Wednesday, March 29, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob
Russia Ramps Up Cyberattacks On Ukraine Allies
Analyst Comments: The report by Thales and Microsoft highlights Russia's continued efforts to sow divisions and promote its agenda through cyber warfare, both within and outside of Ukraine. While Russia's cyberattacks on Ukraine were largely unsuccessful, the country's efforts to target other European countries with low-level harassment is a cause for concern. The threat of escalation into more damaging cyber tools is real, and it underscores the need for continued vigilance and robust cyber defenses. As cyber warfare continues to evolve and expand in scope, governments and organizations must prioritize cybersecurity measures to protect against future attacks.
FROM THE MEDIA: US and French analysts report that Russia's cyberattacks on Ukraine have largely failed, prompting Moscow to shift its focus towards targeting European countries such as Poland, the Nordic and Baltic countries, with a range of cyber weapons. According to French defense firm Thales, Russia aims to promote anti-war messages and sow divisions through cyberattacks, but its invasion of Ukraine last year was repelled by the country's resilient defenses. Thales and Microsoft warn that Russia's cyber activities outside Ukraine are increasing, and while they are largely low-level harassment, they may escalate into more damaging cyber tools in the future.
READ THE STORY: Barron's
China tackles chip talent shortage with new courses, higher pay
Analyst Comments: China's efforts to develop its semiconductor industry are likely to be important for its broader tech ambitions, which include reducing its reliance on US technology. However, some students and experts have criticized China's emerging chips curriculums, saying they lack hands-on industry experience compared with more advanced schools in Taiwan and the US. Additionally, Chinese universities tend to reward professors across all fields for publishing papers rather than teaching up-to-date methodology that is useful in a company laboratory or chip manufacturing plant. Therefore, addressing these issues could be essential for the country's long-term success in the field. The fact that students with degrees in other subjects are being lured into the growth industry may help alleviate the worker shortage, but it remains to be seen whether private chip engineering schools can provide effective training compared with more established institutions.
FROM THE MEDIA: China is experiencing a shortage of about 200,000 semiconductor industry workers, leading the country to focus on developing home-grown talent, according to a report from the China Center for Information Industry Development and the China Semiconductor Industry Association. Enrollment in undergraduate and post-graduate chip engineering courses has surged, thanks to new funds for top universities and a boom in smaller private schools that focus on shorter-term instruction. The salaries for entry-level jobs in the sector have doubled, leading some students with degrees in other subjects to take the plunge into the chip industry. Some private schools have also sprung up to offer short-term solutions, with chip engineering boot camps aimed at graduates who majored in subjects tangentially related to the industry.
READ THE STORY: Yahoo Finance
CISA director says cutting agency’s budget would return it to ‘pre-SolarWinds world’
Analyst Comments: Easterly's call for an increase in funding for CISA and her warnings of cybersecurity threats from China highlight the need to improve the country's cybersecurity defenses. The Cyber Incident Reporting for Critical Infrastructure Act is an important step in improving the nation's cybersecurity defenses, and its implementation would allow CISA to respond quickly and effectively to cyber threats. The warning of a potential Chinese cyberattack against US critical infrastructure is a reminder of the increasing cyber threats posed by China, and the need for the US to take proactive measures to safeguard its critical infrastructure. The CISA's focus on hiring additional staff is also crucial, as it would enable the agency to expand its capabilities and effectively respond to emerging cyber threats.
FROM THE MEDIA: Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), defended the agency's request for a 5% increase in funding to $3.1bn to better protect US critical infrastructure against cybersecurity threats from China. Easterly said that the CISA would prioritize working with state and local partners and smaller critical infrastructure operators that require additional federal support to shore up cybersecurity defenses. The funding would go towards implementing the Cyber Incident Reporting for Critical Infrastructure Act, which mandates certain critical infrastructure operators to report cyberattacks to the CISA within 72 hours and ransomware payments within 24 hours. Easterly also warned of China's close attention to the US involvement in Ukraine and a potential retaliatory cyberattack against American critical infrastructure in case of any future conflict with Taiwan.
READ THE STORY: Cyberscoop
North Korean hackers turn to ‘cloud mining’ for crypto to avoid law enforcement scrutiny
Analyst Comments: The use of cloud-based power to mine cryptocurrency by the North Korean hacking group APT 43 is a novel tactic. This approach allows the group to produce clean bitcoin that cannot be traced by law enforcement, enabling them to fund their cyber espionage activities. The group's use of tailored spear-phishing emails and spoofed websites designed to steal credentials, along with persona building on fake LinkedIn profiles, highlights the sophistication of their tactics. The group's increasing aggressiveness and likely automation of its campaigns are a cause for concern. Overall, this report shows the continuing evolution and adaptation of North Korean hacking groups in their use of cryptocurrency-related cybercrime to fund their activities.
FROM THE MEDIA: A North Korean hacking group known as APT 43 is suspected of renting cloud-based power to mine cryptocurrency, which the group then uses to fund its own hacking and cyber espionage activities. Mandiant, a cybersecurity firm, reported that the group uses cloud mining to produce clean bitcoin, which has no blockchain-based connections that can be traced by law enforcement. The group then uses the funds to purchase infrastructure such as website domains to further espionage activities. The group's operations contrast with those of another North Korean threat actor, the Lazarus group, which is known for massive crypto-heists. The APT 43 hacking group has become increasingly aggressive and has most likely automated aspects of its campaigns. The group uses tailored spear-phishing emails, spoofed websites, and fake LinkedIn profiles to gain access to victim information.
READ THE STORY: Cyberscoop // THN
Chinese Officials Urged to Refrain From Detaining Entrepreneurs
Analyst Comments: This announcement is part of the Chinese government's efforts to improve its treatment of private businesses, which have been subject to regulatory scrutiny and crackdowns in recent years. By protecting entrepreneurs' lawful rights, the government is aiming to boost growth in the private sector, which is crucial to the country's overall economic recovery. However, it remains to be seen whether these measures will be effectively implemented and whether they will have a significant impact on the business environment for private enterprises in China.
FROM THE MEDIA: The Chinese government issued a notice to officials in Hainan province, urging them not to detain, prosecute or charge private entrepreneurs when possible, as part of efforts to boost confidence in the private economy. The move was supported by the Cyber Administration of China's announcement of plans to penalize online behavior that harms the reputation of private businesses.
READ THE STORY: Bloomberg
Banks face a tough choice over crypto
Analyst Comments: Their reluctance to get involved with digital assets follows growing regulatory hostility to cryptocurrencies since the collapse of the digital exchange FTX last year. While regulators insist they are only seeking to ensure banks are stable, some are pointing to a broader effort by the US government to ban crypto completely. The industry is now facing tough choices, with some banks signaling which side they want to be on.
FROM THE MEDIA: First Citizens Bank, based in North Carolina, has recently agreed to buy most of Silicon Valley Bank (SVB), whose failure last month rocked the global banking sector. However, the purchase agreement excludes cryptocurrencies and loans backed by crypto. New York Community Bank, which acquired the remnants of Signature, another failed lender, also refused to touch its substantial digital banking arm. The US Federal Deposit Insurance Corporation is returning $4bn in deposits directly to customers. These decisions by the banks are allegedly a response to growing regulatory hostility to cryptocurrencies, blamed for the collapse of digital exchange FTX last year. Operation chokepoint 2.0, a theory suggesting a concerted effort by the US government to ban crypto completely, has gained traction among crypto enthusiasts. Regulators claim that they are merely trying to ensure banks are stable and that cryptocurrencies do not enable money laundering and other crime.
READ THE STORY: FT
Electronic warfare is a ‘new frontier’ for US Missile Defense Agency
Analyst Comments: The article highlights the growing threat of electronic warfare and cyberattacks in the missile defense space, which is a new frontier for defense agencies. The increase in the capabilities of foreign militaries in electronic warfare poses significant challenges to the US Missile Defense Agency in detecting and intercepting incoming missiles. This situation calls for a more robust missile defense system that can withstand these attacks. The increase in the agency's budget shows that the US government is aware of the challenges and is taking steps to ensure the country's safety from missile threats. However, it remains to be seen if the increase in funding will be enough to address the emerging threats posed by electronic warfare and cyber attacks.
FROM THE MEDIA: The US Missile Defense Agency is facing new challenges in protecting the country from missile threats due to the increasing capabilities of foreign militaries in electronic warfare and cyber attacks. These invisible threats make it difficult for the agency to detect incoming missiles, calculate their trajectory, and decide on the best interception method. According to Vice Adm. Jon Hill, adversaries have upped their game in electronic warfare, which has made it harder for the agency to defend against missile threats. China and Russia are the top national security hazards, according to US officials, and they are developing advanced missiles that can be launched from different platforms and have countermeasures to hide and misdirect, ultimately making them harder to detect. The Missile Defense Agency has requested almost $11 billion for fiscal 2024, which includes a budget of $346 million for flight, ground, and cybersecurity testing.
READ THE STORY: Yahoo News
Jihadists target Africa and Afghanistan, but also eye China and Russia
Analyst Comments: The article provides an insightful analysis of the different profiles and geopolitical implications of militant movements in Africa and Afghanistan. It emphasizes the need for tailored approaches to address specific grievances and understand the drivers of militant recruitment. The article also highlights the potential risks of external powers embedding themselves in the economies and social fabric of African countries. More specific data and examples would enhance the article's credibility and support its claims.
FROM THE MEDIA: The text examines the varying characteristics of militants in Africa and Afghanistan and the implications for external powers. In Africa, poverty is a significant factor driving militant recruitment, with some viewing jihadism as a means of escaping poverty. Lack of religious education also makes potential militants more susceptible to manipulation by jihadist groups. In contrast, ideology and religious fervor are the primary drivers of militant recruitment in Afghanistan. The Islamic State has benefited from co-opting experienced militants with regional knowledge and strained relations between Afghanistan's Salafi communities and the Taliban. External powers such as Russia and China are taking advantage of the situation to expand their influence in Africa and Afghanistan, respectively.
READ THE STORY: Modern Diplomacy
A Q&A with the hacktivists rocking Latin America: Guacamaya
Analyst Comments: The email exchange with Guacamaya provides insight into the group's motives and methods. The group sees itself as part of a larger resistance movement against exploitation and oppression, and its use of hacktivism is seen as another form of struggle and resistance. The group's focus on corruption and exploitation in Latin America is commendable, but their methods of releasing sensitive documents should be evaluated to ensure that innocent people are not put in danger. The group's feminist leanings and diverse membership also suggest a commitment to social justice and inclusion.
FROM THE MEDIA: Hacktivist collective Guacamaya has claimed responsibility for a series of high-profile data breaches in Mexico, Guatemala, and Colombia. The group's hack-and-leak operations have led to revelations about corruption, exploitation of indigenous lands, and government espionage. In an email exchange with Recorded Future News, Guacamaya stated that its objective is to continue the resistance of indigenous peoples against genocide, terricide, and the corruption of companies and complicit states in the American continent. The group also explained the meaning behind its name and symbol, the macaw, which represents freedom and the union of people's trampled wings to heal and recompose them.
READ THE STORY: The Record
Cyberattack on debt-buying giant exposes sensitive info on nearly 500,000 people
Analyst Comments: The cyberattack on NCB Management Services resulted in a significant data breach that has put the personal and financial information of nearly half a million people at risk. The company's notification letters indicate that the stolen information was related to credit card accounts that were already closed, but this information can still be used by cybercriminals for identity theft and fraud. The involvement of federal law enforcement agencies and the provision of free identity theft protection services to victims by Bank of America highlights the severity of the breach. The article does not provide any information on the motives or identity of the hackers, and it is unclear whether they were able to profit from the attack. The incident underscores the vulnerability of debt-buying companies that hold vast amounts of financial information and the need for stronger cybersecurity measures to prevent such attacks in the future.
FROM THE MEDIA: Nearly half a million people had their sensitive financial information leaked during a cyberattack on NCB Management Services, a Pennsylvania-based company that purchases debt. The attack occurred on February 1, 2023, and the company discovered it on February 4, notifying victims through breach notification letters that were sent out last week. The leaked information included names, addresses, phone numbers, email addresses, dates of birth, employment positions, pay amounts, driver's license numbers, Social Security numbers, account numbers, credit card numbers, routing numbers, account balances, and account statuses. NCB Management Services claimed that it has "obtained assurances that the third party no longer has any of the information on its systems" but did not specify whether it paid a ransom. The impacted credit card accounts were all already closed. Federal law enforcement agencies are involved in the investigation, and Bank of America is providing victims with two years of free identity theft protection service from Experian IdentityWorksSM.
READ THE STORY: The Record
US military needs 7th branch just for cyber, current and former leaders say
Analyst Comments: The call by the Military Cyber Professional Association to establish a Cyber Force in this year's defense policy bill is significant as it highlights the need for a dedicated cyber force to address the evolving digital threats posed by foreign adversaries. It also indicates that there is growing support for the establishment of a separate cyber service, which could improve the efficiency, flexibility, and readiness of Cyber Command to combat digital threats. However, it remains to be seen whether the Biden administration and senior lawmakers will support the creation of a seventh military branch, given that there is no political will for it yet. The association has rightly emphasized the need for a thorough study to determine the nature, scope, and timeline of such a service, rather than pursuing it hastily, which could result in disruption and risk to operations.
FROM THE MEDIA: The Military Cyber Professional Association has called on Congress to establish a separate cyber service in this year's defense policy bill, arguing that the lack of one creates an "unnecessary risk" to U.S. national security. The creation of a Cyber Force would follow the arrival of the Space Force in 2019, which was the first new branch of the U.S. military in 72 years, bringing the total to six. The memo is likely to spark fresh debate on Capitol Hill, where an increasing number of policymakers see cyber-specific military service as an inevitability.
READ THE STORY: The Record
Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders
Analyst Comments: Microsoft's introduction of Security Copilot is in line with its continued efforts to integrate generative AI features into its software offerings to provide end-to-end defense at machine speed and scale. The tool's ability to collate data from various products and provide remediation instructions will be helpful for security teams to quickly respond to threats and reduce their risk exposure. The use of OpenAI's GPT-4 generative AI and Microsoft's own security-specific model shows Microsoft's commitment to using advanced AI technologies to enhance its products' security features. However, as the tool is still in limited preview, it remains to be seen how effective it will be in practice and how users will respond to it. Overall, Security Copilot is a promising addition to Microsoft's suite of security products and could help businesses better protect themselves against cyber threats.
FROM THE MEDIA: Microsoft has introduced Security Copilot, a security analysis tool in a limited preview that uses OpenAI's GPT-4 generative AI and a security-specific model to enable cybersecurity analysts to respond to threats and assess risk exposure. The tool collates data from Microsoft Sentinel, Defender, and Intune to help security teams understand their environment, determine if they are vulnerable to known vulnerabilities and exploits, identify ongoing attacks, and provide remediation instructions. Users can use the tool to ask questions about suspicious user logins, create a PowerPoint presentation outlining an incident and its attack chain, and submit files, URLs, and code snippets for analysis. The proprietary security-specific model is informed by more than 65 trillion daily signals, and Microsoft emphasized that the tool is privacy-compliant and customer data is not used to train the foundation AI models.
READ THE STORY: THN
Pakistan-Origin SideCopy Linked to New Cyberattack on India's Ministry of Defence
Analyst Comments: The attribution of the APT group is an important step in identifying and tracking the activities of threat actors. It also highlights the continued threat posed by nation-state actors, who use phishing attacks and advanced malware to gain access to sensitive government and military organizations' networks. This incident underscores the importance of maintaining strong security measures, such as two-factor authentication, network segmentation, and user training, to prevent successful attacks. Organizations should also prioritize proactive security measures such as threat hunting and vulnerability management to detect and remediate security gaps before they can be exploited.
FROM THE MEDIA: An advanced persistent threat (APT) group known as SideCopy, believed to be of Pakistani origin, has been attributed to a new phishing campaign that delivers Action RAT. The activity cluster is designed to target the Defence Research and Development Organization (DRDO), the research and development wing of India's Ministry of Defence. The threat group has been active since at least 2019 and uses spear-phishing emails to gain initial access. In this case, emails contained a ZIP archive file that had a Windows shortcut file (.LNK) masquerading as information about the K-4 ballistic missile developed by DRDO. The malware deploys the Action RAT backdoor, which is capable of gathering information about the victim machine, running commands sent from a command-and-control (C2) server, harvesting files, and dropping follow-on malware. The APT group also uses a new information-stealing malware referred to as AuTo Stealer that's equipped to gather and exfiltrate Microsoft Office files, PDF documents, database and text files, and images over HTTP or TCP.
READ THE STORY: THN
Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe
Analyst Comments: The discovery of a new phishing campaign targeting European entities is concerning and highlights the need for continued vigilance when it comes to cybersecurity. The use of authorized SSL certificates and OneNote files as vectors for malware distribution is becoming increasingly common, emphasizing the importance of implementing strong security measures such as monitoring process executions and configuring Windows UAC to Always notify. It is crucial for organizations to remain aware of emerging threats and to take proactive measures to mitigate risks.
FROM THE MEDIA: A new phishing campaign has been discovered that targets European entities to distribute Remcos RAT and Formbook via a malware loader known as DBatLoader. The malware payload is distributed through WordPress websites that have authorized SSL certificates, a common tactic used by threat actors to evade detection engines. The campaign adds to the growing abuse of OneNote files as an initial vector for malware distribution since late last year in response to Microsoft's decision to block macros by default in files downloaded from the internet.
READ THE STORY: THN
Nvidia Decries Crypto, Says It Adds "Nothing Useful To Society"
Analyst Comments: Kagan’s comments are unsurprising given Nvidia’s decision to limit the use of its products in cryptocurrency mining. However, they highlight the growing tension between cryptocurrency and wider society as concerns continue to be raised about the environmental impact of crypto farming. Nvidia’s move towards AI represents a growing trend in the technology industry, with many companies seeking to develop and market AI tools as a means of tapping into the sector’s potential for growth. Whether or not AI will “reinvent” industries remains to be seen, but the investment being made suggests that the industry is betting on the technology to deliver significant changes.
FROM THE MEDIA: Nvidia’s chief technology officer, Michael Kagan, criticized cryptocurrencies for adding “nothing useful to society” and compared their impact to that of the high-frequency trading industry. Kagan expressed a preference for the processing power of Nvidia’s GPUs to be used to support more socially useful applications such as AI. The graphics card manufacturer famously limited the ability of its products to mining popular cryptocurrencies in an attempt to deter “farmers”. Nvidia has increasingly focused on AI, with CEO Jensen Huang claiming the technology would “reinvent nearly every industry”.
READ THE STORY: GameSpot
Threat Spotlight: Generative AI
Analyst Comments: This article highlights the potential risks associated with the combination of generative AI and cybercrime. It is clear that threat actors are already leveraging the power of generative AI to enhance their attacks and commoditize cybercrime. The potential for personalized and targeted attacks at scale is particularly concerning. Organizations should be aware of these threats and take appropriate measures to protect themselves. The article also touches on the potential benefits of using AI to combat cyber threats, suggesting that organizations should be embracing AI to stay ahead of the curve.
FROM THE MEDIA: The convergence of technological revolution and the increasing commodification of cybercrime is expected to reshape the cyber threat landscape. Generative AI applications have the potential to revolutionize the way we work and interact with the environment, but their use for illicit activities is a growing concern. Threat actors are regularly using dark web marketplaces and illicit Telegram channels to buy and sell ransomware, malware, infected devices, stolen user data, and other illicit goods. This article presents examples of generative AI-enabled attacks, and organizations are advised to monitor dark web forums and channels to identify emerging threats and trends to prevent potential attacks.
READ THE STORY: Security Boulevard
Incident attribution: beware of jumping to conclusions
Analyst Comments: This article highlights the challenges of attribution in cybersecurity and emphasizes the need for accuracy. It is crucial to consider multiple evidence points and avoid forming judgments based on limited information or one observed overlap in tooling. It requires skill and experience to accurately attribute an attack, and the confidence level follows the definitions from the U.S. Director of National Intelligence. As cyber threats continue to evolve, it is essential to stay vigilant and be prepared to adapt attribution strategies.
FROM THE MEDIA: Identifying the group responsible for a cybersecurity incident is not always straightforward, and early judgments can be misleading. False flags can make it difficult to correctly attribute an attack, and it's important to get it right for incident response. Accuracy is essential, as it can impact the broader political debate, law enforcement action, and the company's ability to fully evict the threat actor responsible from their systems.
READ THE STORY: SCMAG
Cyber experts call for CISA to establish maritime equipment test bed
Analyst Comments: The call for the establishment of a maritime operational technology supply chain testing program is a timely and essential initiative. The maritime industry has increasingly become a target for cyberattacks, and the creation of a testing program can help to identify vulnerabilities in the supply chain and improve the cybersecurity of equipment and systems. The report's suggestion that the program begins by testing foreign-manufactured cranes in US ports, as mandated by the NDAA, is a step in the right direction. Furthermore, the recommendation for the Coast Guard to develop cybersecurity education and workforce programs and to participate in grant programs for mitigating maritime cyber risk will help to build a cybersecurity workforce capable of addressing the challenges in the maritime industry.
FROM THE MEDIA: Experts in the field of cybersecurity have urged the Cybersecurity and Infrastructure Security Agency (CISA) to set up a test bed to evaluate the security of maritime equipment in a report that was released as part of the Cyberspace Solarium 2.0 initiative. The report calls on CISA to establish a maritime operational technology supply chain testing program, similar to the Department of Energy’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program. The experts proposed that the test bed could begin by probing foreign-manufactured cranes in US ports for cybersecurity vulnerabilities, as stipulated by the National Defense Authorization Act (NDAA) of the fiscal year 2023, and then expand into broader, systemically important maritime operational technology (OT). Additionally, the report also suggests that the Coast Guard develops cybersecurity education and workforce programs and participates in grant programs to obtain additional resources to mitigate maritime cyber risks.
READ THE STORY: Fedscoop
President Biden Signs Executive Order Restricting Use of Commercial Spyware
Analyst Comments: The executive order is a step towards limiting the use of commercial spyware by US government agencies and ensuring that such tools are used ethically and responsibly. However, the order stops short of an outright ban on the use of commercial spyware, and it also leaves open the possibility of using other types of spyware devices for intelligence-gathering purposes. Moreover, it's not clear whether other federal agencies use commercial spyware. Therefore, further steps may be needed to address the growing risks posed by commercial spyware, particularly its use by foreign governments and entities to spy on US citizens and government officials.
FROM THE MEDIA: President Joe Biden has signed an executive order that limits the use of commercial spyware by federal government agencies. The order aims to ensure that government use of commercial spyware is consistent with respect for human rights, democratic norms and values, and the rule of law. It also disqualifies commercial spyware in various circumstances, such as when used against US government by a foreign government or person, when used to target activists and dissidents, and when used to spy on US citizens without authorization, safeguards, and oversight. While the order doesn't ban the use of commercial spyware outright, it acknowledges the growing counterintelligence and national security risks posed by these tools.
READ THE STORY: THN
BMW France claimed as Play ransomware victim
Analyst Comments: The alleged ransomware attack on BMW France, if true, highlights the growing threat of ransomware attacks to even the largest and most well-resourced organizations. The use of double-extortion tactics and the threat of publishing stolen data put immense pressure on companies to pay up, as the release of such information could have severe consequences for the company's reputation and customers. The attack on BMW France also emphasizes the importance of robust cybersecurity measures and regular vulnerability assessments to prevent such attacks. It remains to be seen how BMW France will respond to this attack and if they will pay the ransom or not.
FROM THE MEDIA: BMW France has reportedly been targeted by Play ransomware, which has threatened to publish the stolen data if the company doesn't pay up within two weeks. The attackers claim to have stolen confidential data, contracts, financial information, and client documents. Although BMW France has not confirmed the attack yet, the company has been listed on a dark web blog that cybercriminals use to publicize their latest victims. Play ransomware is a relatively new player in the ransomware game and has so far victimized 67 organizations. The gang employs double-extortion tactics to force victims to meet its demands.
READ THE STORY: Cybernews
Children’s data feared stolen in Fortra ransomware attack
Analyst Comments: The attack on Brightline highlights the vulnerability of virtual mental health care startups that handle the sensitive personal data of children. This breach exposes the inadequacy of data security measures adopted by companies, especially in the healthcare sector, to protect patient information from increasingly sophisticated cyber threats. The involvement of the Clop ransomware gang in this breach is worrying, given their history of targeting healthcare and other organizations and publicly publishing the stolen data if a ransom is not paid. Healthcare organizations must increase their cybersecurity measures to prevent such breaches and safeguard sensitive patient data.
FROM THE MEDIA: The Russia-linked Clop ransomware gang, responsible for a mass ransomware attack on Fortra, has claimed to have hit another victim - children's virtual mental health care startup, Brightline. The startup, a provider of virtual coaching and therapy to children, had data stored in Blue Shield of California's GoAnywhere file transfer tool, which was stolen by hackers. The breach affected the personal data of over 63,000 patients, including names, addresses, dates of birth, gender, Blue Shield subscriber ID numbers, phone numbers, e-mail addresses, plan names, and plan group numbers. While Blue Shield confirmed the breach, Brightline has yet to publicly acknowledge it. US Wellness, which offers corporate health and wellness programs, was another healthcare company that confirmed a breach. The Clop group has claimed to have breached over 100 organizations, including the City of Toronto, Canadian financing giant Investissement Québec, and Virgin Red.
READ THE STORY: TC
Trojanized Tor browsers target Russians with crypto-stealing malware
Analyst Comments: This attack is a simple yet effective way for attackers to steal cryptocurrency transactions from unsuspecting users. The use of an outdated Tor Browser version and localized installers makes it harder for users to detect the malware, which is why it is critical to download software only from official and trustworthy sources. The fact that the Trojanized Tor installers are targeting regions where the official Tor Project website is banned is likely to be the main reason why users in those regions fall victim to this attack.
FROM THE MEDIA: Security researchers from Kaspersky have issued a warning that trojanized Tor Browser installers are being used to target users in Russia and Eastern Europe, as well as in other countries worldwide. These malicious installers include an outdated version of the browser and hidden malware that hijacks the clipboard, replacing cryptocurrency wallet addresses with those belonging to the attackers. Kaspersky found that these installers have been responsible for stealing almost $400,000 in cryptocurrency, with over 16,000 variants detected between August 2022 and February 2023.
READ THE STORY: Bleeping Computer
Cyber Weapons: The Next Chapter in Iran-Russia’s Bonhomie
Analyst Comments: The partnership between Russia and Iran poses a direct security challenge to the United States and the West. The cyber capabilities shared by Russia could be used against dissidents and adversaries and enhance the regime's surveillance power, as demonstrated during the recent crackdown on protesters in Iran. The advanced military supplies, including fighter jets, helicopters, and air defense systems, could make Iran a more dangerous power in the region and pose a direct threat to the US and its allies. The West needs to prepare for the fallout and face a bigger security challenge on two fronts.
FROM THE MEDIA: Russia and Iran have formed a military partnership, sharing military and cyber capabilities. Iran has armed the Russian military and has received cyber warfare capabilities from Russia, including advanced software to hack phones and systems. Russia has also provided Iran with eavesdropping devices, advanced photography devices, lie detectors, and internet censorship software, which can monitor, intercept, degrade, and even deny mobile communications to all Iranians. Iran is looking to get more lethal Russian supplies, including advanced military fighter jets, helicopters, and air defense systems. Russia and Iran are also planning to set up a drone factory in Russia, which will produce at least 6,000 drones, and the new drone could end up in Ukraine or Tehran.
READ THE STORY: First Post
Items of interest
Are US Sanctions On China Working? China Tech ETFs Paint A Picture
Analyst Comments: The US embargo on advanced semiconductor technology to China has created an opportunity for the US semiconductor industry to dominate the global market. US tech ETFs that have exposure to leading US chipmakers have outperformed their Chinese counterparts, which have trailed behind in gains. The US government’s $52 billion federal program to boost domestic chipmaking capabilities has restricted companies from expanding the production of advanced chips in China, making it more difficult for Chinese chipmakers to compete globally. This could have long-term implications for China’s semiconductor industry and its technological development. However, it remains to be seen how China will respond to this challenge and whether it will develop its own semiconductor technology to become self-sufficient.
FROM THE MEDIA: The US embargo on advanced semiconductor technology to China has affected Chinese chipmakers, causing a $7.7 billion market value loss. The US has also imposed export controls and barred US citizens or entities from working with Chinese chipmakers while limiting the export of manufacturing tools. The US government’s $52 billion federal program to boost domestic chipmaking capabilities restricts companies vying for funding from materially expanding production of chips more advanced than 28 nm in China for ten years. In contrast, leading US tech ETFs, including VanEck Semiconductor ETF, iShares Semiconductor ETF, and SPDR Select Sector Fund - Technology, have gained between 17.6% - 25.5% year-to-date. These ETFs have exposure to leading US chipmakers, such as Nvidia, Advanced Micro Devices, and Intel. However, Chinese ETFs have trailed behind their US peers in gains, with iShares China Large-Cap ETF, KraneShares Trust KraneShares CSI China Internet ETF, and iShares MSCI China ETF gaining between 0.4% - 2.7% year-to-date.
READ THE STORY: Yahoo Finance
This is How They Tell Me the World Ends: The Cyberweapons Arms Race (Video)
FROM THE MEDIA: The video features a book chat with author Nicole Perlroth about her best-selling book "This is How They Tell Me the World Ends: The Cyberweapons Arms Race". Perlroth discusses her research on the cyber weapons market and the incentives for keeping vulnerabilities in software. She also touches on the lack of communication and understanding between experts in the field and the general public. The discussion covers topics such as the government's approach to cybersecurity, the need for norms, liability for software defects, and the importance of identifying and supporting critical open-source tools.
SPACE FORCE: The Secret Orbit - Arms Race in Space (Video)
FROM THE MEDIA: The documentary "SPACE FORCE: The Secret Orbit - Arms Race in Space" discusses the militarization of near-Earth space and the importance of protecting space-based assets, such as Earth observation satellites, navigation satellites, and communication satellites. The United States recently founded a new branch of the military, the Space Force, which has the same basic duties as a branch or special unit of the military. The commercialization of space flight has led to a huge increase in the number of objects in orbit, and space security is becoming an increasingly important matter. The arms race in space is being accompanied by a kind of cyber war, and the major powers are actively jeopardizing the stability we have achieved over the past few decades. We must stick to the rules and preserve space as a peaceful dimension in the event of a global conflict.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.