Wednesday, March 09, 2022 // (IG): BB //Weekly Sponsor: ISG
China hacked at least six state governments in last year, cyber firm says
FROM THE MEDIA: China hacked at least six state governments in the U.S. in the past year, Mandiant, a private security firm, said in a report Tuesday. The hacking group, APT41, is believed to have worked with China to hack the six state governments, exploiting unknown vulnerabilities in the governments’ systems, The Associated Press reported. One vulnerability that was present in 18 states' animal health management agencies was an unknown flawed commercial web application. Another unknown weakness was a software flaw, called Log4j, that the hackers used to get into government websites several times, according to the AP, Rufus Brown, a senior threat analyst at the firm, said the hackers’ “persistence to gain access into government networks, exemplified by re-compromising previous victims and targeting multiple agencies within the same state, (shows) that whatever they are after it is important,”
READ THE STORY: The Hill // ABC
A QUICK LOOK:
In-the-wild DDoS attack can be launched from a single packet to create terabytes of traffic
FROM THE MEDIA: A test mode that shouldn't be exposed to the internet from a PBX-to-internet gateway responsible for amplification ratio of 4,294,967,296 to 1. Security researchers from Akamai, Cloudflare, Lumen Black Lotus Labs, Mitel, Netscour, Team Cymru, Telus, and The Shadowserver Foundation have disclosed denial-of-service attacks with an amplification ratio that surpasses 4 billion to one that can be launched from a single packet. Dubbed CVE-2022-26143, the flaw resides in around 2,600 incorrectly provisioned Mitel MiCollab and MiVoice Business Express systems that act as PBX-to-internet gateways and have a test mode that should not be exposed to the internet. "The exposed system test facility can be abused to launch a sustained DDoS attack of up to 14 hours in duration by means of a single spoofed attack initiation packet, resulting in a record-setting packet amplification ratio of 4,294,967,296:1," a blog post on Shadowserver explains.
READ THE STORY: ZDnet
A QUICK LOOK:
SpaceX to launch 48 Starlink satellites, land rocket Wednesday morning: Watch live
FROM THE MEDIA: SpaceX will launch four dozen Starlink internet satellites and land the returning rocket on Wednesday (March 9), and you can watch the action live. A two-stage Falcon 9 rocket topped with 48 Starlink spacecraft is scheduled to lift off from Florida's Cape Canaveral Space Force Station Wednesday at 8:45 a.m. EST (13:45 GMT). If all goes according to plan, about nine minutes later, the Falcon 9 first stage will come down for a vertical landing on the SpaceX droneship A Shortfall of Gravitas, which will be stationed in the Atlantic Ocean a few hundred miles off the Florida coast. You can watch it all live here at Space.com, courtesy of SpaceX, or directly via the company. Coverage will begin about 15 minutes before liftoff. There's an 80% chance that the weather will be good enough to allow a launch on Wednesday, according to the 45th Weather Squadron at Patrick Space Force Base in Florida. This will be the fourth launch and landing for this particular Falcon 9 first stage. The booster also launched the Arabsat-6A mission in April 2019, the Space Test Program-2 (STP-2) flight for the U.S. military in June 2019 and the Italian Earth-observation satellite COSMO-SkyMed Second Generation FM2 in January 2022.
READ THE STORY: Space
A QUICK LOOK:
U.S. general: Starlink in Ukraine showing what mega constellations can do
FROM THE MEDIA: U.S. Space Command has been impressed by SpaceX’s ability to provide internet access in war-torn parts of Ukraine, the head of the command told lawmakers March 8. “What we’re seeing with Elon Musk and the Starlink capabilities is really showing us what a megaconstellation or a proliferated architecture can provide in terms of redundancy and capability,” Gen. James Dickinson, commander of U.S. Space Command, said during a hearing the Senate Armed Services Committee. Dickinson’s comments were in response to questions from Sen. Tim Kaine (D-Va.), who noted that Starlink’s ability to deliver communications from space over Ukraine is “positive news” and also an example of “private actors in space entering into contested environments.” “Russia has been trying to jam the signals and block coverage, and that’s made me wonder,” Kaine said. He asked Dickinson if there is a “legal framework” for U.S. commercial space companies that become involved in contested situations. “We do look at that, senator,” said Dickinson. “We work very closely in our commercial integration cell on that very issue.”
READ THE STORY: Spacenews
A QUICK LOOK:
China’s ‘Direct Challenge’ To Elon Musk’s Starlink – Can GalaxySpace Trounce SpaceX In Satellite Internet Business?
FROM THE MEDIA: China’s Long March 2C rocket carrying seven satellites lifted off on March 5. Of them, six satellites were developed by private Chinese firm GalaxySpace with the aim of forming an experimental network for Low Earth Orbit (LEO) broadband communication, a move seen as direct competition with SpaceX’s Starlink. This was Beijing’s fifth launch of the year, with the China Aerospace Science and Technology Corporation (CASC) aiming for more than 50 launches in 2022. “Today’s launch proved that China has the capability to build satellite internet constellation at large scale, which includes the ability to mass-produce satellites at low cost as well as to operate in a network,” the GalaxySpace’s co-founder Chang Ming told state-owned CGTN. Together with the company’s first satellite which was placed into orbit two years ago, these six will form a testing network that is expected to provide uninterrupted broadband communication services for more than 30 minutes at a time. The six satellites are designated GS-2, GS-AP01, 02 and 03 and GS-2BP01 and 02 and the experimental network has been nicknamed “Mini-spider Constellation”. Each satellite has a mass of 190 kilograms and is capable of data speeds of 40Gbps, as per the company’s claims. The ground data processing system is developed by Beijing Four Squares Technology, a satellite data analysis company.
READ THE STORY: Eurasian Times
A QUICK LOOK:
Washington must do more to support companies facing Russian hackers
FROM THE MEDIA: As Russian missiles fly, President Vladimir Putin has warned that those countries that aid Ukraine will face consequences like they have never seen before. The United States and its European allies, however, have stood firm with sanctions on the Russian financial system and on Putin and his closest advisors. They also imposed bans on technology exports to Russia. As Putin, his cronies and the Russian military itself begin to feel the effects of these sanctions, safe money bets on Russia expanding its cyberattacks to target the United States and Europe. Moscow has repeatedly demonstrated that its hackers — which include military and intelligence cyber units as well as “independent” proxies — have the capability to inflict untold damages on the infrastructure and companies the global economy depends upon. This past year, Russian hackers shut down a pipeline carrying half of the East Coast’s fuel supplies and a company that processes 20 percent of American meat products. The U.S. government has warned that Russia has been persistently targeting numerous U.S. critical infrastructures over the past decade, so it is reasonable to expect that malware already exists in critical U.S. water, energy, aviation, nuclear and manufacturing systems. Even if the Kremlin merely gives Russian criminal gangs a wink and a nod, U.S. and other Western companies are likely to face a surge of attacks. And with few exceptions, the private sector is not prepared for cyber war.
READ THE STORY: C4ISR Net
A QUICK LOOK:
Preventing Cyber Escalation in Ukraine and After.
FROM THE MEDIA: With the world worried about the risk of nuclear escalation between Russia and the West, now might also be a good time to worry about the risk of cyber conflict escalating to war as well. In recent years, a number of scholars and practitioners have argued that cyber conflict should be seen as an intelligence battle or pressure-release valve rather than something that could escalate into actual conflict or war. Indeed, to date, no state has responded to a rival’s cyber attack with a kinetic reprisal. But that does not mean it will not happen now. As geopolitical circumstances change, the escalatory potential of cyber capabilities is likely to change as well. Moscow, for example, might respond to Western sanctions with intensified cyber attacks. Or Western leaders, recognizing that no-fly zones are too risky, might approve cyber interventions to prevent civilian massacres instead. In either case, they could well assume this escalation would not meet with a direct military response. And in either case, they could be wrong. Minimizing this risk requires both recognizing and respecting the latent but strong escalatory potential of cyber attacks. It also involves delving deeper into the psychology of the situation, as escalation will be driven as much by the perceptions and misperceptions of the participants as any technical aspects of cyber warfare.
READ THE STORY: War on the Rocks
A QUICK LOOK:
The secret US mission to bolster Ukraine’s cyber-defenses ahead of invasion
FROM THE MEDIA: American soldiers and experts fanned across country during Ukrainian winter to thwart an expected Russian cyber attack. Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat. Some were soldiers, with the US Army’s Cyber Command. Others were civilian contractors and some employees of American companies that help defend critical infrastructure from the kind of cyber attacks that Russian agencies had inflicted upon Ukraine for years. The US had been helping Ukraine bolster its cyber defenses for years, ever since an infamous 2015 attack on its power grid left part of Kyiv without electricity for hours. But this surge of US personnel in October and November was different: it was in preparation of impending war. People familiar with the operation described an urgency in the hunt for hidden malware, the kind which Russia could have planted, then left dormant in preparation to launch a devastating cyber attack alongside a more conventional ground invasion. Experts warn that Russia may yet unleash a devastating online attack on Ukrainian infrastructure of the sort that has long been expected by Western officials. But years of work, paired with the last two months of targeted bolstering, may explain why Ukrainian networks have held up so far.
READ THE STORY: Financial Times
A QUICK LOOK:
Statement by Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger on President Biden’s Cyber Executive Order
FROM THE MEDIA: The President’s Executive Order, Improving the Nation’s Cybersecurity, charted a new course for nation’s cybersecurity. And, we have begun implementation of one of the most important components of the Executive Order. As of yesterday, every company that sells software to the government must have a rigorous software security program in place. The requirement covers traditional commercial on-premise software, software provided as a service, as well as any included open source software components. We know Americans are concerned about cybersecurity – we’ve seen the cost of ransomware attacks to businesses of all sizes and the disruption it has caused to critical services in countries around the world. And we know that a foundational part of building cyber resilience is building in security throughout the lifecycle of a product, from the initial design phase through deployment. We buy a car with pre-installed seatbelts and airbags. We should be able to buy software with security baked in. With the implementation of this component of the Executive Order, the federal government is leveraging its procurement power to improve the security of the software that we all use – including software we install in some of our nation’s most critical infrastructure.
READ THE STORY: Whitehouse
A QUICK LOOK:
Cloudflare and Akamai refuse to pull services out of Russia
FROM THE MEDIA: Cloudflare and Akamai have each confirmed they will continue to operate in Russia, despite being urged to do otherwise. Both companies have argued that if they were to pull their services, they would be hurting Russian citizens who are trying to access information from outside of the country, but said they condemn Russia's unprovoked invasion of Ukraine. Cloudflare CEO Matthew Prince wrote in a blog post acknowledging that the company has received "several calls to terminate" all of its services inside Russia, including by government. "Our conclusion … is that Russia needs more internet access, not less," he said. "As the conflict has continued, we've seen a dramatic increase in requests from Russian networks to worldwide media, reflecting a desire by ordinary Russian citizens to see world news beyond that provided within Russia." He continued: "Indiscriminately terminating service would do little to harm the Russian government, but would both limit access to information outside the country, and make significantly more vulnerable those who have used us to shield themselves as they have criticized the government". Prince also claimed that if Cloudflare were to stop operating in Russia, the Russian government would "celebrate us shutting down".
READ THE STORY: ZDnet
A QUICK LOOK:
CISA Warns of Ransomware Gang, Issues Indicators of Compromise
FROM THE MEDIA: Processes spurring from the Ragnar Locker Ransomware have affected at least 52 critical infrastructure victims since January, but will terminate if it encounters systems in certain Russian and near-Russian locations. Cybersecurity and Infrastructure Security Agency Executive Director Brandon Wales emphasized the importance of small and medium sized organizations preparing for ransomware attacks in the wake of a warning officials issued to be on the lookout for a threat actor known as the Ragnar Locker gang, which appears to avoid Russia-related entities. “These issues that you're addressing and bringing together the small- and medium-sized businesses on are absolutely essential,” Wales said, “both given our current threat environment and because we know that these issues are front of mind, for business leaders throughout the country.” Wales spoke during an event hosted by the Aspen Institute on Tuesday, which simulated a ransomware attack to highlight unforeseen challenges that arise over the course of a victim’s response. He reiterated that CISA currently doesn’t deem the homeland to be under cyber threat, but his remarks follow an FBI Flash warning the National Cyber Awareness System pushed out Tuesday on ransomware that’s coded to circumvent entities in and around Russia.
READ THE STORY: Nextgov
A QUICK LOOK:
Items of interest
FinCEN warns ransomware proceeds could be part of Russia sanctions evasion(Article)
FROM THE MEDIA: As banks and other financial institutions work to honor the U.S. sanctions against Russia and monitor for efforts to evade them, the feds are warning that ransomware proceeds could be in the mix. The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued guidance this week on the responsibility that private institutions have for detecting “sanctions evasion activity” and reporting it under the Bank Secrecy Act and other laws. The alert comes as federal lawmakers have expressed concern about the use of crypto to evade sanctions, and Bloomberg is reporting that the Biden administration is preparing an executive order on the topic this week. At least one big player in the cryptocurrency industry, the trading platform Coinbase, already has expressed a commitment to supporting sanctions from the U.S. and other nations looking to punish Russia for its invasion of Ukraine. Coinbase said it had blocked 25,000 accounts linked to Russian people or entities.
READ THE STORY: CyberScoop
ContiLeaks & Hacktivism(Video)
FROM THE MEDIA: Much has changed in the threat landscape in just a few short days since our first special Cyber Warfare briefing: - An explosive leak of the Conti ransomware gang's source code, forums, and chat logs - The Ukrainian IT Army: a watershed moment for hacktivism - Ongoing ransom negotiations between NVIDIA and LAPSUS$ - Proof of cooperation between RU gov’t and Trickbot - US Senate passes act forcing orgs to report cyberattacks, ransom payments
The War in Ukraine & the Future of the World(Video)
FROM THE MEDIA: Filmed on 2nd March 2022, during Russia's invasion of Ukraine, this urgent conversation between the historians Timothy Snyder and Yuval Noah Harari explores the implications of the unfolding crisis in Europe. The discussion is moderated by the journalist and historian Anne Applebaum, and was hosted by YES (Yalta European Strategy), with support from the Victor Pinchuk Foundation.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com