under the threat actor’s control. The threat actors have now added cryptocurrency addresses for Bitcoin, Ethereum, TRON, Binance Chain, Litecoin, Ripple, Dash, Bitcoin Cash, and Cosmos.
READ THE STORY: BleepingComputer
‘Pig butchering’ scams on the rise, luring victims with promises of relationships and riches
FROM THE MEDIA: Scammers are using Valentine's Day to deceive people in so-called "pig butchering" scams, warns cybersecurity firm Sophos. These scams often begin with friendship and romance-related content and involve a fake website or app posing as a trading platform or another money-making scheme. Sophos researcher Sean Gallagher detailed two such scams in a new report. In one, a fraudster claimed to have an uncle who was a former Goldman Sachs analyst, while in the other, a Chinese fraud ring ran a cryptocurrency trading scam using a fake app called TradingView. Sophos has shared details of the scams with Apple, Google and US law enforcement agencies.
READ THE STORY: Cyberscoop
DLL Side-Loading: How to Combat Threat Actor Evasion Techniques
FROM THE MEDIA: CrowdStrike explains the DLL side-loading technique, which is a frequently used tactic by threat actors to load a malicious DLL via a benign executable. This technique takes advantage of Windows behavior of loading the DLL from where the application was loaded prior to other locations. DLL side-loading is often used for lateral movement, persistence, and post-exploitation by threat actors. CrowdStrike's Falcon platform has significant capabilities to deal with DLL side-loading, including Detect on-Write, behavioral indicators of attack, machine learning, and Advanced Memory Scanning (AMS). AMS is a new layer of protection that stops threats like malicious DLL side-loading techniques and fileless threats earlier in the kill chain. AMS performs targeted scans against real threats and remains highly performant. The EPP Content team dove into the malicious DLL and extracted a set of artifacts for AMS, developed customized triggers based on suspicious behaviors, and delivered memory scan specifications to Falcon customer endpoints in real-time. The Falcon platform prevents malicious execution of the binary used in DLL side-loading examples.
READ THE STORY: CrowdStrike
Russian cybercrime syndicate sanctioned following spree of attacks
FROM THE MEDIA: The US and UK have jointly imposed sanctions on seven members of the Russian malware gang Trickbot in a bid to crack down on cybercrime. The sanctions mean that assets belonging to the sanctioned individuals will be seized, while travel bans will be put in place. The sanctions were made in response to Trickbot's prolific year of cyberattacks, which resulted in the group making at least $724m in illicit gains, according to a report by cybersecurity firm Chainalysis. In the statement announcing the sanctions, the UK said Trickbot had been carrying out attacks in line with "Russian state objectives".
READ THE STORY: Coingeek
The spies never really went away
FROM THE MEDIA: The recent news of the US shooting down suspected Chinese surveillance balloons and China accusing the US of violating its airspace with spy balloons highlights the resurgence of espionage in modern times. The spy wars of the Cold War era, glamourized by Ian Fleming's James Bond novels and films, never really went away, and with the arrival of the internet, a whole new front opened in the spy wars. Espionage remains an ongoing conflict between nations, with accusations of cyber warfare, election interference, and targeted assassinations.
READ THE STORY: The Spectator
Russian hackers ‘disrupt Turkey-Syria earthquake aid’ in cyber attack on NATO
FROM THE MEDIA: Russian hackers from the Killnet group launched a distributed denial of service (DDoS) attack on NATO, disrupting communication with a C-17 plane providing earthquake aid to Turkey and Syria. The multi-national Strategic Airlift Capability, which relies on NATO support, was also impacted. The hackers, who aim to disrupt military and government websites of countries that support Ukraine, claimed responsibility on Telegram for the attack. The NATO Special Operations Headquarters website and other associated websites went down for a couple of hours, although the majority of NATO websites are now said to be functioning normally.
READ THE STORY: Independent
Botnet Attacks: A Growing Threat Available on the Dark Web for Less Than $45
FROM THE MEDIA: A botnet attack is a type of cyber attack that uses a group of connected devices to overwhelm a target network with a high volume of false traffic. The main purpose of a botnet is to execute a Distributed Denial of Service (DDoS) attack that can make a website or an entire server inaccessible. Such attacks can be ordered by competitors or financially motivated threat actors, and the cost of a DDoS attack can range from $45 to $850 on the dark web. Some cybercriminals use DDoS attacks as a way to demand ransom, and ransomware groups are known to pair DDoS attacks with their ransomware attacks. To prevent and mitigate the damage caused by botnet attacks, businesses should patch up vulnerabilities, keep software updated, build a network that can sustain large volumes of traffic, and use cloud-based security solutions to detect and stop botnet attacks on time.
READ THE STORY: The Hack Post
The Lessons From Cyberwar, Cyber-in-War and Ukraine
FROM THE MEDIA: The war in Ukraine has highlighted the use of cyber technology in modern warfare, which is inextricably linked with economic, psychological, and information warfare. Cyber technology is used before, during, and after the kinetic phase of warfare, and its role in the exertion of power is becoming increasingly important. Cyber warfare is usually used by nation-states to degrade the adversary's critical infrastructure, while cyber-driven propaganda attempts to destroy morale and influence open-source or military-specific environments. The use of cyber technology in warfare is expected to continue to evolve with the development of artificial intelligence and robotics.
READ THE STORY: Securityweek
Facial recognition’s latest foe: Italian knitwear
FROM THE MEDIA: Italian fashion tech startup Cap_able has created a line of clothing called the Manifesto Collection, which is designed to confuse facial recognition software. Founder Rachele Didero has created patterns that make the technology misidentify things, including hidden animals, people, and other shapes that draw the attention of the algorithms. Cap_able tested the clothing with a deep learning algorithm called YOLO, which identifies and classifies objects, and the clothing has a success rate of around 60% with YOLO. The Manifesto Collection is part of a broader fight for privacy, with Cap_able’s clothing seen as just one tool in the effort to protect privacy.
READ THE STORY: The Record
Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players' Systems
FROM THE MEDIA: An unknown attacker created malicious game modes for the Dota 2 video game that exploited a high-severity flaw in the V8 JavaScript engine, allowing remote code execution and potential establishment of backdoor access to players' systems. Avast researchers discovered the rogue game modes and reported the issue to Valve, who addressed it by upgrading the version of V8 in the game. The malicious game modes managed to slip through Valve's vetting process, but have since been taken down. It is unclear what the attacker's end goals were, but Avast notes that the exploit could have been used for larger-scale attacks.
READ THE STORY: THN
Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw
FROM THE MEDIA: Apple has released security updates for iOS, iPadOS, macOS, and Safari to address CVE-2023-23529, a zero-day vulnerability in the WebKit browser engine that has been actively exploited in the wild. This is the second actively exploited type confusion flaw in WebKit to be patched by Apple in as many months. The update also resolves a use-after-free issue in the Kernel (CVE-2023-23514), which was reported by Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero, as well as a privacy defect in Shortcuts that a malware-laced app can take advantage of.
READ THE STORY: THN
Threat Inflation: Balloon Imbroglio Just a Taste of China's Espionage
FROM THE MEDIA: The shooting down of a Chinese spy balloon by the US has brought up questions about the use of balloons for espionage and their potential threat to the West, but the actual challenges that the West is facing with China are cyber-espionage and managing tensions in an era of great power rivalry. Spy balloons are a fraction of what China can collect from its espionage programs, which are pervasive and far more damaging to Western economies and national security. The spy-balloon incident raises long-term challenges for how the West will manage its relations with China, as China's choice to use a highly visible intelligence-collection device over the US raises serious questions about its intentions and communication agreements.
READ THE STORY: Newsweek
Items of interest
What to expect from the upcoming national cyber strategy
FROM THE MEDIA: The US federal government is expected to release its new national cyber strategy this week, which will likely emphasize the use of existing federal regulatory authorities and potential legislative options to address cybersecurity risks across critical infrastructure and other sectors. While the strategy does not propose many specific restrictions or mandates, it aims to establish a common "floor" of cybersecurity expectations across industries and to allocate responsibility for cybersecurity more equitably across the ecosystem. The strategy will also include pillars to improve coordination between the government and private companies around cyber threats, to invest in emerging technologies like quantum-proof encryption, and to strengthen international partnerships to set global security standards. Additionally, the strategy will likely emphasize the need to disrupt and degrade command-and-control infrastructure used by hacking groups, particularly cybercriminals.
READ THE STORY: SCMAG
How to Write Articles in Bulk | Article Generator - OpenAI Automation (Video)
FROM THE MEDIA: In this video, the author demonstrates how to automate the process of writing articles in bulk using Open AI and Google Docs. The video begins by explaining how to connect a Google Sheet to Open AI to capture the data. It then shows how to provide prompts to the AI model to generate the articles. The video also explains how to set up the article generator, change the permission of the Google Drive folder, and add the document link to a Google Sheet. The final step is to send an email notification once the articles are generated. The process is demonstrated step by step, making it easy for anyone to follow along and create their own article-generating automation.
ChatGPT Full Course | Automate Useful Professional Tasks using Open AI | Includes 10 Projects (Video)
FROM THE MEDIA: In this video, the user demonstrates how to use the AI-powered chatbot ChatGPT to automate various professional tasks. The tasks include formatting an email, creating a schedule, generating performance reports, prioritizing tasks, creating a cover letter for a job, and researching and comparing software options. The video provides a full course on how to use Open AI to automate useful professional tasks, including 10 projects, and discusses how ChatGPT can help with creating a professional resume and cover letter.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.