Daily Drop (839): | Gray Zone | RU: Moonly App | GoGra | Magnificent Seven | CIRCIA | Russia & China Trade | Youtube: ADs | LoTS | IRGC: Cyber | VBS | BlackSuit | FR: Museum's | War memes |
08-08-24
Thursday, Aug 08 2024 // (IG): BB // ShadowNews // Coffee for Bob
Measures of Effectiveness (MoE):
MoEs are used to assess how well a system or operation achieves its intended goals. They are qualitative or quantitative metrics that reflect the success of achieving desired outcomes. For example, in a cybersecurity context, an MoE could be the reduction in successful cyber-attacks after implementing new security protocols.
Results: We are seeing an uptick in “163.com”, “189.com” and “QQ” subscribers.
Russia and China May Initiate Barter Trade This Autumn Amid Payment Challenges
Bottom Line Up Front (BLUF): Russia and China are exploring the possibility of barter trade deals, with the first exchange potentially occurring this autumn. The move aims to circumvent payment issues exacerbated by Western sanctions and reduce reliance on banking systems susceptible to U.S. monitoring.
Analyst Comments: The reintroduction of barter trading between Russia and China marks a significant shift in their bilateral trade dynamics, reminiscent of Cold War-era strategies. This approach reflects the increasing strain on their financial systems due to Western sanctions, forcing both nations to revert to methods that limit transparency and currency risk. While effective in the short term, the sustainability of such trade mechanisms in a globalized economy remains uncertain.
FROM THE MEDIA: Russia and China are reportedly close to reviving barter trade agreements, a practice not seen since the 1990s. This comes as both nations seek alternatives to conventional payment systems, particularly in light of delays in establishing a direct payments link between Russia's SPFS and China's CIPS platforms. Discussions have been ongoing since Russian President Vladimir Putin's visit to China in May, with the primary focus on agricultural products and machinery. Despite some progress, the lack of a robust IT bridge between their financial systems remains a significant obstacle. Barter trading offers a temporary solution to these challenges, reducing the visibility of transactions to Western regulators and mitigating currency risks.
READ THE STORY: Reuters
U.S. Prepares for Increasing "Gray Zone" Conflicts with China, Russia, and North Korea
Bottom Line Up Front (BLUF): The U.S. intelligence community warns of a growing threat from "gray zone" conflicts led by China, Russia, North Korea, and Iran. These adversaries are expected to increasingly employ tactics such as cyber-attacks, economic coercion, and disinformation campaigns to challenge U.S. interests and destabilize the global order, while avoiding direct military confrontation. This evolving strategy leverages advanced technologies and the absence of clear international norms, presenting a complex challenge for the U.S. and its allies through 2030.
Analyst Comments: The concept of "gray zone" conflict is not new but is becoming more prominent as cyber capabilities and global interconnectivity provide adversaries with new tools to exploit vulnerabilities. Russia's manipulation of social media to amplify divisions in the West, China's aggressive maritime activities in the South China Sea, and North Korea's increasing use of cybercrime are all examples of this strategy in action. The convergence of these tactics, combined with the deepening ties among U.S. adversaries, suggests a future where unconventional threats will be more frequent, diverse, and difficult to counter.
FROM THE MEDIA: The ODNI report outlines how gray zone activities, which blur the lines between peace and war, are expected to rise as global powers like China, Russia, and North Korea seek to undermine U.S. influence without triggering outright conflict. These actions include cyber-attacks, disinformation campaigns, and other non-military tactics designed to destabilize adversaries and achieve strategic objectives. As these activities become more sophisticated and multilateral, they will pose significant challenges to international stability and security.
READ THE STORY: Newsweek
Tensions Rise as Israelis and Lebanese Brace for Escalating Conflict
Bottom Line Up Front (BLUF): As tensions escalate between Israel and Iran, both Israelis and Lebanese are caught in a tense waiting game, anticipating the possibility of a broader conflict. While Israel braces for potential retaliation from Hezbollah, Lebanese citizens fear the devastating consequences of an Israeli counter-strike. The region remains on edge, with both populations resorting to humor, denial, and preparations for war as they await the next phase of the ongoing Israeli-Iranian antagonism.
Analyst Comments: The atmosphere in both Israel and Lebanon reflects a deep-seated anxiety as the potential for conflict looms large. The psychological impact of this waiting game is profound, affecting not only military strategies but also the daily lives of civilians who find themselves caught between powerful geopolitical forces. The situation is further complicated by the uncertainty surrounding when or if the anticipated conflict will erupt, leaving both nations in a state of uneasy anticipation.
FROM THE MEDIA: In both Israel and Lebanon, civilians are preparing for the worst as tensions between Israel and Hezbollah escalate. Israelis, protected by advanced missile defense systems and bomb shelters, express frustration over the uncertainty, while Lebanese citizens, lacking such protections, are deeply concerned about the potential for widespread destruction. As both nations await the next move, the region remains fraught with anxiety, with humor and beach outings serving as temporary escapes from the looming threat of war.
READ THE STORY: FT
Astrology App Moonly Exposes Locations of 6M Users; Founders Likely Linked to Russia
Bottom Line Up Front (BLUF): The Moonly astrology app has exposed sensitive data, including the exact GPS locations of six million users, raising significant privacy concerns. A leaked database reveals that the company, ostensibly based in the U.S., is likely operated from Russia, with its employees logging in from Russian, Belarusian, and Indonesian IP addresses. The breach, which includes AI-generated content and user device metadata, potentially endangers users and links the app to a Russia-run operation amidst ongoing geopolitical tensions.
Analyst Comments: The exposure of sensitive user data, including GPS coordinates, by the Moonly app underscores the risks associated with data management by companies with unclear or misleading geographic affiliations. The link to Russia, particularly in the current geopolitical context, heightens concerns about the potential misuse of this data. This incident serves as a critical reminder for users to be vigilant about the origins and data practices of the apps they use, especially those that could be tied to nation-states with adversarial relations. Additionally, it highlights the importance of stringent data protection measures and transparency from companies handling sensitive personal information.
FROM THE MEDIA: Moonly, an astrology app managed by Cosmic Vibrations Inc., has leaked the GPS locations and personal data of millions of users, raising serious privacy issues. Researchers found that the company's operations are likely based in Russia, despite its U.S. headquarters. The leaked data includes GPS coordinates, dates of birth, and email addresses, which could be exploited for targeted attacks. The situation is further complicated by the company's lack of transparency regarding its Russian connections, which could have significant implications given the current geopolitical climate and sanctions against Russia.
READ THE STORY: Cybernews
Go-Based Backdoor "GoGra" Targets South Asian Media Organization via Microsoft Graph API
Bottom Line Up Front (BLUF): A new Go-based backdoor named GoGra has been discovered targeting a South Asian media organization, using Microsoft's Graph API to stealthily communicate with a command-and-control (C&C) server. The malware, attributed to the nation-state hacking group "Harvester," leverages legitimate cloud services like Microsoft mail to evade detection, executing encrypted commands and exfiltrating data via encrypted messages. This trend of utilizing cloud services for C&C highlights an evolving tactic among espionage actors to bypass traditional security defenses.
Analyst Comments: The use of cloud services like Microsoft Graph API for C&C in malware campaigns, as demonstrated by GoGra, represents a growing trend among advanced persistent threats (APTs). By exploiting trusted platforms, attackers significantly reduce the likelihood of their activities being flagged by conventional security measures. The adaptability of groups like Harvester, mimicking successful techniques seen in other espionage campaigns, underscores the need for organizations to enhance monitoring of legitimate services for unusual activities. As these tactics continue to proliferate, organizations, especially those in sensitive sectors like media, must strengthen their security posture, focusing on advanced threat detection and response capabilities.
FROM THE MEDIA: The GoGra malware, which operates by reading and sending encrypted commands via Microsoft's cloud services, is part of a broader shift towards using legitimate infrastructure to conduct cyber operations. Similar tools like Grager and Onedrivetools have been seen in attacks against various entities across Asia and Europe, all leveraging the Graph API for C&C purposes. This technique allows attackers to blend in with regular network traffic, making it harder for defenders to identify malicious activities. Symantec's analysis suggests that this trend is becoming more prevalent, as espionage groups continue to adopt and refine these methods.
READ THE STORY: THN
The AI Gold Rush Faces a Reality Check
Bottom Line Up Front (BLUF): The global tech sector's intense focus on AI is facing scrutiny as doubts grow about its profitability. Despite massive investments, particularly from the "Magnificent Seven" tech giants, AI’s financial returns remain uncertain. Recent market volatility, coupled with regulatory pressures and the challenges of long-term monetization, has led to fears that AI may be entering bubble territory. However, the long-term transformative potential of AI remains, even as short-term investors grapple with the current market's unpredictability.
Analyst Comments: The parallels between the current AI boom and the dot-com bubble of the late 1990s are striking, highlighting the cyclical nature of tech hype and investment. While AI has the potential to revolutionize industries, the massive capital influx without immediate returns is causing market jitters. The increasing regulatory scrutiny in both the U.S. and Europe is likely to reshape the landscape, slowing the aggressive expansion of big tech in AI. Investors should brace for continued volatility but remember that transformative technologies often take years, if not decades, to realize their full potential.
FROM THE MEDIA: As AI investments soar, the tech sector is facing a critical juncture. Despite the hype, AI's financial sustainability is under question, especially as leading companies like Microsoft and OpenAI report significant losses. The situation is exacerbated by regulatory pressures from both the U.S. and Europe, which aim to curb the unchecked growth of AI technologies. While some fear an impending bubble, others argue for a longer-term perspective, citing the historical precedent of past tech revolutions. The market's future remains uncertain, but the impact of AI will undoubtedly continue to unfold.
READ THE STORY: Cybernews
Easterly: Supreme Court’s Chevron Decision Could Impact Cyber Incident Reporting Rules
Bottom Line Up Front (BLUF): Jen Easterly, head of CISA, indicates that it's too early to determine how the recent Supreme Court decision overturning the Chevron doctrine will impact cyber incident reporting rules for critical infrastructure. CISA is currently analyzing potential effects on its Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) but remains focused on rendering assistance and improving ecosystem security.
Analyst Comments: The Supreme Court's recent ruling could significantly influence how federal agencies, including CISA, enforce cybersecurity regulations. With the Chevron doctrine overturned, there may be increased legal challenges from industries resistant to new cyber regulations, which could delay or weaken the implementation of essential cybersecurity measures. This development highlights the ongoing tension between regulatory oversight and industry autonomy in the cybersecurity landscape.
FROM THE MEDIA: At the Black Hat cybersecurity conference, CISA Director Jen Easterly emphasized that her team is still assessing the implications of the Supreme Court’s June ruling, which struck down the Chevron doctrine. This doctrine previously allowed regulatory agencies broad discretion in interpreting rules. With CIRCIA set to enforce mandatory cyber incident reporting, the ruling could open the door to legal challenges from critical infrastructure sectors, complicating CISA’s efforts to enhance national cybersecurity. Despite these challenges, Easterly expressed optimism that the new rules would be seen as beneficial rather than punitive.
READ THE STORY: The Record
Meta and Google Exposed for Secret Ad Campaign Targeting Teens on YouTube
Bottom Line Up Front (BLUF): Meta and Google were found to have secretly collaborated on a now-canceled ad campaign that targeted teenagers on YouTube with Instagram ads, violating Google's own policies against advertising to minors. This campaign exploited a loophole by targeting users labeled as "unknown," which Google internally identified as skewing towards younger audiences. The initiative was abruptly halted after media inquiries, revealing significant ethical and regulatory concerns as both companies face growing scrutiny over their practices.
Analyst Comments: This revelation is a stark reminder of the challenges in regulating tech giants, especially concerning the protection of vulnerable populations like minors. Both Meta and Google have previously faced criticism for their data practices, but this incident highlights a deliberate attempt to circumvent safeguards designed to protect children online. The timing of this exposure, coming just after the passage of the Kids Online Safety Act in the U.S. Senate, underscores the urgent need for stricter enforcement and transparency in digital advertising practices.
FROM THE MEDIA: Documents reveal that Meta and Google collaborated on a secret ad campaign targeting teens on YouTube, violating Google’s policies against personalized ads for minors. The campaign used a loophole by targeting "unknown" users, whom Google could infer were largely under 18. The project was initially deemed successful but was canceled after media scrutiny. This incident raises significant concerns about the ethics of targeting minors in digital advertising and could lead to increased regulatory actions.
READ THE STORY: Cybernews
New Phishing Scam Exploits Google Drawings and WhatsApp Shortened Links to Steal Sensitive Data
Bottom Line Up Front (BLUF): Cybersecurity researchers have uncovered a sophisticated phishing scam that uses Google Drawings and WhatsApp shortened links to deceive users into providing personal information. The attack employs a combination of legitimate services and fake Amazon account verification pages to evade detection, highlighting the growing trend of using trusted platforms for malicious purposes.
Analyst Comments: This phishing campaign exemplifies the increasing sophistication of attackers who leverage trusted platforms like Google and WhatsApp to bypass traditional security measures. The use of well-known services makes it harder for security systems to flag these malicious activities, emphasizing the need for heightened awareness and advanced security protocols to detect and prevent such threats.
FROM THE MEDIA: Menlo Security researchers have identified a novel phishing scheme where attackers use Google Drawings to host a graphic that appears to be an Amazon account verification link. Victims are then directed to a fake Amazon login page through a series of shortened URLs generated via WhatsApp and QR code services. The phishing page is designed to steal credentials, personal information, and credit card details. This tactic, known as Living Off Trusted Sites (LoTS), shows the growing trend of cybercriminals exploiting legitimate services to carry out their attacks.
READ THE STORY: THN
U.S. Offers $10 Million for Information on Iranian Hackers Behind Cyberattacks on Water Utilities
Bottom Line Up Front (BLUF): The U.S. State Department has announced a $10 million reward for information leading to the capture of six Iranian government hackers linked to the IRGC's Cyber-Electronic Command. These individuals are allegedly responsible for cyberattacks targeting U.S. water utilities, with their actions posing significant risks to critical infrastructure. The attacks, claimed by the CyberAv3ngers group, were reportedly in retaliation for Israeli actions in Gaza.
Analyst Comments: This case underscores the growing threat of state-sponsored cyberattacks on critical infrastructure, particularly in sectors like water utilities that are essential for public safety. The involvement of the IRGC highlights Iran's continued use of cyber operations as a tool of geopolitical influence and retaliation. The substantial reward offered by the U.S. emphasizes the seriousness with which these threats are regarded, and the ongoing global challenge of deterring state-sponsored cyber threats.
FROM THE MEDIA: The U.S. government has accused six Iranian officials of conducting cyberattacks against water utilities, with the incidents believed to be linked to Iran’s Islamic Revolutionary Guard Corps. The attacks, which targeted Programmable Logic Controllers (PLCs) used in various critical sectors, forced some U.S. utilities to switch to manual operations as a precaution. The State Department's reward aims to gather information on these hackers, highlighting the ongoing tensions between the U.S. and Iran in cyberspace.
READ THE STORY: The Record
FBI and CISA Warn of BlackSuit Ransomware Demands Reaching Up to $500 Million
Bottom Line Up Front (BLUF): The FBI and CISA have issued a warning about the BlackSuit ransomware, which has demanded up to $500 million in ransoms to date. This ransomware, an evolution of the Royal ransomware, is being deployed through phishing emails and exploits in internet-facing applications. BlackSuit has targeted critical infrastructure sectors, using sophisticated tools to maintain persistence in victim networks and applying aggressive pressure tactics, including direct communication with victims and exploiting stolen data for leverage.
Analyst Comments: The emergence of BlackSuit ransomware highlights the increasing sophistication and aggression of cybercriminals targeting critical infrastructure. The scale of ransom demands and the tactics used, such as exploiting vulnerabilities in legitimate tools and direct communication with victims, demonstrate a shift towards more personalized and coercive ransomware campaigns. Organizations must bolster their defenses, particularly in critical sectors, by enhancing email security, patch management, and employee awareness to mitigate the risk of such high-impact attacks.
FROM THE MEDIA: BlackSuit ransomware, which has evolved from the Royal ransomware strain, has been linked to attacks on various critical infrastructure sectors. The attackers employ a mix of phishing, RDP exploitation, and malicious tools to gain initial access and persist within networks. CISA and the FBI's advisory outlines the aggressive negotiation tactics and the extreme ransom demands, with some reaching $60 million. The rise of this ransomware, along with other new variants like Lynx and OceanSpy, underscores the growing threat landscape and the need for robust cybersecurity measures across industries.
READ THE STORY: THN
Ransomware Attack Hits Nearly 40 French Museums Amid Olympic Security Concerns
Bottom Line Up Front (BLUF): A ransomware attack targeting the financial systems of approximately 40 French museums, including the Louvre and the Palace of Versailles, has disrupted operations at associated bookstores and boutiques. While the museums themselves were not directly affected, the attack has raised concerns given the ongoing Olympic Games in Paris. The hacker group behind the incident has demanded a cryptocurrency ransom, with French security agencies closely monitoring the situation.
Analyst Comments: The ransomware attack on French museums, particularly during the 2024 Paris Olympics, underscores the increasing vulnerability of critical cultural and economic institutions to cyber threats. The attackers’ use of financial systems as entry points reflects a strategic choice to disrupt revenue streams without directly affecting public-facing operations. With the Olympic Games ongoing, the timing suggests a potential link to broader cyber efforts to destabilize key infrastructures during high-profile events. The French government’s swift response and ongoing investigations highlight the critical importance of cybersecurity in safeguarding national assets during global events.
FROM THE MEDIA: The ransomware attack, detected at the Grand Palais museum, led to the shutdown of servers affecting financial operations across several major French museums. The attack has not disrupted the museums' main operations, but it has impacted associated retail activities. French cybersecurity agency ANSSI, which oversees Olympic security, has confirmed that the affected systems were not involved in the Olympics' operations. The French police have launched an investigation, and no data leaks have been reported so far. This incident follows a series of thwarted cyberattacks during the first days of the Olympics, raising alarms about potential future threats.
READ THE STORY: The Record
Windows Downgrade Attack Exposes Patched Systems to Old Vulnerabilities
Bottom Line Up Front (BLUF): Microsoft has identified two significant vulnerabilities, CVE-2024-38202 and CVE-2024-21302, that could enable attackers to exploit a downgrade attack on Windows systems. These flaws could be used to reintroduce previously mitigated vulnerabilities, making fully patched systems vulnerable to past exploits. The loopholes could potentially undermine security features like Virtualization Based Security (VBS) and bypass crucial update verifications, turning resolved vulnerabilities into new threats.
Analyst Comments: The discovery of these downgrade attack vulnerabilities underscores the persistent risks in even the most secure systems. The ability of attackers to revert system files to outdated versions, effectively nullifying patches, presents a serious challenge to the concept of a "fully patched" system. This issue is particularly concerning given its potential to bypass key security mechanisms such as VBS and Credential Guard. Microsoft's response, including upcoming security updates, will be critical in restoring confidence in Windows' security architecture. Users and administrators should remain vigilant, ensuring that all security protocols are rigorously followed, and systems are closely monitored for any signs of exploitation.
FROM THE MEDIA: Researcher Alon Leviev, who uncovered the vulnerabilities, highlighted how these issues could allow attackers to subvert the Windows Update process, resulting in undetectable, persistent downgrades of critical system components. This could leave systems exposed to thousands of previous vulnerabilities, effectively turning patched systems into new zero-day targets. Microsoft is actively developing updates to address these loopholes, emphasizing the importance of robust update procedures and the risks posed by design flaws that have existed for nearly a decade.
READ THE STORY: THN
Items of interest
Ukraine Seizes Over 130 Square Miles in Kursk Region, Breaches Russian Defense Lines
Bottom Line Up Front (BLUF): Ukrainian forces have made significant gains in the Russian Kursk region, capturing over 130 square miles of territory and breaching at least two Russian defense lines. The incursion, which involves elite Ukrainian brigades, marks a strategic escalation and has prompted Moscow to deploy additional reserves to the region. The long-term goals of this offensive remain unclear, but it has already sparked criticism within Russia over military miscalculations.
Analyst Comments: Ukraine's bold advance into the Kursk region is a significant development in the ongoing conflict, indicating Kyiv's willingness to take the fight deep into Russian territory. The move could have multiple objectives, from disrupting Russian operations to setting the stage for future negotiations. However, it also raises questions about Ukraine's ability to sustain these gains, especially in the face of potential Russian counterattacks. The operation highlights the evolving nature of the conflict, with both sides continuing to adapt their strategies.
FROM THE MEDIA: Ukrainian forces, including elite brigades, have penetrated deep into the Kursk region, capturing 11 settlements and advancing over six miles into Russian territory. This incursion has drawn a mixed response, with some Russian military bloggers condemning the failure of Moscow's defenses. The operation might be intended to weaken Russian resolve and shift the narrative in Ukraine's favor, especially if Ukraine is forced into negotiations in the near future.
READ THE STORY: Newsweek
Results Of A MASSIVE Attack, Top Ukrainian Commander Compromised - Ukraine Map/News (Video)
FROM THE MEDIA: The video explores the complex military and political dynamics of the ongoing war in Ukraine, focusing on the strategic decisions, international involvement, and the broader implications of the conflict.
Russia says Ukrainian troops crossed border and launched ‘massive attack’ (Video)
FROM THE MEDIA: Russia has accused Ukrainian troops of crossing the border into its Kursk region, which, if confirmed, marks the first incursion of its kind from Ukraine and puts pressure on Moscow in an area largely unaffected by the two-year war.
The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.