Tuesday, March 08, 2022 // (IG): BB //Weekly Sponsor: ISG
SpaceX plans another Starlink launch as Ukraine uses the service during conflict
FROM THE MEDIA: SpaceX plans to launch more Starlink communications satellites from Florida on Wednesday even as the Ukrainian government uses the service during its defense against the Russian invasion. The use of satellite communications by defenders in a conflict, where ground communications may be destroyed at any moment, can make a big difference in the outcome, John Scott Railton of the University of Toronto, told UPI in an interview. "Having Starlink capability is clearly helpful to Ukraine," said Railton, a senior researcher at the university's Citizen Lab in the Munk School of Global Affairs. "I think it just emphasizes that these low-Earth orbit systems are a valuable addition in a crisis whether it's Tonga after an earthquake or, you know, war and destruction in Ukraine." SpaceX's Starlink makes broadband, high-speed Internet service available in most places on the planet, if the service is active in that location and the ground user has a receiver dish. SpaceX founder and CEO Elon Musk said on Twitter that SpaceX had activated Starlink service in Ukraine on Feb. 26. Two days later, Ukraine's Vice Prime Minister Fedorov Mykhailo, tweeted a photo of Starlink ground terminals arriving.
READ THE STORY: UPI
A QUICK LOOK:
Elon Musk refuses to block Russian news sites from Starlink satellites
FROM THE MEDIA: Elon Musk claims that he has resisted demands from several countries to block Russian news sites from his Starlink internet satellites amid the ongoing invasion of Ukraine. “Starlink has been told by some governments (not Ukraine) to block Russian news sources,” the world’s richest man tweeted over the weekend. “We will not do so unless at gunpoint.” Musk added: “Sorry to be a free speech absolutist.” Since the Russians launched their invasion of Ukraine some 10 days ago, several media outlets affiliated with the Kremlin have been deplatformed by major tech companies in the United States. Reddit last week banned users from posting links to RT and Sputnik, joining other tech giants that also imposed similar restrictions such as Microsoft, Twitter, YouTube, Meta, Snapchat, TikTok and Spotify. Even Telegram, the encrypted messenger service, bowed to European pressure to remove RT, where it had a large following. It is believed that Russian disinformation was allowed to spread freely on Telegram.
READ THE STORY: NYPOST
A QUICK LOOK:
The coder supply chain runs through Ukraine
FROM THE MEDIA: The maps that connect Lyft customers with their nearest driver, the grammar software that tells you when to use “whom” instead of “who” and the targeting system that helps players of the newest Assassin’s Creed video game aim a weapon all owe a debt of gratitude to programmers in Ukraine. The country is among the largest exporters of information-technology services in Europe, known for its well-educated and affordable labor market. There are roughly 250,000 technology professionals in the country. Russia’s invasion of Ukraine imperils many of their lives. It has also disrupted projects at a raft of global tech companies and startups. Employers are now arranging escape plans for their workers in Ukraine and setting aside financial aid. Apple and Google have outposts there, as does France’s Ubisoft Entertainment and Israel’s Wix.com. For many international companies, Vitaly Sedler is their envoy to Ukraine. Sedler started the outsourcing firm Intellias 20 years ago in the western city of Lviv. It employs about 2,000 engineers in Ukraine today. “Engineering talent in the country is very strong,” said Sedler. Coders make $3,000 to $4,000 a month, he says, far exceeding the national average but paltry by the standards of Silicon Valley.
READ THE STORY: Seattletimes
A QUICK LOOK:
China launches test satellites for orbiting broadband service
FROM THE MEDIA: GalaxySpace plans 144 birds for small-footprint high-surveillance service. Chinese satellite broadband outfit GalaxySpace has launched the first satellites in a planned low Earth orbit constellation that will eventually offer a wireless internet service. The sats went aloft over the weekend atop a Long March 2-C rocket that also hauled an Earth observation sat into the heavens. GalaxySpace aims to provide 5G internet at speeds of 40Gbit/sec. Last January, GalaxySpace named the test network, nicknamed "little spider web", and promised it would provide low orbit broadband for more than 30 minutes at a time and inform development of a planned 144-satellite constellation. The company said that the price of creating such a satellite has halved since its first one was built, and it has managed to keep the weight of each unit to 190kg. "The successful mission proved that China has built up the low cost, batch development, and networking operation capabilities of satellites – all factors that are necessary to build a satellite internet mega-constellation," said state sponsored media, Global Times. The elephant in the room is that 144 satellites is not very many, compared to rivals like SpaceX's 2,000-birds-and-growing Starlink constellation or planned constellations from Amazon. Starlink has more than 2,000 satellites already in orbit and Amazon's planned fleet calls for 7,774 units – up from an original 3,236. GalaxySpace's planned fleet is also on the low side compared to local rivals. The Hongyan and Hongyun projects – owned by the state-owned China Aerospace Science and Technology Corporation and China Aerospace Science and Industry Corporation, respectively – have been launching test satellites since 2018. Hongyan plans 324 total satellites, while Hongyun will have 157.
READ THE STORY: The Register
A QUICK LOOK:
Russia, China May Be Coordinating Cyber Attacks: SaaS App Security Firm
FROM THE MEDIA: A SaaS security company says a spike in cyber attacks from Russia and China in recent weeks suggests the two countries may be coordinating their cyber efforts. SaaS Alerts, which helps managed service providers (MSPs) manage and protect customers’ SaaS apps, mentioned the finding in conjunction with the release of its annual SaaS Application Security Insights (SASI) report. “Over the last several weeks, SaaS Alerts has seen a sharp rise in activity from countries with consistently high levels of both attempted and successful attacks originating within their borders — Russia and China,” the company said in a statement. “The vast volumes of data analyzed suggests these countries may even be coordinating attack efforts. Per analysis available from SaaS Alerts, attack trend lines that compare Russia and China show almost the exact same pattern.” eSecurity Planet checked with some well-known threat intelligence services, and while they didn’t conclude that the attacks are coordinated, they confirm that China has increased cyber activities in Ukraine and Europe. Ben Read, Mandiant’s Director of Intelligence Analysis, told eSecurity Planet that “we’ve seen similar activity to Google with China targeting Europe/Ukraine, but no indication it’s coordinated with Russia.”
READ THE STORY: Esecurity Planet
A QUICK LOOK:
Draft registration system gets $6 million in funding for cyber, data analysis upgrades
FROM THE MEDIA: The General Services Administration has awarded millions of dollars in technology modernization funding to the U.S. Selective Service System to help boost the cybersecurity of its draft registration system. The nearly $6 million will go toward a number of improvements to the IT operations of the small agency, which has just 115 employees and an annual budget under $30 million. The upgrades include modernization of its Registration, Compliance and Verification software system, including migration to a cloud-based software and data architecture, enhanced protections around personally identifiable information and user experience upgrades for public facing parts of the system. While no draft is currently present, registration remains in place as a way for government to keep a list of names of men from which to draw in case of a national emergency requiring rapid expansion of our Armed Forces. The RCV system is an Intranet application used by only authorized SSS’ personnel. It provides a central repository for all data related to active registrants and potential violators.
READ THE STORY: SC Magazine
A QUICK LOOK:
Ukraine at D+11: Stalled advances, intense fires, and cyber ops.
FROM THE MEDIA: Within hours of agreeing to cease-fires late last week that would have permitted civilians to evacuate areas of active fighting, Russian forces resumed shelling the evacuation routes they'd agreed to protect. The attacks have been particularly severe and indiscriminate around the southern port city of Mariupol, where Ukrainian resistance continues. Russia today declared new humanitarian cease-fires in areas with heavy refugee traffic, but it seems unlikely that these guarantees will prove any more reliable than those that accompanied the earlier cease-fire promises. A surprisingly slow advance yields to tactics out of Russia's "Syria playbook." The UK's Ministry of Defense, in its regular update on Russia's war against Ukraine, yesterday assessed the situation as follows: "Russian forces probably made minimal ground advances over the weekend. It is highly unlikely that Russia has successfully achieved its planned objectives to date. Over the past 24 hours, a high level of Russian air and artillery strikes have continued to hit military and civilian sites in Ukrainian cities. Recent strikes have targeted Kharkiv, Mykolaiv and Chernihiv, and been particularly heavy in Mariupol." The Russian advance on Kyiv in particular has been stalled for days, and Russian forces in the southern part of the country, while enjoying more success, have also this weekend faced setbacks. Russian cyberattacks have been more muted since the outbreak of President Putin's war against Ukraine, but they haven't been absent. Ukraine's State Service of Special Communications and Information Protection (SSSCIP) tweeted Saturday, "Russian hackers keep on attacking Ukrainian information resources nonstop. Since the beginning of invasion, DDos attacks have been primarily aimed at the resources of Verkhovna Rada, Cabinet of Ministers, President of Ukraine, Defense Ministry and Internal Affairs Ministry." The distributed denial-of-service attacks are said to have been contained; the other effects are said to have been limited to some webpage defacements. The SSSCIP summarized the results of the attacks: "The most powerful attacks exceeded 100 Gbps at their peak. Despite all the involved enemy’s resources, the sites of the central governmental bodies are available. The only thing the occupants managed to do was to substitute the front pages at the sites of some local authorities."
READ THE STORY: Cyberwire
A QUICK LOOK:
US, Spain join forces in cyberwarfare amid Russia-Ukraine war
FROM THE MEDIA: The U.S. is partnering up with fellow NATO member Spain to fight cyberattacks in the wake of Russia’s invasion of Ukraine. U.S. Deputy Secretary of State Wendy Sherman said on Monday that this is a critical moment for the U.S. and its allies to strengthen its cyber defenses and assist countries like Ukraine that have fallen victims to Russian aggression including cyberattacks. “For anyone who may have been skeptical that cyber and tech issues are not major foreign policy issues for the 21st century, we need only to look at Ukraine and Russia right now,” she said. Sherman made her remarks at the first Spain-U.S. cybersecurity seminar, which was held in Madrid. As part of its war strategy, Russia has launched several cyberattacks against the Ukrainian government, including targeting websites of the Parliament, the foreign affairs and defense ministries. Although Russia has denied any involvement, the Biden administration and U.S. intelligence suspect that Russian government hackers were behind those attacks. Sherman said that since 2014, Russia-based cyber hackers have repeatedly targeted Ukraine’s critical infrastructure, including its electrical grid and financial system.
READ THE STORY: The Hill
A QUICK LOOK:
Russia pulls down the cyber iron curtain
FROM THE MEDIA: Blocking Facebook and Twitter may be the first move in establishing a Russian 'Great Firewall'. Russia’s internet crackdown has been almost immediate. In the last few days, Facebook, Twitter and Western news websites have been blocked by Roskomnadzor, the state communications regulator. Netflix has taken its service offline voluntarily. The Kremlin has ordered government websites to take steps to ensure they can keep functioning if Russia is cut off from the rest of the world. The country seems to be the latest and most severe casualty in a worldwide phenomenon coined the “splinternet”, in which access to what was once the world wide web has become balkanized by competing national interests. As Russians’ ability to freely access their favorite online services and content is curtailed, downloads of virtual private networks (VPNs) have ramped up. According to California-based app research company Sensor Tower, downloads of VPNs, which let users bypass national controls, have almost trebled in Russia in the last week. But preparations for a digital iron curtain have been years in the making. In November 2019, Vladimir Putin ordered a new “sovereign internet law” – a series of updates to Russian legislation designed to make the country’s internet effectively self sufficient. These included forcing internet providers to install equipment to manage certain types of traffic, and giving the state regulator new controls over their networks. Officially, the changes were to make the country’s online services and telecoms networks more robust. In practice, they dramatically increased the Kremlin’s surveillance apparatus and ability to switch off or throttle inconvenient websites.
READ THE STORY: The Telegraph
A QUICK LOOK:
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
FROM THE MEDIA: The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked. Just days after leaking data it claims to have exfiltrated from chipmaker NVIDIA, ransomware group Lapsus$ is claiming another international company among its victims — this time releasing data purportedly stolen from Samsung Electronics. The consumer electronics giant confirmed in a media statement on Monday that a “security breach” had occurred related to internal company data — but said that customer and employee data were not impacted. Lapsus$ had earlier announced on its Telegram channel that it had breached Samsung and offered a taste of what it had as proof, including biometric authentication information and source code from both Samsung and one of its suppliers, Qualcomm. That’s according to Security Affairs, which also published a screen grab of the data leak. “If Samsung’s keys were leaked, it could compromise the TrustZone environment on Samsung devices that stores especially sensitive data, like biometrics, some passwords and other details,” said Casey Bisson, head of product and developer relations at BluBracket, via email. “The TrustZone environment is useful because it creates a strong security barrier to attacks by Android malware.” He added that if the leaked data allows malware to access the TrustZone environment, it could make all data stored there vulnerable. “If Samsung has lost control of the signing keys, it could make it impossible for Samsung to securely update phones to prevent attacks on the TrustZone environment,” he said. “Compromised keys would make this a more significant attack than NVIDIA, given the number of devices, their connection to consumers, and amount of very sensitive data that phones have.
READ THE STORY: Threatpost
A QUICK LOOK:
FBI: Ransomware gang breached 52 US critical infrastructure orgs
FROM THE MEDIA: The US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors. This was revealed in a joint TLP:WHITE flash alert published on Monday in coordination with the Cybersecurity and Infrastructure Security Agency. "As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors," the federal law enforcement agency said [PDF]. "RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention." The flash alert focuses on providing indicators of compromise (IOCs) organizations can use to detect and block Ragnar Locker ransomware attacks. IOCs associated with Ragnar Locker activity include info on attack infrastructure, Bitcoin addresses used to collect ransom demands, and email addresses used by the gang's operators. Although the FBI first became aware of Ragnar Locker in April 2020, Ragnar Locker ransomware payloads were first observed in attacks months before, during late December 2019. Ragnar Locker operators terminate remote management software (e.g., ConnectWise, Kaseya) used by managed service providers (MSPs) to manage clients' systems remotely on compromised enterprise endpoints.
READ THE STORY: Bleeping Computer
A QUICK LOOK:
Items of interest
Conti Ransomware Group Diaries, Part IV: Cryptocrime(Article)
FROM THE MEDIA: Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligence agencies, what it was like on a typical day at the Conti office, and how Conti secured the digital weaponry used in their attacks. This final post on the Conti conversations explores different schemes that Conti pursued to invest in and steal cryptocurrencies. When you’re perhaps the most successful ransomware group around — Conti made $180 million last year in extortion payments, well more than any other crime group, according to Chainalysis — you tend to have a lot digital currency like Bitcoin. This wealth allowed Conti to do things that regular investors couldn’t — such as moving the price of cryptocurrencies in one direction or the other. Or building a cryptocurrency platform and seeding it with loads of ill-gotten crypto from phantom investors.
READ THE STORY: Krebsonsecurity
Ukraine Demanded Cloudflare Stop Protecting Russians From Cyberattacks(Video)
FROM THE MEDIA: The $30 billion tech company Cloudflare has decided to continue providing services to Russia, in the face of calls from Ukraine to cease following the invasion. Cloudflare both protects websites from distributed denial of service (DDoS) attacks that flood servers with traffic to stop them working, and helps them run faster. In the last week, Mykhailo Fedorov, deputy prime minister and the 31-year-old spearheading Kyiv’s propaganda charge, wrote to Cloudflare urging it to pull out of Russia and to follow in the footsteps of other companies, from Apple to Microsoft, which have stopped selling new products to Putin’s nation. ‘‘At a time when Russia is attacking Ukraine and its missiles and tanks are killing defenseless children, Russia’s Web resources must also remain defenseless,’’ Fedorov wrote on Telegram last week, attaching a letter sent to Cloudflare CEO Matthew Prince. Fedorov announced an IT Army in the early days of the conflict, which has been launching DDoS attacks on multiple Russian targets, from the Kremlin website to Sberbank, with varying degrees of success. “I am sure that you will not only listen, but also do everything possible to protect Europe, Ukraine and the whole democratic world from this bloody, authoritarian aggression.
Hacking group Anonymous declares cyberwar on Putin, Russian government(Video)
FROM THE MEDIA: Cyberactivists Anonymous appear to be wading into the Ukraine-Russia conflict by declaring a cyberwar against President Vladimir Putin and the Russian government. Cybersecurity and intelligence analyst, Pierluigi Paganini weighs in on what effect these attacks could have on websites linked to the Russian government.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com