Wednesday, March 02, 2022 // (IG): BB //Weekly Sponsor: ISG
Code vulnerability failures in manufacturing on display in Toyota supply chain attack
FROM THE MEDIA: In the aftermath of a suspected cyberattack on a Toyota parts supplier which caused the carmaker to suspend domestic operations in Japan Tuesday, researchers point to the need for greater focus on unchecked software vulnerabilities throughout any manufactured product’s lifecycle. Indeed this week's incident demonstrate a more sweeping challenge facing security teams, as demands for integration and speed of development trump the diligence in code integrity. That translates to “solving for secrets in code” in lieu of a comprehensive solution to address code related risks, said Pan Kamal head of product at BluBracket. “We have also seen this with developers becoming increasingly involved with the deployment of application security, as the software deployment has accelerated and application security has become more complex," he continued. "Vulnerabilities in code are contributing to it becoming the largest cyberattack surface.” Slava Bronfman, co-founder and CEO at Cybellum, an automotive cybersecurity company, added that for manufacturing plants and other critical infrastructure companies to protect themselves as much as possible from cyberattacks, they need to start at the supply chain and continuously monitor for vulnerabilities, starting with equipment and systems and ending with production.
READ THE STORY: SC Magazine
A QUICK LOOK:
FCC looks into BGP vulnerabilities, in light of Russian hacking threat
FROM THE MEDIA: A core internet routing protocol is at the center of a proposed FCC investigation amid potential threats to the internet at large from state actors like Russia. The FCC is launching an inquiry into security issues surrounding the Border Gateway Protocol (BGP), a widely used standard used to manage interconnectivity between large portions of the Internet. The move, announced Monday, was issued in response to "Russia's escalating actions inside of Ukraine," according to the commission's notice of inquiry. BGP is, in essence, a method of ensuring that independently managed networks that make up the global internet are able to communicate with one another. Its initial design, which the FCC said is still in widespread use today, does not contain important security features, meaning that, simply by misconfiguring its own BGP information, a bad actor could potentially redirect Internet traffic wherever it sees fit. This could let that attacker send incorrect information to its targets, read and compromise login credentials, or simply shut down whichever kinds of traffic it wishes. The potential consequences of a BGP hack are extreme, the FCC said, noting that the types of network effects such an attack can cause include fallout for critical infrastructure like financial markets, transportation and utility systems.
READ THE STORY: Networkworld // Nexgov
A QUICK LOOK:
Suspected Ransomware Cyber Attack Disrupts Expeditors International’s Logistics Operations Worldwide
FROM THE MEDIA: Logistics operations company Expeditors International shut down its computer systems after a targeted cyber attack that limited its ability in managing customs and distribution activities. Expeditors said the February 20 incident affected its global operations forcing it to initiate crisis management and business continuity plans. However, its services would remain limited until the complete restoration of its computer systems from data backups. With a turnover of $10.1 billion and over 18,000 employees, Expeditors International manages distributions in over 350 locations globally. Expeditors International’s services include transportation, warehousing, distribution, and customs. The logistics operations giant shut down most of its systems worldwide to prevent further damage following Sunday’s cyber attack. “Upon discovering the incident, we shut down most of our operating systems globally to manage the safety of our overall global systems environment,” the company wrote. The logistics operations giant did not provide an expected date of resumption of normal operations but said it was working with global cybersecurity experts to manage the incident.
READ THE STORY: CPO Magazine
A QUICK LOOK:
Conti Ransomware Group Diaries, Part I: Evasion
FROM THE MEDIA: A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees. The records also provide insight into how Conti has dealt with its own internal breaches and attacks from private security firms and foreign governments. Conti makes international news headlines each week when it publishes to its dark web blog new information stolen from ransomware victims who refuse to pay an extortion demand. In response to Russia’s invasion of Ukraine, Conti published a statement announcing its “full support.” “If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use all our possible resources to strike back at the critical infrastructures of an enemy,” the Conti blog post read. On Sunday, Feb. 27, a new Twitter account “Contileaks” posted links to an archive of chat messages taken from Conti’s private communications infrastructure, dating from January 29, 2021 to the present day. Shouting “Glory for Ukraine,” the Contileaks account has since published additional Conti employee conversations from June 22, 2020 to Nov. 16, 2020.
READ THE STORY: Krebs on Security // Tech Target
A QUICK LOOK:
Ukrainian cyber resistance group targets Russian power grid, railways
FROM THE MEDIA: A Ukrainian cyber guerrilla warfare group plans to launch digital sabotage attacks against critical Russian infrastructure such as railways and the electricity grid, to strike back at Moscow over its invasion, a hacker team coordinator told Reuters. Officials from Ukraine's defense ministry last week approached Ukrainian businessman and local cybersecurity expert Yegor Aushev to help organize a unit of hackers to defend against Russia, Reuters previously reported. On Monday, Aushev said he planned to organize hacking attacks that would disrupt any infrastructure that helps bring Russian troops and weapons to his country. "Everything that might stop war," he told Reuters. "The goal is to make it impossible to bring these weapons to our country." Aushev said his group has already downed or defaced dozens of Russian government and banking websites, sometimes replacing content with violent images from the war. He declined to provide specific examples, saying it would make tracking his group easier for the Russians.
READ THE STORY: Reuters
A QUICK LOOK:
HermeticWiper poses increasing cyber risk to Ukraine
FROM THE MEDIA: ESET researchers have discovered several new threats to the Ukrainian government, including a wormable component to HermeticWiper. Last week, the antimalware vendor published a blog detailing the new data-wiping malware it dubbed HermeticWiper that affected hundreds of machines in Ukraine. At least five organizations in the country suffered cyber attacks as a result, and ESET noted the timing as it "preceded the Russian military invasion by a few hours." In a new blog Tuesday, ESET said not only did it uncover a wormable component to HermeticWiper dubbed HermeticWizard, but it also detected another wiper in a Ukrainian government network it is tracking as IsaacWiper. The most recent malware was discovered Feb. 24, one day after HermeticWiper was used in the "destructive campaign" that targeted multiple Ukraine organizations. The second attack involving IsaacWiper affected the Ukranian organization from Feb. 24 through Feb. 26, according to the blog. Researchers are currently assessing if there is a link between the malwares. "It is important to note that it [IsaacWiper] was seen in an organization that was not affected by HermeticWiper," the blog said.
READ THE STORY: Tech Target
A QUICK LOOK:
Tasmania's internet outage caused by damaged Telstra cables demonstrates the state's vulnerability
FROM THE MEDIA: The vulnerabilities of Tasmania's links to the outside world have again been on show, with an errant "big drill" on the mainland and some local roadworks sending the state into a communications blackout for hours. In what one expert described as an "unfortunate confluence of events," two fibre-optic cables connecting the state to mainland Australia were cut within the space of two hours on Tuesday, resulting in an outage which lasted over five hours. Inbound and outbound flights were delayed, banks and ATMs shut down, businesses lost access to EFTPOS and people were unable to access social media. Tasmanians, no strangers to cable dramas, were mostly without telecommunications for hours. The disruptions were caused by two separate cuts to two of the three cables connecting Tasmania to the mainland, occurring within two hours of each other. About 11am, one of Telstra's fibre cables across Bass Strait was cut at Frankston, Victoria, by what the company later said was "civil construction" and a failure to "dial before you dig". Then, about 1pm, the other Telstra cable was damaged on the Tasmanian side, with the company again blaming "third parties". A Telstra spokesperson told the ABC the damage on the Victorian side was due to a "big drill" auger rupturing the cable, with technicians having to haul and reconnect nearly a kilometre of fibre.
READ THE STORY: ABC AU
A QUICK LOOK:
How Attackers use Typosquatting Domains for BEC and Ransomware Attacks
FROM THE MEDIA: People tend to associate typosquatting domains with only phishing-related activities but in reality, these domains are used in a wide variety of attacks. Attackers use these domains in attacks such as brand impersonation, BEC scams, and ransomware campaigns. Attackers use email addresses with typosquatting/look-alike domains to take advantage of employees who are in a hurry and might just skim over an email address and won't notice a difference if only one or two characters are different. Since a majority of BEC scam emails do not contain any links or malicious attachments. This allows such emails to easily slide by the email spam and malware filter protections. Attackers acquire a domain name similar to that of the target company name and uses emails addresses from the acquired domain to send BEC scam emails. For example, if a company employee's legitimate email address is john.doe@examplecompany.com, the attacker may acquire examplec0mpany.com and use the email address john.doe@examplec0mpany.com in scam campaigns.
READ THE STORY: Security Boulevard
A QUICK LOOK:
Cross-Border Transfer of Personal Information under China’s Cybersecurity Law
FROM THE MEDIA: China’s Cybersecurity Law (the “Cybersecurity Law”) took effect on June 1, 2017. The Cybersecurity Law consists of 79 articles in total. According to Article 2 thereof, the Cybersecurity Law would apply to the construction, operation, maintenance and use of cyberspace within the territory of China, as well as to the supervision and administration of cybersecurity within the territory of China. This blog post will discuss those provisions of the Cybersecurity Law that would be most relevant to the protection of personal information. Any company which collects, stores, or processes personal information within the territory of China may find it useful to get familiar with such provisions. Under Article 37 of the Cybersecurity Law, personal information and important data collected and generated in the operation of critical information infrastructure operators within the territory of China shall be stored within China. While the Cybersecurity Law does not provide the detailed definition and scope of critical information infrastructure operators, Article 31 thereof does state that China will focus on protecting certain important industries including, without limitation, public communications and information services, energy, transportation, finance, public service, to which, if any destruction, loss of function or data leakage happens, would endanger national security or public interest.
READ THE STORY: National Law review
A QUICK LOOK:
Russian cyber attacks against US banks increasing
FROM THE MEDIA: Russia appears to have officially declared cyberwar on the US, taking what’s been described as preliminary steps at crippling its banking system and possibly other major industries, the Post has learned. The Biden Administration has been working with bank executives for months about preparing for cyberattacks in as retaliation over US sanctions. The big US banks — JP Morgan, Citigroup, Bank of America, Goldman Sachs — are under constant attacks by cyber criminals looking to disrupt operations and steal client information. The usual suspects are most often located in Iran, China and of course Russia. Bank executives tell the Post they’ve spent billions of dollars annually to protect against cyber criminals, but they say the recent wave of attacks is different. Sources describe them as a subtle but intensified assault on banks’ technological infrastructure that began after the sanctions over Ukraine were announced. Executives declined to comment on the record, fearing that any comments will embolden the cyber criminals and their proxies in the Russian government. They referred calls to Financial Services Information Sharing and Analysis Center, a cyber-security banking industry consortium. A spokesman for the group said in a statement: “We are in close communication with our member firms and relevant authorities around the world to monitor cyber activity against the financial sector. At this time, the sector is not seeing any significant threats attributable to any geographic origin. We continue to actively assess the situation through enhanced monitoring and cross-border threat intelligence sharing across the financial services sector.”
READ THE STORY: NYPOST
A QUICK LOOK:
Britain’s top secret army of aggressive cyber hackers deployed during Ukraine crisis
FROM THE MEDIA: BRITAIN’S top secret army of aggressive cyber hackers have been deployed during the Ukraine crisis, The Sun can reveal. The shadowy National Cyber Force (NCF) specializes in offensive online warfare - rather than merely defending the UK against attacks. Last night Downing Street would not confirm or deny they were active in Eastern Europe, but security sources told The Sun the elite online unit are actively engaging in cyberspace. One senior insider said: “It’s fair to say they are working long hours on rolling shifts.” The existence of the NCF was first revealed by the Prime Minister in late 2020. It brings together spies from MI6 as well as the Ministry of Defense expertise and the government eavesdroppers at GCHQ in Cheltenham. Foreign Secretary Liz Truss said last year: "The National Cyber Force will help confront aggressive behavior from malign actors” and "confront aggressive behavior". It’s understood their tactics include penetrating air defenses, mobile phone activity or computer servers to prevent attacks.
READ THE STORY: The Sun
A QUICK LOOK:
Items of interest
Unlearned Lessons from the First Cybered Conflict Decade – BGP Hijacks Continue(Paper)
FROM THE MEDIA: Unlearned lessons are those where the harm, attack methods, or malicious tools are demonstrated publicly and yet neglected by those who need to respond or better plan for future attacks. By 2010, reports of network traffic hijack attacks – called here Internet Protocol (IP) or Border Gateway Protocol (BGP) hijacks – had already surfaced. Most notably publicized was the China Telecom IP hijack attack in that year where 15% of the global Internet traffic was rerouted or “hijacked” through servers in China. While the scale of this original event has been debated, there is little doubt that throughout the following decade, attacks of this kind continued. Eight years later, in 2018, we reported on China Telecom using its otherwise seemingly innocent network servers to reroute (or hijack) Internet traffic through China at its will. At the time, the company had 10 “points of presence” (PoPs, locations where a company’s routing equipment is located) in North America, each strategically located and available to hijack or divert network traffic through China from North America. The 2018 paper drew significant attention to the problem by the general public (through popular media outlets), the cybersecurity and research communities, and various stakeholders in western nations’ governments, and yet the lesson is still unlearned by many of the same nations currently being victimized by China Telecom illicit activity and other BGP hijacks.
READ THE STORY: JSTOR
BGP Hijacking - Detection and Prevention(Video)
FROM THE MEDIA: Discusses the SIGCOMM IMC paper "Detecting Prefix Hijackings in the Internet with Argus", by Xingang Shi, Yang Xiang, Zhiliang Wang, Xia Yin, and Jianping Wu. 2012. In Proceedings of the 2012 Internet Measurement Conference (IMC '12). Association for Computing Machinery, New York, NY, USA, 15–28. https://doi.org/10.1145/2398776.2398779
US official: West to hunt down Russian oligarchs' yachts, jets, fancy cars(Video)
FROM THE MEDIA: Western nations are going to hunt down Russian oligarchs’ “yachts, jets, fancy cars and luxury homes,” says a US official, after White House, EU and other allies announce new sanctions against Russia.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com