Friday, February 25, 2022 // (IG): BB //Weekly Sponsor: ISG
Wide range of possible targets for Russian cyber strikes, from infrastructure to smartphones
FROM THE MEDIA: For years prior to Russia’s invasion of Ukraine, Vladimir Putin’s government waged cyberwar aimed at destabilizing the country’s infrastructure, government, and financial systems, including several distributed-denial-of-service (DDoS) attacks in the run-up to Thursday’s all-out assault. The Gazette spoke with Lauren Zabierek, a former intelligence officer in the Air Force and director of the Cybersecurity and Infrastructure Security Agency at the Harvard Kennedy School’s Belfer Center, about Russia’s cyberwarfare capabilities, and what a cyberattack against the U.S. might look like. The interview was edited for clarity and length. GAZETTE: Russia launched numerous cyberattacks against Ukraine in the days before Thursday’s military strikes. What’s the potential for similar attacks against the U.S.? ZABIEREK: Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, put out a “shields up” warning last week noting that all organizations in the U.S. are at risk. Right now, we don’t have any indications of immediate attack, but we do know that Russians have at least conducted reconnaissance activities against our critical infrastructure for years and may have implanted some sort of tools to impact these services in response to U.S. or allied foreign policy action. That’s one kind of incident we may see, or we could be collateral damage from attacks on Ukraine, or even be targets of more tactical operations like DDoS attacks.
READ THE STORY: Harvard Gazette
A QUICK LOOK:
Ransomware is top attack vector on critical infrastructure
FROM THE MEDIA: Ransomware was the number one attack vector on critical infrastructure in 2021, according to a report by Dragos, a leading company in industrial cybersecurity. Nearly two-thirds of those attacks (65%), were aimed at the manufacturing sector, the company revealed in its annual review of cyber threats facing industrial organizations released Wednesday. "You can combine all the other sectors together and not get to where manufacturing is getting hit," Dragos CEO Robert M. Lee said at an information session held prior to the report's release." It is our assessment that ransomware authors and groups have found that targeting industrial organizations is very beneficial," he observed. "You not only get people to pay out faster because you're bringing down operations, but you also get them to pay out more because it's the crown jewels of the business." More than half of industrial ransomware attacks (51%) were launched by two threat groups—Conti and Lockbit 2.0—and 70% of those sorties were aimed at manufacturing targets, according to the report, which aspires to do for industrial cybersecurity what Verizon does annually for data breaches. Lee discounted reports that ransomware attacks are on the decline. "There's a decrease in people reporting it to the government, but there's not a decrease in actual cases," he said.
READ THE STORY: CSO
A QUICK LOOK:
Should U.S. launch a cyberattack offensive against Russia? Cyber experts are mixed
FROM THE MEDIA: While the U.S. will not be sending in troops in response to Russia’s unprovoked invasion of Ukraine, NBC News reported that advisers have presented U.S. President Joe Biden with options for “massive cyberattacks” aimed at disrupting Russia’s military efforts. The report published today, which cited four sources familiar with the matter, was dismissed by a White House spokesperson. However, the NBC News report itself specified that cyberattacks would be either covert or clandestine military operations, and the U.S. would never publicly acknowledge the activities. The proposals include the use of U.S. “cyberweapons” in an unprecedented manner — “on a scale never before contemplated” — to target Russia’s military, according to the NBC News report. Agencies including U.S. Cyber Command, the NSA and the CIA would be among those with a role in the operation, according to the report. In comments to VentureBeat on Thursday, cybersecurity experts provided a range of perspectives on the idea, from cautious support of the general concept to wariness — due in part to concerns about whether U.S. cybersecurity defenses would be up to the challenge of an cyber escalation involving Russia. Hitesh Sheth, president and CEO at Vectra, said that it’s “imperative” that the U.S. “consider offensive options” in this situation. However, “going on the offensive without the right technology to defend ourselves in cyber space would be bad strategy,” Sheth said.
READ THE STORY: Venturebeat
A QUICK LOOK:
Iranian Government-Sponsored MuddyWater Actors Conducting Malicious Cyber Operations
FROM THE MEDIA: A month after publicly exposing a large suite of tools used by the Iranian government-backed APT team known as MuddyWater, U.S. government security agencies are warning organizations that the group is actively conducting cyber espionage campaigns against critical infrastructure organizations, government agencies, and other targets in North America, Europe, and other regions. MuddyWater is a group inside the Iranian Ministry of Intelligence and Security (MOIS) that has been active since at least 2018 and is known to use a wide range of tools and techniques in its operations. In January, U.S. Cyber Command published a set of 17 separate samples of malware attributed to MuddyWater, including a PowerShell malware loader called PowGoop. That tool was used in a 2020 attack against some organizations in the Middle East that resulted in ransomware deployments. MuddyWater often uses PowGoop and other malware tools as part of DLL-sideloading operations to insert malware into benign files. In a joint advisory published Thursday, the FBI, Cyber Command’s Cyber National Mission Force, CISA, and the UK’s National Cyber Security Center warned that MuddyWater is using newer variants of some of these malware tools in its spear phishing campaigns and other operations.
READ THE STORY: Homeland Security Today // DUO // CYBERCOM
A QUICK LOOK:
Russia-Ukraine war: Anonymous hackers launch cyberwar against Russia taking down government websites
FROM THE MEDIA: The ongoing Russia Ukraine war has a new player – the Anonymous hacker collective. Amidst Russia’s offensive against Ukraine, Anonymous hackers have claimed to have taken down several Russian government websites, and RT.com, the website of the state-controlled television network. The hacker collective made an announcement on Twitter yesterday, stating that they’re engaged in a ‘cyber war’ against the Russian government. Some of the websites that were either taken down by Anonymous or were slowed down include those of the Russian government, the Kremlin, Duma and the Ministry of Defense. Apart from RT.com, the hacker collective also launched distributed denial of service (DDoS) attacks against websites of Russian internet service providers Com2Com, Relcom, Sovam Teleport and PTT-Teleport Moscow. Various Anonymous accounts were found using the #OpRussia and #OpKremlin hashtags on Twitter, similar to the #OpISIS campaign that was launched earlier in an attempt to take down the terrorist organization’s online propaganda attempts.
READ THE STORY: Business Insider
A QUICK LOOK:
GiveSendGo hit with yet another data breach as more donors’ personal info exposed(Freedom Convoy fundraiser)
FROM THE MEDIA: The data, provided by the hacker to the transparency and journalism collective DDoSecrets, reveals all names and donation amounts provided to the campaign as of Feb. 23 as well as limited credit card data. A hacker had previously leaked a downloadable file on the identities of more than 92,000 donors on Feb. 13. Visitors to GiveSendGo’s website were redirected to a rogue domain that not only offered a downloadable file of the data but a long manifesto set to music from the Disney film Frozen II. The initial leak came just three days after the Daily Dot was alerted to serious security issues on GiveSendGo’s website that saw private documents such as passports and driver’s licenses openly exposed. Despite informing the company of the vulnerabilities uncovered by security researchers, GiveSendGo co-founder Jacob Wells called the issue “fake news.” Just two days later on Feb. 15, an even more devastating leak revealed the entire donor history of every individual who had ever used GiveSendGo as well as limited credit card data. The incident finally caused GiveSendGo, which had remained quiet on the issues up until that point, to take down its website and release a statement regarding the breach. The company tried to reassure users by claiming that it had “performed many security audits to ensure the security of the site before bringing it back online.”
READ THE STORY: Daily Dot
A QUICK LOOK:
How Cybercriminals Break Into Food & Beverage Plants
FROM THE MEDIA: Computers and the internet, properly used, can be agents of information and efficiency. But used maliciously, they can be agents of terrorism and extortion. Cyberattacks on business in general, and the food industry in particular, have been proliferating, with at least five major food companies being hit with ransomware attacks since 2017. Arguably the highest-profile one was a ransomware attack last September on JBS USA that paralyzed the company’s operations, forcing it to pay a ransom of $11 million. The situation has been making food and beverage processors rethink their approach to cybersecurity and try to assess their vulnerabilities. It’s a daunting task, especially as automation, data gathering and remote access become more ubiquitous and important in the industry. The JBS attack, like some others, was especially frightening because it paralyzed the company’s operations. Companies are liable to this kind of attack when their information technology is not sufficiently separated between business and operations, experts say. This means that the operational side, which automates and controls the processing systems, isn’t sufficiently secure from attacks on the business side, which includes functions like email, accounting and revenue. “The lack of separation between these environments — typically called segmentation — results in a ‘monolithic’ or single environment that can have different security requirements, attack vectors and ransomware impacts,” says David White, founder and president of Axio, a cyber risk advisory firm. The situation is concerning because cyberattacks most often originate on the business side. That’s where an enterprise has the most points of connection to the internet, and thus, the most vulnerability. It’s also where phishing attacks are the most likely to occur.
READ THE STORY: Food Processing
A QUICK LOOK:
Inside creepy network of ‘spy apps’ that secretly track and monitor people
FROM THE MEDIA: Inside creepy network of 'spy apps' that secretly track and monitor people Stalkerware apps can trace keystrokes, track the device’s location, screen record the user’s every move, or even access the device’s camera in real-time. Stalkerware does not require advanced hacking — it can be installed by anyone with access to the device.It can be disguised as a calculator app, as was the case for one New York Times reporterwho sought out and flagged the existence of the stalkerware app Flash Keylogger in the Google Play store. “It looked like a calculator app. But it was actually spyware recording my every keystroke — the type of data that would give a stalker unfettered access to my private life,” Brian X. Chen wrote in September 2021. Once installed, the watcher might receive email caches of information or even have access to a dashboard of real-time usage. Stalkerware apps are often named and modeled to look like unsuspicious apps.ShutterstockAnd because of stalkerware’s ability to spy on unsuspecting victims, it has become a tool of domestic abuse or intimate partner violence. a study of 2,000 participants where 10% “admitted to using an app to monitor an ex or current partner’s text messages, phone calls, and other communications.
READ THE STORY: HeadTopics // Cyberwire
A QUICK LOOK:
TrickBot operators slowly abandon the botnet and replace it with Emotet
FROM THE MEDIA: Researchers believe the group behind TrickBot are moving the infected devices it controls to the newer, more difficult to detect Emotet malware. TrickBot, once one of the most active botnets on the internet and a primary delivery vehicle for ransomware, is no longer making new victims. However, there are signs its operators are transitioning the already infected computers to other botnets, including Emotet. "Our team assesses with high confidence that Trickbot operators are working closely with the operators of Emotet," researchers from security firm Intel 471 said in a new report. "There is clear evidence of this relationship, for example, the resurrection of Emotet began with Trickbot." TrickBot and Emotet are two Trojan programs that started out as malware tools focused on stealing online banking credentials but evolved into malware distribution platforms where they rented their access on systems to other cyber criminal gangs.
READ THE STORY: ARN
A QUICK LOOK:
Economic Espionage and Theft of Trade Secrets
FROM THE MEDIA: In 1996, President Clinton signed the Economic Espionage Act (the “Act”). At the time, the principal proponents of the law included business leaders from the then burgeoning Silicon Valley as well as from the aerospace industry. Proponents of the Act claimed foreign entities were actively attempting to steal trade secrets and that the existing laws at the time did not adequately protect their interests. The Act, among other things, criminalized the theft of trade secrets intended to benefit “any foreign government, foreign instrumentality, or foreign agent.” Steep penalties for violations of the Act demonstrated that the United States would take economic espionage extremely seriously. Since its passage, the U.S. Government has aggressively enforced the Act against those who have sought to steal trade secrets from companies for the benefit of foreign adversaries. Convictions for economic espionage in violation of 18 U.S.C. § 1831 can result in a prison sentence of up to 15 years. Since the Act’s initial passage, Congress has increased the potential monetary penalties for violations to $5 million. For organizations, the maximum possible fine was increased to “the greater of $10,000,000 or 3 times the value of the stolen trade secret to the organization.” Between 1996 and 2020, there were no fewer than 190 cases against 276 individual defendants for violation sunder the Act. Of these individual defendants, 31 were convicted of economic espionage under § 1831 of the Act; the remainder were convicted for theft of trade secrets under § 1832.
READ THE STORY: The National Law Review
A QUICK LOOK:
Items of interest
The SECRETS Act Adds a Critical New Defense Against IP Theft Threatening U.S. Tech Leadership(Article)
FROM THE MEDIA: “Acting against Chinese IP theft is a rare area of bipartisan support in U.S. trade policy, and the SECRETS Act provides a chance for U.S. policymakers and the Biden administration to take a stand against such parasitic practices by enacting a new law.” Intellectual property (IP) theft, especially of trade secrets, remains a significant threat to advanced U.S. industries, global competitiveness, and national security. It is foundational to the U.S. trade dispute with China, given state-sponsored efforts to steal as much American know-how as possible. Yet, instead of new laws and regulations, the United States has relied mainly on tariffs in an indirect effort to convince China to curb these illegal practices.
READ THE STORY: IPWATCHDOG
Unheard, Unknown & Unseen Cyber-crimes(Video)
FROM THE MEDIA: Mr. Ritesh is a Cybersecurity consultant and a well known Cybercrime Investigator. He is the founder of V4WEB cybersecurity services. He is popularly known for his Cybercrime Investigations and has been successful in solving many cases for corporates, law enforcement agencies and individuals in India and abroad. He has been a distinguished speaker at many national and international conferences and organizations such as the United Nations, UNICEF, RBI, Anti Narcotics Cell, Economic Offences Wing, Indian Air Force and many more where he spoke on new age cybercrimes, data privacy and dark web. Mr. Ritesh is a well known Cybercrime Investigator and Cybersecurity Consultant with an experience of 20 years in cyberspace and has been successful in solving many cases for corporates, law enforcement agencies and individuals in India and abroad. His recent case on busting a WhatsApp group that was circulating child sexually abusive material was well appreciated not just by the Indian police but also by Interpol.
Russia, Ukraine and offensive cyber options(Video)
The United States, China and Russia have not yet shown themselves willing to unleash the full destructive potential of cyber operations for strategic gain. Russia has been the most aggressive of the three powers in cyberspace, and Ukraine has suffered the most from it. But even now, as Russia is trying to put immense strategic pressure on Ukraine, we do not see − and we don’t expect to see − large-scale Russian offensive cyber operations against Ukraine. These are some of the conclusions of a new IISS report on the offensive cyber operations of the US, Russia and China, which will be published on the same day as the webinar. During the discussion, Dr Greg Austin, Dr Eneken Tikk, Dr Nadiya Kostyuk and James Crabtree discuss the report’s findings, and explain why Russia and the other two major cyber powers might be reluctant or incomplete cyber attackers.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com