Daily Drop (486): “Weaponization” of dollar, Red Stinger Targets Military, Dragos CEO’s wife, Babuk Source Code, Russia’s OCO Cap's, Bl00dy Ransomware, Germany’s Chip Fab's, EU Alert Infrastructure
05-12-2023
Friday, May 12, 2023 // (IG): BB // Cloak & Dagger// Coffee for Bob
Europe on Alert for Infrastructure Strike
Analyst Comments: The increasing concern about Russia's mapping and intelligence gathering on Europe's subsea infrastructure underscores a rising trend in hybrid warfare tactics. These tactics mix conventional, irregular, and cyber warfare, and are employed to exploit vulnerabilities in critical infrastructure. In this context, Russia's actions represent a significant strategic shift that extends the battleground to key economic and energy assets. The fact that this reconnaissance is focused on the North and Baltic seas, areas where a significant portion of Europe's energy resources are transported, underscores the potential severity of the threat. The disruption of these supply lines could have far-reaching economic and geopolitical consequences for Europe, especially given the region's heavy dependence on gas supplies from Norway and, to a lesser extent, Russia. The alleged Russian cyber-espionage activities further exacerbate concerns over the vulnerability of critical infrastructure. Cyberattacks on power grids, communication networks, or energy pipelines could severely disrupt daily life, making cybersecurity a top priority for infrastructure operators.
FROM THE MEDIA: NATO officials have raised concerns about potential escalations in Russia's hybrid energy war, particularly regarding Europe's subsea infrastructure. There is evidence of increased Russian activity in mapping and gathering intelligence on key subsea power cables and pipelines, presenting a significant security risk. This has particularly affected Norway, Europe's biggest piped gas supplier, as the country struggles to protect its offshore assets from potential future attacks. NATO Assistant Secretary-General for Intelligence and Security, David Cattler, has identified Russian vessels actively mapping critical infrastructure both on land and at sea. This has primarily been seen in the North and Baltic seas. Cattler also flagged China as another major actor on the seabed and warned of potential threats from terrorist groups to land-based infrastructure. National governments, NATO, and the EU have increased efforts to protect critical infrastructure. Actions include increasing the number of ships patrolling the North and Baltic seas, updating the EU's maritime security strategy, and reinforcing military presence around key infrastructure.
READ THE STORY: Energy Intelligence
The de-dollarization and “weaponization” of dollar
Analyst Comments: The process of de-dollarization is complex and not without its challenges. It's important to note that while there's a growing movement to shift away from the U.S. dollar, it's still the most widely used currency for global reserves and trade. However, the U.S.'s use of the dollar as a tool for political pressure could indeed incentivize other nations to diversify their reserves and seek alternatives. It's also likely that the global geopolitical landscape and international relations will play a significant role in shaping the future of the dollar's dominance. The creation of alternatives to the dollar, such as a BRICS currency or China's proposed interbank payment system, would require significant cooperation and coordination among nations. These new systems would also need to overcome substantial hurdles, including gaining international trust and meeting stringent regulatory standards, to truly become viable alternatives to the dollar-dominated financial system.
FROM THE MEDIA: Renaud Girard, in his writing for Figaro, outlines the history and potential future of the global use of the U.S. dollar. He explains that since the Bretton Woods Accord in 1944, the dollar has been the dominant currency in global trade. This was solidified by the convertibility of the dollar to gold, and later the agreement to price oil exclusively in dollars. However, the U.S. unilateral decision to end dollar-gold convertibility in 1971 and its "weaponization" of the dollar has led to growing calls for de-dollarization. This sentiment was heightened by the U.S.'s freeze of the Russian Central Bank's foreign exchange reserves in 2022. Other countries, such as Saudi Arabia and the BRICS nations (Brazil, Russia, India, China, and South Africa), are now exploring alternatives to the dollar, including creating their own currencies and payment systems.
READ THE STORY: Modern Diplomacy
Germany’s new chip factories: a bet on the future or waste of money?
Analyst Comments: The push for domestic chip production, though necessary for supply chain security, may not be the most efficient use of resources given the high cost of establishing and maintaining these facilities. The subsidies required to attract these high-tech companies to Germany are substantial, prompting questions about whether it would be more cost-effective to buy cheaper, subsidized chips from other countries, like the U.S. While Germany has a strong demand for "power semiconductors" used in industrial applications and the automotive sector, there's skepticism about the need for the cutting-edge chips that Intel plans to produce. This raises questions about the strategic focus of these investments and whether they match the actual needs of key industries in Europe. With the EU aiming to increase its share in the global semiconductor market and reduce dependence on foreign supply chains, this investment could be seen as a necessary step towards digital resilience and sovereignty, despite the high costs involved. The long-term strategic importance of having domestic chip production capabilities may outweigh short-term economic considerations.
FROM THE MEDIA: Germany has been making significant investments in its semiconductor industry to reduce dependency on foreign chipmakers, with Intel, Wolfspeed, and Infineon all setting up new factories in the country. This initiative, however, is backed by extensive subsidies provided by the German government, which has raised concerns about the cost-effectiveness of such an approach. The European Union, in response to the U.S.'s aggressive funding to boost domestic semiconductor production, has enacted the Chips Act, aiming to mobilize €43 billion in public and private investments to double the EU's share of the global semiconductor market by 2030.
READ THE STORY: FT
New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe
Analyst Comments: The discovery of Red Stinger highlights the persistent and evolving threat posed by APT groups in the cyber landscape. The sophisticated techniques employed by these threat actors, such as leveraging malicious installer files and using cloud storage services for command and control mechanisms, underline the need for advanced cybersecurity measures and vigilance. Given the targeted nature of the attacks and the sensitive sectors involved, it can be surmised that the group may have geopolitical motivations, with a clear focus on surveillance and data gathering. The attribution of the group remains challenging, though some evidence points towards the involvement of native English speakers.
FROM THE MEDIA: A previously undetected advanced persistent threat (APT) actor, known as Red Stinger, has been linked to cyberattacks on Eastern Europe since 2020. The targeted entities include the military, transportation, critical infrastructure, and entities involved in the East Ukraine referendums. The cybersecurity firm Malwarebytes published these findings, revealing that the attackers successfully exfiltrated data like snapshots, USB drives, keyboard strokes, and microphone recordings. The origins of the group, its scale of operation, and its exact motivations remain unclear. However, their modus operandi shows signs of extensive toolsets, multiple layers of protection, and clear targeting of specific entities.
READ THE STORY: THN
Attackers threaten to contact Dragos CEO’s wife and son in a failed extortion attempt
Analyst Comments: This incident underscores the increasing audacity and sophistication of cybercriminals, who are now resorting to personal threats and extortion tactics. The fact that they targeted a cybersecurity firm indicates that no organization is immune from such attacks. It also highlights the importance of robust identity verification and authentication procedures, even during employee onboarding. The utilization of layered security controls, swift incident response, and continuous monitoring and detection played a crucial role in mitigating this threat. Organizations should take note of this incident and reassess their security measures, particularly focusing on employee onboarding, data protection, and incident response mechanisms.
FROM THE MEDIA: Cybersecurity firm Dragos Inc. has disclosed an attempted extortion attempt by a known cybercriminal group that threatened to contact the CEO’s family. The group gained access to the personal email of a yet-to-start employee and used this information to access the company’s onboarding process. They gained access to resources usually available to a new sales employee and, in one instance, accessed a report with IP addresses associated with a Dragos customer. Dragos' security system alerted them to the breach, blocking the compromised account and activating its incident response with CrowdStrike Holdings Inc. The criminals were prevented from launching ransomware, moving laterally, escalating privileges, establishing persistent access, or changing the company's infrastructure. However, the group attempted to extort Dragos, threatening to contact the CEO’s wife and son and reaching out to senior Dragos employees.
READ THE STORY: SiliconAngle
Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems
Analyst Comments: The reported increase in the use of leaked Babuk ransomware code to develop new ransomware families highlights the potential risks associated with code leaks. It illustrates how threat actors can leverage such leaks to enhance their capabilities and target a broader range of systems. This underscores the importance of robust cybersecurity measures to protect against evolving ransomware threats. The targeting of VMware ESXi systems by these new ransomware families also underscores the growing trend of cyberattacks targeting critical infrastructure and enterprise systems, which often have a more significant impact.
FROM THE MEDIA: Multiple threat actors have leveraged the leaked Babuk ransomware code, which occurred in September 2021, to create up to nine new ransomware families. These families have the capability of targeting VMware ESXi systems. SentinelOne, a cybersecurity company, has identified an increasing trend of Babuk source code adoption from H2 2022 through H1 2023. The firm stated that the leaked code has allowed actors, who may lack the expertise, to target Linux systems. Three ransomware strains that have emerged since the beginning of the year, Cylance, Rorschach (aka BabLock), and RTM Locker, are based on the leaked Babuk source code. Other ransomware families that have incorporated various Babuk features into their code include LOCK4, DATAF, Mario, Play, and Babuk 2023 (aka XVGV) ransomware. The report also noted that actors associated with Royal ransomware have extended their attack toolkit with an ELF variant that can target Linux and ESXi environments.
READ THE STORY: THN
The Five Bears: Russia’s Offensive Cyber Capabilities
Analyst Comments: The Five Bears represent a significant cyber threat given their sophistication, persistence, and ties to Russian intelligence agencies. Their ability to engage in a wide range of cyber operations, from espionage to sabotage, underscores the evolving nature of state-sponsored cyber warfare. The tactics and tools they employ indicate a high level of skill and resourcefulness. While their capabilities are extensive, the fact that cyber operations haven't yielded decisive strategic advantages in situations like the 2022 war in Ukraine suggests some limits to their effectiveness. This could be due to the resilience of targeted systems, effective countermeasures, or the inherent limitations of cyber operations in achieving tangible physical outcomes. The threat posed by these groups underscores the need for robust cybersecurity measures, continuous vigilance, and international cooperation in cyber defense. As the digital environment transcends state borders, the threat posed by these APT actors calls for consistent and proportionate countermeasures, both in times of peace and war.
FROM THE MEDIA: Russian state-sponsored Advanced Persistent Threat (APT) groups, often referred to as the Five Bears, are integral to Russia's offensive cyber capabilities. This network includes Fancy Bear, Cozy Bear, Venomous Bear, Energetic Bear, and Voodoo Bear, and they've been involved in a range of hostile cyber operations since the 1990s. These groups are reportedly linked to Russian intelligence agencies, such as the Main Intelligence Directorate (GRU), the Foreign Intelligence Service (SVR), and the Federal Security Service (FSB). Their operations range from espionage to sabotage and they've targeted adversaries’ critical infrastructure worldwide. The tactics they employ often involve reconnaissance, resource development, initial access, execution, persistence, credential access, and command and control. The tools they use include backdoors, credential stealers, downloaders, privilege escalation, droppers, and wipers. Despite their sophistication, the 2022 war in Ukraine suggests that offensive cyber operations alone are not sufficient to gain strategic advantages on the physical battlefield.
READ THE STORY: Grey Dynamics
Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability
Analyst Comments: The attacks from the Bl00dy Ransomware Gang highlight the persistent cybersecurity threats that the education sector faces. The exploitation of the vulnerability in PaperCut servers, despite the availability of patches, underscores the importance of timely patch management to mitigate cyber threats. The deployment of legitimate RMM software to deliver malicious payloads demonstrates the sophistication of these threat actors and the need for multi-layered cybersecurity defenses. Education institutions need to remain vigilant and ensure that they have robust cybersecurity measures in place, including regular system updates, threat monitoring, and incident response plans.
FROM THE MEDIA: The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint cybersecurity advisory warning about attacks from a threat actor known as the Bl00dy Ransomware Gang, targeting vulnerable PaperCut servers in the U.S. education facilities sector. These attacks, which occurred in early May 2023, led to data exfiltration and encryption of victim systems. The ransomware gang exploited a critical security flaw (CVE-2023-27350) in PaperCut MF and NG versions that allowed remote actors to bypass authentication and execute remote code. The flaw has been patched, but attacks have been observed since mid-April 2023, primarily using it to deploy legitimate remote management and maintenance (RMM) software and drop additional payloads such as Cobalt Strike Beacons, DiceLoader, and TrueBot on compromised systems. Cybersecurity firm eSentire also discovered new activity exploiting CVE-2023–27350 to drop an XMRig cryptocurrency miner on an unnamed education sector customer's system. Iranian state-sponsored threat groups Mango Sandstorm (aka MuddyWater or Mercury) and Mint Sandstorm (aka Phosphorus) have also reportedly launched attacks against PaperCut print management servers.
READ THE STORY: THN
EU says China will take advantage of Russian defeat in Ukraine
Analyst Comments: Borrell's warning highlights the complex and interconnected nature of global geopolitics. A Russian defeat in Ukraine could potentially provide China with an opportunity to assert its global ambitions further. The EU's shift in strategy towards China, emphasizing more on the "rival" aspect, reflects growing concerned about China's global aspirations and its alignment with Russia. However, the EU's intention to engage China over the Ukraine conflict, despite its support for Russia, indicates a pragmatic approach to navigating these geopolitical complexities. The proposed "de-risking" strategy, which aims to manage rather than sever ties with China, demonstrates the EU's desire to maintain a degree of economic and diplomatic engagement. Borrell's mention of low-income countries' perception of China as a counterweight to the West underlines the potential geopolitical implications of the Sino-Western rivalry in these regions. It underscores the need for the EU to carefully consider the broader global context in formulating its new policy towards China.
FROM THE MEDIA: EU's chief diplomat, Josep Borrell, has warned member states about the geopolitical advantage China might gain from a potential Russian defeat in Ukraine. He has called for a coherent strategy to deal with China's rising nationalism and the growing US-China competition. According to Borrell, China's ambition to establish a new world order will remain undeterred by any Russian defeat. He urged member states to engage seriously with Beijing over the Ukraine conflict, despite its rhetorical support for Moscow. The EU is set to draft a new policy towards Beijing, focusing on giving more weight to the "rival" aspect in its "partner, competitor, rival" approach towards China.
READ THE STORY: FT
Andoryu Botnet Exploits Critical Ruckus Wireless Flaw for Widespread Attack
Analyst Comments: These developments reflect an escalating sophistication in the botnet landscape, with threat actors continuously updating their attack vectors and diversifying their methods of exploitation. The addition of CVE-2023-25717 to Andoryu's arsenal, and RapperBot's new crypto-jacking capabilities, demonstrate the adaptability of these threat actors and the potential risks they pose to vulnerable systems. The exploitation of the Ruckus Wireless Admin panel flaw by Andoryu is particularly concerning due to its high CVSS score and the potential for total device compromise. As such, companies and individuals utilizing Ruckus Wireless equipment should ensure they have updated their systems to patch this vulnerability. RapperBot's shift towards crypto-jacking also marks a trend towards financially motivated cyber attacks, aiming to profit from compromised systems via cryptocurrency mining. This emphasizes the necessity for robust cybersecurity measures, especially for organizations with significant computational resources that could be attractive targets for such attacks.
FROM THE MEDIA: Andoryu, a budding botnet, has been discovered exploiting a recently patched severe security vulnerability in the Ruckus Wireless Admin panel. The flaw, known as CVE-2023-25717 with a CVSS score of 9.8, originates from inadequate HTTP request handling, leading to unauthenticated remote code execution and total compromise of wireless Access Point (AP) equipment. Andoryu, first identified by Chinese cybersecurity firm QiAnXin, can communicate with command-and-control (C2) servers using the SOCKS5 protocol. The malware is known to weaponize remote code execution flaws for propagation, revealing an active expansion of its exploit repertoire. Another development in the botnet scene is the RapperBot botnet, which has added crypto-jacking capabilities to its arsenal.
READ THE STORY: THN
Open-source AI makes modern PCs relevant, and subscriptions seem shabby
Analyst Comments: The advancement of AI technologies is reshaping the landscape of computing, driving the demand for powerful machines capable of supporting high-functioning AI tasks. The shift from cloud-based AI tools to local, open-source versions is a significant development, democratizing access to these technologies and offering the potential for more widespread use and innovation. The rapid progress in open-source AI models like LLaMA and Alpaca-Lora indicates a growing trend of open-source projects outpacing commercial ones, contributing to a more decentralized and accessible AI landscape. This shift could lead to a new era of technological disruption, where size and centralized control do not necessarily equate to success.
FROM THE MEDIA: Last year, the latest trend in computing was massive silicon chips filled with hundreds of billions of transistors, pushing the limits of Moore's Law. Despite a slump in PC sales, largely attributed to COVID-19, these supercomputers seemed unnecessary for typical corporate computing needs. However, the rise of generative AI tools like OpenAI's DALL-E and Midjourney's diffusers led to a surge in demand for cloud computing. The trend shifted again when Stability AI introduced an open-source database of diffuser weightings, which could be optimized to run on any device. These AI tools could run locally on powerful PCs, negating the need for cloud resources and subscriptions. In December, OpenAI's ChatGPT, an AI chatbot powered by a generative pre-trained transformer, became the fastest web app to reach 100 million users. The cost to train this model was massive, but Meta released a more compact and efficient model, LLaMA, which could run on a PC with 32GB of RAM. Stanford researchers improved LLaMA using a new technique, Alpaca-Lora, which drastically reduced the cost of training. Open-source AI models are advancing rapidly, training on shared ChatGPT "conversations" and running well on most PCs. Monster PCs, once thought unnecessary, have found their purpose as workhorses for generative AI tasks, making expensive subscriptions less necessary.
READ THE STORY: The Register
Millions of mobile phones come pre-infected with malware
Analyst Comments: This revelation underscores the importance of supply chain security and the potential vulnerabilities introduced through outsourcing. As the report highlights, even before devices reach consumers, they can be compromised by malicious actors within the production pipeline. This presents a significant challenge, as it is often difficult to track exactly when and where in the supply chain the infection occurs. The fact that cheaper Android devices are the primary targets of this malicious activity suggests that consumers who purchase lower-cost devices are at a greater risk. This further underlines the digital divide, where users who can't afford higher-end devices are more susceptible to security threats. The emergence of silent plugins that convert devices into proxies for data theft and monetization represents a concerning development in cybersecurity. It highlights the need for robust security measures at all stages of the device life cycle, from production to end-use.
FROM THE MEDIA: Researchers from Trend Micro have revealed that millions of Android devices worldwide have been infected with malicious firmware before they even left the factories. The affected devices, including cheap Android mobiles, smartwatches, and TVs, were outsourced to original equipment manufacturers (OEMs), making it possible for someone in the manufacturing pipeline to introduce the malware. The malware, which includes various plugins, allows criminals to rent out infected devices for a short period of time to gather sensitive information such as keystrokes, location, and IP addresses. The objective of the malware is to steal information or generate revenue through activities like click fraud and advertising. The infected devices are mainly found in Southeast Asia and Eastern Europe, and while the researchers did not specifically mention the source of the threats, the presentation referenced China multiple times. The researchers advised users to be cautious, particularly when purchasing cheaper Android devices.
READ THE STORY: The Register
U.S. Trains Ukrainian Law Enforcement to Pursue Russian Crypto Assets
Analyst Comments: The training represents another front in the ongoing efforts to curtail Russia's capacity to finance its military operations in Ukraine, particularly through the use of cryptocurrencies. By enabling Ukrainian authorities to track and investigate cryptocurrency transactions, the training could potentially disrupt financial networks used by sanctioned Russian entities. The efficacy of these efforts will largely depend on the level of sophistication of the entities involved and their capacity to obscure their transactions. This raises questions about the potential impact on the broader cryptocurrency ecosystem, as the increased scrutiny could potentially affect legitimate users and transactions. The use of cryptocurrencies in fundraising campaigns for war efforts is a disturbing development and underscores the potential for misuse of these technologies.
FROM THE MEDIA: The Internal Revenue Service's (IRS) criminal investigation division is providing Ukrainian law enforcement agencies with advanced training on cryptocurrency investigations in Frankfurt, Germany. The move aims to target the financial networks used by sanctioned Russian oligarchs. The IRS is currently working on 23 sanctions-related investigations and views the partnership with Ukraine as a means of enhancing these efforts. Ukrainian participants include the National Police, the Economic Security Bureau, the Security Service, and the Prosecutor General's Office. The IRS has also provided Ukraine with licenses to use Chainalysis Reactor, a crypto investigation tool. The training is designed to enable Ukrainian authorities to trace cryptocurrency transactions and develop leads. Authorities are particularly focused on identifying and stopping fundraising campaigns that amass cryptocurrency for supporting the war efforts.
READ THE STORY: WSJ
Rise of Iranian Cyber Influence Operations, Israel As Main Target
Analyst Comments: This report highlights the increasing use of cyber-enabled influence operations by Iranian state groups to compensate for shortcomings in their cyberattack capabilities. It underscores the evolving nature of state-sponsored cyber threats and the need for constant vigilance and improved cybersecurity measures. The shift towards low-sophistication, high-impact cyber operations, and influence campaigns reflects a broader trend in cyber warfare, where states leverage cyber capabilities to achieve geopolitical objectives. It also indicates the significant role that cybersecurity plays in national security and international relations.
FROM THE MEDIA: Microsoft Threat Intelligence reports a rise in cyber-enabled influence operations by Iranian state groups since June 2022. The firm linked 24 unique operations to the Iranian government, attributing the rise partially to better detection capabilities. This increase comes as ransomware and wiper attacks associated with the Islamic Revolutionary Guard Corps (IRGC) have decreased. Microsoft states that the IRGC has used low-impact, low-sophistication cyberattacks while putting more effort into multi-pronged amplification methods. Despite lagging behind Russian and Chinese counterparts in sophistication, Iranian nation-state actors have added new tools and techniques to their repertoire. The report shows 23% of all cyber operations conducted by Iranian state-sponsored actors targeted Israel, while 13% targeted the U.S., 8% targeted the United Arab Emirates, and 5% Saudi Arabia.
READ THE STORY: IHLS
The Marines’ next cyber chief is stuck in a pileup of nominations in the Senate
Analyst Comments: The attacks from the Bl00dy Ransomware Gang highlight the persistent cybersecurity threats that the education sector faces. The exploitation of the vulnerability in PaperCut servers, despite the availability of patches, underscores the importance of timely patch management to mitigate cyber threats. The deployment of legitimate RMM software to deliver malicious payloads demonstrates the sophistication of these threat actors and the need for multi-layered cybersecurity defenses. Education institutions need to remain vigilant and ensure that they have robust cybersecurity measures in place, including regular system updates, threat monitoring, and incident response plans.
FROM THE MEDIA: The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint cybersecurity advisory warning about attacks from a threat actor known as the Bl00dy Ransomware Gang, targeting vulnerable PaperCut servers in the U.S. education facilities sector. These attacks, which occurred in early May 2023, led to data exfiltration and encryption of victim systems. The ransomware gang exploited a critical security flaw (CVE-2023-27350) in PaperCut MF and NG versions that allowed remote actors to bypass authentication and execute remote code. The flaw has been patched, but attacks have been observed since mid-April 2023, primarily using it to deploy legitimate remote management and maintenance (RMM) software and drop additional payloads such as Cobalt Strike Beacons, DiceLoader, and TrueBot on compromised systems. Cybersecurity firm eSentire also discovered new activity exploiting CVE-2023–27350 to drop an XMRig cryptocurrency miner on an unnamed education sector customer's system. Iranian state-sponsored threat groups Mango Sandstorm (aka MuddyWater or Mercury) and Mint Sandstorm (aka Phosphorus) have also reportedly launched attacks against PaperCut print management servers.
READ THE STORY: The Record
Severe Security Flaw Exposes Over a Million WordPress Sites to Hijack
Analyst Comments: The disclosure of this security vulnerability highlights the ongoing risks associated with third-party plugins in WordPress, a widely used content management system. The potential exploitation of this flaw could lead to significant breaches, especially if the affected sites contain sensitive data. Website administrators and developers should update their plugins promptly and regularly to mitigate such risks. Additionally, adopting a robust cybersecurity posture, including regular vulnerability scanning, patch management, and intrusion detection systems, can help defend against these types of threats.
FROM THE MEDIA: A security vulnerability in the popular WordPress plugin Essential Addons for Elementor could potentially be exploited to gain elevated privileges on affected sites. Tracked as CVE-2023-32243, the issue allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site, potentially resulting in a full takeover of the website. The vulnerability has been addressed in version 5.7.2 of the plugin, released on May 11, 2023. This news comes over a year after another severe flaw was disclosed in the same plugin, which could have been used to execute arbitrary code on compromised websites. This development also follows the discovery of a new wave of attacks targeting WordPress sites since late March 2023, aiming to inject the SocGholish (aka FakeUpdates) malware.
READ THE STORY: THN
The City of Dallas Suffers a Ransomware Attack Disrupting Core IT Systems
Analyst Comments: The ransomware attack on the City of Dallas underlines the continuing threat that cybercriminals pose to public infrastructure and services. While the city's emergency response services have continued operating, the disruption to other city functions highlights the potential for ransomware attacks to cause significant disruption to daily life. Cities and other public entities should ensure they have robust cybersecurity measures in place, including regular system backups, cybersecurity awareness training for employees, and the use of up-to-date antivirus software. It's also important for these entities to have incident response plans in place to swiftly address and mitigate any potential cyberattacks.
FROM THE MEDIA: The City of Dallas, Texas, confirmed a ransomware attack that affected numerous internal IT systems and public websites. The city's security operations center (SOC) detected the ransomware attack, which compromised several servers, including those hosting the Dallas Police Department Website. The ransomware attack has disrupted city services, with departments shifting to manual systems to maintain critical services like police dispatch and emergency response. The Dallas Police Department has switched to manual 911 call dispatch systems, while Dallas Water Utilities services are currently unable to process online payments. The Royal ransomware gang has claimed responsibility for the attack, with the ransom amount yet to be disclosed. The FBI is investigating the incident. This is one of at least 152 ransomware attacks on various government agencies and educational institutions since January 2022.
READ THE STORY: CPO
Items of interest
Is Russia a Warrior Nation, or is It a Paper Tiger?
Analyst Comments: The author effectively challenges the commonly held perception of Russia as a formidable military power. By examining historical events and pointing out instances of military failures and heavy casualties, the passage presents a persuasive argument against the idea of Russia as an unbeatable force. The inclusion of specific examples, such as the defeats suffered in the Napoleonic Wars and the Crimean War, strengthens the argument by illustrating historical facts. Additionally, the mention of Russia's limited global alliances and economic sanctions further supports the assessment that Russia is not a dominant "warrior nation" on the world stage. However, it is important to consider that this assessment is based on a selective interpretation of historical events and may not capture the entirety of Russia's military capabilities or geopolitical influence.
FROM THE MEDIA: The passage challenges the perception of Russia as a "warrior nation" by examining historical events and current realities. It argues that Russia's military history, including defeats and heavy casualties, contradicts the notion of invincibility. The author highlights the Russian army's catastrophic defeat in the Napoleonic Wars, struggles in the Crimean War, mixed outcomes in the Russo-Japanese War and World War I, and heavy casualties in the Soviet-German War. The passage also discusses the Russian army's performance in more recent conflicts, such as the Afghan War, Chechen War, and the ongoing war in Ukraine, which have resulted in significant losses. Additionally, the author points out Russia's limited global alliances and economic sanctions imposed by the international community, contributing to its isolation on the world stage.
READ THE STORY: Modern Diplomacy
Beginner to Advanced Bug Bounty Hunting Course (Video)
FROM THE MEDIA: The transcript covers various topics related to bug bounty hunting, ethical hacking, and web security. It includes discussions on tools like Kali Linux, Showdown, Nmap, and OpenList Plugin for Firefox. The transcript also touches upon concepts such as network scanning, web browser filters, cookies, user authentication, SQL injection, command injection, file upload vulnerabilities, server-side request forgery, API fuzzing, serialization, functions, and web scraping with Selenium.
How to Not Suck at Hacking (Video)
FROM THE MEDIA: The speaker received questions on how to become better at hacking, particularly in finding vulnerabilities in well-tested applications. They mention three key points: understanding the context of vulnerabilities, paying attention to small details in responses and requests, and adopting a hacker mindset to think like an adversary. Additionally, they emphasize the importance of understanding the functionality and permissions of a site. The speaker also promotes subscribing to their channel and mentions a paid subscription model for additional benefits.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.