Saturday, March 12, 2022 // (IG): BB //Weekly Sponsor: DiyGarage_SoCal
U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say
FROM THE MEDIA: Western intelligence agencies are investigating a cyberattack by unidentified hackers that disrupted broadband satellite internet access in Ukraine coinciding with Russia's invasion, according to three people with direct knowledge of the incident. Analysts for the U.S. National Security Agency, French government cybersecurity organization ANSSI, and Ukrainian intelligence are assessing whether the remote sabotage of a satellite internet provider's service was the work of Russian-state backed hackers preparing the battlefield by attempting to sever communications. The digital blitz on the satellite service began on Feb. 24 between 5 a.m. and 9 a.m., just as Russian forces started going in and firing missiles, striking major Ukrainian cities including the capital, Kyiv. The consequences are still being investigated but satellite modems belonging to tens of thousands of customers in Europe were knocked offline, according to an official of U.S. telecommunications firm Viasat, which owns the affected network. The hackers disabled modems that communicate with Viasat Inc's KA-SAT satellite, which supplies internet access to some customers in Europe, including Ukraine. More than two weeks later some remain offline, resellers told Reuters.
READ THE STORY: Reuters
A QUICK LOOK:
Ukraine Crisis Increases Supply Chain Cyber Risk
FROM THE MEDIA: In May 2021, Colonial Pipeline was the victim of a ransomware attack that forced the company to abruptly shut down the pipeline and suspend all operations for the first time in its history. This led to an immediate disruption in the nation’s fuel supply along the Eastern Seaboard, causing shortages and spikes in the price of gas. Later that month, a ransomware attack targeted JBS, one of the largest meat producers in the world, and forced the company to temporarily shutter its U.S. facilities, which supply 23 percent of the nation’s beef. According to various sources, both attacks were perpetrated by cybercriminals (REvil and DarkSide) with ties to Russia, although White House officials stopped short of declaring these attacks to be state-sponsored. In the case of JBS, law enforcement was successful in shutting down the bad actors and recovering $2.3 million of the $4.3 million ransom paid by JBS.
READ THE STORY: National Law Review
A QUICK LOOK:
FBI Issues Warning on Ragnar Locker Ransomware: Over 50 Critical Infrastructure Entities Compromised, Businesses Encouraged To Report Any Attacks
FROM THE MEDIA: An early March “Flash” warning from the FBI provides indicators of compromise for the Ragnar Locker ransomware, in light of it spreading widely throughout critical infrastructure companies. The FBI says that 52 critical infrastructure firms have been hit by Ragnar Locker ransomware as of January 2022, and that it remains a substantial threat even as it crosses the threshold of two years in the wild. In addition to a technical breakdown useful in identifying attacks, the FBI reiterated its position of discouraging ransomware payments and encouraged immediate reporting (even if a ransom has already been paid) to local field offices if it is suspected. The Ragnar Locker ransomware group made a name for itself in 2020 with attacks on high-profile targets such as gaming company Capcom, Italian liquor giant Campari, and major Portuguese energy supplier Energias de Portugal. The FBI has issued a prior alert about the group, as has Microsoft. Ragnar Locker has managed to survive even as contemporaries such as REvil and DarkSide have been hit hard by law enforcement actions and essentially driven out of business (largely due to their targeting of critical infrastructure companies). In late 2021, the Ragnar Locker group even became bold enough to threaten victims with document dumps if they went to the FBI or engaged “professional negotiators” of any sort.
READ THE STORY: CPO Magazine
A QUICK LOOK:
What Russia's Invasion Of Ukraine Could Mean For Turkey's Drone Program
FROM THE MEDIA: Russia's invasion of Ukraine could negatively impact the future of Turkey's drone program. After all, Ankara and Kyiv have grand plans to expand bilateral cooperation to build drones together. Turkey sold Ukraine at least 20 Bayraktar TB2 armed drones in recent years. In 2021, Ukraine announced that it was building a drone factory for co-producing TB2s with Turkey on Ukrainian soil. Ukraine was also supplying Turkey with the engines for its upcoming drones. "Russia is seeking to replace the (Ukrainian President Volodymyr) Zelenskyy government that Turkey has been doing all the arms business with and replace it with a Russian client regime," Nicholas Heras, Deputy Director of Human Security Unit at Newlines Institute for Strategy and Policy, told me. "It is likely that U.S. and European sanctions would make it difficult for Turkey to do business with a post-war, Russian-backed regime in Ukraine, full stop." Aaron Stein, Director of Research at the Foreign Policy Research Institute (FPRI), said that while everything is presently unclear, he assumes that if Zelenskyy is topped "the pro-Russian leadership is not going to be as cordial to Ankara — a NATO member — and that there will be less enthusiasm to sell equipment to Turkey."
READ THE STORY: Forbes
A QUICK LOOK:
‘Not the time to go poking around’: How former U.S. hackers view dealing with Russia
FROM THE MEDIA: The CIA and NSA have spent years burrowing into Russia’s critical computer networks to collect intelligence — and acquire access that President Joe Biden could seize on to order destructive cyberattacks on Vladimir Putin’s regime. But for now, the United States’ most likely approach is to tread slowly and carefully toward any cyber conflict with Russia, three experts with experience in U.S. hacking operations told POLITICO — while hoping the Russians do the same. Fears of cyber warfare between the two former Cold War rivals have become a recurring concern amid Russia’s invasion of Ukraine, prompting Biden to warn that he would “respond the same way” to any hostile hacking from Moscow against the United States. But people with experience in U.S. cyber strategy say neither side is likely to leap to destructive attacks as a first move — and any hard punch would be preceded by warnings and signals.
READ THE STORY: Politico
A QUICK LOOK:
Anonymous Reportedly Hacks Russian Censorship Agency
FROM THE MEDIA: International hacking collective Anonymous on Thursday announced that it has hacked the Russian censorship agency known as Roskomnadzor. The group released 364,000 files it says show intensified censorship around the perception of the Ukraine invasion, which began in late February. The files were published by DDoSecrets, the nonprofit whistleblower site for news leaks. The files are reportedly from dates as recent as March 5 and reportedly show that the Kremlin censored content around its military operation. Roskomnadzor activity follows a provision signed into law by Russian President Vladimir Putin on March 4 making it illegal to express dissent against Moscow's campaign. In the wake of the announcement, global media organizations initiated an exodus from Russia - including CNN ceasing its live broadcasts, the news service UPI notes. Also on March 4, Russian access to Facebook was reportedly blocked - although the same news wire report indicates that Russians are increasingly relying on VPNs to skirt the government's digital clampdown.
READ THE STORY: GOVINFOSEC
A QUICK LOOK:
How Russia has been preparing for cyber war with the US
FROM THE MEDIA: The lights were blinking off. As raucous pro- and anti-Trump crowds flooded into Washington for the presidential inauguration in January 2017, the DC police department’s citywide surveillance cameras stopped recording. Within seconds, 123 of its 178 surveillance cameras, including those monitoring the streets around the White House and the headquarters of multiple federal agencies, had been ‘accessed and compromised.’ The intelligence gap lasted for three days, from January 12 to 15. Coming on the heels of Russia’s covert intrusions into the 2016 campaign, officials at first feared Vladimir Putin—or other bad actors, from China, Iran or North Korea—had dramatically upped their game to create more chaos in American society and its politics. As it would turn out, it was none of them. A couple of lowlife Romanian hackers had stumbled into the system and used it in a ransomware demand for a paltry $60,800 in bitcoin in exchange for releasing control of the system. The suspects were tracked down 11 months later and extradited to DC, where they pleaded guilty.
READ THE STORY: Spectator
A QUICK LOOK:
Omnibus Bill: The House to Focus on Provisions on Ransomware and Chinese Yuan
FROM THE MEDIA: An Omnibus Bill passed the House of Representatives and is directed towards the Senate. The Bill consists of provisions on China’s Central Bank Digital Currency and requirements regarding ransomware reporting. Ransomware reporting became a topic of focus after it impaired the JBS meatpacking and Colonial Pipeline. An appropriations bill for 2022 that was overdue has finally passed in the House of Representatives and is all set for the Senate. This Omnibus Bill consists of 2,471 pages of legislation that comprises varied provisions on China’s Central Bank Digital Currency (CBDC) and various new requirements for ransomware reporting. Additionally, one of the sections demands for the President to bring out a report addressing the Chinese digital Yuan, specifically the short-term, medium-term, and long-term risks that it involves. This report would emphasize illegal financing, transactional surveillance, and economic coercion from China.
READ THE STORY: The Coin Republic
A QUICK LOOK:
Is Russia really about to cut itself off from the internet? And what can we expect if it does?
FROM THE MEDIA: The invasion of Ukraine has triggered a significant digital shift for Russia. Sanctions imposed by governments around the world – together with company closures or mothballing – have significantly impacted the country. A plethora of events have escalated the invasion into the digital world, with cyber attacks, cyber criminals taking sides, and even an IT army of civilians being mobilised by Ukraine. The sanctions imposed on Russia have not only directly hit its economy (and by extension the global economy), but are now also threatening Russian citizens’ access to the internet. It’s expected the nation will limit its reliance on the global internet very soon. Although a complete disconnection isn’t yet confirmed, even a partial disconnection would be a difficult task. And the repercussions of Russia’s growing digital isolation for its citizens will be immense. More than 85% of Russians use the internet. Since the Ukraine invasion began, people in Russia have found themselves increasingly deprived of online services such as Facebook, Twitter and even Netflix – with Russia either limiting access to sites, or providers withdrawing services.
READ THE STORY: Econotimes
A QUICK LOOK:
How Ukraine Won The #LikeWar
FROM THE MEDIA: In modern war and politics, the information space is one of the most crucial parts of the battlefield. This is not about mere propaganda. If your ideas get out and win out, that determines everything from whether soldiers, civilians and onlookers around the world will join your cause to what people believe about the very truth of what’s occurring on the ground. And, if your ideas don’t win out, you can lose the war before it even begins. In the arena of information warfare, there was arguably no one more feared over the last decade than Vladimir Putin. Russia’s information warriors ran wild for years, hacking democracies by intervening in more than 30 national elections from Hungary and Poland to Brexit and the 2016 U.S. presidential race. They elevated conspiracy theories that ranged from Q-Anon to coronavirus vaccine lies and provided justification for Russian military action everywhere from Georgia to Syria.
READ THE STORY: Politico
A QUICK LOOK:
The Fight Against the Hydra: New DDoS Report from Link11
FROM THE MEDIA: Frankfurt am Main, 2022 March 9. Over the last few years, a constant increase in distributed denial of service attacks has been recorded - primarily forced by waves of blackmailers. Geopolitical tensions are now being added to the already high level of previous years. Against the backdrop of the events in the Ukraine conflict, it is to be expected that cyberattacks will also continue to increase as a means of asymmetric warfare. The main focus here is on DDoS attacks, which cause complex IT infrastructures to fail, for example at public authorities or financial institutions, with the aim of sabotaging and unsettling them. The number of DDoS attacks measured in the Link11 network has already increased noticeably in the past year. As Europe's leading IT security provider for cyber resilience, Link11 is today publishing new data on this in its in-house DDoS Report 2021. According to the report, the number of DDoS attacks increased by 41 percent between 2020 and 2021. Compared to an already high level driven by cybercriminals looking to capitalize on the digitalization wave at the start of the pandemic, the volume of attacks has increased further.
READ THE STORY: DarkingReading
A QUICK LOOK:
Items of interest
China plans digital version of national identification card later this year, premier says(Article)
FROM THE MEDIA: Premier Li Keqiang announced on Friday that the Chinese government would introduce a digital version of the national identification card this year, enabling better government services for an increasingly cyber-savvy population. Speaking at the annual briefing at the end of the National People’s Congress, Li said one aim was to better meet the “basic living needs concerning daily lives” of more than 100 million citizens who live away from their home province. He said: “Some are elderly people living away from their hometown with their children in the other cities, some are there for jobs and education. They have to run back and forth to get things done. So getting things done interprovincially has become a new constant demand for the Chinese people.” “One policy from the government this year is to make ID cards electronic, so that relevant information can be accessed by a simple scan of the code on the cellphone,” he said.
READ THE STORY: SCMP
DDoS Attacks(Video)
FROM THE MEDIA: A brief presentation about DDoS attacks, what they are, and how they occur.
DDOS attack case study(Video)
FROM THE MEDIA: A Quick DDoS case study
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com