Sunday, July 17, 2022 // (IG): BB //Weekly Sponsor: The Fintel Brief

Hackers pose as journalists to breach news media org’s networks

FROM THE MEDIA: Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. The adversaries are either masquerading or attacking these targets because they have unique access to non-public information that could help expand a cyberespionage operation. Proofpoint analysts have been following these activities from 2021 and into 2022 and published a report about several APT groups impersonating or targeting journalists.

READ THE STORY:   BleepingComputer

Elastix VoIP systems hacked in massive campaign to install PHP web shells

FROM THE MEDIA: Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. Elastix is a server software for unified communications (Internet Protocol Private Branch Exchange [IP PBX], email, instant messaging, faxing) that is used in the Digium phones module for FreePBX. The attackers may have exploited a remote code excution (RCE) vulnerability identified as CVE-2021-45461, with a critical severity rating of 9.8 out of 10.

READ THE STORY:  BleepingComputer

North Koreans spotted harassing SMBs with malware

FROM THE MEDIA: SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year. The group, which calls itself H0lyGh0st, appears to be primarily motivated by money, Microsoft Threat Intelligence Center (MSTIC) researchers said. After the gang gets its eponymous malware onto a victim's network, it follows the standard ransomware playbook: encrypt files, and demand a Bitcoin payment to restore the data. According to MSTIC, H0lyGh0st's targets "were primarily small-to-midsized businesses, including manufacturing organizations, banks, schools and event and meeting planning companies." Microsoft believes most were likely victims of opportunity.

READ THE STORY:  The Register

India: Security at risk: WhatsApp malware targeting Army personnel detected

FROM THE MEDIA: Indian defense persons are on target of enemy intelligence agencies and the messaging application WhatsApp is being used often. After the detection of a similar breach in April this year, another case has been detected where a malware is being circulated using WhatsApp. Intelligence agencies have detected a malicious malware file ‘CSO_SO on Deputation DRDO. apk’ said to have originated from a suspicious WhatsApp number that is being forwarded on WhatsApp to target Indian Defense Persons. As per the sources, the .APK file is a decoy copy of a genuine DRDO (Defense Research and Development Organization) letter issued on 26 May 2022 on the same subject, i.e., calling for application for deputations to DRDO.

READ THE STORY:  New Indian Express

A Cyber Threat to the users’ data on Google’s search engine is leaking private information

FROM THE MEDIA: Since May 2020, a continuous malware campaign has been roaming around the corner and affecting multiple browsers, including Microsoft Edge, Mozilla Firefox, Google Chrome, etc. Before jumping to the biggest threat to the users’ data due to an adware campaign, one must know what adware is? Adware is a programming application in which threat actors can display advertisements, or when a person opens up a website, ads are shown through pop-up windows or adverts displayed on the UI. It is essential to mention here that a network security analyst, Palo Alto, recognized adware designed to target search domain requests using a malware browser extension to launch its payload.

READ THE STORY:  Digital Information World

BlackCat Adds Brute Ratel Pentest Tool to Attack Arsenal

FROM THE MEDIA: The ransomware gang behind BlackCat ransomware has upgraded its arsenal by adding Brute Ratel, a pentesting tool with remote access features. Threat researchers at Sophos say they've been tracking this ransomware group since December 2021, after being called in to investigate at least five attacks involving this ransomware. They observed that these attacks occurred across the U.S., Europe and Asia at large corporations operating in different industry segments. During their investigation, they found the attackers were using a PowerShell command to download and execute Cobalt Strike beacons on some affected systems. However, the researchers also discovered that the attackers were using a tool called Brute Ratel, which had "Cobalt Strike-like remote access features."

READ THE STORY:   GovInfo Security

Blazblue Centralfiction PC Online Lobbies Compromised By Malicious Exploit

FROM THE MEDIA: BlazBlue Centralfiction’s rollback update is a few months in the past, and it served as a substantial update for the game after multiple years of lousy netplay. It would be the first of two BlazBlue titles to receive that, the other being BlazBlue Cross Tag Battle. Though, Centralfiction’s got a bit of a major issue right now. This comes in the form of the aforementioned online play. Centralfiction allows you to join a public lobby server with others or host private Player Match rooms. That doesn’t sound out of the ordinary. What is, though, is that, through online play, players are susceptible to receiving unwanted downloads through their game client.

READ THE STORY:   News Update

The Cyberwar That Never Was: Reassessing Choices During Cyber Conflicts

FROM THE MEDIA: The action and rhetoric leading to the invasion of Ukraine early this year led to speculation about the effective use of Russian cyber capabilities to complement or replace conventional means at the outbreak of the conflict. Noting the observed and declared Russian prowess in cyberspace, some observers held that the deteriorating situation provided the opportunity to demonstrate the strategic value of cyber operations. Nevertheless, despite the seemingly favorable conditions, the exercise of Russian cyber power at the onset of hostilities –and throughout them– is limited at best.[1] Although disruptive tactics such as defacement and wiper malware were documented, the expected cyber ‘bang’ was more of a ‘whimper’, remaining much the same throughout the past three months.

READ THE STORY:   Eurasia Review

A CIA Agent's Guide to Steganography, Fooling the KGB, and Protecting Your Crypto

FROM THE MEDIA: The cover for this article was done by my good friend and artist — RegulLion. I would be very happy if you buy NFTs from him on OpenSea — they are all classically hand-drawn, and all the money raised will go to our joint public good project. We know each other well so in case I disappear, he’ll have the exact details of me. Consider this my canary.

READ THE STORY:   Hackernoon

Email scams are getting so personal they even fool cybersecurity experts

FROM THE MEDIA: We all like to think we’re immune to scams. We scoff at emails from an unknown sender offering us £2 million, in exchange for our bank details. But the game has changed and con artists have developed new, chilling tactics. They are taking the personal approach and scouring the internet for all the details they can find about us. Scammers are getting so good at it that even cybersecurity experts are taken in. One of us (Oliver Buckley) recalls that in 2018 he received an email from the pro-vice chancellor of his university.

This is it, I thought. I’m finally getting recognition from the people at the top. Something wasn’t right, though. Why was the pro-vice chancellor using his Gmail address? I asked how I could meet. He needed me to buy £800 worth of iTunes gift cards for him, and all I needed to do was scratch off the back and send him the code. Not wanting to let him down, I offered to pop down to his PA’s office and lend him the £5 note I had in my wallet. But I never heard back from him.

READ THE STORY:   DEVONLIVE

WhatsApp warns users against using fake or tampered versions

FROM THE MEDIA: According to WhatsApp’s CEO, Will Cathcart, utilising counterfeit or altered versions of WhatsApp can be dangerous and hazardous. In a lengthy Twitter discussion, the CEO cautioned users about downloading alternative versions of the app. Using unapproved versions of the chat messenger, according to Cathcart, is “never a good idea.” These applications may circumvent WhatsApp’s privacy and security protections despite their innocuous appearance. His security team recently uncovered some bogus WhatsApp versions on the Google Play Store, he claimed. This phoney application is called “Hey WhatsApp” and is created by “HeyMods.” However, it is a hoax designed to steal your personal information.

READ THE STORY:   BOLNEWS

China’s new spy army has invaded — and we’re not fighting back

FROM THE MEDIA: China’s first homegrown narrow-body passenger jet recently completed its debut test flight, a triumph of local innovation, according to China’s communist leaders. It is better described as a stolen plane, developed by plundering secrets from western aerospace companies on a breathtaking scale.

Chinese cyberspies from a group nicknamed “Turbine Panda” because of their targeting of aero-engine secrets have been indicted in absentia by the US justice department, while a top Chinese agent named Xu Yanjun was jailed last year after an FBI sting operation lured him to Belgium, ostensibly to meet a mole at the American company GE Aviation. According to Ken McCallum, the head of MI5, Xu’s “prolific” network has also been active in Britain. “MI5 worked with those being targeted in the UK

READ THE STORY:   The Times

Rhode Island sewer-system operator hit by cyber attack

FROM THE MEDIA: The Narragansett Bay Commission, which runs sewer systems in parts of the metropolitan Providence and Blackstone Valley areas, was hit by a ransomware attack on its computer systems. A spokeswoman for the commission acknowledged the attack in a Friday evening email to The Providence Journal. "Last week, the Narragansett Bay Commission identified a cybersecurity incident that involved the encryption of data on certain computers and systems in its network," spokeswoman Jamie R. Samons said in the email. While she did not specify a ransomware attack, such attacks typically involve hackers encrypting data on a victim's computer system and refusing to supply the key to decode the data until a ransom is paid.

READ THE STORY:   Providence Journal

Company or program that can decrypt .debolt files

FROM THE MEDIA: Bleeping Computer cannot vouch for those who claim they can decrypt data or help in other ways. We have have no way of knowing the background, expertise or motives of all companies or individuals who indicate decryption is possible. We can only advise to be cautious with whomever you are dealing with, what services they are able to provide and what claims they make before sending money or paying a fee to anyone.
 
Please read my comments in this topic as to what we know about those who claim they can decrypt data. In regards to data recovery services specifically, they typically act as a "middleman", pay the criminals...pretend they cracked the decryption and charge the victim more than the ransom demands, in many cases not telling them that is how they acquired the means of decryption. Other data recovery services hide the actual ransom cost from clients and/or mark the cost up exponentially as noted here. 

READ THE STORY:   BleepingComputer

Why is the public sector a prime target for cybercriminals?

FROM THE MEDIA: According to a report by the UK’s National Cyber Security Centre, almost half of all recorded UK cyber incidents between September 2020 and August 2021 targeted the public sector. Public sector cybersecurity is being put to the test and it’s imperative that public sector organizations properly protect the sensitive data that is in their possession.

Back in October 2020, Hackney Borough Council in London suffered a serious ransomware attack which took many of its services and IT systems offline. The attack cost the council millions of pounds and today, more than 18 months later, data is still missing across many services. In February 2022, the Information Commissioner’s Office ordered Hackney Borough Council to disclose information regarding what cybersecurity training its staff had received prior to the attack, when they were required to work from home due to the Covid-19 pandemic.

READ THE STORY:   BetaNews

Cyber Criminals Using Crypto Mixing Services at Record Rates, According to Chainalysis

FROM THE MEDIA: New data from market intelligence firm Chainalysis reveals bad actors are using crypto mixing services at unprecedented rates. According to a new blog post by the crypto insights company, crypto mixing usage has spiked in 2022, with illicit addresses accounting for 11% more of the funds sent to mixers compared to last year. A crypto mixing service is a tool used to make it difficult to follow the movement of money by pooling together funds of many different users and mixing them together. Users would then withdraw their funds, which have now been randomized. Chainalysis says the market sector contributing most to rising crypto mixing usage rates is decentralized finance (DeFi).

READ THE STORY:   DailyHodl

Chinese fraudsters on the prowl to scam Indians using fake loan apps

FROM THE MEDIA: In February this year, a complaint was lodged at the IFSO unit of the Special Cell by a woman alleging that she was being abused and threatened by some unknown persons who were sending her morphed and vulgar photographs to her family, friends and relatives through social media. The complainant had taken a loan from a Loan App, Cash Advance, she repaid the same in time. But after repaying the loan she started getting threat calls and messages on WhatsApp from Cash Advance employees. It was not an isolated case, rather several Indians have in recent times fallen prey to such high-end cyber crimes in which people are being defrauded to the tune of hundreds of crores of rupees everyday.

READ THE STORY:  Daiji World

Cyber Attack Threat In North Korea Reaches Its Peak 

FROM THE MEDIA: North Korea-upheld cyberattacks on digital money and tech firms will just turn out to be more complex . Previous CIA expert Soo Kim let CNN on Sunday know that the most common way of creating abroad crypto pay for the system has now turned into a lifestyle for the North Koreans. Considering the difficulties that the system is confronting — food deficiencies, fewer nations ready to draw in with North Korea this is about to be something that they will keep on utilizing in light of the fact that no one is keeping them down, basically.

She likewise added that almost certainly, their crypto going after tradecraft will just improve from here on. Despite the fact that the tradecraft is flawed at this moment, with regards to their approaches to moving toward outsiders and going after their weaknesses, it’s as yet a new market for North Korea, said Kim.

READ THE STORY:  The Coin Republic

Pakistani APT Hackers Attack Indian Education Institutes & Students With New Malware

FROM THE MEDIA: Recently, Cisco Talos discovered that the Transparent Tribe APT group is engaged in an ongoing malicious campaign. APT hackers from Pakistan have carried out a malicious campaign against several educational institutions located throughout India in order to inflict harm on students. In this ongoing active campaign, the APT is also targeting civilian users within its victim network. There is no doubt that the APT network is expanding as a result of its activities.

READ THE STORY: Cyber Security News

Massive Leak Shows Big Data Is Central to CCP’s Ambitions, But It Does Not Protect Chinese Citizens

FROM THE MEDIA: The leak of a Shanghai police database containing personal details of a billion people has again highlighted the Chinese Communist Party’s (CCP’s) reckless attitude toward its citizens’ privacy. The CCP has frequently introduced data security-related laws in recent years, but instead of focusing on protecting the personal information of Chinese citizens, it has used them as a tool to suppress Chinese companies and advance its international ambitions.

In early July, an anonymous hacker or group under the name of “ChinaDan” listed for sale a database of personal information of 1 billion Chinese national residents on Breach Forums, a popular hacker community. The database originated from the Shanghai police.

READ THE STORY:  The Epoch Times

‘China wants to threaten its neighbours, be a hegemon in Asia’

FROM THE MEDIA: While the world was busy fighting the Covid-19 pandemic, China launched aggression against its neighbors. China used the pandemic to spread conflict,” Dr Adrian Haack, Director of the India office of the Konrad Adenauer Stiftung, said during a conference on “Chinese aggression unabated” held in Delhi earlier this week.

The conference, jointly organized by the Konrad Adenauer Stiftung, a German-based think tank, and former R&AW officer Jayadev Ranade-run Centre for China Analysis and strategy, held two panel discussions on the topic of unabated Chinese aggression. The discussions hosted eminent policy makers and experts from India, Taiwan and Japan, all of whom have been affected by the Chinese aggression in the last decade.

READ THE STORY:  Sunday Guardian Live

Items of interest

Letters to the Editor: The deleted Secret Services texts are a national emergency

FROM THE MEDIA: The discovery that Secret Service agents deleted text messages sent on Jan. 5 and 6, 2021 “as part of a device-replacement program” raises terrifying questions regarding the security of American democracy. Had some senior members of the Secret Service participated with then-President Trump or his allies in the coup attempt?

An answer to this question is critical. Ensuring the safety of the president and other elected officials is central to our democracy. The Secret Service is an essential element in this action.

Every Secret Service agent and executive must be interviewed under oath for all they said, wrote and did around Jan. 6. Nothing less will do.

READ THE STORY:  LA Times

BlackBerry Prevents Babuk Ransomware (Video)

FROM THE MEDIA: First seen in early 2021, Babuk ransomware has most recently made headlines for using a Microsoft® Exchange servers’ ProxyShell vulnerability to deploy its malicious ransom payload. This is an attack method that has previously been used by ransomware groups such as Conti and LockFile. The malware has primarily targeted Windows® devices by encrypting the victim’s files with an AES-256 algorithm.

Critical digital infrastructure: Why societies are becoming so vulnerable to cyberattacks (Video)

FROM THE MEDIA: For weeks, a cyberattack paralyzed the German district of Anhalt-Bitterfeld in 2021, bringing its whole administration to a standstill. It was a stark illustration of how hackers can knock out entire communities in milliseconds — and how digital technology has become vital for running our societies.

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com