Sunday, February 19, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
Spy Balloon Lifts Veil on China’s ‘Near Space’ Military Program
Analyst Comments: “Near space” refers to the portion of the atmosphere too high for traditional aircraft but too low for satellites. The program aims to exploit this area for military purposes, including intelligence gathering, surveillance, and reconnaissance. China has been researching and developing high-dynamic and low-dynamic craft such as hypersonic cruise vehicles, sub-orbital vehicles, stratospheric airships, high-altitude balloons, and solar-powered unmanned vehicles. The country has been working on these technologies for more than a decade and has made significant advancements. The United States has also explored near-space technology but has not made significant progress in recent years.
FROM THE MEDIA: China's state-controlled media has been discussing the potential military applications of the "near space" program, which focuses on exploiting the part of the atmosphere too high for traditional aircraft and too low for a satellite to remain in orbit, for over a decade. Chinese media reports dating back to at least 2011, with the People's Liberation Army Daily highlighting "near space" as a "strategic asset." Experts suggest that the potential capabilities of the balloon that was shot down by a US jet fighter on Feb. 4 may have been influenced by these reports. The United States has had no further development of operational stratospheric airships since Lockheed Martin's 2011 technology demonstrator test, and experts suggest that the US needs to emulate China's investment in near-space assets.
READ THE STORY: VOA
Russian diplomats were ordered out of the Netherlands
Analyst Comments: The accusation that Russia has been trying to smuggle spies into the Netherlands under diplomatic cover highlights concerns about Russian espionage and raises questions about the integrity of diplomatic relations between countries. This move by the Netherlands, in coordination with other like-minded countries, is also likely to trigger a diplomatic response from Russia, potentially leading to further deterioration of relations between Russia and the West.
FROM THE MEDIA: The Dutch government has ordered a number of Russian diplomats to leave the country, accusing Moscow of trying to smuggle spies into the Netherlands. This comes in the wake of a diplomatic dispute that began after Russia's invasion of Ukraine nearly a year ago. The Dutch Foreign Affairs Minister, Wopke Hoekstra, stated that despite attempts by the Netherlands to find a solution, Russia continues to attempt to get intelligence officers into the country under diplomatic cover, and the government cannot and will not allow it. Several European countries have expelled dozens of Russian diplomats suspected of espionage. Russia has responded by expelling a number of diplomats from countries including the Baltic States and Ireland.
READ THE STORY: The Washington Post
ASML’s big bet on China is starting to backfire over data thefts
Analyst Comments: ASML is crucial for the chip industry, and no other company has mastered the technology of burning the complex patterns that give chips their function onto disks of silicon the way ASML has. The company has a near monopoly on the most advanced lithography systems, making it a critical cog in the industry and a target for spying. The recent disclosure that a former employee stole technical information has raised concerns about tighter controls on ASML, which is caught in the middle of escalating political tensions.
FROM THE MEDIA: The CEO of Dutch chip technology company ASML Holding, Peter Wennink, faces mounting questions over the risks associated with the company's growth in China. The disclosure this week that a former employee had taken technical information from the company could spark tighter controls on ASML as the US and its allies aim to limit China's access to semiconductor technology. Caught in the middle of escalating political tensions, Wennink has attempted to defend the company's presence in China and has pointed to its long history of defending technology and maintaining its lead in the market. As the US and Europe seek to onshore key components and unwind aspects of globalization, analysts estimate that new restrictions could be limited to no more than 4% of the company's revenue.
READ THE STORY: AJOT
Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks
Analyst Comments: Historically, several instances of cyber espionage have targeted telecommunications companies, including Operation Soft Cell, Light Basin, APT10, and Operation Cleaver. These groups, often state-sponsored, have used various methods to steal data and track specific individuals, including hacking into carrier networks and stealing call data records and customer data.
FROM THE MEDIA: A new cyber-espionage campaign targeting telecommunications companies in the Middle East has been uncovered by SentinelOne, which is tracking the activity as WIP26. The campaign involves the use of public cloud infrastructure for malware delivery, C2, and exfiltration to avoid detection. SentinelOne observed WhatsApp messages containing a Dropbox link that promised poverty-related documents but instead delivered two backdoors, which were used to collect data and conduct reconnaissance, among other things. The company believes the motive behind the WIP26 activity is related to espionage, which has been a prime motivation behind previous cyberattacks against telecommunications providers.
READ THE STORY: DARKReading
Concerns and impatience over mining the world’s seabeds
Analyst Comments: Conservation groups fear that mining contracts could be awarded without the necessary protections provided by a mining code, leading to habitat destruction, environmental damage, and the disruption of the ocean's ability to absorb human-emitted carbon dioxide. Scientists and advocacy groups are calling for a moratorium on mining, while mining companies and island nations are emphasizing the world's need for metals used in electric-vehicle batteries.
FROM THE MEDIA: The possibility of large-scale mining of the Pacific Ocean's depths for valuable minerals has increased, raising concerns among environmentalists. The International Seabed Authority, which is responsible for regulating the ocean floors outside member states' Exclusive Economic Zones, has two contradictory missions of protecting the sea floor and organizing the activities of industries that wish to mine the ocean floor's untapped resources, according to conservation groups. Currently, around 30 research centers and enterprises have been authorized to explore and not exploit limited areas. However, the mining activities cannot begin until negotiators adopt a mining code, which has been under discussion for almost a decade. The government of Nauru has threatened to request a mining contract for Nori, a subsidiary of The Metals Company, which could be approved without the protections provided by a mining code, according to NGOs.
READ THE STORY: Digital Journal
Semiconductor industry giant says ransomware attack on supplier will cost it $250 million
Analyst Comments: Ransomware poses a huge risk for the semiconductor industry because of the complex supply chain involved in semiconductor manufacturing. The supply chain includes multiple third-party manufacturers, software developers, and service providers who may not have the same level of security as the primary semiconductor manufacturers. This makes them easy targets for cybercriminals seeking to gain access to sensitive information and disrupt operations. Ransomware attacks on these supply chain links can cause major disruptions and have far-reaching impacts on industries that rely on semiconductors, including shortages, increased costs, and other economic and social consequences.
FROM THE MEDIA: Applied Materials, a technology provider for the semiconductor industry, said during an earnings call that a ransomware attack on one of its suppliers would cost it $250 million in the next quarter. The supplier was not identified, but it is believed to be technology and engineering company MKS Instruments, which recently had to reschedule its own earnings call due to a ransomware attack. The attack highlights concerns that cybercriminals may begin to target smaller, weaker links in supply chains as larger companies improve their cybersecurity measures. The semiconductor supply chain is a vital and complicated segment of the global economy.
READ THE STORY: The Record
Expect more sanctions and hacking operations on ransomware groups, top Justice official says
Analyst Comments: The commitment of the US and its allies to combating cyber threats, including ransomware attacks, highlights the importance of proactive measures such as sanctions and hacking operations. The use of international collaboration will be critical to the success of any efforts to combat cybercrime, especially those that could impact the supply chain or critical electronic components.
FROM THE MEDIA: Deputy Attorney General Lisa Monaco announced at the Munich Cyber Security Conference that the US, together with its international partners, will continue to target ransomware groups using more sanctions and hacking operations. Monaco emphasized the importance of collaboration in the fight against ransomware, adding that all notable cyber disruptions have an international aspect. She also cited previous successful operations such as the takedown of the Hydra darknet marketplace with the help of German colleagues and the recent hacking of the Hive ransomware group, in which investigators infiltrated the network and passed decryption keys to victims. Monaco stated that more similar operations can be expected going forward.
READ THE STORY: The Record
Ukraine war: How drones, start-ups, and civilian spotters have reshaped conflict forever
Analyst Comments: The Ukraine war is a testing ground for the future of conflicts, with civilians and the private sector involved in shaping military capabilities, and defense manufacturers showcasing their weaponry. This highlights the changing nature of modern warfare and the significant role technology plays in it.
FROM THE MEDIA: The ongoing war in Ukraine has become a testing ground for military tactics and technology, with civilians and private companies becoming involved in new hybrid battalions. This includes the use of Western artificial intelligence software to sift through intercepted enemy mobile phone traffic and social media postings. The Ukrainian military is now more agile and creative than the Russian forces due to total mobilization across society, from mounting weapons on vehicles to rejigging sensors so American equipment is compatible with old Soviet jets. The conflict has also seen the use of an updated government app to report Russian military equipment and movements, and intelligence on officials collaborating with Moscow.
READ THE STORY: iNews
China is trying to strangle the world’s solar panel industry
Analyst Comments: China has been using intellectual property (IP) theft to corner markets in order to gain a competitive edge and consolidate its position as a world leader in these technologies. By stealing key know-how and using it to produce cheaper products, Chinese companies are able to dominate the market and push out competitors.
FROM THE MEDIA: China is looking to restrict the export of key components used in the manufacture of solar panels, which could have a major impact on the European and American solar industries. The move comes almost nine years after China hacked the computers of SolarWorld, one of the biggest US solar tech companies, and stole key know-how. The hackers made the information available to Chinese competitors and heavily subsidized solar panels incorporating SolarWorld’s innovations were soon flooding the global market. China now produces 97% of the world’s wafers – the ultra-thin silicon squares that are pieced together into solar panels – and overall controls three-quarters of the solar energy supply chain. The case highlights the dangers of over-dependence on Beijing for critical technologies of the future and illustrates the impact of China’s industrial-scale cyber theft.
READ THE STORY: The Spectator
Here’s What Really Happens When You Browse Incognito
Analyst Comments: Private browsing modes offered by popular web browsers such as Safari, Firefox, and Chrome provide a certain level of online protection, but privacy experts say that these modes have limitations and may not offer complete protection against tracking and surveillance. Private browsing modes are best suited for protecting web activity from others who use the same device, reducing cross-site information sharing, and avoiding tracking across websites. However, it may not prevent third-party tracking or law enforcement tracking, and it doesn't provide protection against IP addresses, which can be used to geo-locate a user. Users can take additional steps to maximize digital privacy, such as using a VPN or browser like Tor (correctly configured).
FROM THE MEDIA: Incognito or private browsing mode is a feature in web browsers that allows users to browse the web without saving any data to the browser or device, such as cookies, history, and login information. However, it doesn't prevent websites from tracking users, and it doesn't make the user completely anonymous. Internet service providers, employers, and the government can still track the user's online activities. Additionally, if the user is logged into Google or another service, the search patterns can still be tracked. Private browsing mode can prevent local users from seeing the search history and allow users to avoid tracking by websites and ad networks. But for better online anonymity, using virtual private networks (VPNs) or Tor is recommended, although these options are not foolproof and suffer from many misconceptions.
READ THE STORY: Twisted Sifter
Dexible aggregator hacked for $2M via ‘selfSwap’ function
FROM THE MEDIA: Dexible, a multichain exchange aggregator, has suffered a hack that resulted in $2 million worth of cryptocurrency being lost. The team said that an attacker had used the app's selfSwap function to move over $2 million worth of crypto from users that had previously authorized the app to move their tokens. The attacker used this function to route a transaction from Dexible to each token contract, moving users' tokens from their wallets into the attacker's own smart contract. The team said it was "actively working on a remediation plan" and has urged users to revoke token authorizations for the app.
READ THE STORY: Coin Telegraph
Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy
FROM THE MEDIA: Fortinet has released security updates to address 40 vulnerabilities in its software, including FortiWeb, FortiOS, FortiNAS, and FortiProxy. Of these, two are critical, 15 are high, 22 are medium, and one is low in severity. One of the critical flaws is located in the FortiNAC network access control solution, which could lead to arbitrary code execution. The second critical flaw is a set of stack-based buffer overflow in FortiWeb's proxy daemon that could enable an unauthenticated remote attacker to achieve arbitrary code execution via specially crafted HTTP requests. These flaws were internally discovered and reported by Fortinet's product security team.
READ THE STORY: THN
DeFi platform Platypus says nearly $9 million in crypto stolen in flash loan attack
FROM THE MEDIA: Decentralized finance (DeFi) platform Platypus reported that a hacker had stolen around $8.5 million in cryptocurrency. The company said the attacker had used a flash loan attack, which artificially raises the price of a digital coin before dumping it at a profit. On Friday, Platypus stated it had worked with blockchain security firm BlockSec to recover $2.4 million worth of USDC, a cryptocurrency pegged to the U.S. dollar. The company said it is negotiating with Binance, Tether, and Circle to freeze the funds of the hacker and prevent further losses. Flash loan attacks have become popular among hackers targeting DeFi platforms. The hacker behind the attack on Mango Markets was arrested by federal authorities and charged with commodities fraud and manipulation.
READ THE STORY: The Record
CISA urged to add 8 severe ransomware bugs to the vulnerability catalog
FROM THE MEDIA: A new report from Cyber Security Works, Ivanti, Cyware, and Securin warns that eight of the 131 ransomware-associated vulnerabilities that are not yet included in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog (KEV) are considered the most dangerous because they could be easily exploited from initial access to exfiltration. Researchers identified 57 extremely dangerous ransomware-associated vulnerabilities with complete kill chains, eight of which are excluded in the KEV. The Ivanti research team has reached out to CISA to recommend including all of the severe vulnerabilities in its KEV catalog. CISA published the KEV catalog in November 2021 to help organizations manage vulnerabilities and prioritize remediation for free.
READ THE STORY: SCMAG
New power system cybersecurity architectures can be ‘vaults’ against insider attacks, analysts say
FROM THE MEDIA: The increasingly distributed nature of the power system is widening its attack surface, and utilities need new cybersecurity strategies to counter sophisticated intrusions, according to security analysts. Every piece of hardware and software added to the power system has vulnerabilities, and insider access through firewalled internet technology to vital operations technology is possible, making traditional security insufficient. Instead, analysts suggest a new zero-trust paradigm with multiple levels of authentication and monitoring. A distributed cybersecurity architecture that mirrors the structure of the distribution system can provide both rapid automated distributed protections for distributed resources and layers of protections for core assets. However, the new strategies remain at the concept stage, and many utilities remain unwilling to take on the costs and complexities of cybersecurity modernization.
READ THE STORY: Utility Drive
Massive GoAnywhere RCE Exploit: Everything You Need to Know
FROM THE MEDIA: A vulnerability in GoAnywhere, a Windows-based file-sharing software from Fortra, has led to a number of successful ransomware attacks. The bug, which is tracked as CVE-2023-0669, allows hackers to remotely execute code in target systems without the need for authentication. Despite Fortra releasing a patch, the Clop ransomware gang claimed to have exploited CVE-2023-0669 in over 130 organizations. It's unclear whether more organizations are still at risk. The bug can be exploited remotely if an organization's GoAnywhere administration port is exposed on the Internet.
READ THE STORY: DARKReading
The Clop Ransomware Gang: Sinister Attacks Against the Healthcare Industry
FROM THE MEDIA: The Clop ransomware gang is targeting the healthcare sector with a new tactic: sending ransomware-infected medical files which appear to come from legitimate doctors and pose as the patient and request a medical appointment. Healthcare is vulnerable due to factors such as the widespread use of medical hardware with long service life, the complex and interconnected nature of healthcare systems, and the vast amounts of sensitive data collected and stored. Healthcare organizations are more likely to pay ransoms than any other industry due to the critical nature of the targeted data. Healthcare CISOs can take measures such as deploying AI-based security, subscribing to a managed detection and response service, and having an in-house Incident Response team or signing an IR team retainer.
READ THE STORY: Blackberry
NASA conducting cybersecurity review of Deep Space Network tracking site
FROM THE MEDIA: NASA's popular Deep Space Network (DSN) Now website has been taken down for a "preemptive cybersecurity review" related to the future crewed Artemis missions. The website provided real-time data and insights into what antennas at each DSN site were receiving and transmitting from missions across the solar system. NASA's Jet Propulsion Laboratory (JPL) stated that DSN Now would remain offline during the review, but it did not estimate how long it would take. NASA's use of the DSN by Artemis 1 had already affected other major users of the network, such as the James Webb Space Telescope, and the demand for DSN time would far exceed capacity in the next decade.
READ THE STORY: SN
Europol busts ‘CEO fraud’ gang that stole €38M in a few days
FROM THE MEDIA: Europol, in collaboration with law enforcement agencies from France, Croatia, Hungary, Portugal, and Spain, has dismantled a CEO fraud group using business email compromise (BEC) attacks to divert payments from organizations to bank accounts under the hackers' control. During the crackdown operation, the authorities arrested eight suspects, seized electronic equipment and cars, and froze bank accounts holding a total of €5,100,000 and another €350,000 in digital assets. The fraudsters impersonated CEOs to trick employees in the financial departments of target organizations into making payments to bank accounts under the scammers' control. In one instance, the group managed to steal €38,000,000 within a couple of days. The fraudsters quickly moved the stolen money across Europe and China, and eventually cashed it out in Israel. The investigation that led to the dismantling of the criminal network started in December 2021 and unfolded gradually over five days between January 2022 and January 2023.
READ THE STORY: Barrons
FBI detects, contains a cyber attack on New York office
FROM THE MEDIA: The FBI has confirmed that it recently contained a cyberattack on one of its computer systems, which is used in the investigation of images of child sexual exploitation. The agency stated that it is aware of the incident and working to gain more information and that the incident has been isolated and contained. The origin of the attack is still under investigation, but sources have indicated that it may have occurred in the FBI's New York Field Office, which is one of its largest and most prominent offices. This is not the first time that the FBI has been targeted by hackers, as it was previously compromised in November 2021 when a threat actor used the bureau's external email system to send thousands of spam emails warning of a fake cyberattack to hundreds of thousands of organizations.
READ THE STORY: IT World Canada
The curious case of Japan’s crime rate
FROM THE MEDIA: Japan's crime rate saw a sharp rise in 2022, the first in 20 years. However, Japan's crime statistics are viewed as paradoxical by criminologists, with the nation known for low street crime and high levels of safety but also for fraud and cybercrime. Japan's "penal code offenses known to the police" metric is believed to be manipulated, and the figures projected do not reflect the reality of criminality in the country. The police budget is hefty, and the force has achieved success by highlighting its achievements as crime fighters. However, criminologists suggest that a fundamental shift in recording crime may be occurring, with a move to more realistic methods of tallying crime. An overhaul of how crime trends in Japan are measured may be necessary.
READ THE STORY: FT
Blockchain Technology in Cryptocurrency: Pros and Cons
FROM THE MEDIA: Blockchain technology has many advantages, such as enabling secure, decentralized transactions, increasing transparency, and reducing the need for intermediaries. These benefits have led to its rapid growth in the cryptocurrency industry, as well as in other industries such as finance, education, and real estate. However, there are also some challenges and disadvantages associated with blockchain technology. These include regulatory challenges, high energy consumption, scalability issues, and security risks. As technology continues to evolve, it is expected that these challenges will be addressed, leading to further developments and advancements in the industry. Overall, blockchain technology has the potential to revolutionize numerous industries and make the history of digital assets unalterable and transparent.
READ THE STORY: Analytics Insight
ProxyShellMiner: New Cryptojacking Campaign Is Exploiting Microsoft Exchange Servers
FROM THE MEDIA: Security researchers at Morphisec have uncovered a cryptojacking campaign, dubbed ProxyShellMiner, which exploits three vulnerabilities in Microsoft Exchange servers to install a Monero miner on compromised machines. The campaign leverages arbitrary file write, the elevation of privilege, and remote code execution vulnerabilities in Exchange servers to gain remote code execution and execute commands on the target servers. The campaign was first detected by Morphisec in August 2021, when the company observed an increase in malicious PowerShell scripts being executed on customers' machines. The scripts were downloaded from compromised websites hosting web shells written by the attackers using CVE-2021-34473. Once the attackers have gained a foothold, they can deploy backdoors and execute code. Microsoft released patches for these vulnerabilities in April and May 2021, as part of their monthly security updates, so the best way to protect against ProxyShellMiner is to apply the latest security updates for Exchange servers.
READ THE STORY: WinBuzzer
Items of interest
Belgium institutes nationwide vulnerability disclosure policy
FROM THE MEDIA: Belgium has become the fourth European country, after France, Lithuania, and the Netherlands, to establish a legal way for cybersecurity researchers to report software and hardware bugs to organisations and the government. The rules make it clear that they are only for people with good intentions and no intention to cause harm, and researchers must report vulnerabilities to the relevant company or institution as soon as possible, with the understanding that it is not a license for anyone to hack businesses. The discoverer cannot demand a reward or payment unless it was agreed upon beforehand. The US has updated its own rules around vulnerability reporting to protect researchers.
READ THE STORY: The Record
Russian/Ukrainian cyber conflict, OpIsrael 2022, Is DDoS still a Crime (Video)
FROM THE MEDIA: The video discusses several topics related to recent cyber conflicts, including the Russian-Ukrainian cyber conflict, OpIsrael 2022, and whether DDoS is still a crime. The hosts cover various aspects of the conflict, including pre-invasion cyber attacks, gamification of cyber warfare, and the role of organized crime. They also provide updates on cyber attacks by various groups, including Lizard Squad and Sandworm, and discuss the use of botnets for DDoS attacks. The hosts also touch on the controversy surrounding the use of open-source software and the impact of DDoS attacks on civilian infrastructure.
You are in a Cyber War. Don't be a dumb*** and try to ignore it (Video)
FROM THE MEDIA: The video is about the importance of understanding and being prepared for cyber warfare. The guest, John, talks about his background in cyber security and how he got into the field. He emphasizes the need to treat advanced threats differently and to understand the human motivations behind them. He also discusses the importance of investing in human capital and suggests some resources for learning about cyber security. The speaker also touches on the issue of certifications and suggests doing the research before pursuing them.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected to cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.