Daily Drop(62)
2-28-22
Monday, February 28, 2022 // (IG): BB //Weekly Sponsor: ISG
The Global Cyber Guerrillas Coming to Ukraine’s Aid
FROM THE MEDIA: As diplomats and national leaders dallied over sanctions against Russia for its invasion of Ukraine, digital defenders got straight to work. Within a day of tanks crossing the border and missiles striking targets, hacker collective Anonymous declared “cyber war against the Russian government.” Soon after, the amorphous online collective claimed to have taken down the website of Kremlin-backed TV channel RT and that of a Russian ministry. RT’s website was still down the following morning, the Daily Mail reported. Both were operational at the time of writing. Over the weekend, the Kremlin’s official website as well as Russian television stations were apparently hacked as well. Ukraine’s government has also called for people to take up digital arms against Russia, with the nation’s hacker underground being enlisted in the fight, Reuters reported Friday. The cyber response comes after Ukrainian government, banking and media websites were taken offline in distributed denial of service attacks. This is not unfamiliar territory for the east European nation — it has borne the brunt of Russian cyber aggression for years.
READ THE STORY: Washington Post
A QUICK LOOK:
Russia’s weak firewall exposes it to scrutiny in Ukraine
FROM THE MEDIA: Russia has a mixed technological, legal and physically enforced internet firewall against unwanted messaging and criticism regarding its invasion of Ukraine. But this firewall is not nearly as impermeable as the “Great Firewall” of China. This means that as the war draws on, more criticism, unflattering pictures and themes are reaching the Russian general public. And these images and messages are not low stakes. Russian President Vladimir Putin has had to arrest thousands in his own country of anti-war protesters. There is a large, if trampled, opposition movement, and many, even in the top echelons of Putin’s own regime, are not sure a full-fledged invasion of Ukraine is not repeating some of the mistakes the USSR made in Afghanistan in the 1980s. If enough wrong messaging gets through it could seriously impact Putin’s war effort and even undermine his hold on power. How could the Kremlin be allowing this to happen? It invested years and billions in silencing, arresting and sometimes even allegedly killing off critics as well as electronically blocking “objectionable” content which undermines their desired narrative.
READ THE STORY: JPOST
A QUICK LOOK:
Leader in kettle controls hit by cyber attack ‘of Russian origin’
FROM THE MEDIA: AIM listed Strix Group has been the subject of a cyber attack “of Russian origin”. The group, which specializes in temperature control systems for kettles but has diversified into water purification and disinfection solutions in the livestock farming industry in China, said the recent incident was picked up and dealt with. It said the attack mainly impacted its Isle of Man and UK servers. It immediately engaged external specialists and took precautionary measures with its IT infrastructure, including taking its systems offline while it investigated the nature and extent of the incident and implemented its business continuity plan. Isle of Man-based Strix said all its systems have now been restored and are fully operational. And it reassured markets that there has been no impact on customer orders or sales, with all businesses within the group remaining operational. Strix said it has also appointed cyber security experts to continue to monitor and support the group with this incident as well as report on the attack and make recommendations to further enhance and refine the group’s processes and procedures. Strix’s statement to the stock exchange this morning said: “The group is fully aware of its obligations and is working with its professional advisers, the police and relevant regulatory authorities and will provide further updates as and when appropriate.”
READ THE STORY: The Business Desk // Marketwatch
A QUICK LOOK:
Elon Musk activates Starlink in Ukraine after vice prime minister’s plea
FROM THE MEDIA: Starlink is now active in Ukraine, Elon Musk announced after Ukraine’s vice prime minister on Saturday requested the SpaceX billionaire help the embattled country with communication satellites. “Starlink service is now active in Ukraine,” Musk tweeted about 10 hours after the call for help. “More terminals en route.” The response came after Ukrainian Vice Prime Minister Mykhailo Fedorov asked for the controversial business magnate for Starlink stations. “@elonmusk, while you try to colonize Mars — Russia try to occupy Ukraine! While your rockets successfully land from space — Russian rockets attack Ukrainian civil people!” Fedorov, also the country’s Ministry of Digital Transformation, tweeted “We ask you to provide Ukraine with Starlink stations and to address sane Russians to stand.” Musk’s response also came as Ukraine faced a third day of assaults from Russia and troops continued their assault on Kyiv.
READ THE STORY: NYPOST // Ricochet
A QUICK LOOK:
Conti ransomware gang chats leaked by pro-Ukraine member
FROM THE MEDIA: A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on Friday, in the aftermath of Russia’s invasion of Ukraine. The message appears to have rubbed Conti’s Ukrainian members the wrong way, and one of them has hacked the gang’s internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists and security researchers. Dmitry Smilyanets, a threat intelligence analyst for Recorded Future, who has interacted with the Conti gang in the past, has confirmed the authenticity of the leaked conversations. The leaked data contains 339 JSON files, with each file consisting of a full day’s log. Conversations from January 29, 2021, to today, February 27, 2022, have been leaked and can be read online here, courtesy of security firm IntelligenceX.
READ THE STORY: The Record
A QUICK LOOK:
Anonymous: the hacker collective that has declared cyberwar on Russia
FROM THE MEDIA: The group has claimed credit for hacking the Russian Ministry of Defense database, and is believed to have hacked multiple state TV channels to show pro-Ukraine content. Cyber conflicts are fought in the shadows, but in the case of Russia’s invasion of Ukraine, it is a group that calls itself Anonymous that has made the most public declaration of war. Late on Thursday the hacker collective tweeted from an account linked to Anonymous, @YourAnonOne, that it had Vladimir Putin’s regime in its sights. In the days since, the group has claimed credit for several cyber incidents including distributed denial of service attacks – where a site is rendered unreachable by being bombarded with traffic – that have brought down government websites and that of Russia Today, the state-backed news service. The DDoS attacks still appeared to be working on Sunday afternoon, with the official sites for the Kremlin and Ministry of Defense still inaccessible. Anonymous also said it had hacked the Ministry of Defense database, while on Sunday it was claimed the group had hacked Russian state TV channels, posting pro-Ukraine content including patriotic songs and images from the invasion.
READ THE STORY: The Guardian
A QUICK LOOK:
Russia may use SolarWinds-like hacks in cyberwar over Ukraine
FROM THE MEDIA: Stiff sanctions against Russia and Vladimir Putin over Ukraine means a wave of cyberattacks may be headed for the U.S. and other western nations as retaliation, cyber experts say, as part of what could become an escalating “cyberwar.” Security teams, of course, are perpetually on guard for Russian attacks — but the threat this time could be especially difficult to see coming, experts told VentureBeat. That’s because Russia is believed to have been saving up some of its best options for a moment like this one. Russian threat actors are widely believed to have gained footholds into corporate and government systems — via SolarWinds-like software supply chain breaches, the Log4j vulnerability, or even the SolarWinds hack itself — which just haven’t come to light yet. But they might soon. Cyber experts are warning of an increased risk of cyberattacks from Russia, following sanctions that booted major Russian banks from the SWIFT financial system. The move essentially prevents the Russian banks from carrying out international transactions, and followed other rounds of sanctions over Russia’s invasion of Ukraine, including some that’ve hit Putin himself.
READ THE STORY: Venturebeat
A QUICK LOOK:
Vulnerable U.S. electric grid facing threats from Russia and domestic terrorists
FROM THE MEDIA: Ukrainians are facing the prospect of massive power outages, as Russian forces fight for control of areas that house vital parts of Ukraine's electric grid. If Moscow shuts down the grid, millions could be left without light, heat, refrigeration, water, phones and internet. The White House is monitoring our own critical infrastructure after two Department of Homeland Security warnings last month about threats to our grid. One noted Russia has proven its ability to use cyber attacks to shut down electric grids, and "compromised U.S. energy networks." We've been looking at the grid for months and were surprised to learn how vulnerable it is, and how often it's deliberately targeted. One attack, nine years ago, was a wake-up call for industry and government. On the night of April 16, 2013, a mysterious incident south of San Jose marked the most serious attack on our power grid in history. For 20 minutes, gunmen methodically fired at high voltage transformers at the Metcalf Power substation. Security cameras captured bullets hitting the chain link fence.
READ THE STORY: CBSnews
A QUICK LOOK:
Belarus Hackers Allegedly Disrupted Trains to Thwart Russia
FROM THE MEDIA: Activist hackers in Belarus have allegedly breached computers that control that country’s trains and brought some to a halt, part of what they say is an effort to disrupt Russian soldiers moving into Ukraine. The Cyber Partisans, as the activist hackers call themselves, said on Sunday that some trains had stopped in the cities of Minsk and Orsha, as well as in the town of Osipovichi, after its hackers compromised the railway system’s routing and switching devices and rendered them inoperable by encrypting data stored on them. Several websites connected to Belarus’s rail network returned error messages on Sunday. However, Bloomberg News couldn’t independently verify the hacking group’s claims. A former Belarus railway worker, who runs a Telegram channel popular with railway workers in the country, reported that train systems in Minsk and Orsha had been “paralyzed.” In addition, on Belarusian internet forums, some people described disruption to trains in Minsk. Government representatives in Belarus didn’t respond to requests for comment. A representative for the Russian Embassy in Washington didn’t respond to a message seeking comment.
READ THE STORY: Bloomberg
A QUICK LOOK:
BlackCat: The rise of a new ransomware threat
FROM THE MEDIA: The cybersecurity threat creating the most buzz (and with this the greatest level of concern) is BlackCat, a form of ransomware. This software has quickly gained notoriety in the past few months, particularly for its clever techniques. The malicious software is deployed as a form of ‘ransomware-as-a-service’, in that BlackCat is seeking affiliates to deploy its ransomware. Affiliates keep an 80-90% share of the ransom payment, with the remainder going to the BlackCat author. Security researchers believe this ransomware family to be a rebrand of the infamous BlackMatter group, in which its developers profited from threat actors that leveraged the ransomware to deploy it against victims. ne of the concerns with the ransomware package is with its highly-customizable feature set. This allows the software to be deployed for attacks on a wide range of corporate environments. JP Perez-Etchegoyen, CTO at Onapsis has told Digital Journal that he believes that business-critical applications are at high risk of exploitation, and enterprises must take the appropriate measures to secure them. Perez-Etchegoyen says that some business essential processes are particularly at risk: “Business-critical applications, like those from SAP, contain vital data (financial, customer, product, employee, etc.) that keep enterprises running.
READ THE STORY: Digital Journal
A QUICK LOOK:
Facebook uncovers disinformation and hacking campaigns targeting Ukraine
FROM THE MEDIA: Facebook parent company Meta says it has uncovered Russian efforts to undermine trust in the Ukrainian government and a separate attempt to hack Ukrainian military officials and journalists using its platform. The two separate campaigns were both small in scale and caught in the early stages, the company said. "There's been a lot of speculation and interest on whether there are covert influence operations targeting public debate in Ukraine and to what degree we're seeing cyber hacking groups targeting individuals in Ukraine," said Nathaniel Gleicher, Meta's head of security policy. "This is a case where we're seeing both of those things." The first campaign involved a network of about 40 accounts, pages and groups on Facebook and Instagram, operated in Russia and Ukraine. They used fake personas, including computer-generated profile pictures, to masquerade as independent news outlets and posted claims about Ukraine being a failed state.
READ THE STORY: NPR
A QUICK LOOK:
Items of interest
Cyber sand table series: OPM(Article)
FROM THE MEDIA: Last year, I wrote an essay called, “Introducing the cyberspace sand table series: The DNC compromise.” I got the idea from my old military days when, after my unit completed an on-the-ground field exercise, the leaders would all gather around a map board for a “hot-wash” and replay the exercise to see what we could learn. In the future, we would want to repeat all the good things we did and forget all the things that didn’t work. If we were really fancy, we would use an honest to goodness physical contour map complete with sand to represent the terrain (thus the phrase, “sand table”) and plastic army soldiers to represent the units on the ground. Since some network defenders don’t like using the military metaphor in conjunction with infosec, I made the point that hot-washes were no different from when Tom Brady, the recently retired and perhaps most successful NFL quarterback of all time, studied hours of game film each week to prepare for his next contest. I made the case that we, as network defenders, might learn a lot by adopting some version of these sandtable exercises—or if you will, game film reviews—to learn how to improve our own digital defenses. I started by walking us through the infamous Russian compromise of the Democratic National Committee in 2016. In this essay, I'm going to dust off the sandtable and reset it for 2013: the Chinese compromise of the U.S. Government’s Office of Personnel Management (OPM).
READ THE STORY: The cyber Wire
A Case Study in Disinformation(Video)
FROM THE MEDIA: Dr. Michael O’Brien of Texas A&M University at San Antonio, discusses different types of disinformation, spotting Russian troll accounts, and explains how strategic disinformation can quickly turn racial unrest into a misinformation firestorm, as he recalls his experience as dean of the University of Missouri's College of Arts and Science during the turbulent 2015 protests over the death of Michael Brown.
The Return of Hacktivism(Video)
FROM THE MEDIA: This session will use real-world examples to demonstrate how the erosion of boundaries between work and life, coupled with an increasingly distributed workforce, have laid the groundwork for a evolved threat: insider hacktivists. This session will explain what this behavioral shift in employee mindset means and how it impacts the security of your corporate data.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com