Tuesday, February 22, 2022 // (IG): BB //Weekly Sponsor: ISG
Darktrace's Cyber AI Analyst Now Runs Open Investigations
FROM THE MEDIA: Darktrace, a global leader in cyber security AI, today announced significant enhancements to its flagship Cyber AI Analyst product as it now intelligently groups incidents to encompass the life cycle of complex compromises as they develop and progress across various entities within a business's digital estate. Cyber AI Analyst now treats incidents as 'open investigations,' continuously adding new supporting data to ongoing cases. Known for augmenting human analysts by continuously investigating to surface and prioritize the most critical incidents, Cyber AI Analyst's open investigations piece together cross-entity incidents, so a SaaS account takeover can now be connected back to the same compromised credentials used on a local device. This process is akin to open criminal investigations where a single piece of evidence could connect two seemingly isolated crimes. With ever-expanding, unique digital estates, it's mission-critical that Cyber AI Analyst investigations remain bespoke to their environment rather than follow a one-size-fits-all model with pre-programmed investigation tactics. AI Analyst's on-the-fly technical approach to investigations enables it to find the needle in a thousand haystacks that might be the key evidence to connecting disparate compromises. Historically, multiple incidents would have remained separate.
READ THE STORY: PRNewswire
A QUICK LOOK:
How scammers exploit human nature
FROM THE MEDIA: Research shows that people tend to default to trusting others over distrusting them. Maybe she had so much money she just lost track of it. Maybe it was all a misunderstanding. That’s how Anna Sorokin’s marks explained away the supposed German heiress’s strange requests to sleep on their couch for the night, or to put plane tickets on their credit cards, which she would then forget to pay back. The subject of a new Netflix series, “Inventing Anna,” Sorokin, who told people her name was Anna Delvey, conned over $250,000 out of wealthy acquaintances and high-end Manhattan businesses between 2013 and 2017. It turns out her lineage was a mirage. Instead, she was an intern at a fashion magazine who came from a working-class family of Russian immigrants. Yet the people around her were quick to accept her odd explanations, even creating excuses for her that strained credulity. The details of the Sorokin case mirror those from another recent Netflix production, “The Tinder Swindler,” which tells the story of an Israeli conman named Simon Leviev. Leviev persuaded women he met on the dating app to lend him large sums of money with similarly unbelievable claims: He was a billionaire whose enemies were trying to track him down and, for security reasons, couldn’t use his own credit cards. How is it that so many people could have been gullible enough to buy the fantastical stories spun by Sorokin and Leviev? And why, even when “[t]he red flags were everywhere” – as one of Sorokin’s marks put it – did people continue to believe these grifters, spend their time with them and agree to lend them money?
READ THE STORY: AJC
A QUICK LOOK:
How much can you trust your printer?
FROM THE MEDIA: In this interview with Help Net Security, Scott Best, Director of anti-tamper security technology at Rambus, talks about what organizations should be aware of when it comes to printer security and what they should do to remain secure. Printers often go unnoticed yet pose a major threat to organizations. How do cybercriminals leverage them to gain access? Cybercriminals often leverage printer devices to gain access to networks and sensitive data in various ways. Their goal is to find a way to execute arbitrary, untrusted code on the target platform. This is a key reason why printer firmware updates so often. Printer OEMs are well aware of these threats, and constantly patch security vulnerabilities that attackers and malicious users might try to exploit. Of course, a successful exploit means that malicious software becomes operational within the network-attached printer, which can wreak havoc on cybersecurity within a corporate LAN setting. Which assets can be made accessible by printer vulnerabilities? Business-class printers are often running a variant of Linux, which means they have many of the same vulnerabilities that you would find on any network attached Linux server. Many zero-day exploits that have been found in the Linux kernel could be found in these printers if they are left unpatched.
READ THE STORY: Help Net Security
A QUICK LOOK:
DOJ, FBI and FinCEN Continue to Focus on Crypto and Cyber Financial Crime
FROM THE MEDIA: Federal law enforcement and regulators continue to focus on technology-driven financial crime — specifically, cyber-enabled fraud and the laundering of illicit funds through cryptocurrency. Last week, the Department of Justice (“DOJ”) announced that Eun Young Choi will serve as the first Director of the National Cryptocurrency Enforcement Team (“NCET”). As we have blogged, the DOJ created in 2021 the NCET in order to address issues on which we repeatedly have blogged: crypto exchangers and their AML obligations; the process of tracing digital asset transactions; ransomware; so-called “professional” money launderers; and the use of crypto to launder serious crimes such as drug trafficking and human trafficking. This attempt at a coordinated government approach to crypto enforcement followed the announcement earlier in 2021 by the Financial Crimes Enforcement Network (“FinCEN”) of appointing its first-ever Chief Digital Currency Advisor. Meanwhile, FinCEN has stressed the need for, and utility of, specific information to be submitted by the victims of cyber-enabled financial crime schemes, or the financial institutions of those victims, to FinCEN’s Rapid Response Program, or RRP. The RRP seeks to share financial intelligence and recover the proceeds of crime.
READ THE STORY: JDSupra
A QUICK LOOK:
In Ukraine, Russia Has More Cyber Tricks Up Its Sleeve
FROM THE MEDIA: As the Russian offense plays with new strategies and tools, Ukraine’s cyber defenders must always be vigilant. Ukraine and Russia seemed to have a shared destiny. For decades the two nations have been entwined across myriad realms, while locked in constant struggle over identity. Once a primary Soviet Republic, Ukraine now feels the gravitational pull from two directions. In the East, their past comrades in Moscow, and in the West, their potential future compatriots in Western Europe. Ukraine is positioned on the front line in the ongoing contest of realities between the Russian Federation and NATO, and every day the friction between these societal tectonic plates grinds hotter. As the military and diplomatic situation on Ukraine’s borders deteriorates before our eyes, we must watch these fields in collaboration with the unseen cyber field. Modern conflicts present many facets, and in the Ukraine-Russia conflict, cyber conflict features quite prominently. Russia has for years honed its cyber skills against its smaller neighbors, treating them as cyber-training grounds. To test their prowess against world-class adversaries from the jump would be foolish and likely lead to reprisals the Russian cyber and intelligence communities may not be ready for. Instead, while troops remain in the barracks, the Russian intelligence community engages on an invisible battleground without clear borders. As far back as 2005, malware such as Turla, or Ouroboros, has plagued Eastern Europe. From there, the infamous trojan has made its rounds through Western cyberspace as well.
READ THE STORY: National Interest
A QUICK LOOK:
CISA, U.S. Posts Catalogue of Free Cyber Services
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) has collected and published a list of free cybersecurity services and tools to help organizations of all sizes reduce their cybersecurity risk. The webpage was published to be the front door of starting point for a one-stop-shop for free services tools from CISA, the open-source community and private- and public-sector organizations including Joint Cyber Defense Collaborative partners. CISA also includes the foundational measures that it says are key to implementing a strong cybersecurity program: fixing known software flaws, implementing multifactor authentication, eliminating bad practices, signing up for CISA’s automated cyber hygiene vulnerability scanning and removing connected devices from internet-of-things search engines via Get Your S.O.S. Many organizations, both public and private, are target-rich and resource-poor. The resources on this list will help such organizations improve their security posture, which is particularly critical in the current heightened threat environment. This initial catalogue will grow and mature as we include additional free tools from other partners. As reported by OpenGov Asia, with the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, as well as private sector organizations, the United States needs trustworthy secure systems has never been more important to the long-term economic and national security interests. Engineering-based solutions are essential to managing the complexity, dynamicity, and interconnectedness of today’s systems.
READ THE STORY: Open Gov Asia
A QUICK LOOK:
Department of Homeland Security Issues “SHIELDS UP” Advisory for All Organizations Regardless of Size
FROM THE MEDIA: This week the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued a “SHIELDS UP” advisory. While it does not identify specific threats in the advisory, CISA states that the “Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives.” Given the situation in Ukraine, there is concern about an escalation of cyber threats even here in the US. Steps identified in the advisory are those that many in the defense industrial base (DIB) are already aware of or implementing. No matter whether you engage in government contracting or focus on commercial activities, your IT systems may be at risk, so forewarned is forearmed. Do you have a crisis-response plan and team? If not, now is a good time to put one in place. Know what you have to do in the event of an incident and who has to do it. In addition to addressing the problem in real time, you will need to investigate, collect and preserve information for follow up reporting and remediation. Timely reporting of cyber incidents involves more than just putting in a call. Defense contractors are required to have a designated person with authority to operate the Department of Defense (DoD) Cyber Crime Center (DC3) portal to report cyber incidents.
READ THE STORY: JD Supra
A QUICK LOOK:
Suspected cyber attack cripples box terminal run by Jawaharlal Nehru Port Authority (Not the first time)
FROM THE MEDIA: This is India’s largest container port. About 4 years ago they were victims of a ransomware attack. JNPCT is not accepting vessels alongside due to outage of the system and has diverted one vessel. A suspected cyber-attack of the management information system (MIS) has crippled the container terminal run by the state-owned port authority at Jawaharlal Nehru Port from Monday, forcing the Jawaharlal Nehru Container Terminal (JNPCT) to divert one container ship to other terminals at the port located near Mumbai. Jawaharlal Nehru Port is India’s busiest state-owned container gateway. “The information system at JNPCT is not working from Monday due to which we have diverted one vessel,” said an official. “The MIS personnel is on the job, based on their advice we will take a call on diverting more ships,” he said, noting that there is no visibility on how long it will take to restore the system. Shipping industry sources briefed on the incident said that “JNPCT system has been hit by a major cyber-attack”. “The system is completely down and JNPCT is not sure when it will be restored. It may take minimum 3-4 days, if not more,” a shipping industry source said. JNPCT is not accepting vessels alongside due to outage of the system as documents are needed to berth the ship, all of which are now digitalized, the source said. JNPCT has been put up for privatization by the port authority as part of the government’s National Monetization Pipeline (NMP).
READ THE STORY: The Hindu Business Line
A QUICK LOOK:
Ukraine turns down Australian cyber support: “We’re a bit past dial-up”
FROM THE MEDIA: Ukraine has turned down the cyber support offered by Australian Foreign Minister Marise Payne this week, saying being at war with Russia was bad enough without having their internet ruined as well. “As much as we appreciate the thought, taking on Australia’s internet would be a massive step backwards. Our buildings and roads may soon be destroyed by Russia. There’s no need to destroy our broadband too,” a Ukrainian official explained. He said the country had enough on its hands at the moment. “We really don’t want to have to reteach people how to use Internet Explorer and Windows 95 while we’re defending our cities from advancing Russian troops”. The UK and US were quick to blame Russian intelligence for a series of cyberattacks against Ukraine’s major banks. Australia had to take the other two countries’ word for it as the NBN was not quite enough for Australian intelligence agencies to pick up what is going on. Given the Australian Government’s failure to deliver suitable internet infrastructure in its own country, the proposed support is expected to take to form of unplugging and plugging back in a router and teaching Ukrainians how to use the Ctrl+Alt+Del function. In an online video call this morning, Marise Payne confirmed that “Australia will continue to provi … vi … tal …. port … f … Ukraine”..
READ THE STORY: The Shovel // Reddit
A QUICK LOOK:
Carpet bombing DDoS attacks spiralled in 2021
FROM THE MEDIA: Neustar Security Services has released a report which details the ongoing rise in cyberattacks in 2021, with an unprecedented number of carpet bombing distributed denial of service (DDoS) attacks. Carpet bombing, in which a DDoS attack targets multiple IP addresses of an organization within a very short time, accounted for 44% of total attacks last year, but the disparity between the first and second half of 2021 was stark. While carpet bombing represented 34% of total attacks mitigated in both Q1 and Q2, these attacks saw a big jump in the second half – representing 60% of all attacks in Q3, and 56% in Q4. While the vast majority of attacks fell into the 25 gigabits per second (Gbps) and under size category, and the average attack was just 4.9 Gbps last year, 2021 saw many large-scale attacks as well. The largest measured 1.3 terabits per second (Tbps) and the most intense was 369 million packets per second (Mpps). The longest-lasting attack clocked in at 9 days, 22 hours and 42 minutes although the majority of attacks were over in minutes. Nearly 40% of the unique attacks seen by the SOC in 2021 took place in the first three months of the year. The number dropped significantly in the second and third quarters before rebounding in the fourth quarter. Attacks varied more widely in complexity than what has been observed in the past few years. Single vector attacks represented 54% of attacks in 2021 compared to 5% in 2020, showing an economy of effort from many attackers. At the same time, the number of highly complex attacks using four or more vectors increased, reaching a record 4% of total attacks, so when an attacker gets serious, they can make it much more difficult on defenders.
READ THE STORY: Help Net Security
A QUICK LOOK:
Items of interest
Protecting America’s Ports(Paper)
FROM THE MEDIA: The recent terrorist attacks in Mumbai, India, brought to the forefront longstanding concerns about the vulnerability of our ports. After Sept. 11, for example, U.S. seaports were closed for several days, an acknowledgment that ships, like airplanes, could also serve as deadly weapons. Coast Guard vessels were immediately dispatched to provide security at all major American ports.1 Few would dispute that, if terrorists used a cargo container to conceal a weapon of mass destruction and detonated it on arrival at a U.S. port, the impact on global trade and the world economy could be immediate and devastating. Protecting America’s ports against a terrorist threat is daunting because of the sheer size and sprawling nature of the U.S. maritime system and because the United States has no central port authority to oversee security. Approximately 8,000 ships with foreign flags make 51,000 calls on U.S. ports each year. Fully 95 percent of overseas commerce (and 100 percent of foreign oil) comes by ship.2 In addition, more than 6.5 million passengers from cruise ships pass through the nation’s ports each year, along with approximately 9 million cargo containers — about 26,000 cargo containers a day.3 The complex structure of ports and the port authorities that govern them — including the variation in public and private ownership, the involvement of multiple governmental and private agencies, and the differences in levels and scopes of authority — makes securing U.S. ports a tremendously difficult task. Because little was known about the nature of anti-terrorist activities in the nation’s ports or which security practices might be worthy of further examination and testing, the National Institute of Justice (NIJ) funded the Police Executive Research Forum to identify promising local practices to safeguard America’s ports against terrorist attacks.
READ THE STORY: OJP
BAHAMUT: Uncovering a massive hack-for-hire cyberespionage group(Video)
FROM THE MEDIA: A very special co-host joins today’s episode of Cyber Work! Infosec founder and CEO Jack Koziol stops by to meet Eric Milam and dig into BlackBerry’s work on a massive research project about the threat actor group BAHAMUT. Eric discusses how their research found connections within a group that targets everyone from Indian oil tycoons to Middle Eastern government officials, the key skills his research team needed to do the work, and what the dinner-table conversations are like when you’re aggressively pursuing a nation-state attack group.
Nation-State Hackers Hide Espionage Behind Cryptominers(Video)
FROM THE MEDIA: Matt Keyser, Manish Jain and Ganesh Kasina of the AT&T Chief Security Office discuss the week's top cybersecurity news, and share news on the current trends of malware, spam, and internet anomalies observed on the AT&T Network.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com