Daily Drop(67)

3-6-22

Sunday, March 06, 2022 // (IG): BB //Weekly Sponsor: ISG

Russia weighs risks of launching cyberattacks against the West

FROM THE MEDIA: Although the United States is bracing for retaliatory Russian cyberattacks, experts in the field say the Kremlin is likely still weighing whether destructive action in cyberspace is worth the blowback. Russia has shown cyber restraint, at least for the moment, even as the West imposes sanctions that have quickly strangled its economy and targeted government leaders and oligarchs. “The question is not ‘can Russia carry out cyberattacks against Europe or the United States,’ ” said Melissa Griffith, a senior program associate with the science and technology innovation program at The Wilson Center. “The question is ‘what would Russia have to gain from and what would they risk by carrying out cyberattacks against the United States and Europe.’ ”  Griffith added that intentionally crippling U.S. critical infrastructure through a cyberattack is “risky and unwise” as the U.S. prepares to take countermeasures against Russia, such as imposing further economic sanctions. The U.S. and Western Europe have taken unprecedented measures against Russia, cutting the country off from roughly $600 billion in reserves held by the Central Bank of Russia, cutting off Russian access to the U.S. dollar and banning the state banks from using SWIFT, a messaging system used by banks to conduct international transactions. 

READ THE STORY:  The Hill

A QUICK LOOK: 

Cyber attacks by Iran hackers on rise

FROM THE MEDIA:  While the threat to India’s strategic cyber assets by hackers from Pakistan and China is a known phenomenon, of late, in what is being perceived as a new phenomenon by cyber security experts, India’s government departments have been facing breaches from hackers in Iran. According to highly placed sources, in recent weeks several government departments, including defense, banking, state police departments, education, telecom, and private IT companies have come under attack by Iranian hackers. Sources say that most of these attacks have been observed in Kerala, followed by New Delhi. Similar cyber attacks were also observed in states such as Bihar, Assam, West Bengal, Andhra Pradesh, Telangana and Maharashtra. Sources in the Ministry of Home Affairs say that experts have been roped in to deal with a new wave of ransomware attacks whose sources have been traced back to Iran. A senior official told the New Indian Express that the nature of attacks being faced increasingly from Iran is described in cyber security parlance as ‘lock and leak’ operations. In these attacks the hackers lock down an online system completely by using ransomware, download the sensitive information from the system, and then blackmail the victims into paying ransom to the hackers, failing which the attackers release the data on the Dark Web.

READ THE STORY:  New Indian Express

A QUICK LOOK: 

Ukrainian websites under 'nonstop' attack

FROM THE MEDIA: Ukrainian websites have been under nonstop attack from Russian hackers since the Kremlin launched an invasion of the country last month, Kyiv's cyber watchdog agency said on Saturday. In a post to Twitter, Ukraine's State Service of Special Communications and Information Protection said that "Russian hackers keep on attacking Ukrainian information resources nonstop". The agency said that sites belonging to the presidency, parliament, the cabinet, the ministry of defense and the ministry of internal affairs were among those hit by distributed denials of service (DDoS) which work by directing a firehose of traffic towards targeted servers in a bid to knock them offline. The agency said the sites were so far weathering the storm. "We will endure! On the battlefields and in the cyberspace!" it said. Russia's foreign ministry could not be reached for comment. In the past, Russia has denied it has been behind cyber attacks, including ones affecting U.S. elections. Russian sites have also been hammered with DDoS attacks. Ukraine has called on its hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops. read more On Friday Russia's National Coordinating Center for Computer Incidents said there had been "massive computer attacks" on Russian information resources.

READ THE STORY:  Reuters

A QUICK LOOK: 

SpaceX shifts resources to cybersecurity to address Starlink jamming

FROM THE MEDIA:  Citing Starlink jamming “near conflict areas,” Elon Musk said March 5 that SpaceX will be “reprioritized to cyber defense & overcoming signal jamming” at the expense of “slight delays” in Starship and Starlink V2. In a series of overnight tweets, Musk, founder and chief executive of SpaceX, said the company was shifting its resources in response to jamming of terminals, presumably in Ukraine. A recent update to Starlink software “bypasses the jamming,” he added, but did not elaborate. The moves come a week after Musk responded to a request by Ukrainian Vice Prime Minister Mykhailo Fedorov, the country’s minister of digital transformation, to provide Starlink service in the country to ensure access if Russia cut off other lines of communications. Musk said Feb. 26 that Starlink service has been turned on in the country and, two days later, an initial shipment of at least several dozen Starlink terminals arrived in Ukraine. Neither SpaceX nor Ukrainian government officials have disclosed how many Starlink terminals are active in the country. Musk tweeted March 3 that SpaceX made other software changes to reduce the terminal’s power consumption, allowing it to be powered by a cigarette lighter in a car, and to enable roaming on moving vehicles.

READ THE STORY:  Spacenews

A QUICK LOOK:

Romanian hacker extradited to Texas on charge of stealing credit card numbers

FROM THE MEDIA:  A foreign hacker will face a jury in Texas after he was extradited March 3 from Bucharest, Romania, after he sold millions of credit card numbers he got using malware, according to the U.S. Department of Justice. Sorin Becheru, 35, was arrested by Romanian authorities Jan. 1 and flown to Texas by the FBI to face charges of conspiracy to commit wire fraud in connection with access devices., according to a news release from the Justice Department. The extradition was done under a bilateral extradition treaty between the U.S. and Romania. The Justice Department accuses Becheru of using malware that stole credit card numbers from point-of-sale devices with servers located in the U.S. At one point, he had information for more than 240,000 credit cards “belonging to victims located in the (Justice Department’s) Northern District of Texas and elsewhere.” “Malware is an increasingly insidious threat to U.S. companies and consumers. With just a few keystrokes, sophisticated hackers can compromise millions of accounts,” U.S. Attorney Chad Meacham said in the news release. “The Justice Department will not hesitate to pursue cyber criminals, including those who operate abroad. In the meantime, we encourage Americans to take steps to guard their personally identifiable information online.”

READ THE STORY:  Star Telegram

A QUICK LOOK:

Russia-Ukraine war: Telegram’s new battleground for cybercriminals

FROM THE MEDIA:  Cyber criminals and hacktivists have leveraged encrypted instant-messaging application Telegram for conflict-related activities, over the war between Russia and Ukraine, according to data released by cybersecurity firm CheckPoint Research (CPR). It showed that cyber-attacks on Ukraine’s government and military sector surged by a staggering 196 per cent in the first three days of combat, while cyber-attacks on Russian organizations increased by four per cent. CPR has also warned that fraudulent emails are being sent to dupe people who are seeking to donate to Ukraine from abroad. Since the surge of the conflict on February 24, CPR researchers found about six times more groups on Telegram concerning the conflict, than the day before the invasion. The researchers observed three types of rapidly growing groups: Cyber-attack groups against Russia that urge followers to attack Russian targets in different tools and ways, mainly DDoS; groups urging followers to support Ukraine by fundraising, of doubtful authenticity, often suspected to be fraud; and numerous “news feed” groups, airing updated and “exclusive” news reports about the conflict, bypassing mainstream news outlets. Further, the cyber hacktivists are choosing Telegram to transfer messages, cyber arms and tools, and are “pointing” attackers to relevant Russian targets. “Since the beginning of the war, we have seen tens of groups being created daily. Some groups boast over 250,000 users,” CPR researchers said.

READ THE STORY:  Siasat

A QUICK LOOK:

Ukraine to join NATO cyber defense center as 'contributing participant’

FROM THE MEDIA: Ukraine will join the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) as a "contributing participant", the NATO-accredited military research institution said in a statement on Friday. "Ukraine could bring valuable first-hand knowledge of several adversaries within the cyber domain to be used for research, exercises and training," CCDCOE Director Colonel Jaak Tarien said in a statement on the CCDCOE website. The CCDCOE, which is based in Estonia, would benefit from Ukraine's "valuable experience from previous cyberattacks", the statement said. Ukraine would be admitted to the centre as a "contributing participant" after writing to express its interest in joining the NATO CCDCOE in a letter, the statement said. "The centre has already expanded its membership outside the NATO nations," it added.

READ THE STORY:  Reuters

A QUICK LOOK:

Mastercard Statement on Suspension of Russian Operations

FROM THE MEDIA:  For more than a week, the world has watched the shocking and devastating events resulting from the Russian invasion of Ukraine. Our colleagues, our customers and our partners have been affected in ways that most of us could not imagine.  We have previously shared the steps we have taken in response to these events, with the well-being and safety of our employees being our first and foremost priority. And as we have navigated and complied with our regulatory commitments, we have been in constant dialogue with our customers, partners and governments. We’ve received perspectives from our employees, in addition to people across the industry, consumers and our shareholders. We have also considered what would be most important to support the continued availability of services, if possible, to impacted people in the region.  It’s with all of this in mind – and noting the unprecedented nature of the current conflict and the uncertain economic environment – we have decided to suspend our network services in Russia.  This decision flows from our recent action to block multiple financial institutions from the Mastercard payment network, as required by regulators globally.  

READ THE STORY:  Mastercard

A QUICK LOOK:

Hackers Threaten To Leak "Nvidia's Most Closely Guarded" Secrets

FROM THE MEDIA: The ransomware group known as Lapsus recently threatened to release “Nvidia’s most closely guarded trade secrets.” These were stolen during a cyberattack last month. Lapsus just published the personal information of over 71,000 current and former employees at the company in order to prove its point. Nvidia claims to be "aware of a cybersecurity incident which impacted IT resources." “We request that Nvidia commits to completely open source their graphics processing unit drivers for Windows, MacOS, and Linux from now on and forever,” the ransomware group said in a statement. Should the company not acquiesce to the request, Lapsus will “release the complete silicon, graphics, and computer chipset files for all recent Nvidia graphics processing units.” Lapsus noted that Nvidia can either “make current and all future drivers for all cards open source” or face the prospect of having the ransomware group “release the entire silicon chip files so that everyone not only known your driver’s secrets, but also your most closely guarded trade secrets for graphics and computer chipsets, too!” Nvidia previously refused to remove a cryptocurrency mining limiter from its graphics cards, prompting the demand by Lapsus to make their drivers open source. The hackers have already released the source code for the proprietary deep learning super sampling technology.

READ THE STORY:  The Gamer

A QUICK LOOK:

Lapsus$, the group that hacked Nvidia, goes after Samsung

FROM THE MEDIA: Ransomware gang Lapsus$, which recently targeted US chipmaker Nvidia, has now posted sensitive data obtained from South Korean giant Samsung’s servers. According to a report by Bleeping Computer, the anonymous group said it managed to breach Samsung servers and published nearly 190GB of sensitive data online, including original source codes for the company’s applications and data related to various projects. In the week gone by, Lapsus$ was also responsible for the massive security breach at Nvidia, which hit back at it. Lapsus demanded that Nvidia push a firmware update to its 30-series graphics processing unit (GPU) that removes the limitations on cryptocurrency mining on the cards. At a market cap of about $600 billion, Nvidia is the most valuable chipmaker in the United States. It is known for its GPUs that enhance videogaming experiences and advanced computer simulations, a Reuters report said. Samsung has, so far, not disclosed the severity of the breach but several officials said they were assessing the situation. Unlike the Nvidia breach, where Lapsus$ demanded the removal of Lite Hash Rates, or LHR, from the 30-series GPUs, no demands have been set forward for Samsung. It is also not clear whether Samsung or Lapsus$ have made contact.

READ THE STORY:  Money Control

A QUICK LOOK:

What Israel Can Do for Ukraine – and What It Can't

FROM THE MEDIA: Israel faces growing pressure to take a more explicitly pro-Ukrainian position, but it fears angering Russia. On Iron Dome, mediation, field hospitals and cold hard reality, this is what Israel can actually offer Ukraine. To paraphrase FDR’s immortal words, February 24, 2022, the day Russia invaded Ukraine, will live in infamy. Once again, a ruthless dictator of seething resentments and unbridled ambition, has challenged the world order. Now as then, it will not end with Ukraine. Now, as then, states near and far, are called upon to take a stand. The international community has rapidly banded together to impose severe economic sanctions on Russia. Even Switzerland has joined. The U.S. dispatched 15,000 additional troops to Europe and committed to another 12,000, as necessary. NATO states are rushing military assistance to Ukraine, largely anti-aircraft and anti-tank weapons. Sweden, a non-NATO state, is also doing so. Israel, perhaps more than any other people, relies on a moral claim for international support and is expected to take a stand. More importantly, we should expect this of ourselves.

READ THE STORY:  Haaretz // The guardian

A QUICK LOOK:

Items of interest

Anonymous Claims More Than 2,500 Targets Hacked in First Week(Article)

FROM THE MEDIA: More than 2,500 websites linked to the Russian and Belarusian governments along with state-run media, banks, hospitals, airports, and companies have been hacked in the week since the Anonymous collective declared that they launched cyber operations against Russia in response to the invasion of Ukraine, a prominent Anonymous account reported this evening. The antiwar hackers have also gone after pro-Russian hackers, swiping and leaking thousands of internal chats from the Conti ransomware group, as well as military communications and more. “IP cameras were put in place to monitor #Ukrainian movements,” one Anonymous account posted on Twitter. “We made sure to lock the Russians out of their own little spying devices by changing their default passwords and knocking their stuff offline.” And Anonymous accounts reported that they’re now battling Russian disinformation and trolls. State-affiliated Russia Today declared that “Anonymous gets a taste of its own medicine” as pro-Kremlin hackers “struck back at both Anonymous and Ukrainian pages,” prompting Twitter accounts associated with the collective to note that Anonymous is a decentralized movement with no official website, channel or social media platform. Access was blocked to the RT article this evening.

READ THE STORY:  National Cyber Security

The Largest Cyberwar In History Is Happening Right Now(Video)

FROM THE MEDIA: Hello guys and gals, it's me Mutahar again! This time we I wanted to share some developments in the world of Computer safety with you and talk about just how so many companies and organizations are seeing the next generation of malware and how you possibly can be affected from the fallout.

Anonymous Message For Russian Citizens(Video)

FROM THE MEDIA: Anonymous group message for the Russian Citizen, wake up.

About this Product

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com