Monday, March 20, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob
Ukraine and industry show how Europe can jump ahead on JADC2, ex-generals say
Analyst Comments: The ability for Europe to more easily adopt cutting-edge technology due to a lack of legacy systems could provide a strategic advantage in defense capabilities. While caution must be exercised in extrapolating too much from the Ukrainian example, the success of the "quilt" approach to combat coordination may have broader implications for the future of warfare.
FROM THE MEDIA: Experts suggest that Europe's underinvestment in defense may have a paradoxical bright side, as NATO has fewer barriers to embracing cutting-edge, off-the-shelf technology. NATO might have an advantage over the US in integrating new technology more quickly, as there is not a lot of legacy in Europe. Multi-Domain Operations have been embraced by both the US and NATO, and Ukraine has improvised at least some elements of a multi-domain command-and-control system, using limited multi-source intelligence and commercial space-based open-source intelligence services. The decentralization and democratization of data are crucial, and much of this technology comes straight from the commercial world. NATO and Ukraine are stitching together different sources of information, tapping into things like air traffic control radars and commercial space-based capabilities. The approach to coordinating combat may be messy and improvisational, but it seems to work.
READ THE STORY: Breaking Defense
Pro-Russia hackers are increasingly targeting hospitals, researchers warn
Analyst Comments: DDoS attacks targeting critical infrastructure, particularly healthcare organizations, highlights the need for enhanced cybersecurity measures. With the potential for these attacks to serve as cover for more serious intrusions involving ransomware and data theft, it is crucial for organizations and governments to remain vigilant and take steps to protect themselves.
FROM THE MEDIA: Cybersecurity researchers have identified a pro-Russia hacking group, Killnet, that has increasingly launched distributed denial of service (DDoS) attacks targeting healthcare organizations since November. The group has primarily launched DDoS attacks against governments and companies around the world since Russia's invasion of Ukraine in February 2022. The group's recent focus on healthcare has caused concern within the US government, particularly when attacks are launched against critical infrastructure like hospitals. Cloudflare and Microsoft Azure Network Security Team members have reported similar trends, while the Cybersecurity and Infrastructure Security Agency has advised organizations to stay vigilant and take steps to protect themselves.
READ THE STORY: The Record
Emotet Rises Again: Evades Macro Security via OneNote Attachments
Analyst Comments: Malware's ability to bypass macro-based security restrictions and compromise systems could lead to the theft of sensitive data and ransom extortion, causing significant financial and reputational damage. Furthermore, Emotet's evolution into a "monetized platform for other threat actors" and its use as a conduit to deliver other malware underscores the potential for a multi-stage attack. The use of a decompression bomb technique and the flexibility of the operators in switching attachment types also highlights the need for improved detection and prevention capabilities.
FROM THE MEDIA: The Emotet malware is being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet is linked to a threat actor known as Gold Crestwood, Mummy Spider, or TA542, and continues to be a potent and resilient threat despite attempts to take it down. The dropper malware is commonly distributed through spam emails containing malicious attachments, but OneNote attachments have emerged as an alternative pathway. Emotet still uses booby-trapped documents containing macros to deliver the malicious payload, employing social engineering lures to entice users into enabling macros to activate the attack chain. Threat actors are increasingly using OneNote documents to distribute a wide range of malware.
READ THE STORY: THN
We need to create guardrails for AI
Analyst Comments: The event is significant at both tactical and strategic levels. At a tactical level, the report highlights the risks associated with the development of AI technologies and the need for ethical guidelines to mitigate those risks. The potential ramifications of AI, such as deception, disinformation, and job disruptions, have the potential to disrupt the structure of the economy, politics, and society. At a strategic level, the report calls for an entirely new regulatory framework for AI and other advanced information technologies, which puts pressure on governments and the industry to take proactive measures to address the risks associated with the development of AI. It also highlights the need for transparency and responsible experimentation, which can lead to safer technological development.
FROM THE MEDIA: A group of Harvard academics and AI experts have launched a report calling for ethical guardrails around the development of potentially dystopian technologies such as GPT-4, a chatbot developed by Microsoft-backed OpenAI that can produce highly persuasive machine-generated content. They are concerned about the plethora of experiments with decentralized social technologies and believe we have reached a constitutional moment of change that requires an entirely new regulatory framework for such technologies. The potential ramifications span every aspect of society and the economy, with risks such as deception, job disruptions, and disinformation on steroids. They suggest transparency as the first step towards ensuring that AI does not get the better of its makers.
READ THE STORY: FT
Surviving winter: how three factories battled through Europe’s energy crisis
Analyst Comments: At a tactical level, the energy crisis caused by Russia's invasion of Ukraine had an immediate impact on energy-intensive businesses, causing soaring energy prices that threatened their future. The subsequent plunge in prices has been beneficial for those businesses, but there is still concern that costs could rise again. At a strategic level, the crisis highlights the need for energy security and diversification to prevent overreliance on certain energy sources. It also emphasizes the importance of responsible energy use and investment in renewable energy sources to reduce dependence on fossil fuels.
FROM THE MEDIA: The European winter saw an energy crisis due to Russia's invasion of Ukraine, leading to soaring energy prices that caused concerns for energy-intensive businesses. However, prices have since plunged and are now at their lowest level in over 18 months. While lower prices are saving energy-intensive companies money, there is concern that costs could shoot up again. Standard contract lengths have dropped as suppliers cannot guarantee prices for longer periods. Sales for Realonda, a tile maker, have dropped 30% since December, and Follmann Chemie, a German chemicals producer, is struggling to match rivals in Asia and the Americas. In contrast, sales have held up for luxury product company New Murano Gallery, but it is struggling to fill some roles due to low unemployment rates.
READ THE STORY: FT
The US can counter China in the Middle East with Abraham Accords free trade
Analyst Comments: China's strategic or cooperative partnerships with eight Arab countries and its growing influence in the region poses a threat to US economic interests. The US should work to establish an Abraham Accords free trade area, with the eventual goal of both expanding the accords and establishing a broader Middle East free trade area by the end of the decade. This would counter China's economic influence and promote a regional trade order favorable to the US and its partners. By doing so, the US can ensure a regional future of prosperity and peace.
FROM THE MEDIA: China's growing influence in the Middle East and its role in mediating the recent Saudi-Iran rapprochement poses a threat to the vital economic and security interests of the United States and its allies. The US should establish an Abraham Accords free trade area to deepen mutually-beneficial strategic cooperation with its regional partners and expand multilateral cooperation and integration among its members. Such a free trade area would enable the countries of the Abraham Accords and eventually, the wider MENA region to accelerate their aspirations for sustained economic growth and diversification while constraining China's predatory economic practices.
READ THE STORY: JP
FBI arrests alleged owner of popular hacking forum BreachForums
Analyst Comments: The arrest of Fitzpatrick demonstrates the FBI's continued efforts to crack down on cybercrime and those who facilitate it. BreachForums became a popular successor site to RaidForums, and its shutdown may have disrupted the underground economy of stolen data sales. The alleged involvement of BreachForums in the recent DC Health Link data breach highlights the risks and consequences of selling stolen data online. Fitzpatrick's arrest may serve as a warning to others who engage in cybercrime or facilitate it through online forums.
FROM THE MEDIA: Conon Brian Fitzpatrick, also known as "Pompompurin" or "Pom," has been arrested by the FBI on suspicion of running BreachForums, a popular internet forum used by hackers to share their exploits. Fitzpatrick is alleged to have founded BreachForums in 2022, after the shutdown of RaidForums, another popular internet forum for hackers. BreachForums became a leading destination to sell stolen data, and it has been linked to numerous hacking stories. Fitzpatrick has been on the FBI's radar for years and has been charged with a single count of conspiracy to commit access device fraud. His arrest may have been driven by the fact that BreachForums was hosting the sale of stolen data from the recent DC Health Link data breach. Fitzpatrick is scheduled to appear in court on March 24.
READ THE STORY: SiliconAngle
Venezuela overhauls national crypto department
Analyst Comments: The reorganization of Venezuela's National Superintendency of Crypto Assets following the arrest of its former head on corruption charges is significant as it demonstrates the government's efforts to combat corruption and establish a more transparent and legitimate cryptocurrency industry in the country. However, the government's motivations for the reorganization may be viewed with skepticism given the country's history of corruption and economic sanctions. The continued US sanctions on Venezuela have led the country to look for alternatives to traditional banking systems, leading to the creation of Petro, Venezuela's state-backed cryptocurrency. Despite these efforts, the future of cryptocurrency in Venezuela remains uncertain due to ongoing economic turmoil and political instability.
FROM THE MEDIA: On March 17, Venezuelan President Nicolás Maduro announced the reorganization of the National Superintendency of Crypto Assets, known as Sunacrip in Spanish, following the arrest of the former head of the department, Joselit Ramirez, on corruption charges. A new board, led by Anabel Pereira Fernández, a lawyer who previously served as president of the Venezuelan version of the United States Federal Deposit Insurance Corp., will lead the restructuring. Other directors on the board include Héctor Andrés Obregón Pérez, Luis Alberto Pérez González, and Julio César Mora Sánchez. The board will plan the next steps for Sunacrip, with the aim of protecting Venezuela's citizens from the negative effects of economic sanctions. Ramirez, who oversaw crypto tax rules and the country's cryptocurrency Petro, was added to the US Most Wanted List in June 2020, with a bounty of up to $5 million offered for his capture. The former head of the department has been accused of having deep political, social, and economic ties to suspected narcotic kingpins.
READ THE STORY: CoinTelegraph
Ukraine warns that hacked software can be infected with Russian viruses
Analyst Comments: Russian hackers are using the distribution of hacked software as a means to gain access to the data of Ukrainian users, companies, and state agencies. The use of trojan viruses that allow access to computers is a serious threat to Ukrainian cybersecurity, and the Ukrainian government must take measures to combat this threat. With the number of cyberattacks on Ukraine almost tripling in 2022, it is evident that Russia continues to use cyber attacks as a part of its war against Ukraine. This event highlights the need for increased cybersecurity measures in Ukraine and greater international cooperation to combat cyber threats.
FROM THE MEDIA: Ukraine's Special Communications Service has issued a warning that Russian hackers are sharing hacked software online in order to access the data of Ukrainian users, companies, and state agencies. The software has been hacked to work without a paid license and is usually found on torrent sites. Russian hackers have been infecting such software with trojan viruses that allow them to gain access to the computers of anyone who installs it. The data would then be accessed by Russian special services. Cyberattacks have been a part of Russia's war against Ukraine since 2014, and the number of Russian cyberattacks on Ukraine almost tripled compared to 2021, targeting logistics, military facilities, government databases, and information resources. More than 2,000 cyberattacks were aimed at Ukrainian organizations in 2022.
READ THE STORY: Yahoo News
Google AI And Microsoft ChatGPT Are Not Biggest Security Risk, Warns Chess Legend Kasparov
Analyst Comments: The event is significant in tactical and strategic terms because cognitive threats, such as phishing and other scams, are a game changer in cybersecurity. They are not something that a firewall can defend against, and users need to step up their defenses, such as checking the sender’s email, not clicking on links or downloading PDFs, never reusing passwords, and sharing less on social media. Cybersecurity firms can use generative AI in their own large language models to ensure their defense is strong enough to catch new viruses. The advent of text-to-video deep fakes might lead people to question the reality of everything, and the solution might be a platform where users can verify media with encrypted metadata, building digital safety and trust.
FROM THE MEDIA: At SXSW, Garry Kasparov expressed concern about cognitive threats in cybersecurity, as AI tools make it easier for scammers to write more convincing text for phishing and social engineering attacks. Michal Pechoucek, Gen Chief Technology Officer, presented Avast statistics showing that 70% of cyberattacks involve phishing and other scams where users willingly provide their information to bad actors. Pechoucek suggested several ways to protect oneself, such as checking the sender's email, not clicking on links or downloading PDFs, not reusing passwords, and sharing less on social media. Kasparov advised people to step up their defenses, and Pechoucek noted that Gen uses generative AI in its own large language models to ensure strong defense against new viruses. Pechoucek also highlighted the potential impact of text-to-video deepfakes on cybersecurity and suggested the creation of a platform for users to verify media with encrypted metadata to build digital safety and trust.
READ THE STORY: Forbes
Yevgeny Prigozhin: From Putin's chef to Wagner founder
Analyst Comments: Prigozhin’s role in the full-scale invasion of Ukraine is significant, as it highlights the use of private mercenaries and the manipulation of social media by the Russian government. The use of convicted criminals to fight in Ukraine demonstrates the lack of moral consideration for human life in the conflict. The alleged brutality of Wagner mercenaries underscores the need for accountability in conflicts conducted by private military companies. Prigozhin’s involvement in the IRA’s meddling in US elections and disinformation campaigns aimed at Ukraine and other countries is further evidence of Russia’s efforts to exert influence and interfere in other country’s affairs.
FROM THE MEDIA: Yevgeny Prigozhin, a St Petersburg businessman and Putin's ally, has been identified as a key figure in Russia's invasion of Ukraine. Prigozhin has been accused of recruiting convicted criminals to fight for his Wagner group, a shadowy private military company that gained a fearsome reputation for brutality. Prigozhin also ran so-called "troll farms" that used social media accounts to spread pro-Kremlin views, which led to sanctions by the US, EU, and UK. The Kremlin relies on people like Prigozhin to conduct sensitive operations with plausible deniability. Prigozhin's past criminal convictions and murky reputation made him an ideal candidate for Putin's dirty deeds.
READ THE STORY: BBC
Vulcan Facility Seizure Adds to Tension Between US and Mexico
Analyst Comments: The recent seizure of a US company's marine terminal in Mexico by armed forces, if confirmed, could potentially damage the already strained relationship between the two countries over issues such as energy policy and security. Additionally, this incident could also have implications for foreign investment in Mexico, with companies such as Tesla possibly reconsidering opening up operations there. The tactical and strategic implications of this event for both countries remain to be seen.
FROM THE MEDIA: US construction firm Vulcan Materials has accused Mexican armed forces, including those of the government, of taking over its marine terminal in the southeast of the country last week. The operation followed a year-long feud over materials extraction permits, which saw the terminal closed. A Mexican federal judge has ordered a stay on any government confiscation effort, according to Vulcan, while the Mexican government has yet to make a statement. The seizure risks inflaming tensions between the countries, which are also currently involved in disputes over energy and security.
READ THE STORY: Bloomberg
The impact of AUKUS against China and Russia on the security of Asia and the world
Analyst Comments: The Aukus nuclear defense agreement raises concerns about the potential for a nuclear war between China, America, and their allies. The agreement marks a significant shift in the military capabilities of Australia, the second country after the UK to acquire Washington's nuclear technology. The three fleets of the US, UK, and Australia will sail together across the Atlantic and Indian oceans in the Indo-Pacific region in the American concept, or the Asia-Pacific in the Chinese concept, under the slogan of preserving freedom of navigation. The development of security and defense blocs of a nuclear nature, such as the Aukus agreement to develop NATO's infrastructure in the Asian region, will inevitably lead to a confrontation that will last for many years, according to the International Atomic Energy Agency. The Aukus agreement threatens long and continuous confrontations between China and the signatories to the agreement due to its impact on the safety and security of China and its immediate regional surroundings. This event is tactically and strategically significant as it has the potential to destabilize the region and escalate tensions between the parties involved.
FROM THE MEDIA: The United States, the United Kingdom, and Australia announced a joint plan to establish a new fleet of nuclear-powered submarines to counter China's growing influence in the Indo-Pacific region within the framework of the Aukus agreement, a defensive nuclear agreement between the three nations. The agreement includes sending a group of Australian Navy personnel to the American and British submarine bases for training on how to use the new nuclear submarines. The allies will also work to form a new fleet that will use the latest advanced technologies, including British-made Rolls-Royce reactors.
READ THE STORY: ModernDiplomacy
Russia accused of political interference in Moldova
Analyst Comments: Rising protests and accusations of Russian interference in Moldova are significant as they highlight the complex geopolitical situation in Eastern Europe. Moldova is caught between the influence of Russia and the West, with a pro-Russian minority complicating the situation. The accusations of Kremlin interference and attempts to destabilize Ukraine's neighbors are part of a larger pattern of Russian aggression in the region. The increasing use of disinformation and propaganda to stir up unrest is a worrying trend, and the explosive security threats faced by Moldova's government suggest that the situation could escalate further. The pro-Russian sentiment in Gagauzia also shows that the situation is not straightforward, with many Moldovans feeling closer to Moscow than the West. The future of Moldova and its relationship with Russia and the West remains uncertain.
FROM THE MEDIA: Rising food and energy costs have brought protesters onto the streets of Moldova, shouting "down with the dictator" for months. The government has accused Russia of deliberately stoking the anger by pushing up prices, spreading propaganda, and backing a plot to overthrow them, something Moscow and Moldova's pro-Russian politicians dispute. The Moldovan president says they are fighting a hybrid war under attack from Kremlin interference as it tries to destabilize Ukraine's neighbors. Moldova's government says it has faced an explosion of security threats, including a coup attempt, hundreds of bomb hoaxes, and internet hacks in the last year.
READ THE STORY: The Global Herald
Microsoft zero-day linked to Russian bad actors
Analyst Comments: The exploitation of this zero-day vulnerability poses a high risk to organizations and critical infrastructure, potentially enabling espionage for strategic purposes and facilitating disruptive and destructive attacks inside and outside of Ukraine. The vulnerability could also be used for financial gain. The fact that the vulnerability has been in use for almost a year without detection highlights the capabilities of nation-state actors and the difficulty of detecting and preventing cyberattacks. The discovery of the vulnerability also underscores the importance of regular patching and updating of software to prevent such exploits. The rapid adoption of the CVE-2023-23397 exploit by multiple actors further emphasizes the significance of this event.
FROM THE MEDIA: Mandiant, a cybersecurity company, has revealed that a zero-day vulnerability, CVE-2023-23397, has been exploited for almost a year to target organizations and critical infrastructure in Poland, Ukraine, Romania, and Turkey. The vulnerability is found in the Outlook client and does not require user interaction. Mandiant has attributed the exploitation to APT28, a Russian GRU actor, and has warned of rapid adoption by multiple nation-states and financially motivated actors. The vulnerability allows an attacker to escalate privileges and perform a Pass the Hash attack, giving them access to other systems in the victim's environment. Mandiant believes that the zero-day was used for intelligence collection and preparation for potential disruptive or destructive cyberattacks.
READ THE STORY: Security Brief
Wirecard fraudster Jan Marsalek’s grandfather was suspected Russian spy
Analyst Comments: The revelation of this information sheds new light on Jan Marsalek’s possible motivations and family background, indicating that his fascination with intelligence may have stemmed from his grandfather’s history. This information may be significant for European intelligence agencies seeking to understand the extent of Jan Marsalek’s connections to Russian intelligence and his exact significance for Wirecard. The fact that Hans Marsalek was suspected of being a Soviet asset suggests that the secret world was a big presence in Jan’s upbringing, offering a clue as to what drove his fascination with it in later life.
FROM THE MEDIA: A previously secret document found in Austria’s state archives reveals that the grandfather of Jan Marsalek, the former COO of Wirecard suspected by western intelligence agencies of being a Russian spy, was suspected by Austrian authorities of being a Russian spy at the height of the espionage battle for geopolitical dominance in the ruins of postwar Vienna. Hans Marsalek, who was a committed anti-Nazi resistance fighter during World War II, was suspected of helping the Soviets kidnap at least four people and illegally render them back to Moscow for torture, interrogation, and imprisonment, including an American intelligence agent. While no convictions against Hans were brought, this information could provide a missing piece of the puzzle in assessing Jan Marsalek’s potential connections to Russia’s intelligence agencies.
READ THE STORY: FT
For ethical lessons from Silicon Valley Bank, turn to spies
Analyst Comments: The failure of Silicon Valley Bank has significant tactical and strategic implications. The bank’s influence and responsibility extended far beyond its immediate stakeholders, and its failure has threatened the entire financial structure of a continental nation. The ethical responsibilities of organizations, including corporations, are crucial in ensuring accountability to stakeholders and preventing failures that could have disastrous consequences. Therefore, the failure of Silicon Valley Bank highlights the need for corporations to prioritize corporate social responsibility and governance, and for the government to implement regulations that prevent corporate greed and negligence.
FROM THE MEDIA: Silicon Valley Bank’s recent failure and the ensuing fallout have prompted discussions on the importance of ethics in organizations, including the Central Intelligence Agency (CIA) and corporate America. The CIA’s clandestine service, for instance, prioritizes professional and organizational ethics to help practitioners navigate the morally ambiguous world of intelligence and remain accountable to the American public. Similarly, for corporations to be truly ethical, they must instill core values that guide daily work and empower employees to proclaim these values and hold superiors accountable for following them. The failure of Silicon Valley Bank, which provided banking services to nearly half of the country’s venture capital-backed technology and life sciences companies, highlights the importance of corporate social responsibility and governance in ensuring that organizations take all stakeholders into account.
.READ THE STORY: The Hill
Items of interest
Russia Likely To Set Up Its Own Leasing Company In Africa
Analyst Comments: Russia's plan to establish a leasing company in Africa has significant strategic and economic implications. It is part of Russia's broader efforts to expand its influence and economic presence in Africa, which is seen as a potentially lucrative market for arms exports and investment opportunities. As major powers like China and the United States are also increasing their presence and influence on the continent, this competition for influence could either exacerbate existing issues like political instability and conflict or offer opportunities for growth and development. The involvement of major powers in Africa has significant implications for the continent and the world as a whole, as it has the potential to shape global affairs and contribute to the global economy.
FROM THE MEDIA: Russia's First Deputy Minister of Industry and Trade, Vasily Osmakov, has announced that Moscow plans to establish its own leasing company in Africa. The company will be specialized, and Gazprombank Leasing is likely to be the main company behind the venture, according to Osmakov. The move is part of Russia's efforts to expand its footprint in Africa, seen as a potentially lucrative market for arms exports and investment opportunities. Africa's growing population and vast untapped natural resources have made it a crucial location for major powers like China, the United States, and Russia, which are jostling for influence on the continent. The involvement of major powers in Africa has significant implications for the continent and the world as a whole, either exacerbating issues like political instability and conflict or offering opportunities for growth and development.
READ THE STORY: RepublicWorld
Hacking in the ICS Space (Video)
FROM THE MEDIA: The transcript is a conversation between the host of "Off by One Security" and Robert M Lee from Dragos. They discuss ICS (Industrial Control Systems) security and hacking. Robert M Lee talks about his background in cyber warfare operations, his work with the National Security Agency and his interest in control systems. He also talks about his work at Dragos, a company focused on securing ICS. They discuss the differences between various types of facilities that fall under the ICS umbrella and the importance of understanding the physical processes of these facilities. They also talk about the need for collaboration and investment in ICS security, as well as the risks posed by strategic national adversaries. Overall, the conversation covers a range of topics related to ICS security and the challenges involved in securing these critical systems.
OTW - ICS/SCADA is the most important area in hacking right now (Video)
FROM THE MEDIA: The speaker discusses the importance of ICS/SCADA hacking in the current state of cyber security. They mention a specific episode of the TV show "Mr. Robot" and state that they consider ICS/SCADA to be the most important area of hacking as these systems run important facilities such as refineries, manufacturing plants, and electrical grids. They highlight the significance of programmable logic controllers (PLCs) in these systems and mention the vulnerability of these systems to cyber attacks, especially in the context of cyber warfare. The speaker references the Russian attacks on the industrial control systems of Ukraine and implies that similar attacks may be launched in retaliation.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.