Saturday, March 04, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob
A year of wipers: How the Kremlin-backed Sandworm has attacked Ukraine during the war
Analyst Comments: Sandworm is a Russian state-sponsored hacking group that is believed to operate under the control of the Russian military intelligence agency GRU. The group has been active since at least 2014 and has been responsible for a number of high-profile cyberattacks against various targets around the world, particularly in Ukraine. Sandworm has been known to use a range of different tactics, including the deployment of sophisticated malware, the exploitation of software vulnerabilities, and the use of social engineering techniques to trick victims into clicking on malicious links or downloading infected files. The group's primary objective appears to be to disrupt and damage the computer networks of its targets, although it is not always clear what specific goals it is pursuing or what information it is trying to steal.
FROM THE MEDIA: The Sandworm hacking group, believed to be linked to the Russian military intelligence agency GRU, has been relentlessly targeting Ukraine with various types of malware strains, including wiper attacks, since the start of the war in Ukraine. Sandworm's primary goal is to either destroy Ukrainian networks or steal valuable data, and it uses destructive attacks disguised as ransomware to cover its tracks and make it difficult for researchers to attribute the attacks to a state-sponsored group. While the group's recent attacks have not had a major impact on its targets, cybersecurity experts and government officials expect the number of cyberattacks, including from Sandworm, to increase as Ukraine and Russia prepare for a major spring offensive. Sandworm's key targets in Ukraine include government agencies, and entities in energy, media, and logistics. The group also targets Ukraine's allies and contributes to information operations by distributing conspiracies.
READ THE STORY: The Record
EPA takes steps to address cybersecurity weaknesses at water utilities
Analyst Comments: There have been several historic cyber attacks on water supply systems. In 2015, the Ukraine power grid was targeted by a cyber attack that caused widespread power outages, and it was later discovered that the same group had also targeted a water treatment plant. In 2016, a water utility in Michigan reported a breach of its computer system, which resulted in unauthorized access to its process control system. In 2018, a cyber attack on a water treatment plant in North Carolina resulted in the release of over a million gallons of untreated wastewater. And in 2021, a cyber attack on a water treatment plant in Florida resulted in an attempt to increase the levels of sodium hydroxide (lye) in the water supply to dangerous levels.
FROM THE MEDIA: The US Environmental Protection Agency (EPA) has issued a memorandum calling on states to include cybersecurity in audits of public water systems in response to the increasing number of attacks on the sector. Many public water systems have not adopted basic cybersecurity measures, leaving them vulnerable to dangerous digital attacks. The Safe Drinking Water Act requires that states assess the physical operational capacities of drinking water systems, and the EPA's action is a reinterpretation of this act, stating that cybersecurity is now on the same level as physical threats and needs to be examined alongside it. The audits, called "sanitary surveys," are conducted by state-level agencies, and the EPA is providing technical assistance and resources to help officials implement cybersecurity programs. State officials have welcomed the measures and are already working to implement them. Cybersecurity experts note that cybersecurity in the water sector can be overwhelming for operators, but the EPA's self-assessment provides a non-prescriptive approach to ensuring water providers are paying attention to cybersecurity.
READ THE STORY: The Record
Amazon’s big dreams for Alexa fall short
Analyst Comments: Despite its widespread use, Alexa and other voice assistants have been plagued with security concerns. One of the main worries is the device's constant listening capability, which can lead to the unintentional or intentional recording of private conversations. Reports of Alexa recording conversations without prompt have surfaced, prompting worries about the safety of the personal data collected and stored by Amazon. Furthermore, hackers have taken advantage of weaknesses in the device's security to illegally access user accounts and confidential data. These security issues, coupled with a general distrust of voice assistants, have contributed to their lack of popularity among some users.
FROM THE MEDIA: Voice assistants from tech giants such as Amazon, Google, Apple, and Microsoft have fallen short of expectations and failed to live up to the hype, according to a report in the Financial Times. The report suggests that a “grow grow grow” culture among voice assistant makers has now given way to a focus on how devices can be monetized, resulting in significant job losses at Amazon’s Alexa team. Third-party manufacturers have created over 140,000 products that are compatible with Alexa, which is by far and away the leader in the US with an estimated 66% of the market. However, voice assistants have largely failed to monetize and have been unable to discover new apps or services that can offer users value.
READ THE STORY: FT
North Korea's food shortage is about to take a deadly turn for the worse, experts say
Analyst Comments: North Korea's chronic food shortages and potential famine are geopolitically important due to the potential for destabilization in the region. A humanitarian crisis could lead to a mass exodus of refugees seeking food and aid, putting pressure on neighboring countries like South Korea and China. Additionally, a weakened North Korea could lead to a power vacuum that could be exploited by outside forces.
FROM THE MEDIA: North Korea is facing severe food shortages, with reports suggesting that deaths from starvation are likely. The country's food supply has fallen below the minimum human needs threshold, according to research from the Peterson Institute for International Economics, and South Korean authorities believe that hunger-related deaths are occurring in some areas. Even before the Covid-19 pandemic, almost half of the North Korean population was undernourished, according to the UN Food and Agriculture Organization. Closed borders and isolation, coupled with years of economic mismanagement, have exacerbated the problem. North Korean leader Kim Jong Un has called for a revamp of the country's agricultural sector, but experts believe that his regime's isolationist policies and prioritization of missile testing are to blame for the situation.
READ THE STORY: KAKE
Chinese manufacturing booms in Mexico
Analyst Comments: Chinese companies are investing in Mexico to take advantage of the expansive North American trade deal, nearshore their production, and supply goods to the United States market, which is still the largest on earth. This is a broader trend known as nearshoring, where international companies are moving production closer to customers to limit their vulnerability to shipping problems and geopolitical tensions. The Mexican government has also been actively courting foreign investment, including from China, to boost economic growth and create jobs.
FROM THE MEDIA: In response to the challenges of the global economy, many international companies are moving production closer to their customers in a trend known as nearshoring. Chinese companies are following this trend, establishing factories in Mexico to supply Americans with goods such as electronics, clothing, and furniture. This move by Chinese companies to nearshore their production to Mexico reveals that the commercial forces linking the US and China are even more powerful than political tensions. The Mexican state of Nuevo León has been attracting foreign investment and courting Asian companies, such as those from China and South Korea, with a highly skilled workforce and infrastructure. Nuevo León has received nearly $7 billion in foreign investment since October 2021, with Chinese companies responsible for 30% of this investment. Many companies are also demanding that their suppliers set up plants in North America or risk losing their business after the pandemic disrupted the supply chain. Chinese companies such as Lizhong, a manufacturer of automobile wheels, and Man Wah Furniture Manufacturing have established factories in Mexico to take advantage of this trend. The Hofusan Real Estate joint venture, established by a Chinese partner and a corporate lawyer in Monterrey, plans to build a grid of warehouses and factories in the Mexican state. By establishing factories in Mexico and labeling their goods "Made in Mexico," Chinese companies can truck their products into the US duty-free, taking advantage of the expansive North American trade deal.
READ THE STORY: The New York Times // CGTN (Chinese)
Critical sectors at the heart of US cyber strategy
Analyst Comments: Cyberattacks on critical infrastructure sectors such as energy, food, and transportation can have devastating consequences. These sectors are essential to the functioning of society, and a successful cyberattack could disrupt the delivery of goods and services, cause economic damage, and even threaten public safety. For example, in 2015, a cyberattack on Ukraine's power grid left 230,000 people without power. In 2017, the WannaCry ransomware attack impacted hospitals in the UK, causing surgeries to be canceled and patient care to be disrupted. In 2021, the Colonial Pipeline ransomware attack caused widespread fuel shortages and panic buying in several US states.
FROM THE MEDIA: The Biden administration has released a 35-page memo outlining its strategy for defending the nation’s cybersecurity, with a focus on forging international partnerships and shoring up cyber defenses for critical sectors such as healthcare, energy, food, and transportation. Ransomware attacks, which have surged in recent years, are declared “a threat to national security” rather than just a criminal challenge. The administration aims to rebalance the responsibility for defending the nation’s cybersecurity away from individuals, small businesses, and local governments to organizations that are “most capable and best-positioned to reduce risks for all of us.” Lawmakers have praised the strategy, with some saying that it lays out the case for a more robust and engaged approach to defending critical infrastructure from a growing list of cyber threats. The administration is expected to release an implementation plan in the coming months.
READ THE STORY: The Hill
New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
Analyst Comments: The software supply chain for IoT devices is vulnerable to several threats, including malware injection, code tampering, compromised components, unauthorized access, lack of security testing, and supply chain disruptions. These threats can compromise the security and integrity of IoT devices, resulting in serious security breaches, compromised data, and compromised user privacy.
FROM THE MEDIA: Two serious security vulnerabilities have been discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, which could result in information disclosure or privilege escalation. The flaws could impact large tech vendors, enterprise computers, servers, IoT devices, and embedded systems that include a TPM. The TPM is a hardware-based solution designed to provide secure cryptographic functions and physical security mechanisms to resist tampering. The flaws were found by Quarkslab in November 2022 and are the result of a lack of necessary length checks that lead to buffer overflows, allowing local information disclosure or privilege escalation. The Trusted Computing Group (TCG) has released updates to address the vulnerabilities.
READ THE STORY: THN
Chinese tech giant to invest over $300 million in Africa’s data center and cyber security market
Analyst Comments: The African continent is home to a growing market with a young population and abundant natural resources, making it an attractive destination for Chinese investment. Additionally, China's pursuit of strategic and geopolitical interests, such as access to resources, new markets, and global influence, has also driven its interest in Africa. China views Africa as a key component of its global expansion efforts, and BRI investments in the continent's infrastructure, energy, and telecommunications sectors are expected to create new opportunities for Chinese companies and deepen economic ties between China and African nations.
FROM THE MEDIA: Huawei Technologies is set to invest over $300 million in Africa’s data centers and cybersecurity industries. The investment is aimed at developing capabilities to process massive and diversified computing power in data centers and helping enterprises against cyber threats. David Wang, Huawei's Executive Director of the Board, Chairman of the ICT Infrastructure Managing Board, and President of the Enterprise BG revealed the news during the 5th Industry Digital Transformation Summit at the 2023 Mobile World Congress in Barcelona-Spain. The firm will focus on connectivity, computing, cloud, and other digital technologies and will inspire innovation to drive industry digital transformation as organizations across the African continent deepen their investments in data centers and cybersecurity. The new solutions include a smart campus, Next-Generation enterprise flagship core switch, Easy Branch, Single Optix, multi-layer DC ransomware protection solution, unified DC DR product portfolio, CloudEngine 16800-X, OceanStor Dorado 2000, and OceanProtect X3000. These solutions will help government offices to become more efficient and offer a better user experience for public services.
READ THE STORY: Garowe Online
China To Train 5000 Security Forces From Developing Countries Over Next 5 Years. But, How Does Beijing Benefit
Analyst Comments: China's effort to expand its security influence globally is a potential global threat. As the leading superpower in Asia, China considers itself responsible for addressing global security challenges. One way it plans to do this is through a training program aimed at expanding its influence among the large student and officer communities in developing countries in Asia. By doing so, China may potentially spread its political ideology and security methods to countries around the world, creating a challenge to the current global security order.
FROM THE MEDIA: China plans to expand its security initiative abroad to address security challenges in non-conventional and digital areas, including counter-terrorism, cyber security, bio-security, and emerging technologies. Its Global Security Initiative (GSI) aims to train 5,000 security personnel from developing countries over the next five years and strengthen its global security influence. By expanding its influence globally, China aims to offset negative perceptions created by anti-China elements that suggest China is conducting hidden activities. Through academic channels, Beijing aims to influence the large student and officer communities in developing countries by promoting its methods of effectively enforcing security against a plethora of crimes.
READ THE STORY: The EurAsian Times
The Great U.S.-China Tech Decoupling: Perils of Techno-Nationalism
Analyst Comments: China is likely to continue with state support and subsidies to attain self-reliance in sensitive technologies and semiconductors while leveraging its rare-earth deposits. Private enterprises in the US are expected to offshore responsibilities to other countries and partners, and the US-led 'Chip 4' alliance comprising Japan, South Korea, and Taiwan is critical in such efforts. However, the US needs to be careful in its efforts to create a resilient technology partnership against China, especially as it enters a 'democracy versus autocracy' debate, and not all Indo-Pacific partners conform to Washington's understanding of democracy.
FROM THE MEDIA: The United States and China are in competition for technological advantage, with decoupling becoming a necessary strategy for the US as China speeds up its tech advancements. Such sentiments are supported by the bipartisan political consensus in Washington on the need to be tougher on China. However, decoupling bears costs and challenges for both the US and China, with areas like innovation, specialization, and costs all expected to be impacted in both countries by the tech decoupling. The US-China tech rivalry has become one of the most keenly observed areas in the emergent great-power discourse. The Biden administration has doubled down on these measures, speeding the decoupling process, with the CHIPS Act of 2022 being critical in fundamentally altering the US's relations with China. The long-raging debate between hawks and doves on China within the Biden administration seems to have ended with harsh and immediate steps being taken against China.
READ THE STORY: ORF
Chick-fil-A: 71,000 customers had financial information stolen during a cyberattack
FROM THE MEDIA: Fast food chain Chick-fil-A has revealed that more than 71,000 of its customers had their personal and financial data stolen during a breach lasting from December 2021 to February 2022. The stolen information included names, credit and debit card numbers, email addresses, and membership numbers. Some accounts also had additional information such as birthdays, phone numbers, and addresses. The company did not offer identity theft protection services to victims of the hack but instead took steps to restore balances to affected accounts and added rewards as a thank you to customers. The breach began with “suspicious login activity” connected to an unknown number of Chick-fil-A One account, with the hackers obtaining account credentials from a third-party source.
READ THE STORY: The Record
Ransomware hackers stole city of Oakland files, plan to leak sensitive data
FROM THE MEDIA: The city of Oakland has confirmed that files were taken during a ransomware attack that began in February and that some of this data, including sensitive personal and financial information, may be released publicly. Reports suggest that a criminal organization called PLAY ransomware group is responsible for the hack and has claimed it will release private and confidential data, financial, government, and employee information. Oakland has said that its non-emergency systems have been impaired by the attack, including its business tax collections and OAK311, and that it is working with third-party specialists and law enforcement on the issue.
READ THE STORY: The OaklandSide
In Blacklisting Inspur, US Targets Partner Used by Intel and IBM
FROM THE MEDIA: The US blacklisting of Chinese firm Inspur Group could have an unforeseen impact on American tech companies that have partnered with it to expand their footprint in China. Inspur is one of China's oldest IT brands and has become a server specialist, joining an informal club of Chinese national champions. It has partnered with foreign companies including Cisco, IBM, and Intel to enable their products to more easily gain Chinese approvals and pass security checks. Inspur's listed arm, Inspur Electronic Information Industry Co., fell 10% on Friday after the blacklisting was announced.
READ THE STORY: Bloomberg
New FiXS ATM Malware Targeting Mexican Banks
FROM THE MEDIA: A new ATM malware named FiXS has been discovered by cybersecurity firm Metabase Q, which has the capability to infect any vendor-agnostic ATM supporting CEN/XFS technology. The Windows-based malware is delivered via a dropper called Neshta and is capable of dispensing money up to 30 minutes after the last reboot via the Windows GetTickCount API. The mode of compromise is unknown, however, the use of an external keyboard has been observed. Similar to other ATM malware such as Ploutus and GreenDispenser, FiXS is implemented with the CEN XFS APIs and has the same goal of siphoning money from ATMs.
READ THE STORY: THN
Covert cameras and alleged hacking: how to bust payments company Wirecard ‘hired spies and lawyers to silence critics
FROM THE MEDIA: Matthew Earl, founder, and fund manager at hedge fund Shadowfall, has filed a legal claim alleging a "campaign of unlawful harassment" against law firm Jones Day, Kroll, and other firms acting on behalf of German payments company Wirecard. Earl's anonymous reports from 2016 led to Wirecard's shares falling by 21% on the day of publication. He claims he was placed under surveillance by Kroll and that his private communications were hacked. Emails allegedly show a legal strategy against Earl was drawn up by Jones Day, and that hacked information formed a central part of it. Wirecard collapsed in 2020 amid allegations of fraud.
READ THE STORY: The Guardian
BidenCash market leaks over 2 million stolen credit cards for free
FROM THE MEDIA: A carding marketplace called BidenCash has leaked a free database of 2.2 million debit and credit cards, as part of its first-anniversary celebration. Threat actors advertised this massive leak on an underground cybercrime forum for wider reach and to attract attention. The leaked information includes details on at least 740,858 credit cards, 811,676 debit cards, and 293 charge cards. The dataset contains personally identifiable information such as names, emails, phone numbers, home addresses, and payment card details. The database also includes roughly 497,000 unique email addresses. The presence of email addresses and full information will make the victims vulnerable to other attacks, such as phishing, identity theft, and scams, long past the expiration of their card details. It is not the first time that BidenCash has used free credit card leaks for promotion. In October, the carding shop released another free dump of 1,221,551 credit cards, and, just as it happened this week, the crooks distributed it via a clearnet domain and various other hacking and carding forums.
READ THE STORY: Bleeping Computer
Sound and Fury: Why Russia’s Feared ‘Hybrid Warfare’ Has Failed in Ukraine
FROM THE MEDIA: On January 14, over a month before Russia launched its war on Ukraine, hackers left a warning on the website of Ukraine's Foreign Ministry that revealed the extent of Russian penetration of Ukrainian networks and offensive cyber weaponry. This attack was invaluable for Kyiv's cyber resilience, as Ukrainians now knew exactly what they had to do to withstand cyberattacks and propaganda warfare. The Ukrainian military's communications were affected by the hack of satellite communications company Viasat, but the Armed Forces were able to switch to other secure channels. Russian military doctrine sees cyberwarfare as part of an overall attempt to weaken an opponent's ability and resolve to fight back and is paired with information warfare and propaganda campaigns. Russia managed to take Ukrainian power stations offline with the Industroyer malware in 2015 and 2016 and caused an estimated $10 billion in damages with the NotPetya ransomware virus in 2017.
READ THE STORY: Popular Mechanics
ChatGPT answers our Biden natsec questions
FROM THE MEDIA: NatSec Daily decided to ask ChatGPT some questions about the Biden administration's foreign policy to get some reactions from State, NSC, and USTR comms staffers. The AI's answers were quite verbose, with one answer clocking in at 370 words. However, the responses lacked specificity and were deemed too automated. Spokespersons from the government agencies were not too worried about losing their jobs to the AI, but they acknowledged that the responses did not capture the nuances of their policies. NatSec Daily hopes that they will continue to be the ones making the calls to the agencies in the future, rather than relying on an AI.
READ THE STORY: POLITICO
EV Charging Infrastructure Offers an Electric Cyberattack Opportunity
FROM THE MEDIA: As electric vehicle sales surge in the US, researchers have identified security weaknesses in the EV charging infrastructure. Experts have found that every charger they examined was running outdated versions of Linux, with unnecessary services and allowing many services to run as root. Potential attacks include adversary-in-the-middle and services exposed to the public Internet. This comes as the major players in the EV charging sector have significant expansion plans, and the Biden administration aims to increase the number of vehicle chargers to 500,000 by 2030. The question of its cybersecurity preparedness is particularly pertinent given the connectedness of the infrastructure and its potential to cause damage using access to the high voltage available.
READ THE STORY: DarkReading
Pentagon Force Planning Should Not Discount the Russian Military
FROM THE MEDIA: The Biden administration has increased support for Ukraine, providing billions in financial assistance and sophisticated weapons systems. However, the Washington defense establishment has largely dismissed Russia as a long-term threat to U.S. and NATO security, viewing the Russian invasion of Ukraine as a one-off version of World War I. The value of current forces and the relevance of planned weapons programs are being judged almost solely on their ability to sink Chinese ships, with capabilities dominating the Russia-Ukraine conflict being disparaged. The current attitude toward the Russian military may be a backlash to the previous overestimation of Russian capability. However, the Russian military has demonstrated remarkable resilience and the ability to innovate in the face of its initial setbacks in Ukraine. The argument that its invasion of Ukraine has diminished Russia as an acute military threat to NATO is likely to play a role in current debates on both the size and composition of future U.S. defense budgets. The critical need for Army modernization, including for long-range assault and armed reconnaissance aircraft, long-range precision fires, expanded air and missile defenses, and secure networking and cloud computing capabilities down to the tactical edge, has been highlighted. Any attempt to make U.S. Army force structure the "bill payer" for additional capabilities to fight China needs to be resisted.
READ THE STORY: RealClear Defense
1Password is looking to a password-free future. Here’s why
FROM THE MEDIA: 1Password's Chief Product Officer, Steve Won, believes that the endgame for credentials theft is to eliminate passwords entirely. According to Won, stolen credentials were responsible for 19% of cyberattacks in 2022, costing organizations an average of $4.5 million. 1Password's zero-knowledge system, processing as much locally as possible, and a secret key model with generated unique codes at the time of enrollment, provides defensive depth to protect client information. Passkeys, a unique token based on principles of public-key cryptography, will replace shared secrets like passwords. Apple and Google have implemented passkey support, with Microsoft in the process of making passkeys available across Edge and Windows ecosystems. However, Won acknowledges that it will be a journey that takes two decades to eliminate passwords entirely.
READ THE STORY: TechRepublic
Minneapolis Public Schools confirms cyber-attack, urges password changes
FROM THE MEDIA: Minneapolis Public Schools suffered a cyber attack in February and has advised staff, students, and parents to change their passwords and monitor financial accounts for possible fraud. An investigation is ongoing, but the district said in an email that an unauthorized threat actor accessed certain data within the environment and may try to coerce MPS to pay a ransom. Although no evidence has been found that the data accessed was used for fraud, MPS will notify anyone whose personal information may have been accessed. The district has restored the system with internal backups but is experiencing problems with software systems.
READ THE STORY: BMTN
Items of interest
Humanity is sleepwalking into a neurotech disaster
FROM THE MEDIA: The rise of neurotechnology, which records and analyses electrical impulses from the nervous system, raises concerns about privacy and surveillance, according to The Financial Times. Companies are increasingly using such technology to monitor the attention levels of employees, while a New York start-up called CTRL-Labs, now owned by Meta, has developed a neural wristband to control computers. Alphabet’s Next Sense earbuds can detect neural data. Few AI strategies or governance principles mention human rights, according to a paper from Chatham House, which also argues for the creation of “neuro-rights”. Chile has recently become the first country to insert neuro-rights into its constitution.
READ THE STORY: FT
Reverse Engineering Of Web Applications (Video)
FROM THE MEDIA: The importance of reverse engineering in understanding how web applications work, and how it can be used for security testing and vulnerability assessment. It provides an overview of the reverse engineering process and tools used for it, including disassemblers, decompilers, and debuggers. The article emphasizes the need for ethical considerations and legal compliance when performing reverse engineering on web applications, and suggests using open-source software for testing.
Reverse Engineer packed JavaScript like a Pro - Using the 'Matching Bracket Method' (Video)
FROM THE MEDIA: The article discusses a malicious JavaScript sample that is difficult to analyze due to its multiple layers of the pack and junk code. The author, Colin, provides tools and techniques to help readers analyze similar code, including the matching bracket method which allows for quick navigation through the code.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected to cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.