Wednesday, February 23, 2022 // (IG): BB //Weekly Sponsor: ISG
Asustor network storage devices are being hit by a nasty ransomware attack
FROM THE MEDIA: Owners of various Asustor Network Attached Storage (NAS) device models took to Reddit and the company’s official forum today, alerting others of an active ransomware attack holding hostage their media libraries and other stored data (via Windows Central and Tom’s Hardware). At first, it was suspected that users using Asustor’s EZConnect configuration feature were vulnerable, but according to accounts from some affected Reddit users, they had the service turned off on their NAS. The r/asustor community is keeping track of the available information here, and after cross-referencing the services on affected devices, suspect Plex as one of the possible attack vectors. Asustor is actively investigating the ransomware attack, known as Deadbolt, and posted a blog on its site indicating that the myasustor.com Dynamic Domain Name Service (DDNS) has been disabled temporarily for safety. Ransomware attacks have been on the rise affecting a wide amount of people, including last year’s Colonial Pipeline attack that caused gas shortages and panic along the southeast coast, and also last Christmas’s attack on Kronos that could’ve left many people without paychecks. Ransomware attacks targeting a niche consumer network product like Asustor NASs are not as high profile, but it does serve as a reminder to always keep your data backed up. In this case, people might lose a bunch of their media and lose their Plex servers, which have already suffered enough in 2022.
READ THE STORY: The Verge
A QUICK LOOK:
US officials tell businesses to watch for potential ransomware attacks after Biden announces Russia sanctions
FROM THE MEDIA: Minutes after President Joe Biden announced new sanctions on Russian banks and elites on Tuesday, a senior FBI cyber official asked US businesses and local governments to be mindful of the potential for ransomware attacks as the crisis between the Kremlin and Ukraine deepens. Russia is a "permissive operating environment" for cybercriminals -- one that "is not going to get any smaller" as Russia's confrontation with the West over Ukraine continues and further sanctions are announced, the FBI's David Ring said on a phone briefing with private executives and state and local officials, according to two people who were on the call. Ring asked state and local officials and business executives to consider how ransomware attacks could disrupt the provision of critical services, the people on the call said. US officials continue to say there are "no specific, credible" threats to the US homeland tied to tensions with Russia over Ukraine, but they are preaching vigilance. The willingness of Russian-speaking cybercriminals to disrupt US critical infrastructure has been a US concern for years, but it came to a head last year when a ransomware attack forced major fuel transporter Colonial Pipeline to shut down for days.
READ THE STORY: CNN
A QUICK LOOK:
Companies warned to boost cyber defense in wake of Ukraine crisis escalation
FROM THE MEDIA: On Wednesday afternoon, the Australian government joined the governments of the United States and United Kingdom by placing sanctions on Russian banks and individuals, and at the same time issued a warning to organizations to boost their cyber defense. Australian Prime Minister Scott Morrison said the government had already privately reached out to some entities and that local organizations should read guidance issued by the Australian Cyber Security Centre (ACSC). "We have already been taking action on cyber defenses and that has been done privately already with many companies, alerting them to the risk of potential counter responses by Russia and other actors in response to these decisions," Morrison said. "There is no evidence that any such attacks have taken place to date, I'm advised, but we are now publicly saying right across the country to go to [cyber.gov.au] so you can be clearly informed of the steps that you should be taking to ensure that you are protected as best as you can be from any cyber attacks." The prime minister added that cyber was the most obvious vector for Russian retaliation, and that companies could be targeted as well as be cyber collateral damage. "The cyber attacks can sometimes come from miscalculation and misadventure, we have seen that in the past, where cyber attacks have sought to let loose various worms ... or viruses and they get out of control of those who put them in the system," he said.
READ THE STORY: ZDnet
A QUICK LOOK:
GrainCorp ransomware issues close to resolution
FROM THE MEDIA: GRAINCORP is confident it is on the cusp of finally resolve lingering accounting issues caused by ransomware attacks on a third party payroll provider just before Christmas, which has left some harvest casuals unpaid for around two months. The company confirmed it had received over 2000 enquiries from staff due to the attack on workplace management software provider Kronos, which meant some time sheets could not be processed and workers were not paid. A GrainCorp spokesperson said while it had taken a long time to work through, the dedicated team in charge of resolving the issue was confident it would be finally sorted out within a week. The attack has hit multi-national Kronos hard, with what was expected to take just a few days to correct instead dragging out over months. The software glitch meant delays in pay for many harvest casuals. While the majority of pay claims have now been processed there are still a small number of workers waiting for pay. The GrainCorp spokesperson said anyone that was still experiencing difficulties as a result of missed pay was urged to contact the company directly for assistance.
READ THE STORY: Farmweekly
A QUICK LOOK:
Top U.S. Fuel Pipeline Hires Cyber Safety Boss Months After Hack
FROM THE MEDIA: Colonial Pipeline Co., which manages the largest fuel conduit in the U.S., hired a Chief Information Security Officer nine months after a ransomware attack completely paralyzed its operations, drove up gasoline prices and sparked shortages at filling stations along the East Coast. The new position will be filled by Adam Tice, who previously held leadership roles in cyber security at privately-held Silicon Valley Bank and Equifax Inc., Colonial said Tuesday in a statement. Hackers, who the FBI said were linked to a group known as DarkSide and were believed to be located in Russia or Eastern.
READ THE STORY: Bloomberg // Yahoo News
A QUICK LOOK:
Hackers Are Targeting Microsoft Teams Chats
FROM THE MEDIA: Hackers are distributing malware to unsuspecting users of Microsoft’s Teams platform. The bad actors were found to be placing malicious .exe files on Teams chats, dubbed ‘User Centric.’ If installed, a Trojan program places DLL files on the user’s PC, allowing hackers to remotely take control of the system. Microsoft is aware of the issue but has yet to comment on it. Cybersecurity firm Avanan first spotted the attacks in January – suggesting “thousands” have occurred. “By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users,” the company said. MS Teams has 270 million monthly active users, according to Microsoft. The bad actors gain access to Teams chats by compromising partner organizations and listening in on inter-organizational chats, according to Avanan. “They can steal Microsoft 365 credentials from a previous phishing campaign, giving them carte blanche access to Teams and the rest of the Office suite. “Given that hackers are quite adept at compromising Microsoft 365 accounts using traditional email phishing methods, they’ve learned that the same credentials work for Teams.” The New York-based firm said users are more trusting when using Teams compared with email. “Most employees have been trained to second-guess identities in email, but few know how to make sure that the name and photo they see in a Teams conversation are real,” Avanan said.
READ THE STORY: IoT World Today
A QUICK LOOK:
Cookware giant Meyer says cyberattack caused leak of employee SSNs, immigration status
FROM THE MEDIA: Thousands of Meyer Corporation employees had their immigration status, passports and Social Security Numbers accessed during a ransomware attack last October. A ransomware attack on cookware giant Meyer Corporation has caused thousands of employee social security numbers and sensitive information to be leaked. The company filed paperwork with the Attorney General offices in California and Maine, notifying both that the information of 2,747 employees was involved in the attack. The pots and pans manufacturer reported more than $128 million in sales in 2021. In notification letters sent to victims, the company said the attack began "on or around October 25, 2021" and involved driver's licenses, passports, Permanent Resident Cards and information regarding immigration status, among a host of sensitive information. Employees working for Meyer subsidiaries like Blue Mountain Enterprises, Hestan Commercial Corporation, Hestan Smart Cooking and Hestan Vineyards were also affected. "Meyer was the victim of a cybersecurity attack by an unauthorized third party that impacted our systems and operations. Upon detecting the attack, Meyer initiated an investigation with the assistance of our cybersecurity experts, including third-party forensic professionals. On or around December 1, 2021, our investigation identified potential unauthorized access to employee information," the California-based company said.
READ THE STORY: ZDnet
A QUICK LOOK:
Indian Container Terminal Diverts Ships Due to Ransomware Attack
FROM THE MEDIA: India’s only state-owned and operated container terminal has reportedly started turning away ships after suffering what is believed to be a ransomware attack on its computer systems. Media reports indicate that the terminal discovered the attack on February 21 and today began diverting ships to the other terminals in the complex located near Mumbai. The Jawaharlal Nehru Port Container Terminal is one of five container terminals in India’s largest container port, Jawaharlal Nehru Port Trust, which accounts for half of all the containers handled in India. While the terminal is the smallest in the port complex, the outage comes as the government is actively pursuing the privatization of the facility. Reports indicate that a total of 12 bidders, including the large international container terminal operators, all entered bids for the privatization of the operation. The failure of its computer system highlights complaints in the industry that investments at the terminal have been lagging. Indian media reports indicated that officials at the terminal were working feverishly all day on Monday attempting to restore their systems. However, they had warned that they would have to begin turning away ships as of Tuesday if the systems had not been restored. Container traffic at the overall port operated by the Jawaharlal Nehru Port Trust rose by more than 25 percent in 2021 to over 5.6 million TEUs. The two largest terminals each for the first time handled more than one million TEU in the calendar year. Commissioned in 1989, the port handled approximately 55 percent of India’s container traffic in 2021. The Jawaharlal Nehru Port Container Terminal was the first to open at the port and has more than 2,000 feet of dock space. It can handle more than one million containers annually. By some reports, the terminal is only currently handling about 500,000 TEU annually, but the government wants it to play an increasing role in the port as they grow the overall operations. The plan was to award the privatization contract by July 2022.
READ THE STORY: Maritime Executive
A QUICK LOOK:
Hot war may get hotter through cyber battles
FROM THE MEDIA: A Russian fight over Ukraine could spill over to the cyber world. The United States on Tuesday joined allies read more in announcing new sanctions for Moscow’s military maneuvers. As payback, Russia may hack American energy firms and banks, and it won’t take much to cause real damage. The White House on Tuesday dubbed Russia’s moves read more so far an “invasion,” opening the door to economic punishment. Although not yet named by U.S. officials, big Russian firms like VTB Bank (VTBR.MM), Sberbank (SBER.MM) and Gazprombank could be cut off from U.S. dollar transactions while oligarchs close to Russian President Vladimir Putin could have their assets parked at Western firms frozen. That would set the stage for Russian retaliation. The White House imposed similar sanctions on Iran 10 years ago, and Iranians hit back through cyber attacks. Then, the country’s hackers tapped into dozens of financial firms, including JPMorgan (JPM.N), Wells Fargo and American Express (AXP.N) from 2011 to 2013, causing websites to go down and spurring millions of dollars in lost business, according to a U.S. Justice Department indictment. Also alarming was a hack of a dam in New York, though the attackers failed to gain control of the floodgates. Russia is skilled in cyber breaches. In 2018, U.S. officials accused Moscow of being behind hacks that targeted American utilities and power grids.
READ THE STORY: Reuters
A QUICK LOOK:
European Union cyber defense team deploys to aid Ukraine
FROM THE MEDIA: Several European Union member states are activating a team of specialists to help Ukraine ward off Russian cyberattacks, which have previously accompanied kinetic combat ordered by Moscow. The Defense Ministry of Lithuania — the lead nation for the Cyber Rapid Response Team project — announced the move Tuesday, saying the Ukrainian government requested the aid. Croatia, Estonia, the Netherlands, Poland and Romania also are part of the project, sponsored by the EU’s Permanent Structured Cooperation defense and security initiative. Per its mission statement, the project provides cyber defense capabilities to EU organizations and “partners.” The teams are equipped with “commonly developed deployable cyber toolkits designed to detect, recognize and mitigate cyber threats,” according to the project website. On Tuesday, officials were still assessing a Ukrainian defense scenario in which the team would operate, including “on-site and remote support,” a defense official at the Lithuanian Embassy in Washington told Defense News.
READ THE STORY: Defense News
A QUICK LOOK:
Items of interest
SIGINT for Anyone: The Growing Availability of Signals Intelligence in the Public Domain(Paper)
FROM THE MEDIA: This Perspective examines and challenges the assumption that signals intelligence (SIGINT) is an inherently governmental function by revealing nongovernmental approaches and technologies that allow private citizens to conduct SIGINT activities. RAND researchers relied on publicly available information to identify SIGINT capabilities in the open market and to describe the intelligence value each capability provides to users. They explore the implications each capability might provide to the United States and allied governments. The team explored four technology areas where nongovernmental SIGINT is flourishing: maritime domain awareness; radio frequency (RF) spectrum mapping; eavesdropping, jamming, and hijacking of satellite systems; and cyber surveillance. They then identified areas where further research and debate are needed to create legal, regulatory, policy, process, and human capital solutions to the challenges these new capabilities provide to government.
READ THE STORY: RAND
Farmers Are Hacking Their Tractors Because of a Repair Ban(Video)
FROM THE MEDIA: As of 2020, no right to repair law has passed in the US. But more than 20 states are considering legislation similar to Nebraska's, and Bernie Sanders and Elizabeth Warren have both supported national right to repair legislation for farmers. When it comes to repair, farmers have always been self reliant. But the modernization of tractors and other farm equipment over the past few decades has left most farmers in the dust thanks to diagnostic software that large manufacturers hold a monopoly over. In this episode of State of Repair, we go to Nebraska to talk to the farmers and mechanics who are fighting large manufacturers like John Deere for the right to access the diagnostic software they need to repair their tractors.
Zeus(Video)
FROM THE MEDIA: ZeuS is a banking trojan. Designed to steal money from online bank user’s accounts. This trojan became so big, that it resulted in one of the biggest FBI operations ever.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com