Wednesday, March 15, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob
Anti-Satellite Weapons: Risks and Regulations
Analyst Comments: The UNGA resolution's exclusion of continued possession, production, and development of DA-ASATs and non-kinetic counterspace capabilities is worrisome. Non-kinetic capabilities, such as lasers and High Power Microwaves (HPMs), electronic counterspace capabilities, and cyber capabilities, present challenges for space security due to their difficult verification, attribution, and lowered threshold of use. This emerging taboo on DA-ASAT testing could potentially establish a divide between "haves" and "have nots," reminiscent of the nuclear non-proliferation regime.
FROM THE MEDIA: Outer space is increasingly congested, contested, and competitive due to a surge in satellite numbers and operating nations. A rise in space debris, particularly from Destructive Anti-Satellite Weapons (DA-ASATs) testing, poses a significant threat to space assets. The United Nations General Assembly's (UNGA) recent non-binding resolution banning DA-ASAT testing is a positive step, but the exclusion of non-kinetic counterspace capabilities from the resolution is concerning. To ensure sustainable space security, disarmament of existing DA-ASAT capabilities and addressing non-kinetic counterspace capabilities are necessary.
READ THE STORY: Modern Diplomacy
CISA unveils ransomware warning pilot for critical infrastructure
Analyst Comments: The launch of the Ransomware Vulnerability Warning Pilot signifies a strategic move to enhance the United States cybersecurity posture by proactively identifying and mitigating vulnerabilities exploited in ransomware attacks. The pilot program could potentially reduce the frequency and severity of ransomware incidents affecting critical infrastructure operators and other organizations, thereby improving national security and resilience.
FROM THE MEDIA: On January 30, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) launched the Ransomware Vulnerability Warning Pilot, an initiative aimed at collecting data on vulnerabilities commonly exploited in ransomware attacks and alerting critical infrastructure operators of the risks. This program was mandated under the cyber incident reporting legislation signed into law by President Joe Biden in 2022. CISA will identify organizations with internet-accessible vulnerabilities associated with known ransomware actors, using existing services, data sources, technologies, and authorities. The pilot has already notified 93 entities affected by "ProxyNotShell" vulnerabilities in Microsoft Exchange Server software.
READ THE STORY: The Record
How declassification mechanisms and FOIA have ensured vital transparency in the history of American foreign policy
Analyst Comments: It is vital for there to be transparency and declassification in informing foreign policy decisions, fostering public understanding, and promoting democracy. However, the Department of Defense's efforts to gain more authority to classify older diplomatic records could have a detrimental effect on these objectives. As such, agencies should prioritize reducing overclassification and ensuring timely access to historical records to bolster national security and democratic interests.
FROM THE MEDIA: Lauren Harper, the Director of Public Policy & Open Government Affairs at the National Security Archive, discusses how overclassification undermines national security and democratic interests. The Freedom of Information Act (FOIA), the State Department’s Foreign Relations of the United States (FRUS) series, and other declassification measures have been successful in promoting transparency and informing the public about U.S. foreign policy history. Harper notes that the Department of Defense (DoD) seeks more authority to classify older diplomatic records, despite criticisms of its performance in declassifying select documents for the FRUS. Reducing overclassification and increasing government transparency can help support national security and democratic objectives.
READ THE STORY: Americans For Prosperity
OpenAI's new GPT-4 can understand both text and image inputs
Analyst Comments: GPT-4 marks an important advancement in the field of artificial intelligence, with the potential to transform numerous industries by providing enhanced capabilities, such as image recognition and improved performance in various tests. The strategic significance of this development lies in its potential to revolutionize the way businesses, researchers, and professionals interact with AI systems, ultimately leading to more efficient and accurate outcomes.
FROM THE MEDIA: OpenAI has released GPT-4, the latest version of its generative pre-trained transformer system, which can generate text from input images. GPT-3.5, which powers OpenAI's ChatGPT conversational bot, can only read and respond with text. The company claims that GPT-4 exhibits human-level performance on various professional and academic benchmarks, and has achieved record performance in factuality, steerability, and refusing to go outside of guardrails compared to its predecessor. The system has passed simulated exams, such as the Uniform Bar, LSAT, GRE, and various AP tests, with a score around the top 10% of test takers. GPT-4 is more reliable, creative, and able to handle much more nuanced instructions than GPT-3.5. The added multi-modal input feature generates text outputs based on mixed text and image inputs, such as marketing and sales reports, textbooks, shop manuals, and screenshots. GPT-4 can be customized by the API developer to describe directions in the system message. However, OpenAI recommends great care when using language model outputs, particularly in high-stakes contexts.
READ THE STORY: Yahoo
Africa pays the price as China and Russia jostle for its resources
Analyst Comments: A growing presence of China and Russia in Africa raises concerns about the potential long-term economic and political implications for the continent. As these nations continue to exploit Africa's resources and finance infrastructure projects, the mounting debt burden on the region's poorest countries could lead to economic instability and geopolitical tensions. The situation underscores the need for a more balanced approach to development financing, ensuring that Africa's interests are protected and sustainable growth is promoted.
FROM THE MEDIA: According to analysts, China and Russia are increasing their presence in Africa in order to exploit its abundant natural resources, despite warnings from UN agencies about the accumulation of debilitating debts in the world's poorest countries. "Chinese state-owned enterprises build one out of every three major infrastructure projects in Africa, and one out of every five is financed by a Chinese policy bank," said Paul Nantulya of the Africa Centre for Strategic Studies, an academic institution within the US Department of Defense. "Russia, a key arms exporter to Africa, is also making inroads into the continent through mining projects granted to the Wagner private paramilitary group," Nantulya added. At an UN-sponsored summit in Qatar for the Least Developed Countries earlier this month, leaders criticized the treatment of their nations. When Western countries reduced their infrastructure financing, China and Russia stepped in to fill the void.
READ THE STORY: The East African
Drugs, spies and cameras: Albania struggles to curb criminal gangs
Analyst Comments: Current efforts by the Ukrainian government to create a formal cyber reserve could help in building a more effective defense against cyber threats and ensure accountability in wartime. However, the use of civilian volunteers in war, even only online, blurs the line between combatants and civilians, and it is unclear what counts as "direct participation in hostilities" in cyberspace. It is also unclear what the application of international law to military cyber operations might mean in practice. Overall, the creation of a cyber reserve is a significant tactical move that could enhance Ukraine's cyber defense capabilities.
FROM THE MEDIA: The Financial Times recently published an article discussing the struggles of Albania's pro-Western Prime Minister Edi Rama, who came to power with the promise of cracking down on criminal gangs. However, Rama has been embroiled in several scandals that have damaged his reputation at home and abroad. Albania's international reputation has been damaged, and the country's corruption perception index has been steadily declining since 2016. In addition, Rama's government has been accused of seeking to offer a tax amnesty on the repatriation of undeclared foreign earnings of up to €2mn, which critics say would give high-earning criminals a free pass. The article also highlights the expanding power of Albanian criminal networks, which have gone from illegal cannabis plantations to trafficking cocaine and heroin directly from Latin America and Asia.
READ THE STORY: FT
GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
Analyst Comments: GoBruteforcer poses a significant threat due to its multi-scan capability, allowing it to breach a broad range of targets. The adoption of Golang by threat actors to develop cross-platform malware increases the malware's potency. Web servers are crucial to organizations, and weak or default passwords make them vulnerable to attacks. Strengthening password security and monitoring for potential threats are necessary steps to mitigate risks associated with malware like GoBruteforcer.
FROM THE MEDIA: Palo Alto Networks Unit 42 researchers found a new Golang-based malware called GoBruteforcer that targets web servers running phpMyAdmin, MySQL, FTP, and Postgres on Unix-like platforms. It gains access via brute-force attacks using hard-coded credentials, selects a Classless Inter-Domain Routing (CIDR) block for network scanning, and deploys an IRC bot and PHP web shell on the victim server to establish communication with an actor-controlled server and gather network information. The initial intrusion vector is unknown, but there is evidence of active development to evade detection.
READ THE STORY: THN
US cyber official urges assertiveness in attributing attacks
Analyst Comments: The difficulty in attributing cyberattacks adds to the significance of the call for assertive attribution. It is crucial to deter malicious cyber actors and foster transparency in international cybersecurity efforts. By strengthening public attribution and holding state-sponsored hackers accountable, cooperation among US allies can improve, ultimately supporting a collective defense strategy against cyber threats.
FROM THE MEDIA: US Ambassador at Large for Cyberspace and Digital Policy, Nathaniel Fick, has called on allies to be more assertive in publicly attributing cyberattacks to specific groups. He emphasized that although attributing cyberattacks has become less technically difficult, it remains politically challenging, particularly when dealing with foreign-linked hackers. Fick highlighted the importance of encouraging allies to be more comfortable and assertive when attributing cyberattacks to specific actors. Similar observations were made by a group of cyber experts in 2022, who urged NATO to take authoritative steps in attributing cyberattacks to state-sponsored hackers and holding malicious cyber actors accountable for their criminal actions.
READ THE STORY: The Hill
Foreign actors suspected in a hack of DC Obamacare exchange, theft of House members' personal data
Analyst Comments: This recent data breach that impacted hundreds of House members and staff highlights the urgent need for strong cybersecurity measures and heightened vigilance in safeguarding sensitive personal information. With a possibility of foreign actors being involved in this breach only further emphasizes the importance of international cooperation in tackling cyber threats. Medical records, in particular, could be a prime target for cybercriminals due to their high value in the black market. It is imperative for organizations to prioritize cybersecurity and take necessary precautions to protect sensitive data from malicious actors.
FROM THE MEDIA: Chairman of the House Administration Committee, Bryan Steil, has suggested that a malicious foreign actor may be behind the recent theft of personally identifiable information belonging to hundreds of House members and staff. The hack occurred on an Obamacare health insurance exchange in Washington, D.C., and the House chief administrative officer recently notified those affected by the breach. Although the perpetrator has not yet been identified, foreign influence is suspected. Steil emphasized the importance of getting to the bottom of the hack to prevent similar incidents from occurring in the future, noting that data breaches are a common occurrence in the United States and that both foreign actors and criminal gangs engage in such activities for profit.
READ THE STORY: Just The News
A dose of reality is needed in the race to connect smartphones to space
Analyst Comments: Currently the satellite communications industry's attempt to provide direct-to-device services via satellite is an opportunity to connect people living in areas without mobile broadband coverage. However, the challenges of providing reliable connectivity through satellites and the uncertainty over regulation and spectrum allocation may limit its potential reach. While the industry hopes to succeed where Iridium failed, the market may not be as big as initially estimated. Therefore, the success of the satellite communications industry in providing direct-to-device services is likely to be limited in the short term.
FROM THE MEDIA: The satellite communications industry is attempting to provide voice, text and data services direct to smartphones. However, the success of previous attempts, such as Iridium, is causing some to question whether the market is being overhyped. While Iridium went bankrupt in 1999 due to a lack of demand and overpriced handsets, companies such as Starlink, Apple, ViaSat, Lynk and AST Space Mobile are hoping to succeed this time by providing services directly to smartphones.
READ THE STORY: FT
The World’s Real ‘Cybercrime’ Problem
Analyst Comments: The negotiations for the international cybersecurity treaty, scheduled to continue through mid-April and late summer, represent an opportunity to prevent further expansion of over-criminalization through cybercrime laws. However, the probability of achieving the desired limitations remains low, according to Paulina Gutiérrez of Article 19. The complexity, magnitude, and consequences of the treaty call for more time and scrutiny in the negotiation process. Note - with such a broad scope the international treaty could lead nations to adopt similar laws, while the US already has a wide range of cybercrime laws due to its vague language. This situation results in a potential over-criminalization of activities, and many state cybercrime laws have not been extensively tested by courts, leaving them open to broad interpretation.
FROM THE MEDIA: The United Nations is currently negotiating an international cybersecurity treaty, which risks enshrining broad language similar to that present in US federal and state cybercrime statutes and laws of countries like China and Iran. Critics argue that the draft treaty's list of "cybercrimes" is so expansive that they threaten journalists, security researchers, whistleblowers, and human rights as a whole. The Ad Hoc Intergovernmental Committee, which was created by a Moscow-led resolution, is working on drafting the treaty. The definition of "cybercrime" is vague and varied in US federal and state law, leading to over-criminalization. Civil liberties groups want to limit the scope of the treaty to include only "cyber-dependent" crimes and add language that limits the scope of the treaty to include only a crime in which a person had "dishonest intent" when committing it and that the crime caused "serious harm."
READ THE STORY: Wired
Xi Jinping Believes China Needs To Develop A Self Reliant Technology Sector
Analyst Comments: The announcement made by President Xi highlights the strategic significance of technology in contemporary geopolitics and its role in national security and military strategy. China's efforts to become a self-sufficient technological power, coupled with the US-China tech rivalry, could lead to a decoupling of the US and Chinese tech sectors, causing a significant impact on global supply chains and innovation. The rivalry has also heightened tensions between the US and China, leading to a more confrontational relationship that could have implications for regional stability and global governance. The development of advanced technologies, including cyber capabilities, has raised concerns about the balance of power between the US and China, and the potential for cyberattacks and cyber espionage.
FROM THE MEDIA: China's President Xi Jinping called for greater self-reliance and strength in science and technology, urging China to accelerate its technological capabilities to eliminate any leverage the US has over Beijing. The statement was made at the closing ceremony of China's National People's Congress. Xi's announcement is a response to America's attempt to cut off China's access to advanced semiconductors, and it aims to ensure that China becomes a self-sufficient technological power. This statement highlights the significance of technology in contemporary geopolitics and the ongoing US-China tech rivalry that is fuelled by the desire for economic and technological dominance, national security, and espionage concerns.
READ THE STORY: Republic World
China, Russia deploying space weapons to attack U.S. satellites, warns Space Force chief
Analyst Comments: China's and Russia's aggressive space weapon and technology development pose significant threats to US space assets, including satellites, which could affect military and civilian communications and navigation systems. Such threats may have severe implications for national security and economic development, as they could impact global supply chains, transportation, and other critical services that rely on satellite communication and positioning systems. The development of advanced space weapons could also escalate tensions between the US and China, and the US and Russia, leading to more confrontational relationships that could have implications for global governance and stability. Therefore, the US needs to invest in advanced space technologies, such as anti-satellite defenses and advanced sensors, to mitigate such threats and ensure its dominance in the space domain.
FROM THE MEDIA: China's military has deployed 347 satellites, including 35 launched in the past six months, to target U.S. forces in a future conflict. The Space Force General, B. Chance Saltzman, testified in a Senate hearing on Tuesday that China has been aggressively building space weapons and technology to attack space systems and ground components. Gen. Saltzman said that China's more advanced space warfare weapons pose "the most immediate threat" to space attacks while less-capable Russian space assets also pose an acute threat of attacks or disruptions on U.S. satellites. Both China and Russia seek information superiority through disabling the adversary's space communication and navigation systems.
READ THE STORY: The Washington Times
How A Secret Supply Chain Used US Tech To Support Putin's War In Ukraine
Analyst Comments: The alleged secret supply chain for semiconductors to support Russia's military program poses a significant threat to the US and its allies. Semiconductors are increasingly important in warfare, and the fact that Russia allegedly built a secret pipeline to ensure the supply of semiconductors despite US controls is alarming. The US and EU officials say that Russia's access to chips and technology for military use through intermediaries is still a major concern. The allegations and concerns surrounding Russia's access to chips and technology for military use suggest that the US and its allies need to monitor the situation closely and act as appropriate to prevent Russia from acquiring the items it needs to sustain its military program.
FROM THE MEDIA: Artem Uss, the son of a Siberian governor who has been portrayed in Russian media as a wealthy real estate owner, has been indicted by the US on charges of defrauding American companies, violating sanctions, and using American technology to support President Vladimir Putin's war in Ukraine. Uss's case sheds light on how Russia allegedly built a secret pipeline to ensure the supply of semiconductors to the country, despite US controls. Customs data, indictments, and anonymous sources familiar with the matter suggest that these tactics have helped Russian operators deceive publicly-listed US tech companies and rebuild dismantled networks. The US and EU officials have accused Russia of still being able to get chips and technology for military use through other networks.
READ THE STORY: NDTV
DHL Digs Into Trade Data to Track US-China Decoupling
Analyst Comments: As the US-China economic decoupling could lead to a further shift in the global balance of power. It suggests that China may seek to reduce its reliance on the US and its allies, such as the EU, and focus on building relationships with other countries, such as those in Asia and Africa. It also indicates that the US may prioritize domestic production and sourcing from countries other than China to reduce its trade deficit and bolster its national security. Overall, the report highlights the need for policymakers to carefully balance the benefits of globalization with national interests and security concerns.
FROM THE MEDIA: The US-China trade relationship is showing signs of decoupling, as both countries have significantly reduced the share of imports from each other, according to DHL's Global Connectedness Index. However, the report suggests that globalization as a whole remains resilient. Tariffs initiated by former President Donald Trump in 2018 and maintained by President Joe Biden are the primary cause of the decline in US-China trade flows. The report found little evidence that America's allies were decoupling from China, unlike the US. The advice to policymakers is to use the strength of international flows to improve globalization to expand its benefits and better manage its side effects.
READ THE STORY: Bloomberg
Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
Analyst Comments: The attribution of Tick to the DLP company breach underscores the group's persistent targeting of government, manufacturing, and biotechnology firms in Japan, as well as its broader focus on East Asia. The incident highlights the threat to software supply chains and the potential for downstream customers to unwittingly use compromised tools. It also underscores the continued use of spear-phishing and strategic web compromises as entry points and the growing sophistication of malware delivery mechanisms. The incident serves as a reminder of the need for robust cybersecurity measures, including the use of multi-factor authentication, regular software updates, and employee training.
FROM THE MEDIA: The cyberespionage group Tick, believed to be China-aligned, has been attributed with high confidence to a breach of an East Asian data-loss prevention (DLP) company that caters to government and military entities. The attackers compromised the company's internal update servers to deliver malware inside the software developer's network and trojanized installers of legitimate tools used by the company, which eventually resulted in the execution of malware on the computers of the company's customers. The incident is likely related to another cluster involving the use of Microsoft Compiled HTML Help (.CHM) files to drop the malware.
READ THE STORY: THN
New Crypto jacking Operation Targeting Kubernetes Clusters for Dero Mining
Analyst Comments: The discovery of the Dero crypto jacking operation highlights the growing use of Kubernetes clusters as attack surfaces for cryptocurrency mining. The fact that the attackers are targeting Kubernetes clusters with anonymous access enabled indicates that many organizations are not implementing appropriate access controls for their cloud resources, creating significant security risks. The shift from Monero to Dero also underscores the importance of tracking cryptocurrency trends to anticipate attackers' behavior. The discovery of the parallel Monero-mining campaign indicates the ongoing competition between crypto jacking groups for cloud resources, highlighting the need for organizations to implement robust security measures to protect against these threats.
FROM THE MEDIA: Cybersecurity researchers have discovered the first-ever illicit cryptocurrency mining campaign used to mint Dero since the start of February 2023. The attacks, attributed to an unknown financially motivated actor, concentrate on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening on non-standard ports accessible from the internet. The development marks a notable shift from Monero, which is a prevalent cryptocurrency used in such campaigns. The attacks commence with scanning for Kubernetes clusters with authentication set as --anonymous-auth=true and deploying a Kubernetes DaemonSet named "proxy-api" to drop a malicious pod on each node of the Kubernetes cluster to kick-start the mining activity.
READ THE STORY: THN
YoroTrooper Stealing Credentials and Information from Government and Energy Organizations
Analyst Comments: The discovery of the YoroTrooper campaign highlights the continuing threat of cyber espionage to government and energy organizations across Europe. The use of commodity and open source malware and spear-phishing emails as an infection vector underscores the importance of implementing robust cybersecurity measures, including regular software updates and employee training, to prevent successful attacks. The tactical overlaps with the PoetRAT team that was documented in 2020 and the use of LodaRAT by multiple operators indicate the evolving nature of the threat landscape and the need for continuous monitoring of threats. The use of Python-based malware by YoroTrooper highlights the increasing sophistication of threat actors and the need for organizations to implement advanced security measures to detect and respond to these threats.
FROM THE MEDIA: A new threat actor called YoroTrooper has been targeting government, energy, and international organizations across Europe in a cyber espionage campaign that has been active since at least June 2022. The group, which is believed to be Russian-speaking, uses a combination of commodity and open source stealer malware, such as Ave Maria, LodaRAT, Meterpreter, and Stink, to exfiltrate information including credentials, system information, and screenshots. Spear-phishing emails with malicious shortcut files and decoy documents wrapped in ZIP or RAR archives are used as a means of infection. The use of LodaRAT is notable as it indicates that the malware is being employed by multiple operators despite its attribution to another group called Kasablanka. The YoroTrooper campaign has evolved significantly to include Python-based malware, highlighting the increasing sophistication of the threat actor.
READ THE STORY: THN
Estonian official says parliamentary elections were targeted by cyberattacks
Analyst Comments: Recent cyberattack blunders on Estonia's parliamentary elections is significant as it reinforces the confidence in the country's cybersecurity measures. The ongoing waves of cyberattacks targeting Estonia, however, highlight the increasing threat of cyber-attacks on infrastructure and the country's growing significance as a target for Russia. The attacks on Estonia's infrastructure show the need for greater cybersecurity measures in the future, not just for Estonia but other countries facing similar threats. The scale of the attacks on Estonia is also a warning that nations need to develop better capabilities for protecting infrastructure and responding to such incidents.
FROM THE MEDIA: Estonia's National Cyber Security Centre reported that the country's parliamentary elections, the first with a majority of internet votes, were unsuccessfully targeted by cyberattacks. Attempts at interference, ranging from information operations to phishing campaigns, have become a constant threat to Estonia's infrastructure. These attacks have included DDoS attacks against Estonian government websites, including the parliamentary website and the president's website, which were application layer attacks. The scale of these attacks is notable, given Estonia's population of 1.3 million, and indicates a high level of interest in attacking Estonia's systems. The cybersecurity officials do not explicitly attribute the attacks to any nation or group, but these attacks have been linked to alleged pro-Russian hacktivist groups.
READ THE STORY: The Record
Amazon-owned Ring denies ‘ransomware event’ following darknet listing
Analyst Comments: Ring has previously experienced incidents where hackers accessed customers' cameras, which raises concerns about the company's overall security practices. If the ransomware attack was successful, Ring could face significant fines under the EU's GDPR regulations, given their 72-hour window to confirm a breach of personal data to victims. The fact that the FBI has issued a warning about BlackCat/ALPHV, highlighting their extensive networks and experience with ransomware operations, further underscores the significance of this event.
FROM THE MEDIA: Ring, a smart doorbell and security camera company owned by Amazon, has denied suffering a ransomware attack despite being listed on a prominent ransomware gang's extortion site. The ALPHV ransomware group, also known as BlackCat, added Ring to its site on Monday evening, with a warning that there is "always an option to let us leak your data." However, a spokesperson for Ring said that the company currently has "no indications" of a ransomware event occurring. It remains unclear what data the gang claims to have accessed. Ring has previously experienced security breaches in which hackers accessed customers' cameras, but the company has since updated its security practices. Last month, ALPHV listed just over 6GB of data allegedly stolen from Munster Technological University in Ireland.
READ THE STORY: The Record
Items of interest
Russian Blogger Arrested for Spying Seeks Asylum in Albania
Analyst Comments: Timofeeva’s request for political asylum highlights the risks that critics of the Russian government face, even when they are outside the country. The ongoing conflict in Ukraine has led to increased tensions and pressure on those who express dissenting views on the Russian government’s actions. Timofeeva’s case also raises concerns over the treatment of prisoners in Russia, as her defense lawyer cited the possibility of “cruel inhumane treatment” if she is extradited to Russia.
FROM THE MEDIA: Russian blogger Svetlana Timofeeva, also known as Lana Sator, has requested political asylum in Albania, claiming that she would face prosecution in Russia due to her criticism of Russia’s war against Ukraine. Timofeeva is currently in jail awaiting trial in Albania, charged with espionage after being arrested along with another Russian and a Ukrainian citizen near a former military factory in Gramsh. She denies being a spy and says her misadventure in Gramsh was part of her work exploring abandoned Cold War-era buildings. She faces similar charges in Russia, which has asked Albania to extradite her. In her request for asylum, Timofeeva says the Russian authorities want to punish her for her stance against the war. Her defense lawyer underlined in the request that there are strong reasons to believe that Timofeeva could face “cruel inhumane treatment” if she is extradited to Russia.
READ THE STORY: Balkan Insight
Vanderbilt Summit Session: The Complexities of Cyber Attribution (Video)
FROM THE MEDIA: The video is a panel discussion on the complexities of cyber attribution featuring experts from various backgrounds including academia, government, and the private sector. The panelists discuss the challenges of cyber attribution, including the difficulty of identifying attackers in cyberspace and the role of attribution in deterrence. They also explore the potential strategic implications of attribution problems and the need for improved cybersecurity measures. The discussion touches on topics such as ransomware, the use of commercial hacking tools, and the importance of education in secure software development.
Evading Detection: A Beginner's Guide to Obfuscation - 2022 (Video)
FROM THE MEDIA: The video is a recording of a presentation about obfuscation and evasion techniques for .NET code. The presenters discuss the goals of obfuscation, provide an overview of AMSI/Defender, walk through the Specter Ops funnel of fidelity, discuss methods of detection, analyze scripts and code, and pair obfuscation with ETW bypasses. The presentation is mostly based on PowerShell, which is where the best detections for AMSI and EDR are currently found. The presenters recommend starting with a basic understanding of a programming language and suggest two options for evading detection: obfuscating a large PowerShell script or using a smaller payload that performs the AMSI bypass first and then executes the rest of the script. The presentation also covers event providers and consumers and how they can be used for logging.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.