Daily Drop (556): Israel's largest oil refinery website offline, NATO: Russia, Economy and war, Ivanti's EPMM, Rouble-Tether crypto, Chinese Malware in Defense Systems,
07-30-23
Sunday, Jul 30, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Israel's largest oil refinery website offline amid cyberattack claims
Analyst Comments: This cyberattack underscores the increasing risk and complexity of threats against critical infrastructure and highlights the potential geopolitical implications. The incident may lead to further investigations and a renewed focus on cybersecurity measures across industries vulnerable to such attacks. The specific mention of a Check Point firewall exploit may also trigger a detailed examination of this vulnerability, leading to potential patches or updates. Collaboration among government agencies, cybersecurity experts, and private sector entities will be essential to understanding and responding to this incident effectively.
FROM THE MEDIA: BAZAN Group, Israel's largest oil refinery operator, has been targeted in a cyberattack, leading to the inaccessibility of its websites from most parts of the world. The Iranian hacktivist group 'Cyber Avengers' claimed responsibility for the attack, sharing screenshots of BAZAN's SCADA systems and stating that they exploited a vulnerability in a Check Point firewall. The group also claimed responsibility for previous attacks, including a pipeline malfunction that caused fires at petrochemical plants in Haifa Bay.
READ THE STORY: Bleeping Computer
The new shadow of the bomb
Analyst Comments: The current tensions around nuclear weapons in Europe emphasize the precarious balance between maintaining deterrence and the potential for inadvertent escalation. The situation demands a multifaceted approach that considers military posture, doctrine, and communication. The scenario showcases the importance of strong diplomacy, increased military cooperation, and clear communication between NATO members and Russia. The decision to install nuclear weapons within Belarus and the emphasis on nuclear threats by Russia have changed the moral and strategic landscape, further complicating the NATO stance. This underscores the fragility of current nuclear agreements and the urgent need to re-establish trust and mutual agreements to prevent nuclear war and avoid arms races.
FROM THE MEDIA: The Russian invasion of Ukraine has prompted concerns about the potential use of nuclear weapons, particularly following the installation of tactical nuclear weapons in Belarus and simulated nuclear missile strikes in Kaliningrad by Russia. The events have strained European security, leading to increased defense spending and alignment shifts, with Finland and Sweden seeking NATO membership. Despite the saber-rattling, the use of nuclear weapons remains unlikely. However, there are serious possibilities of low-level escalation and accidental incidents that could raise tensions. Measures such as “Incidents at Sea” agreements with Russia, increased resilience and preparedness in the Baltic States, and clearer communication are essential to reduce the risk of nuclear confrontation.
READ THE STORY: The New European
AI and the new world order: Economy and war
Analyst Comments: AI's influence on the global stage is vast, with the potential for substantial economic growth. Its integration into the world's economies, however, requires careful planning, investment, and a consideration of ethical implications, particularly concerning the displacement of workers. The potential for AI to revolutionize warfare is also significant but comes with complex ethical, legal, and strategic implications. It necessitates international consensus and may require the creation of new legal frameworks. Widening inequalities between developed and developing nations could be exacerbated by AI's growth, emphasizing the need for international cooperation and potentially new regulations.
FROM THE MEDIA: Artificial Intelligence (AI) stands poised to have a profound impact on both the economic and military aspects of international relations. Economically, AI could contribute up to 15.7 trillion US dollars to the global economy by 2030, fostering growth comparable to historical technological revolutions like the steam engine and information technology. This growth may deepen the digital divide, luring manufacturing back to developed economies and affecting the de-industrialization of many developing countries. On the military front, AI will likely usher in a new era of warfare, subverting traditional battle concepts and giving rise to what some term "hyper war." This includes the development of unmanned lethal automatic weapons and a potential shift away from large-scale weapon platforms like aircraft carriers. However, there are uncertainties about AI's specific impact on military strategies.
READ THE STORY: ModernDiplomacy
Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack
Analyst Comments: The revelation of this vulnerability in Ivanti's EPMM underscores the importance of continuous vigilance and proactive management in the cybersecurity landscape. As the flaw has already been weaponized in the wild, organizations using the affected versions must prioritize implementing the available fixes to minimize potential risks. The fact that the flaws have been exploited against government entities highlights the need for increased collaboration between the public and private sectors to share information and coordinate responses. The decline in detected 0-days mentioned by Google Project Zero is a positive development, suggesting that ongoing efforts to bolster security measures are bearing fruit. However, the continuous discovery of new vulnerabilities, even if declining, serves as a reminder that the threat landscape remains dynamic, and security practices must continually evolve to stay ahead of malicious actors.
FROM THE MEDIA: Ivanti, a software company, has revealed a security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. The vulnerability, designated as CVE-2023-35081, has a severity score of 7.8 and affects versions 11.10, 11.9, and 11.8, including some end-of-life versions. The flaw allows an authenticated administrator to perform arbitrary file writes to the EPMM server and can be used in conjunction with another vulnerability (CVE-2023-35078) to bypass restrictions. If exploited, a threat actor can write arbitrary files and execute OS commands. Unknown attackers have exploited these security flaws, specifically targeting Norwegian government entities, leading the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert urging users to apply the latest fixes.
READ THE STORY: THN
How hackers took over an ESA satellite (at the request of the space agency)
Analyst Comments: The successful hacking of a satellite by Thales' team reveals significant concerns regarding satellite security. As smaller and more customizable satellites become prevalent, the risks of hacking and manipulation grow, and the potential consequences are profound. Whether altering images for military deception or shutting down a satellite at a critical moment, unauthorized control of satellites can have grave implications. The Thales exercise shows that current measures can be breached, highlighting the importance of constant vigilance and advancement in prevention and detection strategies. Collaboration between space agencies, governments, and private sector companies will be essential to develop robust security frameworks.
FROM THE MEDIA: The European Space Agency (ESA) issued a challenge to hackers to attempt to breach the security of a satellite. Thales, a company specializing in defense equipment, accepted the challenge, and their ethical hackers succeeded in gaining full control of the satellite. They accomplished this by first hacking the ground station that communicates with the satellite, using a Trojan horse to send malicious commands. They then utilized reverse engineering to gain system administrator status and full control over the satellite. Though the particular satellite was built for experimentation and had extra vulnerabilities, the exercise demonstrated the importance of security in an age of growing dependence on satellites for various applications, including defense, communication, and research.
READ THE STORY: The Record
Rouble-Tether crypto trading surged as the Wagner rebellion erupted
Analyst Comments: The sudden surge in trading volumes between the rouble and Tether during a politically turbulent time highlights the dual nature of cryptocurrencies. On one hand, they offer an alternative store of value, especially in a scenario where local currency is rapidly losing value, and international sanctions are in place. This potentially affords protection for ordinary citizens seeking financial stability. On the other hand, the lack of regulation and transparency in the crypto market can facilitate its exploitation by malicious entities.
FROM THE MEDIA: During the attempted insurrection by the Wagner Group in Russia earlier this month, trade volumes between the Russian rouble and the dollar-pegged crypto token Tether surged as Russians sought an alternative to their weakening currency. On June 24, trading volumes soared to $14.7 million, a 277% increase from the previous day. This coincided with Russians withdrawing over $1 billion from local banks and the rouble's devaluation to its lowest point since Russia's invasion of Ukraine. The use of dollar-pegged cryptocurrencies in heavily sanctioned economies has raised concerns about crypto being used by nefarious actors to evade sanctions and finance illicit activities.
READ THE STORY: FT
China’s Escalating Cyber Threats, US Officials Seek Chinese Malware in Defense Systems, Fearful of Potential Military Disruption
Analyst Comments: The discovery of Chinese malware within critical US defense systems is a serious and alarming development, highlighting the multi-dimensional threat posed by cyber warfare. The sophisticated nature of the attacks reveals China's advanced capabilities in cyberspace and underscores the complexity of defending against such threats. The incident also illustrates how intertwined cyber warfare has become with traditional geopolitical tensions. The cyber domain has effectively become another battlefield where nations vie for control, gather intelligence, and seek to undermine each other's capabilities. In this context, the US's discovery of hidden malware is more than just a technical concern; it's a manifestation of the broader strategic competition between the US and China.
FROM THE MEDIA: US officials are intensively searching for hidden Chinese malware found within critical defense systems, including networks controlling power grids, communications systems, and water supplies essential to military bases. The malicious code has been likened to a "ticking time bomb" that could severely disrupt military operations in the event of a conflict. The recent discovery is part of a pattern of cyber breaches attributed to China, with successful hacks targeting federal agencies, including the State Department and the Department of Commerce. The increasing cyber threats coincide with escalating tensions between the US and China over Taiwan and other issues in the Indo-Pacific region.
READ THE STORY: Inventiva // ANI
Google: More than 40% of zero-days in 2022 were variants of previous vulnerabilities
Analyst Comments: The report by Google underscores both the progress and challenges in cybersecurity. The 40% drop in detected zero-days from 2021 to 2022 reflects positive steps taken by technology companies and the wider cybersecurity community. However, the alarming trends cited, particularly concerning Android and the use of 0-click exploits, highlight persisting vulnerabilities. The slow patching of Android vulnerabilities exposes a systemic issue in the supply chain between upstream vendors and downstream manufacturers. The lag in fixing known bugs creates a window of opportunity for attackers, necessitating a more coordinated and expedient response.
FROM THE MEDIA: According to Google's security researchers, 2022 saw the second-most zero-day vulnerabilities discovered in the wild, following a record high in 2021. Zero-day vulnerabilities are previously unknown bugs that give threat actors time to exploit them before patches are released. Maddie Stone from Google's Threat Analysis Group stated that there were 69 zero-days detected in 2021 compared to 41 in 2022. Stone highlighted some alarming trends in 2022, including lengthy periods without available patches for Android vulnerabilities and increasing use of 0-click exploits. More than 40% of the zero-days discovered were variants of previously reported vulnerabilities. Despite a 42% dip in zero-days affecting browsers, Stone emphasized that the complexity of improving security is more nuanced than the numbers suggest.
READ THE STORY: The Record
Items of interest
US officials probe Chinese malware on US military bases around the world
Analyst Comments: The detection of this malware, believed to be affiliated with China, targeting US military operations' critical infrastructure is a grave concern and represents a complex challenge in cybersecurity. Its potential ability to impair US military deployments by cutting off vital services is an alarming scenario that illustrates the ever-growing threats in the digital age. The fact that the malware's reach could be more widespread, affecting not only military bases but also civilian infrastructure, further emphasizes the intricacy of modern cyber threats. It showcases the vulnerabilities that exist within interconnected systems and the importance of robust, comprehensive cybersecurity measures.
FROM THE MEDIA: US authorities are investigating a potential cybersecurity threat that appears to originate from China. This malware has been found in the networks controlling the water and power supplies of US military bases globally. The first signs of the malware were detected on Guam's Pacific island in May, particularly in the Andersen Air Force Base. Biden administration officials fear that the malware could act as a "ticking time bomb," disabling critical infrastructure and disrupting military deployments. Additionally, the hackers' reach could extend beyond military bases, affecting local homes and businesses across the country. The discovery has led to a series of high-level meetings at the White House involving various federal agencies.
READ THE STORY: NYPOST
Roger Wicker Warns Cyber Warfare Developments By China Are ‘Unlike Anything We’ve Seen Before’ (Video)
FROM THE MEDIA: On Thursday, Sen. Roger Wicker (R-MS) questioned Lieutenant General Haugh on cyber security strength during a Senate Armed Services Committee hearing.
Beijing roundly rejects US labeling of China as cyber-attack perpetrator & fentanyl crisis culprit (Video)
FROM THE MEDIA: China urges the United States not to make groundless accusations against China for cyber attacks, Chinese Foreign Ministry spokesman Wang Wenbin said at a press briefing in Beijing on Friday. (Propaganda)
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.