Tuesday, March 28, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob
Chinese Hackers Targeting Outer Layers of Networks for Cyber Attacks, Using New Malware for “Multi-Year” Intrusions
Analyst Comments: The Chinese hackers’ focus on outer layers of target networks and compromising popular security and network tools presents a significant threat to businesses and governments. The fact that they are able to dwell on target systems for years, undetected, highlights the need for internal network visibility to observe, understand and stop post-compromise cyber attacks. As the traditional network has been transformed to accelerate digital business, the entire network and endpoint security framework needs to be transformed accordingly. The next generation of network detection and response must create complete network transparency across the entire hybrid attack surface, including cloud-hosted networks, to ensure that adversaries have nowhere to hide in their targets’ networks.
FROM THE MEDIA: Chinese hackers are focusing on the outer layers of target networks such as antivirus software and firewalls as entry points for cyberattacks that can last for years, according to a new report from Google’s Mandiant. They are directing these attacks at large data-holding targets of interest to government intelligence operations, in some cases deploying new malware or making use of zero-days to compromise software. Furthermore, Mandiant warns that the Chinese hackers have found ways to compromise a number of major security and network tools published by the likes of Citrix, Fortinet, SonicWall, and VMWare. The researchers also believe that these cyber attacks are more expansive than anyone is aware of and that more software will likely turn out to be compromised in the future.
READ THE STORY: CPO
Russia supplies Iran with cyber weapons in exchange for drones and ammunition
Analyst Comments: The exchange of military equipment and cyber warfare capabilities between Russia and Iran could have significant tactical and strategic implications, particularly for cyber warfare and military operations in the Middle East. This event could also impact cybersecurity, national security, and geopolitical relations between Russia, Iran, and other nations.
FROM THE MEDIA: Russia and Iran have reportedly exchanged their respective cyber warfare capabilities and combat equipment, according to a report by The Wall Street Journal. The move, which marks a significant development in the two nations' cybersecurity partnership, could have far-reaching implications for their geopolitical interests, particularly in the area of technology and national security. The report claims that Russia provided Iran with various surveillance and intelligence-gathering equipment and may have supplied sophisticated software that would enable the Iranian regime to hack into the phones of dissidents and opposition activists.
READ THE STORY: Yahoo News
Cyberattacks on the high seas? Norwegian sailors, researchers sound a warning
Analyst Comments: The warning from the Norwegian University of Science and Technology regarding the potential impact of cyberattacks on ships is concerning. While there have been no publicly acknowledged cyberattacks that have impacted a ship, the researchers warn that unreported events are suspected to have occurred. Spoofing and jamming by foreign governments are becoming more common, and the possibility of an attack directly affecting a ship is real. The importance of raising awareness of these issues among seafarers and equipping them with the knowledge of how to respond to such an attack cannot be overstated. Given the potential for a devastating impact, the shipping industry should take this warning seriously and take steps to protect against cyber threats.
FROM THE MEDIA: Researchers at the Norwegian University of Science and Technology have warned that cyberattacks on ships could have a devastating impact. While there have been no publicly acknowledged cyberattacks that have impacted a ship, spoofing and jamming by foreign governments have been seen more often in the industry, and unreported events are suspected to have occurred. The researchers have also collaborated with the Cyber-SHIP Lab at the University of Plymouth, which has successfully hacked a ship's rudder during a simulation, making the ship run aground uncontrollably. The researchers stressed the importance of raising awareness of these issues among seafarers and equipping them with the knowledge of how to respond to such an attack.
READ THE STORY: The Record
Biden administration limits commercial spyware use in the federal government
Analyst Comments: The ban on commercial spyware by the US federal agencies is of significant strategic importance in enhancing cybersecurity measures to address the growing incidents of spyware abuse, particularly targeting US officials, government systems, and ordinary citizens. The proliferation of virtual spyware poses a serious threat to US national security and individuals' privacy, and the ban demonstrates the US administration's commitment to enhancing cybersecurity and protecting its citizens' privacy. The executive order's creation of a list of factors that indicate the misuse of spyware technology and the identification of steps that commercial spyware vendors can take to prevent them from being identified as a potential risk are essential steps in preventing the abuse of spyware technology.
FROM THE MEDIA: President Joe Biden has signed an executive order banning federal agencies from using commercial spyware that could pose security risks to the US or that has already been misused by foreign actors. The directive seeks to address a growing number of incidents of spyware abuse abroad, as well as reports of misuse targeting US officials, government systems, and ordinary citizens. The executive order is the first in a series of actions by the White House to deal with the proliferation of virtual spyware in recent years. The industry has grown as more companies develop ways to quietly infiltrate people’s devices and market those tools to governments around the globe. The order creates a list of factors to indicate if spyware technology is being abused, including if a foreign government or person attempts to gain access to the electronic device of a US citizen without their permission or monitors the person without proper legal authorization.
READ THE STORY: The Record
20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison
Analyst Comments: Fitzpatrick's arrest demonstrates law enforcement's ability to infiltrate and dismantle cybercriminal marketplaces that engage in selling hacked data. By shutting down BreachForums, law enforcement has disrupted a criminal platform that allowed cybercriminals to buy and sell stolen data. The use of undercover agents to buy data offered for sale on the platform sends a strong message to cybercriminals that such activities will not be tolerated. The investigation into BreachForums highlights the importance of operational security and the need for cybercriminals to take appropriate measures to hide their identities to avoid detection by law enforcement.
FROM THE MEDIA: Conor Brian Fitzpatrick, the founder of BreachForums, has been charged with conspiracy to commit access device fraud. The 20-year-old, who went by the moniker "pompompurin," faces up to five years in prison if found guilty. BreachForums served as a marketplace for buying and selling hacked and stolen data. The U.S. Department of Justice confirmed that it had conducted an operation that caused the criminal platform to go offline. Court documents show that FBI agents bought five sets of data offered for sale, with Fitzpatrick acting as the middleman to complete the transactions. Fitzpatrick used multiple IP addresses, VPNs, and a fake email account to obfuscate his identity. He also made several operational security (OPSEC) mistakes that exposed his real IP address, leading to his arrest.
READ THE STORY: THN
U.S. Is Threatening to Default China Debt Repayment, What Will Beijing Do
Analyst Comments: The significant decline in China’s holdings of US Treasury bonds has implications for the global economy, as it is causing concerns in the United States. China's holdings of US debt have consistently declined, and the fear is that China may reduce it further. This could destabilize the Renminbi, causing the US to default on its debt, leading to a global meltdown. There are limitations to internationalizing the Renminbi and clamoring for an easy and quick way out, many Chinese experts suggest China should clear all US Treasury bond holdings. However, it remains to be seen if China can actually do so.
FROM THE MEDIA: China’s holdings of US Treasury bonds have consistently declined during President Xi Jinping's decade-long rule. Last year, China’s holdings of US Treasury bonds fell by $173.2 billion, representing 17% of the total US bond holdings by China, which was the largest annual reduction in six years. Financial experts believe that the US-China political rivalry is now being manifested in the Renminbi’s exit from the dollar. The decline is viewed as escalating political hostility and marks a new low since Xi Jinping became the party general secretary in 2012. A recent visit by the US deputy assistant secretary of the Department of Treasury for Asian Affairs, Robert Kaproth, to Beijing was aimed at discussing macroeconomic and financial issues and urging China to increase its holdings of US debt, but China did not make any concessions. The US fear is China will reduce its US debt holdings to as low as $100 billion. Analysts in China believe that the US may be aiming at regime change in China by defaulting on its debt. There is a possibility that the US debt default may destabilize the Renminbi.
READ THE STORY: Modern Diplomacy
Chinese tycoon secretly controlled Gettr to promote crypto
Analyst Comments: The revelation that a Chinese billionaire had significant influence over a right-wing social media platform like Gettr raises questions about the platform's independence and political agenda. It also highlights the growing trend of cryptocurrencies being used as a tool for propaganda and financial fraud. The connection to the failed Himalaya exchange and stablecoin adds to the concerns about the legitimacy of cryptocurrencies and their potential for financial scams. The involvement of Guo in promoting conservative propaganda on Gettr also suggests a wider agenda to influence public opinion in the US through social media platforms.
FROM THE MEDIA: Former employees of Gettr, a right-wing social media platform, have revealed that Chinese billionaire Guo Wengui had a significant role in financing, hiring, and content decision-making for the platform. Despite earlier statements from former Trump aide Jason Miller that Guo had no authority in Gettr, anonymous employees claim that Miller reported to Guo and his financial manager, William Je, and that the contractor Orbit was keen to delete any posts critical of Guo. Guo is known for his involvement in the failed Himalaya exchange and stablecoin, as well as for promoting cryptocurrencies and conservative propaganda on Gettr. He also played a role in introducing Gettr Coin to the platform, which was offered to users at 10 cents a piece but had no monetary value or redemption value. Guo was arrested in March 2022 and faces charges related to a $1 billion fraud conspiracy involving Himalaya Coin.
READ THE STORY: Protos
Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools
Analyst Comments: The aCropalypse vulnerability discovered in Microsoft's Snip & Sketch app in Windows 10 and Snipping Tool in Windows 11 is a potential privacy threat to users. This vulnerability could enable malicious actors to recover edited parts of screenshots and expose sensitive information that may have been cropped out. However, successful exploitation of the vulnerability requires uncommon user interaction and several factors outside of an attacker's control, resulting in a low severity rating of 3.3 on the CVSS scoring system. While the vulnerability has been addressed in the latest app versions of Snip & Sketch and Snipping Tool, users must be aware of the issue's nature and take precautions when editing and saving images to prevent data exposure.
FROM THE MEDIA: Microsoft has released an out-of-band update to fix a vulnerability dubbed aCropalypse that affects the Snip & Sketch app in Windows 10 and Snipping Tool in Windows 11. The flaw could allow bad actors to recover edited portions of screenshots, potentially exposing sensitive information. While the vulnerability has a low severity rating, users must take precautions when editing and saving images. The vulnerability has been fixed in the latest app versions of Snip & Sketch and Snipping Tool.
READ THE STORY: THN
The US case against Binance calls out one of the worst-kept secrets in crypto
Analyst Comments: The lawsuit against Binance by the CFTC is a significant development for the cryptocurrency industry, particularly as it highlights the ease with which US-based investors can gain access to offshore cryptocurrency derivatives. While the outcome of the lawsuit is uncertain, it can result in heavy fines and a ban on Binance registering in the US in the future. This can potentially have a severe impact on the revenue of Binance as the lawsuit alleges that US users make up 16% of the revenue for its derivatives product. The regulatory scrutiny on cryptocurrency's biggest players has increased, with the IRS and SEC also investigating Binance. The crypto industry has had a challenging month, with two of its significant connections to the mainstream finance world, Silvergate and Signature Bank, severing ties.
FROM THE MEDIA: The Commodity Futures Trading Commission (CFTC) has sued Binance, the largest cryptocurrency exchange globally, for violating US trading laws by allowing US-based investors to trade cryptocurrency derivatives without registering with the CFTC. The CFTC accused Binance of secretly coaching "VIP" customers in the US on how to evade compliance controls to maximize corporate profits. The lawsuit can potentially result in heavy fines and ban Binance from registering in the US in the future. Binance stated that the lawsuit was "unexpected and disappointing" and that it has made significant investments in the past two years to prevent US-based investors from using its platform.
READ THE STORY: CNN
Major Foreign Terror Attack on US 'Almost Inconceivable' Right Now
Analyst Comments: As the world becomes increasingly dependent on digital infrastructure, the possibility of a large-scale cyber attack has become a major concern. Such an attack could have devastating consequences on critical infrastructure, and the potential damage could be on the scale of the physical attacks on September 11th. While the likelihood of such an attack remains low, the threat environment in the US is constantly evolving and becoming more complex. Therefore, it is crucial to maintain pressure on foreign terrorist organizations and remain vigilant against potential threats to ensure the safety and security of the US and its allies.
FROM THE MEDIA: According to Nicholas Rasmussen, the Department of Homeland Security's counterterrorism coordinator, decades of counterterrorism work have made the possibility of foreign terrorist groups, including some Islamic State and al-Qaida affiliates, launching major attacks on US soil "almost inconceivable". Despite warnings from top military and intelligence officials that Islamic State's Afghan affiliate is looking to attack US or Western targets, Rasmussen believes that the likelihood of an attack on US soil is low. However, Rasmussen warns that the threat environment in the US is on a nearly constant upward trajectory and the overall threat environment that national security and homeland security professionals are dealing with is more diverse, more dynamic, and more complicated than any other point previously. He also acknowledged concerns about border security, especially along the US border with Mexico, but there is currently no information to suggest any terrorist organization is trying to use the southern border to infiltrate the country.
READ THE STORY: VOA
New MacStealer macOS malware steals passwords from iCloud Keychain
Analyst Comments: The discovery of MacStealer and other macOS-targeting information-stealing malware is significant in tactical and strategic terms as it highlights the importance of maintaining awareness and taking necessary measures to prevent such attacks. The increasing use of malware-as-a-service (MaaS) makes it easier for cybercriminals to launch attacks, and macOS users should be aware of the potential threats and take necessary precautions to protect their devices and sensitive data. With cryptocurrency wallets being highly targeted by threat actors, it is likely that we will see further malware developers targeting macOS in their search for cryptocurrency wallets to steal. As such, it is essential to maintain awareness of these threats and take necessary measures to prevent them.
FROM THE MEDIA: A new malware named MacStealer has been discovered by the Uptycs threat research team, which targets macOS users by stealing their credentials, cryptocurrency wallets, and potentially sensitive files. The malware is being distributed as a malware-as-a-service (MaaS), allowing purchasers to spread the malware in their campaigns. MacStealer can run on macOS Catalina and up to the latest version of Apple's OS, Ventura. The malware is distributed as an unsigned DMG file, and upon execution, it collects all the user data, stores them in a ZIP file, and sends the stolen data to remote command and control servers to be collected by the threat actor. While most MaaS operations target Windows users, macOS users should remain vigilant and avoid downloading files from untrustworthy websites.
READ THE STORY: Bleeping Computer
China detains Astellas employee on espionage suspicions
Analyst Comments: The detention of the Astellas employee comes as tensions continue to rise between Japan and China, particularly around disputed territories in the East China Sea. The case could exacerbate these tensions further and raise concerns about the safety and security of foreign workers in China. As with previous cases involving allegations of espionage against foreign nationals in China, the case is likely to be handled behind closed doors, making it difficult to determine whether the allegations are credible or politically motivated. The case highlights the risks that companies and employees face in China, where the government has increasingly sought to exert greater control over business and society.
FROM THE MEDIA: An employee of the Japanese pharmaceutical company, Astellas, has been detained in China on suspicion of espionage activities. While the Chinese Ministry of Foreign Affairs spokesperson has refused to specify the specific violation, the man, who is in his 50s, is being held on suspicion of violating China’s criminal and counterespionage laws. The detained man spent two decades working in China and has a background as a senior official of the Japanese Chamber of Commerce and Industry in China, according to Japanese media. The Japanese government has demanded the man’s early release and called on Chinese authorities to allow him access to Japanese consular officials.
READ THE STORY: Fierce Pharma
The CCP Has an Inside Informant on Our Military and Supply Chains
Analyst Comments: The Chinese government's use of LOGINK for spying is a serious threat to US national security. The platform could provide Chinese companies unprecedented insight into their competitors' business, allowing China to undercut the competition and strengthen its position in the global marketplace. The US government should take steps to counter the use of LOGINK and other similar technology by China. The Securing Maritime Data from Communist China Act is a good first step to prevent the Department of Defense from entering contracts with any entity that uses LOGINK, and to develop alternative practices and protocols to protect US national security interests.
FROM THE MEDIA: China's Ministry of Transportation reportedly controls LOGINK, a free shipping and logistics platform, which collects real-time data from users at ports around the world. The platform, which is now in use at more than 20 ports worldwide, allows Beijing to track the cargo manifests and transit routes of U.S. commercial vessels and military logistics. China's espionage campaign could gather insight on American businesses, strategic assets, and supply-chain weak links, helping them gain a competitive foothold against the United States and its allies. The Chinese government is accused of using shipping technology as a spy tool to gain an unfair advantage in the global marketplace. A bill, the Securing Maritime Data from Communist China Act, has been introduced to prevent the Department of Defense from entering contracts with any entity that uses LOGINK, giving the administration sufficient time to negotiate with allies and develop alternative practices and protocols.
READ THE STORY: NR
US Spy Agency Cyber Chief Warns TikTok Is China’s ‘Trojan Horse’
Analyst Comments: The concerns raised by Joyce and others regarding TikTok and its parent company's role in cybersecurity are not new. Politicians and cybersecurity experts have raised concerns about the app's security risks for several years, given the amount of data it collects and the parent company's obligations under Chinese law. The concerns are driven by fears of espionage or censorship by the Chinese government, which has a track record of using technology as a tool for surveillance and propaganda. Joyce's remarks reflect a broader trend of concern in the US regarding the cybersecurity risks posed by Chinese technology companies. As the US seeks to maintain its position as a global superpower, cybersecurity will likely continue to be a key area of focus, with companies like TikTok under scrutiny for their ties to China.
FROM THE MEDIA: The head of the US National Security Agency’s cybersecurity arm, Rob Joyce, has referred to TikTok as a “Trojan horse” that could pose a long-term strategic cybersecurity concern to the US. Joyce has urged the US government to monitor the Chinese parent company ByteDance to avoid a security incident that may take place “five, 10 or 20” years down the line. Despite reassurances from TikTok's CEO Shou Chew during a recent hearing that TikTok poses no greater risk than social media giants such as YouTube and Instagram, concerns remain that the parent company has too much insight into its 150 million monthly US users and that data may be exposed to the Beijing government.
READ THE STORY: Yahoo Finance
China to slash foreign researchers’ access to an academic database
Analyst Comments: The move by CNKI to curtail foreign access to its academic database adds to the difficulties foreign universities and research institutions face when researching China. The lack of reliable data on China hampers the ability of academics, policymakers, and businesspeople to make informed decisions, as they must rely on rumors, baseless conjecture, and motivated reasoning. The move also underscores Beijing's tightening of data security as it looks to consolidate Xi Jinping's power during his third term as president. The move follows the trend of other recent Chinese government initiatives aimed at increasing data security, such as the June 2021 investigation by the Cyberspace Administration of China against CNKI.
FROM THE MEDIA: Foreign universities and research institutions that rely on China National Knowledge Infrastructure (CNKI), the country's largest academic database, have been notified that their access to the database will be curtailed starting April 1. This move, which impacts the availability of thousands of research papers and documents online, follows measures of data cross-border transfer assessment and relevant laws. The number of foreign subscribers is not publicly available, and it is unclear how much access individual subscribers will lose after the changes come into effect. The move by CNKI, which holds a monopoly over the distribution of information, deepens concerns about researching China, as access to reliable data on China is increasingly difficult to obtain.
READ THE STORY: FT
Supply chain issues impede the mass production of new Chinese engine
Analyst Comments: China's continued advancement in indigenous military aircraft engines has significant implications for its future military capabilities. Achieving 98% localization for the WS-10C engine, which currently powers the J-20s being delivered to the PLAAF, shows that China is making progress in replacing foreign-provided components or materials. The completion of the WS-19 and WS-20 engines, once supply chain issues are resolved, will significantly enhance the Chinese military's ability to project power both within and beyond its borders. The continued development of indigenous military technologies reduces China's dependence on foreign countries and enhances its strategic autonomy.
FROM THE MEDIA: According to a senior official from a local aerospace materials research facility, China has finished developing its next-generation indigenous military aircraft engines, and mass production will begin once supply chain issues with advanced alloys are resolved. The WS-19 afterburning turbofan, the WS-20 high-bypass turbofan engine, and an unidentified next-generation engine are under development, but material supply chain issues remain for the production of advanced alloys that will be used in the engines. However, the WS-15 after-burning turbofan is ready for mass production and will be used in later variants of the Chengdu J-20 stealth fighters of the PLAAF.
READ THE STORY: DefenseNews
We cannot counter China’s ambitions without a global strategy
Analyst Comments: The U.S. must take the possibility of unmet objectives seriously and have a credible counteroffensive capability to deter aggressors from “snatch and grab” operations, as seen in Russia's seizure of eastern Ukraine in 2014. The U.S. and its allies must invest in the deployment, employment, and support of forces that can respond anywhere in the world across the spectrum of warfare, rather than relying on the goodwill of host nations along the Pacific Rim. Therefore, the U.S. must adopt a modernization strategy that enhances its capabilities to conduct combined arms operations, counter enemy aggression, and maintain an adequate global presence to reduce the risk of a war it doesn’t want.
FROM THE MEDIA: China’s growing global influence, coupled with its efforts to establish dominance in critical minerals, cyber technologies, finance, transoceanic shipping, chip manufacturing, and biotechnology, has raised concerns across various industries from defense to finance. While China’s recent moves to restore diplomatic ties between Saudi Arabia and Iran and broker a peace agreement between Russia and Ukraine suggest that China intends to overshadow the U.S. in the international community, its massive Belt and Road Initiative is extending its influence through the Sumatra Straits and across the Indian Ocean to Iran, Pakistan, and beyond. Despite this, most U.S. actions tend to focus on territorial China, as though it were merely a defensive, regional power. The U.S. Marine Corps' modernization is a divestment of global force-in-readiness capabilities to fund a stationary and insignificant anti-ship missile force in China’s front yard. This short-sighted decision has drastically cut needed capabilities in the rest of the Marine Corps' operational forces, seriously degraded its offensive combined-arms capabilities, and resulted in inadequate global presence, especially in the Indian Ocean.
READ THE STORY: The Hill
Space Force should prepare for the threat we have — not the one we prefer
Analyst Comments: The article raises concerns that Western commentators and pundits have been basing their national security space strategies and posture on an assumption that may not be true. It warns that the current space deterrence and warfighting posture of the US Space Force and US Space Command may not be ready for a future where China has a superior space-power overmatch. If Western nations want to be prepared for the future of space conflict, they should prepare to hit back in a way that deters and prevents attacks in the first place. Thus, the article highlights the significance of China’s expanding influence and its future consequences, suggesting that the US and its allies need to be vigilant and prepared for a potential space conflict with China.
FROM THE MEDIA: As the one-year anniversary of Russia’s invasion of Ukraine passed, many commentators have been assuming that future space deterrence and warfighting will be based on Russia’s “soft kill” counter-space systems, such as jammers and cyber attacks, rather than “hard kill” weapons systems like anti-satellite missiles. However, this assumption is dangerous as China has been developing a “multi-layered attack architecture” consisting of “kinetic kill missiles, ground-based lasers, and orbiting space robots,” coupled with “an expanded array of surveillance and tracing capabilities” necessary for targeting. These capabilities range from ground to space, space to space, and space to ground weapons such as fractional orbital bombardment systems (FOBS). China aims to unravel Western norms, resilience, and arms-control measures to create options for escalation dominance by either destroying enemy satellites in orbit or creating “adverse influence…[upon] adversary space systems, as well as…[creating] certain psychological pressure on and fear in the adversary…[thereby] forcing the adversary to dare not conduct…[the] initiative” in conflict.
READ THE STORY: The Hill
Europol Warns About Exploitation Of AI Systems Including ChatGPT
Analyst Comments: Europol's report highlights the potential risks associated with the misuse of large language models such as ChatGPT by criminals. As AI capabilities continue to improve, it is essential to consider the potential risks and vulnerabilities associated with their use. The report emphasizes that AI models are complex, and the workarounds discovered by researchers and threat actors may be difficult to detect. Furthermore, the report warns that ChatGPT's many safeguards can be easily circumvented through prompt engineering, indicating that the use of large language models should be approached with caution. This report may serve as a call to action for policymakers and businesses to prioritize the development of AI governance frameworks that consider the potential risks and vulnerabilities associated with AI technologies.
FROM THE MEDIA: The European Union Agency for Law Enforcement (Europol) has released its first Tech Watch Flash report titled "ChatGPT - the impact of Large Language Models on Law Enforcement." The report focuses on the potential misuse of OpenAI's popular chatbot, ChatGPT, by criminals. According to Europol, the complexity of AI models means that workarounds can be discovered by researchers and threat actors. The report suggests that ChatGPT's many safeguards, designed to protect users against hateful, violent, sexual, or self-harm-promoting material, can be easily circumvented through prompt engineering. Crime areas of concern identified by Europol's experts include fraud and social engineering, disinformation, and cybercrime. The report warns that ChatGPT may offer criminals new opportunities, especially for crimes involving social engineering, given its abilities to respond to messages in context and adopt a specific writing style.
READ THE STORY: BW
Twitter Source Code Leak Should Serve As Warning Say Security Experts
Analyst Comments: This incident serves as a reminder of the importance of protecting corporate networks from both internal and external threats. The potential misuse of Twitter's source code by bad actors could have serious consequences for the platform's users. Twitter's response to the leak has been criticized by some experts for focusing too much on IP protection and not enough on the potential risks to users. Going forward, organizations should prioritize implementing robust governance controls and reviews to prevent similar incidents from occurring.
FROM THE MEDIA: Twitter's source code was briefly leaked online through GitHub, which could have potentially led to the code being copied and redistributed. Twitter has since requested that the identity of the user who posted the code, as well as those who accessed and downloaded it, be revealed. Some security experts suspect that a disgruntled former employee who left the company around the time of Elon Musk's acquisition of Twitter may have been behind the leak. Twitter's response has been criticized by some for focusing on intellectual property (IP) rather than the potential risks to users. Experts recommend implementing better governance controls and reviews to prevent similar incidents in the future.
READ THE STORY: Forbes
Researchers warn of two new variants of potent IcedID malware loader
Analyst Comments: The emergence of these new IcedID variants highlights the importance of continually updating cybersecurity measures to protect against evolving threats. These variants appear to have been created to prioritize ransomware delivery, which has become an increasingly prevalent attack method in recent years. The involvement of Emotet in the new variants also serves as a reminder of the interconnectedness of different cybercriminal groups and their willingness to collaborate for mutual gain. The identification of the new variants and their links to specific threat actors provides an opportunity for cybersecurity professionals to strengthen their defenses and protect against future attacks.
FROM THE MEDIA: Two new variants of IcedID, a banking Trojan that can also deliver ransomware, have been identified by security researchers. The two new variants, one of which appears to be connected to the Emotet botnet, are lighter than the standard one as certain functionality has been stripped. This suggests that the new variants have been created to prioritize ransomware delivery, with the authors of Emotet suspected to have partnered with IcedID operators to expand their activities. IcedID is often favored by initial access brokers, who sell access to corporate networks to other cybercriminals. Five distinct threat actors have been linked to the IcedID Trojan, with most of them operating as initial access brokers.
READ THE STORY: CSO
FBI: Business email compromise tactics used to defraud U.S. vendors
Analyst Comments: This type of fraud poses a significant threat to companies in the US. While the technical skills required to spoof an email address are low, the actors are skilled fraudsters who know how to hide their activity. The FBI's recommendation for vendors to check the source of an email before agreeing to a transaction is critical to avoid being victimized. With the losses associated with BEC schemes reaching almost $2.4 billion in the US in 2021, companies must remain vigilant and take proactive measures to protect themselves from this type of fraud.
FROM THE MEDIA: The Federal Bureau of Investigation (FBI) has issued a warning to companies in the US of threat actors using similar tactics to Business Email Compromise (BEC) to steal various goods from vendors. Criminal actors are impersonating the email domains of US-based companies to initiate bulk purchases. The fraudsters are skilled in business payments and knowledgeable about how to hide cheating. Among the commercially available goods targeted in this type of fraud are construction materials, agricultural supplies, computer technology hardware, and solar energy products. The FBI recommends vendors check the source of an email before agreeing to a transaction and pull the buyer's contact information from a reliable source to inquire about the purchase intent.
READ THE STORY: Bleeping Computer
Items of interest
The Afghan Foreign Minister Is Wrong About ISIS: It Threatens Regional Security
Analyst Comments: The recent developments in Afghanistan indicate that Daesh and ISKP maintain an active presence in the country and pose a significant regional threat to not only Afghanistan but also its neighboring countries. The ongoing military operations by the General Directorate of Intelligence (GDI) against ISKP in Afghanistan are a clear indication of the active presence of ISKP in the country and its operational capabilities. The discovery of alleged ISKP hideouts, coupled with the arrest of militants and the killing of key commanders, is a clear indication of the operational bases of these terrorist groups in Afghanistan. The discovery of significant amounts of money also indicates that these groups are well-funded and pose a severe threat to regional security.
FROM THE MEDIA: The Foreign Minister of Afghanistan, Amir Muttaqi, recently claimed that there is no presence of Daesh or ISKP in Afghanistan. However, US Intelligence reports on terrorism suggest that these groups maintain an active presence in Afghanistan and are conducting terrorist activities. Ongoing military operations by the General Directorate of Intelligence (GDI) against ISKP in Afghanistan further confirm the active presence of ISKP in the country. Recent actions taken by the International Assistance Group (IAG) against ISKP are a welcoming development. However, the discovery of alleged ISKP hideouts, coupled with the arrest of militants and the killing of key commanders, is a clear indication of the operational bases of these terrorist groups in Afghanistan. The US country reports on terrorism are factual evidence compiled after extensive research and analysis and are an important source of information for policymakers and regional actors.
READ THE STORY: Modern Diplomacy
The Laundry E15 & E16: Why crypto money laundering is booming (Video)
FROM THE MEDIA: The YouTube video is an episode of "The Laundry" podcast featuring Kim Grauer from Chain Analysis, a company that provides data analysis services for blockchain transactions. The discussion covers topics such as cryptocurrency money laundering, ransomware, malware, and the use of mixers. The conversation also touches on the regulation of cryptocurrency, non-custodial wallets, and the top trends in crypto crime, including the use of DeFi and scams.
Let's talk about money laundering and why Bitcoin is not the way to do it (Video)
FROM THE MEDIA: In a YouTube video, Clark Towson, the CEO of intj billing, discusses money laundering and why Bitcoin is not a good way to do it. He defines money laundering as concealing the origin of money obtained from illegal activities by converting it into a legitimate source. Towson gives a real-life example of a sex worker in Thailand who received money from her drug dealer boyfriend from Australia. He explains that Australia's high average income and drug prohibition policy make it an attractive location for drug dealers. Towson says that Bitcoin is not a good way to launder money because its blockchain is open and public, and there are many chain analysis firms that specialize in analyzing it to identify illicit transactions. He mentions that there are ways to conceal transactions using mixers and tumblers but recommends against it.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.