Daily Drop (682): RU: Reserves, Lumma Infostealer, CN: CNC To RU, Orbit Chain, Victoria's Court Services, RU: UK Politics, Ukraine: Fuel The EU, WinSxS: DLL, ChatGPT, Google: incognito
01-02-24
Tuesday, Jan 02 2024 // (IG): BB // ShadowNews // Coffee for Bob
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
Advocating for the Seizure of Russian Reserves for Ukraine Reparations
Bottom Line Up Front (BLUF): Amidst growing geopolitical tensions, there's increasing advocacy for seizing Russian reserves held in foreign central banks to fund Ukraine's post-war recovery. This controversial proposal aligns with historical precedents of war reparations and is seen as a necessary response to blatant international law violations by Russia. The move aims to enforce global norms and ensure restitution for Ukraine's substantial losses, estimated at over $250bn.
Analyst Comments: Seizing Russian reserves is an assertive approach reflecting the gravity of Russia's actions in Ukraine. Historically, states violating international law have faced financial penalties or reparations, and current discussions echo these precedents. The proposal to use Russia's frozen assets for Ukraine's restitution sidesteps the enforceability issues typically associated with such agreements. While this move may alarm some nations about the security of their reserves, it underscores the broader implications of adherence to international laws and norms in the global financial system. This approach also reflects a broader shift towards assertive and direct measures in international relations, particularly concerning war crimes and illegal invasions.
FROM THE MEDIA: The notion of seizing Russian reserves as reparations for Ukraine is gaining traction as direct financial aid faces resistance. This idea follows historical instances where war reparations were enforced, including notable examples like the post-World War settlements. With Russia's GDP estimated at $1.9tn and the potential reparations amounting to a conservative 20% of its GDP, the funds could significantly aid Ukraine's recovery. Historically, war reparations have amounted to a substantial portion of the creditor's GDP, and the current estimates of Russia's frozen assets align with this framework. Despite reservations about global financial repercussions, advocates argue that adhering to international norms and enforcing penalties on violations is crucial for maintaining global order and justice. The proposal, while rooted in history, also presents a modern strategy to address the consequences of illegal warfare and state aggression.
New Exploit Threatens Google Accounts, Password Changes Ineffective
Bottom Line Up Front (BLUF): A new exploit targeting Google accounts leverages OAuth2's "MultiLogin" endpoint to maintain valid sessions and regenerate cookies, rendering password changes ineffective against the attack. Developed by a threat actor known as PRISMA and incorporated into the Lumma Infostealer malware, this method of token manipulation allows persistent access to Google services, posing a significant threat to user security.
Analyst Comments: The discovery of this exploit highlights the sophisticated nature of modern cyber threats and the need for continuous advancements in cybersecurity measures. The technique's persistence, even after password resets, signifies a substantial shift in the threat landscape, emphasizing the importance of multi-layered security strategies beyond just password hygiene. The rapid integration of this exploit among various Infostealer groups and its manipulation of internal Google authentication mechanisms should alarm both individual users and organizations about the evolving sophistication of cyberattacks and the importance of staying ahead with robust security infrastructure and practices.
FROM THE MEDIA: CloudSEK's research indicates that this exploit is particularly worrisome due to its ability to bypass standard security measures like password changes, offering attackers continued unauthorized access. The malware targets Chrome's token_service table to extract necessary data for persistent exploitation. The use of encryption layers by Lumma malware conceals the exploit's mechanism, enhancing its stealth and effectiveness. While Google has yet to respond officially, the seriousness of the exploit calls for immediate attention and possibly swift action to mitigate the threat and safeguard millions of users' sensitive data worldwide. As cyber threats become more sophisticated, understanding and addressing novel exploits promptly is crucial for maintaining digital security and trust.
READ THE STORY: Cybernews // Report
China's Machine Tool Exports to Russia Surge Amid Ukraine Conflict
Bottom Line Up Front (BLUF): Chinese exports of high-precision computer numerical control (CNC) devices to Russia have surged tenfold since the invasion of Ukraine, with China now dominating this critical trade sector. These machines are vital for Russia's military industries, raising alarms among Ukraine and its allies. The shift reflects a deeper military-industrial partnership between China and Russia, with implications for global sanctions and the effectiveness of international controls.
Analyst Comments: The substantial increase in Chinese CNC machine tool exports to Russia signifies not only a strategic alliance but also the adaptability of sanctioned states in circumventing restrictions. This trend underscores the evolving dynamics of international trade and sanctions, where technological and industrial cooperation becomes a crucial component of geopolitical strategies. The reliance on Chinese CNC machinery reflects a broader shift in the global supply chain, especially in the context of military technology. It also poses a challenge to the efficacy of international sanctions and export controls, highlighting the need for more nuanced and adaptive strategies in response to geopolitical conflicts.
FROM THE MEDIA: Chinese shipments of CNC tools to Russia amounted to $68mn in July, a stark increase from $6.5mn in February 2022. With European sources constricted due to sanctions, Russia has turned to China, which now accounts for 57% of its CNC imports. The U.S. has responded with sweeping sanctions against major Russian importers of CNC tools and warns of risks to Chinese companies continuing this trade. Beijing, while denying support for Moscow's military actions, has seen a surge in overall trade with Russia, emphasizing non-lethal goods exports. Meanwhile, the effectiveness of these Chinese CNC tools in Russia's military manufacturing remains a subject of debate, with some suggesting quality and compatibility issues compared to European, Taiwanese, Korean, or Japanese alternatives. This trade shift reflects broader geopolitical currents and the challenges of enforcing technology sanctions amid deepening bilateral ties between sanctioned states and their partners.
Orbit Chain Suffers $82 Million Loss in DeFi Exploit
Bottom Line Up Front (BLUF): Orbit Chain, a cross-chain DeFi protocol, has been exploited, leading to a significant loss of approximately $82 million in various crypto assets. The breach involved unauthorized access and transfer of assets including ETH, WBTC, DAI, USDT, and USDC from Orbit Bridge. The team has responded by reaching out to cryptocurrency exchanges to freeze assets and collaborating with security experts and law enforcement to track and recover the stolen funds.
Analyst Comments: This substantial exploit underscores the persistent vulnerabilities within the DeFi space, especially concerning cross-chain bridges that have increasingly become prime targets for attackers. The attack's sophistication and the consequent large-scale asset transfer indicate a higher level of threat actors involved in the DeFi ecosystem. As the sector continues to grow, so does the imperative for robust security measures and rapid incident response strategies to protect users' assets and maintain trust in decentralized finance platforms.
FROM THE MEDIA: During the attack, the hacker managed to convert a significant portion of the stolen assets into different cryptocurrencies, holding approximately $63.6 million in ETH and $20 million in DAI. The incident has sparked concerns and frustration among users, especially as the Orbit team temporarily froze transactions amidst the chaos. This incident adds to the growing list of DeFi exploits, which saw users lose nearly $2 billion in the previous year. The community and stakeholders are now more than ever calling for enhanced security protocols and regulatory frameworks to safeguard assets and deter such attacks in the future.
READ THE STORY: CryptoTimes
Victoria's Court System Compromised in Major Cyber Attack
Bottom Line Up Front (BLUF): Victoria's Court Services (CSV) has been hit by a ransomware attack, leading to unauthorized access to sensitive audiovisual records of court proceedings between November 1 and December 21. The breach potentially compromises recordings from a range of courts, including Supreme and County Courts, sparking fears over the exposure of sensitive legal information.
Analyst Comments: This attack on Victoria's court system is particularly alarming due to the sensitivity of the data involved. Court proceedings often contain confidential and personal information that, if exposed, can have severe repercussions for the privacy and security of individuals involved. The breadth and depth of the breach, covering a vast array of court proceedings over nearly two months, signify a profound security lapse and an urgent need for fortified cybersecurity measures in public sector institutions, especially those handling critical and sensitive data.
FROM THE MEDIA: The CSV swiftly responded to the cyberattack by isolating and disabling the affected network, ensuring the continuity of court operations. However, the breach's discovery, highlighted by a "YOU HAVE BEEN PWND" message on staff computers, has led to significant concerns over the protection of sensitive legal information. Acting Premier Ben Carroll assured the public of ongoing investigations and protective measures but acknowledged the distress caused by the breach. The incident is a stark reminder of the escalating cyber threats targeting governmental institutions and the need for robust and proactive cyber defenses to protect critical national infrastructure and sensitive information.
READ THE STORY: News AU
UK and Allies Expose Russia for Ongoing Political Cyber Interference
Bottom Line Up Front (BLUF): The UK, in coordination with international partners, has exposed a sustained campaign of cyber interference by Russian Intelligence Services aimed at UK politics and democratic processes. The National Cyber Security Centre (NCSC) has attributed the operations to the group known as Star Blizzard, connected to Russia's FSB, which has targeted UK parliamentarians, leaked trade documents, and compromised various institutions pivotal to democracy.
Analyst Comments: The formal attribution of these cyber operations to the Russian Intelligence Services is a critical step in confronting and mitigating the threats to democratic processes. The long-term and varied nature of these attacks highlights the persistent and evolving threat posed by state actors in cyberspace. The coordinated response with international partners not only reflects the seriousness of these incidents but also the necessity of collaborative security efforts to protect against complex and covert operations. As cyber tactics continue to be a tool of geopolitical influence, transparency and cooperation become essential in preserving the integrity of national and international democratic systems.
FROM THE MEDIA: The malicious activities include a range of sophisticated cyber tactics like spear-phishing and selective leaking of information, aimed at undermining trust in politics and democratic institutions. The UK's Foreign Secretary has condemned these actions as wholly unacceptable, reflecting the broader sentiment on protecting democratic values against foreign interference. The comprehensive advisory issued by NCSC and allied cybersecurity agencies underscores the ongoing commitment to cyber defense and the importance of vigilance among individuals and organizations involved in the political process. This incident reaffirms the complex and stealthy nature of state-sponsored cyber threats and the ongoing challenges they present to national security and democratic integrity.
READ THE STORY: UKDJ
Ukraine's Gas Storage Plays Crucial Role in Averting European Energy Crisis
Bottom Line Up Front (BLUF): European companies are increasingly withdrawing natural gas from Ukraine's large storage facilities to meet rising winter demands, significantly reducing the risk of an energy crisis. Despite the ongoing conflict, Ukraine's vast storage capacity, a legacy of its historical role in Russian gas transit, has emerged as a critical asset in maintaining energy security for Europe.
Analyst Comments: Ukraine's role as a central player in Europe's energy security highlights the strategic importance of its gas storage capacity, particularly amid geopolitical tensions and supply disruptions. The effective utilization of these facilities demonstrates a concerted effort to diversify energy sources and strengthen resilience against future shortages. As Europe navigates complex energy challenges, Ukraine's contribution underscores the interconnectedness of regional energy infrastructures and the importance of collaborative strategies in ensuring stable and affordable energy supplies.
FROM THE MEDIA: Ukraine's offer of cheap storage tariffs and custom duty exemptions has attracted significant European interest in its storage facilities, with entities storing a record 2.5 billion cubic meters of natural gas ahead of winter. The withdrawals have helped keep EU's storage levels high, nearly 90% even in late December, significantly above the previous five-year average. This strategic positioning has also contributed to keeping European gas prices low, with the benchmark Dutch Title Transfer Facility trading at around a third of its level from the same time last year. As Europe aims to maintain robust storage levels into the new year, Ukraine's storage facilities continue to be an integral part of the continent's energy strategy, providing a buffer against potential supply disruptions and supporting overall energy security and economic stability.
New Variant of DLL Search Order Hijacking Threatens Windows 10 and 11
Bottom Line Up Front (BLUF): Security researchers have unveiled a new variant of the dynamic link library (DLL) search order hijacking technique capable of bypassing the security mechanisms of Windows 10 and 11. This method exploits executables in the trusted WinSxS folder, enabling attackers to execute malicious code without needing elevated privileges and introducing potentially vulnerable binaries into the system.
Analyst Comments: This advancement in DLL search order hijacking represents a significant threat as it exploits the trusted WinSxS system component, a critical part of the Windows operating system. The sophistication of this variant lies in its ability to operate stealthily, bypassing enhanced protections and potentially allowing threat actors to maintain a persistent presence on the compromised system. The discovery underlines the need for continuous vigilance and adaptive security measures to anticipate and mitigate evolving cyber threats.
FROM THE MEDIA: The technique specifically targets vulnerable binaries in the WinSxS folder, combining traditional DLL hijacking methods with new, more covert strategies. By placing a custom DLL in a controlled directory and executing a vulnerable file in the WinSxS folder, attackers can execute the malicious DLL's content seamlessly. Security Joes warns of the potential for more binaries in the WinSxS folder to be susceptible to this type of hijacking. The firm advises organizations to closely monitor process relationships, especially involving trusted binaries, and activities in the WinSxS folder to reduce the risk of exploitation. This incident is a stark reminder of the constantly evolving landscape of cybersecurity threats and the need for robust defense strategies against sophisticated techniques like DLL search order hijacking.
READ THE STORY: THN // CrowdStrike
UK Braces for Foreign Cyber Interference in Elections
Bottom Line Up Front (BLUF): With a series of crucial elections set globally, former UK Defence Secretary Ben Wallace warns of intensified efforts by adversarial nations, particularly Russia, to interfere in democratic processes through sophisticated cyber means. The UK, equipped with advanced cyber defenses like GCHQ and the National Cyber Security Centre, is bracing against these threats to protect the integrity of its elections.
Analyst Comments: Wallace's commentary reflects an acute awareness of the evolving landscape of cyber warfare, particularly the threat posed by state actors like Russia and their advanced capabilities in undermining democracies. It underscores the criticality of robust national cybersecurity strategies and international cooperation in defending against these threats. The UK's proactive stance and establishment of specialized bodies like the NCSC highlight the importance of continuous vigilance and adaptive defense mechanisms in the ever-changing cyber domain.
FROM THE MEDIA: Merck's interest in JSR, a leader in chip materials, prompted a significant reaction from the Japanese government, leading to a substantial offer from Japan Investment Corporation to take JSR private. This move is reflective of the protective stance countries are adopting regarding their technological assets amid heightened global competition for semiconductor dominance. The delayed deal due to antitrust reviews and market reactions highlights the complexity and international scope of such acquisitions. The strategic importance of JSR's products to the chip industry makes this deal a focal point for understanding the dynamics of government intervention and economic security in tech industries.
READ THE STORY: The Telegraph
Surge in Malicious Domains Mimicking ChatGPT, Warns Cybersecurity Research
Bottom Line Up Front (BLUF): Cybersecurity researchers have discovered a significant surge in the registration of over 650,000 malicious domains resembling the ChatGPT model. These domains are being used by hackers to exploit the credibility associated with ChatGPT, deceiving users into revealing sensitive information or downloading malicious content.
Analyst Comments: This proliferation of fraudulent domains capitalizing on the popularity of ChatGPT underscores the evolving tactics of cybercriminals in exploiting current trends and trusted names. The incident highlights the critical need for heightened vigilance among users and the importance of verifying the authenticity of websites and sources, especially those associated with trending technologies and platforms. It also underscores the broader challenge of ensuring digital safety in an era where domain spoofing and similar deceptive practices are becoming increasingly sophisticated and widespread.
FROM THE MEDIA: The exploit involves the use of a zero-day vulnerability by the Russian ransomware group Cl0p in a recent campaign, demonstrating the continuous evolution of threat actors in leveraging new and existing vulnerabilities. This incident, along with the rise in various other cybersecurity threats such as Android spyware and persistent Magecart attacks, reflects the dynamic and increasingly perilous landscape of cybersecurity. Users and organizations must adopt comprehensive and proactive security measures to protect against a wide array of cyber threats, including the potential misuse of popular AI models like ChatGPT for malicious purposes.
READ THE STORY: GBhackers
Company Accused of Misleading Users by Collecting Data in Private Browsing
Bottom Line Up Front (BLUF): Google has settled a class-action lawsuit that accused it of misleading users into believing their internet activity was private when using "incognito" or "private" browsing modes. The lawsuit, seeking at least $5 billion in damages, claimed that Google violated federal wiretap laws by continuing to collect information via Google Analytics and other tools, even when users were in private browsing mode.
Analyst Comments: This settlement highlights a significant concern in the digital age about user privacy and the extent to which individuals can control their personal data. The case against Google reflects a broader issue in technology where users' expectations of privacy are often mismatched with the realities of data collection practices. This incident serves as a critical reminder for individuals to understand the scope and limitations of privacy settings on internet platforms and for companies to be transparent and clear about their data collection practices.
FROM THE MEDIA: The lawsuit centered on the alleged deceptive nature of Google's incognito mode, suggesting that users were misled into thinking their activities were not tracked. The controversy brings to light the complex nature of online privacy and tracking mechanisms, including the use of analytics and advertising technologies that can follow user activity across sessions and sites. While the exact settlement terms were not disclosed, the case underscores the ongoing challenges and legal implications surrounding user privacy, consent, and data collection in an increasingly digital world.
READ THE STORY: THN
Items of interest
Lithium-Ion Battery Fire Contained on Cargo Ship Genius Star XI
Bottom Line Up Front (BLUF): The US Coast Guard reports that a potentially disastrous fire onboard the Genius Star XI, a ship carrying 800 tonnes of Lithium-Ion batteries, has been contained thanks to the crew's effective response. The incident began when the ship left South Korea on December 17 and encountered a fire on Christmas Day. While the fire risk has been stabilized, the ship remains under close observation near Broad Bay, Alaska.
Analyst Comments: The incident highlights the inherent risks associated with transporting large quantities of Lithium-Ion batteries, known for their potential to cause intense fires through thermal runaway. The crew's successful containment of the blaze showcases the importance of proper hazard management and emergency protocols in maritime operations. However, the situation underscores the broader challenges and safety considerations in the global transportation of hazardous materials, especially as demand for Lithium-Ion batteries surges with the rise in electronic and electric vehicle production.
FROM THE MEDIA: The Genius Star XI's fire incident is a reminder of the volatile nature of Lithium-Ion batteries and the critical need for stringent safety measures in their transportation and storage. The ongoing monitoring by the US Coast Guard indicates the seriousness of such incidents, even when initial dangers are mitigated. The situation remains a testament to the maritime crew's preparedness and response while also serving as a case study for improving safety standards in the transport of high-risk materials. As reliance on Lithium-Ion batteries grows, so does the imperative for industry-wide safety protocols and emergency response strategies.
READ THE STORY: The Register
How Sodium-Ion Batteries May Challenge Lithium (Video)
FROM THE MEDIA: Lithium-ion batteries are king. They are ubiquitous in everything from consumer electronics to electric vehicles. They are even used to store excess renewable energy. But demand for the critical minerals needed to make lithium-ion batteries is predicted to outstrip supply. That, combined with cost considerations and concerns over energy security are leading companies to consider alternative battery chemistries. One of the most promising is the sodium-ion battery. But there are challenges ahead since sodium batteries are larger and have a lower energy density than lithium-ion batteries.
Are These Batteries The Future Of Energy Storage? (Video)
FROM THE MEDIA: There’s a huge number of lithium-ion battery alternatives in the works … so many that it can be hard to keep track of them all. Let’s take a look at 5 next generation battery contenders, if they’re overhyped, and when they might end up in our smartphones, homes, or EVs. What does the future of energy storage look like for us beyond the tried-and-true lithium-ion battery?
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.