Monday, March 07, 2022 // (IG): BB //Weekly Sponsor: ISG
Hackers attack Viasat satellite network in Eastern Europe
FROM THE MEDIA: The hacker attack on the satellite network provider Viasat was apparently a targeted cyber attack. The company offers its customers fast, satellite-based Internet connections – including in Ukraine. Since the beginning of the war, the provider had experienced significant malfunctions. A "connection to the Ukraine conflict" is suspected, according to an internal paper by the German federal government, Spiegel reported. Representatives of several German authorities had previously exchanged information with the US satellite operator. Viasat reported, "that in the Central/ Eastern Europe region, the terminals of commercial customers were sabotaged." Viasat had so far only said that a "cyber attack" was suspected to be behind the failures. The attack caused numerous customers of the KA-SAT service operated by Viasat to no longer have internet access. According to the government paper, the hackers took the decisive step in their attack on the morning of the Russian attack on Ukraine. At 5 a.m. on February 24, the attackers activated a faulty update, causing KA-SAT customers to lose their network access.
READ THE STORY: JPOST
A QUICK LOOK:
How attackers sidestep the cyber kill chain
FROM THE MEDIA: The idea of the cyber kill chain was first developed by Lockheed Martin more than a decade ago. The basic idea is that attackers perform reconnaissance, find vulnerabilities, get malware into victim systems, connect to a command-and-control (C2) server, move laterally to find juicy targets, and finally exfiltrate the stolen data. Attackers can be caught at any point in this process and their attacks thwarted, but this framework missed many types of attacks right from the start. Today it is becoming even less relevant. "The cyber kill chain was a great way to break down the classic steps in a breach," says Michael Salihoglu, cybersecurity managing consultant at Crowe, a public accounting, consulting, and technology firm. It was also a useful tool for defenders to help them come up with strategies to stop the attacks at each point in the chain. "It does fall short in the modern age," Salihoglu says, "and it had some failings at its inception." For example, the cyber kill chain isn't as good at helping enterprises defend against new single-step breaches like open Amazon S3 buckets, against DDoS attacks, or against attacks on third parties where there was little or no visibility into what the attacker is doing. Modern strategies can make companies better prepared to deal with today's threats, including defense in depth and zero trust.
READ THE STORY: CSO Online
A QUICK LOOK:
Anonymous Ops Inject Information into Russia with Media Hacks, Millions of Text Messages
FROM THE MEDIA: As President Vladimir Putin has tried to keep Russians on a diet of force-fed state propaganda about the invasion of Ukraine, hackers have used their access to broadcast the truth about Putin’s war to the citizenry and call on Russians to “oppose the genocide.” And many who have wanted to participate in the #OpRussia campaign but lack hacking skills have reportedly answered the call to use an Anonymous-created tool to send millions of text messages with hard facts about the Ukraine invasion to random Russians. On Friday, state communications watchdog Roskomnadzor said it blocked Facebook and Twitter as the Putin regime has tried to stifle the free flow of information on social media. Putin also signed a bill that was jammed through by pro-Kremlin lawmakers to penalize with up to 15 years in prison those disseminating information about the war that doesn’t fit the Kremlin’s disinformation narrative. Russia is also requiring all servers and domains to be transferred to a Russian intranet by March 11. Major news networks decided to stop broadcasting in Russia or have suspended operations there. Tik-Tok said it was suspending some of its services out of concern for its employees and users in light of the new law.
READ THE STORY: HS Today
A QUICK LOOK:
Major internet service provider Cogent pulls connectivity in Russia amid Vladimir Putin’s Ukraine invasion
FROM THE MEDIA: Internet service provider Cogent told its customers in Russia it was withdrawing its services from the country on Friday. A major internet backbone provider has shut off its services to Russian customers out of fear of being used for “outbound cyber attacks or disinformation”. US-based Cogent, one of the world’s largest internet providers and the second-biggest in Russia, told its customers in Russia it would be terminating its services “in light of the unwarranted and unprovoked invasion of Ukraine”, citing economic sanctions and the “increasingly uncertain security situation” making it impossible for the company to continue. David Schaeffer, Cogent’s chief executive, told The Washington Post that while the company didn’t want to prevent Russian citizens from accessing the internet, it wanted to avoid its networks being used to deliver propaganda or cyber attacks. “Our goal is not to hurt anyone. It’s just to not empower the Russian government to have another tool in their war chest,” he said. While Cogent’s move will not disconnect the country from the internet entirely, it’s likely to slow as other carriers attempt to deal with the extra demand, Doug Madory, director of internet analysis at network tracker Kentik, said.
READ THE STORY: INEWS UK
A QUICK LOOK:
Conti ransomware gang, which leaked ransomware victims’ data, has its own data leaked
FROM THE MEDIA: What is delicious irony to the cybersecurity community at large is a troubling embarrassment to a ransomware gang. The notorious Conti ransomware group, which nailed its colors to the mast by publicly announcing its support for Vladimir Putin’s invasion of Ukraine, and threatened to launch cyber attacks against anyone who targeted Russia, has had its own data leaked. Oh how embarrassing for the criminal gang who extorted millions from businesses by threatening to leak their data, that someone leaked some 160,000 messages between their members as well as their malware source code. I was many of many infosecurity commentators who was contacted via an anonymous email on February 27, with a link to logs of the Conti group’s internal chats.
READ THE STORY: Graham Cluley
A QUICK LOOK:
US senate passes legislation to bolster defense of critical infrastructure
FROM THE MEDIA: The US Senate has passed legislation that promises to both help drive greater transparency around data breaches and ransomware payments and improve support for impacted organizations. The Russian invasion of Ukraine has upended the geopolitical climate. Cyberattacks hitting both countries are proof that threat actors are playing a major role in the early days of the war. Cyberthreats have long been a top concern but the current turmoil is lending an increasing urgency around threats to critical infrastructure beyond the current conflict. Russian-based threat actors proved their effectiveness with the SolarWinds attack in which multiple US government agencies including the Department of Defense, the State Department, and the Department of Homeland Security were breached.
READ THE STORY: Verdict
A QUICK LOOK:
Elon Musk sends NEW Starlink shipment to Ukraine and rushes out urgent update to block ‘Russian jamming’ attack
FROM THE MEDIA: ANOTHER load of Elon Musk's emergency internet satellite dishes are on the way to Ukraine as the country's connectivity crumbles at the hands of Russia. Thousands of satellites owned by Mr Musk's SpaceX company have come as a lifeline for the war torn country, where traditional cabled connections have become severely damaged by the devastating invasion. The entrepreneur tweeted that the focus was now on "cyber defense" and "overcoming signal jamming". It comes after he recently cautioned users that there is a "high" chance Russia will try to spy on them. "Some Starlink terminals near conflict areas were being jammed for several hours at a time," he said. "Our latest software update bypasses the jamming. "Am curious to see what’s next!" The billionaire warned that some Starlink kits already in use near conflict areas are being jammed by Russian forces for several hours. Ukrainian President Volodymyr Zelensky said he was "grateful" for Mr Musk's support during the crisis. The pair spoke last week and discussed possible space projects. But Mr Zelensky remained coy about the exact details, saying: "I’ll talk about this after the war." Mr Musk offered to help after receiving a desperate plea from Ukraine's deputy prime minister at the beginning of the invasion.
READ THE STORY: The Sun
A QUICK LOOK:
The hypocrisy of Russia’s push for a new global cybercrime treaty
FROM THE MEDIA: The same Russia in the middle of invading a neighbor
is preaching respect for state sovereignty online. As the West braces for a possible escalation of Russian ransomware attacks in retaliation for support to Ukraine, the first meeting to negotiate a new global cybercrime treaty began quietly last week at the United Nations in New York – a new treaty ironically pushed on the international community by Russia. For the past decade Russia has strongly advocated for a new global cybercrime treaty despite the existence of the Budapest Convention on Cybercrime, an international cybercrime treaty negotiated by the Council of Europe in 2001 which came into effect in 2004. Since then, 66 countries around the world (including Australia) have ratified the Convention, with more in the process of doing so. Despite being a member of the Council of Europe, Russia never joined the Budapest Convention, claiming the treaty violates principles of state sovereignty by allowing cross-border cybercrime operations. Yes, the same Russia that launched the invasion of a sovereign state that has horrified the world. Russia has instead fought tooth and nail for a new, separate international cybercrime treaty. In 2019, with the support of China, Cambodia, Belarus, North Korea, Myanmar, Iran, Venezuela and Nicaragua – hardly bastions for protecting rights online – Russia presented a resolution for such a treaty to the UN General Assembly.
READ THE STORY: The Interpreter
A QUICK LOOK:
T-Mobile Users Should Take Action After Data Hack, DC AG Warns
FROM THE MEDIA: DC Attorney General Karl Racine released a consumer alert, saying that victims of last year’s T-Mobile data breach should take necessary steps to avoid identity theft. A large amount of personal information pertaining to T-Mobile users that was stolen in August 2021 was discovered to be for sale on the dark web, according to Racine’s statement issued on Wednesday, March 2. Dark web is part of the internet, but requires specific software to access and is particularly popular among cyber criminals who seek to sell hacked information. T-Mobile announced on August 17, 2021, a massive data breach it suffered, saying that the sensitive personal data of millions of current, former, and prospective customers were compromised. “The breach impacted more than 53 million individuals, including 243,680 District residents,” said the statement from Racine. “Among other categories of impacted information, millions had their names, dates of birth, Social Security Numbers, and driver’s license information compromised.” Residents impacted by the cyber attack should place a fraud alert on their credit report, the Office of the Attorney General (OAG) said, adding that it would prompt lenders and creditors to take extra steps to verify the customer’s identity before issuing credit.
READ THE STORY: The DC Post
A QUICK LOOK:
Iran's internet chokepoint caught fire, caused outages
FROM THE MEDIA: A datacenter fire resulted in internet outages across Iran for around three hours last Friday, and it appears the cause was the nation's surveillance apparatus. The fire took place at a building belonging to the Telecom Infrastructure Company (TIC) – the only reseller of connectivity to Iranian internet service providers. The TIC applies content filters so that ISPs receive a feed cleansed of anything Iran's rulers don't want citizens to see – which means religious or political content that disagrees in any way with the views of the revolutionary government. According to Netblocks, the centralized gateway "allows Iranian authorities to control the flow of information to counter cyberthreats, but has also come under scrutiny for its use to limit the public's access to information and international services." As the TIC is a bottleneck, it's also a risk. Hamid Fattahi, CEO of TIC, confirmed the fire and outages, mainly in Tehran and Karaj, in local media which was reposted on the company website. A previous post had stated "a disruption in the center's electrification system" had "led to fire in UPS systems and electrification systems."
READ THE STORY: The Register
A QUICK LOOK:
DXC pulls out of Russia
FROM THE MEDIA: Global systems integrator and solution provider DXC Technology Friday said it will exit the Russian market while providing support to employees there in the wake of Russia’s assault on neighboring Ukraine. With the move, DXC joins fellow global systems integrator Accenture in exiting the Russian market. Several large global IT firms including Apple, Microsoft, Oracle, Google, Intel, AMD, HP Inc., HPE, Dell, and others have also said they are joining historic sanctions against Russia. DXC did not respond to multiple requests by CRN US for more information, including whether the Russian employees are officially being laid off. DXC, in a statement the Ashburn, Va.-based company placed on-line, cited the “unprovoked attack on Ukraine as the reason for its pulling out of Russia. “DXC Technology condemns the unwarranted aggression from the Russian Government that is leading to the death, injury, and displacement of innocent civilians in Ukraine. DXC stands with every person, company, and government across the world that is calling for an immediate end to this unprovoked attack on Ukraine,” DXC wrote. DXC is exiting the Russian market, but looking to support its employees in the country. “Based on the aggression from the Russian Government, we are no longer pursuing business in Russia and have committed to exit this market,” DXC said in a prepared statement. “We have approximately 4,000 colleagues in Russia and are supporting them in this time of need. We continue to support and maintain rigorous compliance with all applicable sanctions levied against Russia.”
READ THE STORY: CRN
A QUICK LOOK:
Items of interest
Yale Cyber Leadership Forum hosts session on “Disinformation and the Future of Democracy”(Article)
FROM THE MEDIA: The Yale Cyber Leadership Forum held its second session last Friday with two panel discussions on “Disinformation and the Future of Democracy.” The forum, which this year is centered on “Bridging the Divide: National Security Implications of Artificial Intelligence,” is a collaboration between the Jackson Institute for Global Affairs and the Yale Law School. It aims to connect law, technology, policy and business approaches to cybersecurity. “Disinformation really was not considered part of cybersecurity as it may have been originally defined,” Executive Director of International Security Studies Ted Wittenstein said. “It’s not about the systems and networks themselves as much as it’s about the people and our perceptions, […] the human dimension of cybersecurity.”
READ THE STORY: Yale Daily News
The Raiding of Facebook's Metaverse(Video)
FROM THE MEDIA: Hello guys and gals, it's me Mutahar again! This time we take a look at what happens when one of the largest imageboards on the Internet attempts... poorly, to jump in and overtake the world's most expensive metaverse.
SpaceX Starlink system may be targeted in Ukraine | Russia looks to China for collaboration in space(Video)
FROM THE MEDIA: SpaceX Starlink system may be targeted in Ukraine | Russia looks to China for collaboration in space
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com