Sunday, February 27, 2022 // (IG): BB //Weekly Sponsor: ISG
Cyber threat grows after Russia SWIFT sanctions over Ukraine
FROM THE MEDIA: Cyber experts warned of increased risk of cyberattacks from Russia, following the latest sanctions announced over Ukraine — which dropped major Russian banks from the SWIFT financial system. Russian President Vladimir Putin has threatened retaliation against the west for what he perceives as interference in the country’s unprovoked assault on its neighbor Ukraine. And as is well known, both the Russian government itself and affiliated cybercriminal gangs possess significant cyberattack capabilities — and Russia has a history of using them in geopolitical contexts. Authorities in the U.S. and U.K. blamed Russia for last week’s massive distributed denial-of-service (DDoS) attacks in Ukraine. And fresh DDoS attacks, as well as destructive cyberattacks that involved wiper malware, struck Ukraine on Wednesday just ahead of the invasion. But thus far, “I’m willing to bet that the Russians haven’t used even a fraction of the bullets in their cyber arsenal,” said Eric Byres, CTO of cyber firm aDolus Technology, in an email.
READ THE STORY: venturebeat
A QUICK LOOK:
Ransomware group claiming responsibility for Nvidia attack is hacked in turn
FROM THE MEDIA: Two ransomware groups have endorsed Russia’s attack on Ukraine, with one promising to retaliate against any nation that takes action against Moscow. According to Brett Callow, a Canadian-based threat analyst for Emsisoft, the Conti gang made the retaliation statement on its data leak site, used to show proof of hacks and data thefts. “The Conti Team is officially announcing a full support of Russian government,” the statement says. “If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use all of our possible resources to strike back at the critical infrastructure of an enemy.” In addition, Callow said, the CoomingProject gang issued this statement: “Hello everyone this is a message we will help the Russian government if cyber attacks and conduct against Russia.” Conti has been known for bold words. When U.S. government authorities went after the REvil ransomware gang, Conti protested against the “unilateral, extraterritorial and bandit mugging behavior of the United States in world affairs.” and complained about the “Neo-fascist alliance between the US and EU kleptocracies.”
READ THE STORY: PCgamer
A QUICK LOOK:
‘The time is now and the place is here’: Cyber vendors, volunteers rush free security to Ukraine
FROM THE MEDIA: Well before Russia invaded Ukraine, before two rounds of DDoS attacks to financial institutions and malware sent to "hundreds" of Ukrainian targets, it was clear that Russia would likely incorporate cyberwarfare into its approach. Over the past decade, Russia launched devastating attacks against Ukraine during peacetime; why would war be different? Since the start of the conflict, Ukraine has tried to assemble a mismatched team for cybersecurity response against the full force of a major cyber power. They have asked domestic hackers to volunteer for offensive and defensive missions and South Korea for help with general cybersecurity. But they have also started to receive varying degrees of help from cybersecurity firms. Many are offering free software and services to Ukrainian enterprises; some are offering even more. "There's a gentleman from a small company in Serbia called Cybernite who offered offensive and defensive operations services for the Ukrainian government. And then he also mentioned that he had a four-room apartment in Belgrade for displaced persons," said Chris Culling, a threat intelligence analyst who has been maintaining a list of free products being offered to Ukrainian services from his Twitter account.
READ THE STORY: SCMagazine // Target list
A QUICK LOOK:
Official Kremlin website down amid war in Ukraine
FROM THE MEDIA: A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware "Electron Bot," in reference to a command-and-control (C2) domain used in recent campaigns. The identity of the attackers is not known, but evidence suggests that they could be based out of Bulgaria. "Electron Bot is a modular SEO poisoning malware, which is used for social media promotion and click fraud," Check Point's Moshe Marelus said in a report published this week. "It is mainly distributed via the Microsoft store platform and dropped from dozens of infected applications, mostly games, which are constantly uploaded by the attackers." The first sign of malicious activity commenced as an ad clicker campaign that was discovered in October 2018, with the malware hiding in plain sight in the form of a Google Photos app, as disclosed by Bleeping Computer. In the years since, the malware is said to have undergone numerous iterations that equip the malware with new features and evasive capabilities. In addition to using the cross-platform Electron framework, the bot is designed to load payloads fetched from the C2 server at run time, making it difficult to detect.
READ THE STORY: Reuters
A QUICK LOOK:
Putin’s cyber army tracked UK weaknesses 'for years' as British computers to suffer attack
FROM THE MEDIA: The warnings were issued in a high-level briefing by officials from the US Cybersecurity and Infrastructure Security Agency to Five Eyes alliance counterparts in Britain, Australia, Canada and New Zealand. Last night experts said Washington and Whitehall would also choose to mount retaliatory cyber attacks in an attempt to hinder Russian forces in Ukraine. Britain is a target of Russia following the imposition of sanctions against the country on Thursday. Former diplomat Danny Lopez, now CEO of Glasswall Solutions, said that the UK should prepare for a barrage of malware attacks. ‘State-sponsored attackers will have been monitoring weaknesses for months and even years, ready to strike with a stockpile of malware,” he warned. Cyber analyst Hans Horan said that, for both sides, attacks would begin gradually. “When it comes to British targets, Russia’s state-sponsored hackers will begin by targeting niche defense firms as well as the energy and telecoms sector,” he said. “The effects will be felt slowly at first. If we get into a tit-for-tat cyber conflict, however, Russia may go from disruptive to destructive tactics.”
READ THE STORY: Express
A QUICK LOOK:
Bulgaria is fending off cyber attacks
FROM THE MEDIA: Bulgaria is fending off cyber attacks, according to a statement by the country’s Ministry of e-Government on February 27. “In order to ensure the cybersecurity of Bulgaria and in the context of the escalation of hybrid attacks, experts from the Ministry of e-Government, together with the Cybercrime Department of the Interior Ministry’s Chief Directorate for Combating Organized Crime took action to filter or stop traffic from more than 45 000 internet addresses,” the ministry said. Attempts had been made to maliciously interfere with electronic systems or networks, the statement said. Under Bulgaria’s Cyber Security Act, notifications had been sent electronically to telecommunications operators and companies offering public communications networks and services in the country, which are obliged to immediately, when technically possible, filter or stop malicious internet traffic. “Comprehensive measures are being taken to protect critical and strategic systems by interdepartmental groups working in accordance with the adopted action plans in the Cyber Security Council of the Cabinet,” said the statement.
READ THE STORY: SofiaGlobe
A QUICK LOOK:
In Shadow of Ukraine-Russia Cyberwar, Iranian Hackers Go on the Offensive
FROM THE MEDIA: The FBI, NSA and U.K. cyber authorities warn of Iranian government-sponsored hackers ‘conducting cyber espionage’ against targets across the world. As the Russian invasion of Ukraine spilled over into the cyber realm, Iranian hackers affiliated with the country’s military intelligence have launched a global cyber espionage campaign, the U.S. and the U.K. said in a rare warning issued over the weekend. Ukraine has been hammered by digital intrusions and denial-of-service attacks both in the run-up to and during the Russian invasion, Reuters reported over the weekend. Britain and the United States said Russian military hackers were behind a spate of DDoS attacks last week that briefly knocked Ukrainian banking and government websites offline before the Russian invasion. Russia has denied the allegations. Meanwhile, the U.S. and the U.K. also issued warnings against a group of Iranian hackers known as MuddyWater. In January, the U.S. Cyber Command confirmed what Israeli cyber researchers have long claimed: that MuddyWater is operating on behalf of Iran’s Intelligence and Security Ministry and the Iranian Revolutionary Guard Corps.
READ THE STORY: Haaretz
A QUICK LOOK:
‘Zero-click’ hacks are growing in popularity. There’s practically no way to stop them.
FROM THE MEDIA: Once the preserve of a few intelligence agencies, the technology for zero-click hacks is now being sold to governments by a few companies, the most prominent of which is Israel’s NSO Group. As a journalist working for the Arab news network Alaraby, Rania Dridi said she’s taken precautions to avoid being targeted by hackers, watching out for suspicious messages and avoiding clicking on links or opening attachments from people she doesn’t know. Dridi’s phone got compromised anyway with what’s called a “zero-click” attack, which allows a hacker to break into a phone or computer even if its user doesn’t open a malicious link or attachment. Hackers instead exploit a series of security flaws in operating systems — such as Apple’s iOS or Google’s Android — to breach a device without having to dupe their victim into taking any action. Once inside, they can install spyware capable of stealing data, listening in on calls, and tracking the user’s location. With people more wary than ever about clicking on suspicious links in emails and text messages, zero-click hacks are being used more frequently by government agencies to spy on activists, journalists and others, according to more than a dozen surveillance company employees, security researchers and hackers. Once the preserve of a few intelligence agencies, the technology needed for zero-click hacks is now being sold to governments by a small number of companies, the most prominent of which is Israel’s NSO Group.
READ THE STORY: Inquirer
A QUICK LOOK:
Russia restricts Twitter in the country amid conflict with Ukraine
FROM THE MEDIA: Twitter announced Saturday that Russia appeared to be restricting access to its platform amid ongoing conflict between the Russian military and Ukrainian forces. Twitter Support tweeted Saturday: “We’re aware that Twitter is being restricted for some people in Russia and are working to keep our service safe and accessible.” Ukrainian President Volodymyr Zelensky and other Ukrainian government officials have used the platform to rebut false claims from Russia and update the international community about the war in his country. Following the Russian invasion Thursday morning, video surfaced on Twitter of demonstrators in major Russian cities taking to the streets to speak out against war with the former Soviet state. In addition, western nations including the U.S., Canada and members of the EU have posted updates on military assistance they are sending to Ukraine. The news from Twitter follows an announcement Friday from Russian-owned media that it is partially restricting Facebook.
READ THE STORY: The Hill
A QUICK LOOK:
Anonymous Claims Hacks on More Than 300 Russian Cyber Targets in 48 Hours, Including Gas Control System
FROM THE MEDIA: An Anonymous account reported earlier today that the hacking collective’s #OpRussia campaign had taken down more than 300 Russian government, state media and bank websites over the past 48 hours, with the majority of those struggling to come back online. As members of the collective posted information about their operations on Twitter, one account said that hackers breached a Russian Linux terminal and gas control system in Nogir, North Ossetia. “We changed the dates and almost make its gas pressure become so high to turn into fireworks! Luckily we didn’t because of a fast-acting human controller,” the post said, adding screenshots of the breach. One Anonymous Twitter account claimed Saturday evening that it was responsible for knocking the Chechen government website offline, and it was still down this morning. Chechen leader Ramzan Kadyrov, a Putin ally who vowed to “carry out his orders under any circumstances” and has been accused of scores of human rights abuses, said Saturday that Chechen units had deployed to Ukraine. Another Anon account said Russian state TV channels had been hacked “to broadcast the truth about what happens in #Ukraine.” One account posted video of Russian state TV being hacked to broadcast Ukraine’s national anthem. Another posted audio of what it said were Russian military communications intercepted by the hackers; they broadcast the Ukrainian national anthem on that Russian channel as well.
READ THE STORY: Anonymous
A QUICK LOOK:
How to keep Russia from winning in Ukraine: Get sneaky
Russian tanks blitzkrieging through the Ukraine. Airplanes shot out of the sky. Soldiers killed in combat. Missiles pound Kyiv, a city of 2.8 million people. Civilians leaving their homes in the middle of winter, seeking refugee camps that do not exist. The world stands in cognitive dissonance as it witnesses the first military invasion of a European country since the Nazis’ conquest for Lebensraum. What’s going to happen next? What should we do? What can we do? Plenty. First, we need to upgrade our strategic IQ. The West views war like pregnancy: Either you are or are not. War is the failure of peace, and diplomacy is its arbitrator. This vision is enshrined in the laws of armed conflict, the writings of Prussian general Carl von Clausewitz, and the conventional warfare paradigm (think: World Wars I- and II-style fighting). However, clever people know that it’s not war or peace; it’s war and peace. Both coexist, always. Cunning adversaries such as Russia and China leverage the space between war and peace for devastating effect. They use weapons like cyberattacks, lawfare and malign disinformation to wage war but disguise it as peace to our rigid minds. As a result, we take the hit but do not punch back. It’s like strategic Jujutsu, a martial art that uses the enemy’s weight against them, except that our adversaries use our war/peace paradigm against us. Curiously, we used to think about the nuance of war and peace during the Cold War but since have forgotten it. On the surface, the U.S. and the USSR maintained a cool veneer of peace while kicking each other under the table; we engaged in proxy wars, secret wars, blackmail and every other dirty trick you can imagine. Now we are confounded by simple questions like, “Is a cyberattack an act of war?” Questions like this make the conventional warrior’s head explode. Rather than confront the obvious, we bury our cognitive dissonance in buzz-phrases like “gray zone” warfare and the oxymoronic “wars beneath the threshold of war.” We urgently need to upgrade our thinking about war and peace.
READ THE STORY: The Hill
A QUICK LOOK:
Items of interest
Ukraine’s resistance is built on the backs of volunteers(Article)
FROM THE MEDIA: As Russia advances, Ukrainian civilians are picking up weapons and learning to make Molotov cocktails. As Ukraine continues to wage a surprisingly successful resistance against Russia, Ukrainian civilians and volunteers are playing a crucial role in defending their county — one for which they have been preparing for the past eight years, since the last major Russian incursion in 2014. Many civilians are taking up arms themselves, and the Ukrainian government has begun sharing bomb-making instructions and encouraging civilians to take down street signs “in order to confuse and disorient the enemy.” In a video posted on Friday, Ukrainian President Volodymyr Zelensky confirmed that he and his government were still in Kyiv, with the people of Ukraine, and called for everyone able to take up arms to defend the country — even Ukrainians abroad and foreigners.
READ THE STORY: VOX
Kaseya hack Explained – How was Kaseya Hacked? Kaseya hack floods hundreds of co's with ransomware(Video)
FROM THE MEDIA: Kaseya Ransomware Explained – How was Kaseya Hacked? | Kaseya hack floods hundreds of companies with ransomware In this episode we are going to talk about the Zero-Day Hack of the Florida based Kaseya IT Company’s VSA software By the Revil ransomware gang. On July 2 2021 Kaseya CEO Fred Voccola said the company shut down its SaaS servers as a precaution to protect more than 36,000 customers. The difference between JBS and Kaseyas hack is this time around, instead of locking up one company itself, Revil has focused its attack on the Kaseya VSA software used by large companies and technology-service providers to manage and distribute software updates to systems on computer networks. This Is no longer a single network attack but a multi-network attack. This latest attack appears to be its largest ever. The incident has allegedly compromised as many as 200 companies and may have infected over 40,000 computers world-wide, according to cybersecurity experts. We want to make sure we are secure and prepared in case one of these attackers tries to infiltrate our systems so today we are going to take a look at this ransomware attack and see how we can protect our systems and clients from it.
JBS Hack Explained | REvil Ransomware Cyberattack – Cyberattack Forces JBS to Shut Down Operations(Video)
n this episode we are going to talk about the JBS USA Holdings, Inc. Ransomware attack, learn how these types of attacks work and how we can protect ourselves and our clients from these types of attacks. In case you are not familiar with them JBS USA Holdings, Inc. is an American food processing company and a wholly owned subsidiary of JBS S.A., a Brazilian company that is the world's largest processor of fresh beef and pork, with more than US$50 billion in annual sales as of 2017. The subsidiary was created when JBS entered the U.S. market in 2007 with its purchase of Swift & Company. JBS provides roughly 25% of Americas meat.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com