Sunday, February 20, 2022 // (IG): BB //Weekly Sponsor: ISG
Microsoft Cautions of Growing 'Ice Phishing' Threat on the Blockchain
FROM THE MEDIA: This week Microsoft released a warning that it's seeing an increased number of phishing attempts aimed at web3 -- a term used to describe the decentralized environment created on the blockchain. In a post on Wednesday, the Microsoft 365 Defender Research Team dissected the recent Badger DAO attack, which stole more than $120 million from blockchain users at the end of 2021, and said that these attacks are growing more frequent. "There are multiple types of phishing attacks in the web3 world," wrote Christian Seifert, member of the Microsoft 365 Defender Research Team. "The technology is still nascent, and new types of attacks may emerge." Microsoft said the Badger DAO attack is what the company calls an "ice phishing" attack. Instead of going after private keys and credentials, these attacks try to trick a user into "signing a transaction that delegates approval of the user’s tokens to the attacker." The tokens in question are ERC-20 tokens, which are the smart contracts containing the blockchain balance sheet, and sometimes represent a monetary value, as in the case of Bitcoin tokens.
READ THE STORY: Redmondmag
A QUICK LOOK:
China could use Russia’s cyber and hybrid war playbook against India
FROM THE MEDIA: In recent weeks, geopolitics experts and strategic thinkers in India have been focused on what the military standoff in Ukraine will mean for India. In addition to a potential increase in oil prices, the conversation has focused on the implications for India’s geopolitical alignments. Will India be able to balance its relationship with both the US and Russia? Will Russia get closer to China due to this brinkmanship battle with the US? Recent statements at the Quad Summit seem to suggest that India is prioritizing its strategic autonomy and ensuring that it does not alienate Russia. However, another key question to think about for Indian strategic circles is: What will the Chinese have learnt from the way this dispute between Russia and the US is playing out? And, how might they apply some of those lessons to China’s border dispute with India? Two key lessons emerge for India. One, China stands to benefit the most from a protracted US-Russia conflict. The US needs to recognize this current Ukraine standoff for what it is. The Russians and Chinese have been coordinating on Ukraine and their strategy is clear: keep a double front war open against the US so that its efforts, energy, resources and focus remains divided while China gets freed up to initiate its own battles.
READ THE STORY: Times of India
A QUICK LOOK:
Trickbot operation is now controlled by Conti ransomware
FROM THE MEDIA: The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware. TrickBot operation has arrived at the end of the journey, according to AdvIntel some of its top members move under the Conti ransomware gang, which is planning to replace the popular banking Trojan with the stealthier BazarBackdoor. TrickBot is a popular Windows banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features, including powerful password-stealing capabilities. TrickBot initially partnered with Ryuk ransomware that used it for initial access in the network compromised by the botnet. Then Ryuk was replaced by Conti Ransomware gang who has been using Trickbot for the same purpose. “The group’s elite division, called Overdose, managed the TrickBot campaigns that resulted in the creation of Conti and Ryuk ransomware.” states the analysis published by AdvInt. “The group has made at least $200 million USD with one extreme case extorting ~$34 million USD from a single victim and has perpetrated a spate of attacks on numerous healthcare organizations, including Universal Health Services (UHS) via BazarBackdoor to Ryuk ransomware (the attack was estimated for an account for $67 Million USD in damages).”
READ THE STORY: Security Affairs
A QUICK LOOK:
Australian cyber spies to aid Ukraine as country prepares for Russian attack
FROM THE MEDIA: Australian cyber spies will help train Ukraine to defend against hack attacks from Russia amid warnings Moscow could move to invade the country within days. The Australian government on Sunday night joined with other countries in publicly attributing cyber attacks against the Ukrainian banking sector last week to a Russian spy agency. Defense Minister Peter Dutton said on Sunday it was “hard to see” Russia pulling back troops, warning President Vladimir Putin was intent on invading. The Ukrainian embassy in Australia rejected accusations its government was preparing to attack areas in the Donbass region controlled by Russian-backed separatists, hitting out at the “attempts of Russia to aggravate the already tense security situation”. Russia on Saturday said at least two shells fired from a government-held part of eastern Ukraine landed across the border, but Ukrainian Foreign Minister Dmytro Kuleba dismissed this as “a fake statement”. United States President Joe Biden’s administration has repeatedly warned of “false flag” attacks by Russia to create the pretext for an invasion.
READ THE STORY: The Age
A QUICK LOOK:
Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm
FROM THE MEDIA: Researchers have detailed what they call the "first successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. "We were able to recover the master key for generating the file encryption key without the attacker's private key, by using a cryptographic vulnerability identified through analysis," a group of academics from South Korea's Kookmin University said in a new paper analyzing its encryption process. Hive, like other cybercriminals groups, operates a ransomware-as-a-service that uses different mechanisms to compromise business networks, exfiltrate data, and encrypt data on the networks, and attempt to collect a ransom in exchange for access to the decryption software. It was first observed in June 2021, when it struck a company called Altus Group. Hive leverages a variety of initial compromise methods, including vulnerable RDP servers, compromised VPN credentials, as well as phishing emails with malicious attachments. The group also practices the increasingly lucrative scheme of double extortion, wherein the actors go beyond just encryption by also exfiltrating sensitive victim data and threatening to leak the information on their Tor site, "HiveLeaks."
READ THE STORY: THN
A QUICK LOOK:
Anti-colonialism in the war on data sovereignty
FROM THE MEDIA: Revisions in China’s updated Cybersecurity Review Measures took effect from Tuesday. One of them stipulates that network platform operators that hold personal information of more than one million users have to go through a cybersecurity review if they plan to list their shares overseas. This is considered to be one of the latest efforts from the Chinese government to maintain the security and sovereignty of the country’s data. In recent years, data has become a strategic tool for competition between countries. Losing data sovereignty will undermine national security. For instance, internet and data control fueled massive unrest in Kazakhstan in January. One of the reasons behind this is that the Central Asian country neglected its data sovereignty and security in pursuit of fast internet development, leaving its data in many areas completely in the hands of US internet giants. The US is taking full advantage of its technological advances to build a data empire to then control other countries’ economic lifelines and public opinion. It has spared no effort to collect data from various countries. At the same time, it adheres to the principle of “America First” in terms of cross-border data flow. According to Washington’s double.
READ THE STORY: BOLNEWS
A QUICK LOOK:
Nearly two years later, just how badly were Nevada cops damaged by ‘BlueLeaks’ dump? The answer remains unclear.
FROM THE MEDIA: Give Shaun Rahmeyer, administrator for the Nevada Office of Cyber Defense Coordination, credit for his candor. Rahmeyer admits he doesn’t know the depth of harm done to Nevada law enforcement by the massive 2020 hack of the Houston-based web services company Netsential in what has become more commonly known as “BlueLeaks.” Rahmeyer’s office focuses on protecting Nevada’s cybersecurity infrastructure, which took a little-publicized hit in the Netsential hack. “There was an impact to the mission,” he says. “Was it substantial? No.” He follows with a caveat. “Where there is a greater impact was in the loss of data,” Rahmeyer says. “I can’t speak to the severity of data loss because no investigative reporting has been shared with the state at this point.” As the FBI continues its confidential criminal investigation, Rahmeyer says the state is working to try to ensure this doesn’t happen again. There are no guarantees. The Netsential hack, reportedly carried out by activists in response to the May 2020 murder of George Floyd by a Minneapolis police officer, resulted in the Juneteenth release of nearly 270 gigabytes of data from more than 200 police departments, fusion centers, and other law enforcement agencies. By July, the United States had seized a computer server in Falkenstein, Germany, near the border of the Czech Republic, in connection with the breach.
READ THE STORY: The Nevada Independent
A QUICK LOOK:
China’s ‘Influence Ops’ Spreading Worldwide: Why It’s a Serious Concern
FROM THE MEDIA: China's influence operations are aimed at influencing decision and opinion-makers in the target country. Recently, an Australian news outlet reported that a Chinese-Australian political donor was behind a thwarted foreign interference plot to back political candidates in the next election. This came after earlier news that a Chinese intelligence agency had been behind the plot unearthed by the Australian Security Intelligence Organization. Australia has undergone years of what is usually called ‘influence operations’ by China. Generally, all major powers go in for such maneuvers, the United States (US) being no exception. But it is a concern when this moves into covert activity verging on espionage that the red danger signal comes on.
READ THE STORY: The Quint
A QUICK LOOK:
Mexican man pleads guilty to brokering sale of surveillance devices, WhatsApp hacking tools
FROM THE MEDIA: A Mexican businessman pleaded guilty this week to operating a company that brokered the sale of spyware and advanced surveillance tools to entities in Mexico and the US. Through a consortium of US and Mexican companies, Carlos Guerrero sold phone interception, geolocation tracking, signal jammers, WiFi interception tools, IMSI catchers, WhatsApp hacking tools, and hacking services from companies in Italy and Israel. According to court documents, Guerrero’s activity dates back to at least August 2014. At the time, Guerrero and his business partner Daniel Moreno entered into a partnership to broker the sale of an Italian company’s hacking products to Mexican officials via their local company—Elite by Carga. “After entering this agreement, Defendant and Moreno, through Elite by Carga, earned commissions brokering the sale of Company A‘s interception devices to the Mexican state governments of Baja and Durango. To facilitate the sales, Defendant repeatedly arranged for Elite by Carga employees to transport Company A representatives and devices between San Diego and Mexico.” These services included geolocation and cell phone interception capabilities, which Guerrero’s company re-sold at prices of around $25,000, according to marketing materials. US officials said that Guerrero knew that some of the products would be used for political purposes and not just for law enforcement purposes.
READ THE STORY: The Record
A QUICK LOOK:
Munich Security Conference: Arms Control in Times of Cyberwar
FROM THE MEDIA: In one of the nocturnal rounds of the Munich Security Conference a US foreign policy expert, a Nobel Peace Prize winner and a scientist devoted themselves to questions of disarmament control, including for cyberspace. The conclusion of the experts: In order to help arms control for digital weapons, a lot of public pressure is still needed. Classic arms control has its updated treaties and ingrained tools. The Democratic US Senator Christopher Coons assured in Munich that the SALT and START treaties between Russia and the USA, initially at the height of the Cold War, had led to a massive reduction in the number of warheads. Of course, the continuation of further negotiations on “New START” is out of the question in the current crisis situation. Efforts by governments and activists to implement the UN Treaty on the Ban on Nuclear Weapons are also partly in vain. mid 2022 start negotiations in Vienna about the next goals of the treaty that came into force a year ago and has not yet been signed by any of the nine nuclear powers.
READ THE STORY: California18 // Kiratas
A QUICK LOOK:
Items of interest
“LAZARUS” THE NORTH KOREAN HACKER GROUP(Paper)
FROM THE MEDIA: The Democratic People’s Republic of Korea (DPRK) is famous for the poverty, destitution and backwardness, however in spite of these negative features it is among the most advanced cyber warfare countries. In the daily news quite often can be read about cyber-attacks against different states, media institutions or banks where the experts assume that the DPRK supported hacker group the “LAZARUS” is behind the attacks. According to the latest news the group in connection with stealing a big amount of crypto currency and money laundering got into the limelight. The state officially denies the existence of the group however cyber analysts and security experts found direct and circumstantial evidences that prove the connection between the North Korean state and the hacker group.
READ THE STORY: Revista
How Bitcoin Can Help Track Down Criminals(Video)
FROM THE MEDIA: People like to think that using Bitcoin makes your transactions anonymous. But buried in last month’s special counsel indictment of 12 alleged Russian spies is an explanation of how law enforcement used the blockchain, the network which facilitates bitcoin transactions, to track and identify the suspects using their cryptocurrency transactions. Because every bitcoin transaction is recorded on a public ledger, law enforcement can trace back bitcoins to its origins. Once you trace enough steps back, an investigator could typically find some place where bitcoins were purchased or where bitcoins were used to purchase a service. This is key, because bitcoin sellers, like Coinbase, or places that sell services, typically require some personal information. With the power of subpoena, law enforcement could obtain that personal information, making it easier to link a bitcoin transaction to a real person, interad of a random series of numbers and letters. One blockchain developer, Tim Cotten, was even able to trace Bitcoin purchases back to Russia’s intelligence agency, the GRU, using only public information. And he agreed to show VICE News how almost anyone with a bitcoin wallet could do something similar.
How To Launder Money With Crypto? (Video)
FROM THE MEDIA: EDUCATIONAL - The world is filled with parallels that have learned to coexist with each other since the beginning of time. Light coexists with darkness, truth coexists with lies, where there is a left you will find a right and in a world filled with law enforcement, you will inevitably come across rulebreakers. It is these rule-breakers that we will focus on today as we dive into the dark underbelly of the law as we discuss the age-old concept of money laundering. The money laundering we are talking about today however isn’t your grandfather’s version of running multiple laundry businesses and then editing the books, nope, not at all. In this 21st century where millions can be stolen and disappear without so much as a physical body to condemn, laundering has taken a new form as well, a digital form. That is the form we will be discussing today. How are criminals laundering money with cryptocurrency and for the most part getting away with it?
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com