Sunday, April 3, 2022 // (IG): BB //Weekly Sponsor: Cloakedentryco
Software glitch halts trains across the Netherlands
FROM THE MEDIA: THIS SEEMS TO BE HAPPENING OFTEN IN THE EU -Trains operated by the national rail network were halted across the Netherlands Sunday by what the operator called a technical problem. Erik Kroeze, a spokesman for railway operator NS, said the problem was in a planning software system. He said there were no indications it was caused by a cyberattack. NS said trains would be halted until 5 p.m. while it sought to fix the problem. "We are working hard on recovery, but unfortunately it is not yet possible to say how long this situation will last," NS said in a statement on its website.
READ THE STORY: TechXplore
The Commercial Space Dependent War
FROM THE MEDIA: Regardless of the era, technology has always shaped warfare, but as the conflict in Ukraine continues to unfold before us, the use and application of commercial space-based assets and technologies is on full display. In the weeks preceding the Feb. 24 invasion by Russian forces, full-color satellite imagery of camps, equipment and other military supplies were seen being assembled. While shots like these have been available for decades to the military and intelligence agencies, the fact that this imagery was publicly available on news sites, as well as on our phones to see, prevented any type of disinformation campaign from saying, “There’s nothing going on here.” The proof was in the pixels. The fact that any of us could see the positioning of Russian military assets primed for attack reminds us of the black and white images President Kennedy shared with the public as the Cuban missile crisis unfolded in 1962. Nearly 60 years later, similar images — this time in color, with better resolution and far more immediacy, help tell the real story. The fact that these images were provided by commercial providers — not intelligence agencies or military assets — is the game-changer for commercial space and its capabilities.
READ THE STORY: The Gazette
The Ominous Cell Phone Warning Ukraine Is Giving Their Soldiers
FROM THE MEDIA: Several long weeks have passed since Russia first invaded Ukraine, and unfortunately, it seems the war is not even close to coming to an end. In times of conflict, a lot of things come to light that civilians may not be aware of on a day-to-day basis. One such matter impacting Ukraine is the weaponization of cell phones. Ukrainian soldiers recently received a lengthy list of warnings related to using their mobile phones in a safe way. The consequences of not following those guidelines could be dire. But why exactly are smartphones, and mobile phones in general, such a threat on the frontlines? Warfare in modern times is much different than the wars we've all learned about in history books. There are still tanks and missiles, wreaking destruction and hurting millions of innocent lives. Unfortunately, that has not changed. However, one thing that is different is the fact that we now live in a digital world, full of various digital signals, the internet, and countless ways for people to be tracked by skilled military personnel and specialized equipment.
READ THE STORY: Slashgear
After China's 'Great Firewall,' Russia-Ukraine war may add to 'splinternet'
FROM THE MEDIA: Russia's invasion of Ukraine that began on February 24, and the subsequent blowbacks to the country's digital infrastructure in the form of sanctions, retracting business from companies, and its own blocking of several popular services, has raised fears that the world may be in for another splintering of the internet—and possibly more cyberattacks. In a recent interview with Bloomberg, French digital affairs envoy Henri Verdier said any transition by Russia to move toward an independent internet “would have very severe consequences,” and warned that nation-states might be more tempted to launch devastating cyberattacks they were sure they would be insulated from the results. “Today if I break the Russian internet, probably I will break my own internet, because it’s the same,” Verdier said, arguing that the shared nature of the world wide web protected all users from losing service. In traditional terms, the internet is a massive network of interconnected cables, computers, wireless signals and more that are constantly exchanging information between themselves across the world. The concept of the splinternet is just as the name implies—a breaking of the connections at the hands of concerned political powers.
READ THE STORY: Deccan Herald
Trump’s Policy on Offensive Military Cyber Operations May Be Reversed Under Biden Administration
FROM THE MEDIA: A 2018 Trump administration memo that provided the Department of Defense exceptional latitude to conduct offensive action against adversary computer systems and networks might be undone by the Biden administration. “Two people informed on the conversations” around an interagency review of National Security Presidential Memorandum-13 (NSPM-13), a secret order issued in September 2018, this probable move was revealed on Thursday. The DoD might take “activities that fall below the ‘use of force’ or a threshold that would entail death, devastation, or severe economic repercussions.” The Trump administration then kept the details of this directive secret from the DoD’s designated overseers in Congress for over a year; members of the House Armed Services Committee finally got to read it in March 2020. NSPM-13 replaced a policy developed under the Obama administration that required presidential approval for such operations. In situations like Russian hacking operations against Democratic Party offices and individuals before the 2016 election, that White House decision-making process did not seem terribly swift or certain.
READ THE STORY: Bollyinside
Anonymous Leaks Personal Data of 120K Russian Soldiers Fighting in Ukraine
FROM THE MEDIA: Anonymous, the famed hacker collective, claimed on Sunday that they leaked the personal information of 120,000 Russian soldiers allegedly fighting in Ukraine. The soldiers' information, which included their names, dates of birth, addresses, unit affiliation and passport numbers, were leaked as the Russian military faces heightened scrutiny over alleged human rights abuses in the Ukrainian town of Bucha. Reports of civilians in the town who were shot to death with their hands tied behind their backs while corpses being spotted in yards, cars and streets have been circulating. "All soldiers participating in the invasion of Ukraine should be subjected to a war crime tribunal," the group wrote in a tweet announcing the leak. The leak appeared on the Ukrainian version of Russian news outlet Pravda where more than 6,000 pages of documents containing the soldiers' information could be seen.
READ THE STORY: NewsWeek
New Password Stealing Malware Sold In Russian Hacking Forum
FROM THE MEDIA: Malware-as-a-service is becoming one of the greatest contributors to cyberattacks since it makes entry for cybercriminals extremely easier. This is because most of the hacking forums are selling malware, trojans, and viruses which are being leveraged by many hackers. This malware is capable of stealing information related to Crypto Wallets, Saved browser credentials, email clients, VPN messengers, and FTP credentials. This malware also has the ability to evade detection as well as anti-debugging. BlackGuard is still in the development stage. It is written in .NET packed with crypto packer. This malware has dual decoding. It is encoded in an array of bytes which is first decoded into ASCII strings during runtime. These ASCII strings are then decoded into base64. This helps to evade antivirus and string-based detection. BlackGuard gathers information about the location of the infected device by making a request to “http://ipwhois.app/xml/“. If BlackGuard detects the location of a Commonwealth of Independent States (CIS), it exits the device.
READ THE STORY: GBhackers
Hacker group Deep Panda that hit several global firms is back
FROM THE MEDIA: A Chinese hacker group known as ‘Deep Panda’ that went into hibernation after attacking global entities some years ago, including in India, is back in action. Deep Panda has launched new attacks against finance, travel and cosmetic industries since last month, exploiting Log4Shell open source software vulnerability to deploy the new Fire Chili rootkit. During the past month, FortiGuard Labs researchers detected a campaign by a Chinese advanced persistent threat (APT) hacking group that has been active for at least a decade, targeting government, defense, healthcare, telecom, and financial organizations for data theft and surveillance. Following exploitation, Deep Panda deployed a backdoor on the infected machines. “Following forensic leads from the backdoor led us to discover a novel kernel rootkit signed with a stolen digital certificate. We found that the same certificate was also used by another Chinese APT group, named Winnti, to sign some of their tools,” the researchers said in a blog post.
READ THE STORY: SiaSat
A Hacker Gang's Alleged Members Are in Jail. It's Still Stealing Data.
FROM THE MEDIA: London police announced Friday that two teenagers had been charged with hacking crimes in connection to LAPSUS$, a cybercriminal gang that has managed to breach some of the biggest tech companies in the world over the past few months. Far from disintegrating in a leadership vacuum, though, the gang has continued to make digital mayhem without them. The unnamed teens, a 16-year-old and a 17-year-old boy, face a bevy of charges, including “three counts of unauthorized access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorized access to a computer with intent to hinder access to data,” Scotland Yard said. The duo, who remain in custody, were scheduled to appear in Highbury Corner Magistrates’ Court on Friday. A total of seven people were recently arrested in connection to the gang. The oldest of them is 21. While the jailing of several of its alleged members would seem to signal an end to LAPSUS$, the group is, in fact, keeping busy. It hacked a new company earlier this week, and the fallout from its past escapades goes on.
READ THE STORY: Gizmodo
Blockchains Have a ‘Bridge’ Problem, and Hackers Know It
FROM THE MEDIA: THE cryptocurrency network Ronin disclosed a breach in which attackers made off with $540 million worth of Ethereum and USDC stablecoin. The incident, which is one of the biggest heists in the history of cryptocurrency, specifically siphoned funds from a service known as the Ronin Bridge. Successful attacks on “blockchain bridges” have become increasingly common over the past couple of years, and the situation with Ronin is a prominent reminder of the urgency of the problem. Blockchain bridges, also known as network bridges, are applications that allow people to move digital assets from one blockchain to another. Cryptocurrencies are typically siloed and can't interoperate—you can't do a transaction on the Bitcoin blockchain using Dogecoins—so “bridges” have become a crucial mechanism, almost a missing link, in the cryptocurrency economy. Bridge services “wrap” cryptocurrency to convert one type of coin into another. So if you go to a bridge to use another currency, like Bitcoin (BTC), the bridge will spit out wrapped bitcoins (WBTC). It's like a gift card or a check that represents stored value in a flexible alternative format. Bridges need a reserve of cryptocurrency coins to underwrite all those wrapped coins, and that trove is a major target for hackers.
STORY: Wired
New Borat remote access malware is no laughing matter
FROM THE MEDIA: A new remote access trojan (RAT) named Borat has appeared on darknet markets, offering easy-to-use features to conduct DDoS attacks, UAC bypass, and ransomware deployment. As a RAT, Borat enables remote threat actors to take complete control of their victim’s mouse and keyboard, access files, network points, and hide any signs of their presence. The malware lets its operators choose their compilation options to create small payloads that feature precisely what they need for highly tailored attacks. Borat was analyzed by researchers at Cyble, who spotted it in the wild and sampled the malware for a technical study that revealed its functionality. It is unclear if the Borat RAT is sold or freely shared among cybercriminals, but Cycle says it comes in the form of a package that includes a builder, the malware’s modules, and a server certificate. As noted in Cyble’s analysis, the above features make Borat essentially a RAT, spyware, and ransomware, so it’s a potent threat that could conduct a variety of malicious activity on a device. All in all, even though the RAT's developer decided to name it after the main character of the comedy movie Borat, incarnated by Sacha Baron Cohen, the malware is no joke at all. By digging deeper trying to find the origin of this malware, Bleeping Computer found that the payload executable was recently identified as AsyncRAT, so it's likely that its author based his work on it.
READ THE STORY: Bleeping Computer
Items of interest
Why not updating Google’s Chrome browser exposes customers to hacks
FROM THE MEDIA: Your gadgets could be in grave danger – and it’s all linked to a simple Google Chrome mistake. Cyber experts have warned that not taking care of the Google web browser could put you at risk of major hack attacks. It’s all linked to updates – and if you don’t install them, it’s bad news. Just this week, Google was forced to rush out an emergency update to stop a “high severity” bug from being exploited. But if you don’t install updates that squash these bugs, you’ll miss out on key protections. “Not only does updating your Chrome browser introduce new features, such as privacy & web tracking protection, but they also guard against critical security threats,” said Mike Varley, cyber-expert and Threat Hunting Lead at Adarma, speaking to The Sun. “The recent update from Google targets what is called a “zero-day”. “A zero-day is a vulnerability that has just been discovered, is known to attackers and is known to be actively being exploited. “When this happens, it is a race against time to develop patches and protect end-users whilst they are rolled out.” This week’s Google blunder was described as “high severity”.
READ THE STORY: NYPOST
How a Cartel Built Their Own Cell Phone Network(Video)
FROM THE MEDIA: The Mexican military broke up several secret telecommunications networks that were built and controlled by drug cartels so they could coordinate drug shipments, monitor their rivals and orchestrate attacks on the security forces. A network that was dismantled just last week provided cartel members with cellphone and radio communications across four northeastern states. The network had coverage along almost 500 miles of the Texas border and extended nearly another 500 miles into Mexico's interior. Soldiers seized 167 antennas, more than 150 repeaters and thousands of cellphones and radios that operated on the system. Some of the remote antennas and relay stations were powered with solar panels.
Drug cartels using video games to recruit smugglers in the Valley (Video)
FROM THE MEDIA: Drug cartels are using a new tactic to recruit teens and young adults for criminal activity. The Border Patrol said it's primarily people from the Valley being recruited.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com