Daily Drop(77)

3-16-22

Wednesday, March 16, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal

Anonymous Hackers Vow to Accelerate Cyber War, ‘Paralyze’ Putin Regime ‘by Any Means Necessary’

FROM THE MEDIA: Hackers who have collectively hit Russian cyber targets and created tools for non-hackers to battle disinformation en masse announced in a joint statement today that they were determined to now “hit them with everything we got.” “When Russia invaded Ukraine, we declared cyberwar against Government of Russia and to man himself, Vladimir Putin. It has indeed had some effect on them, but now we’ll have to prepare for the last push,” said an #OpRussia open letter attributed to Anonymous, GhostSec, SHDWSec and Squad303 posted online. “He isn’t giving up on taking over Ukraine. We must hit them so hard, that it’ll paralyze their whole system.” “Putin cannot end the war in Ukraine until he has annexed it, or he is forced to. And NATO and EU won’t be the ones stopping it. We have seen that already. So now, we must act. We must stop this war by any means necessary.” Noting how TIME magazine designated Anonymous one of the most 100 influential people in the world back in 2012, the statement stressed that “we are bigger and stronger than ever before.”

READ THE STORY:  HSTODAY

A QUICK LOOK: 

Pandora Ransomware Hits Giant Automotive Supplier Denso

FROM THE MEDIA:  Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany. A multibillion supplier to key automotive companies like Toyota, Mercedes-Benz and Ford confirmed Monday that it was the target of a cyberattack over the weekend – confirmation that came after the Pandora ransomware group began leaking data that attackers claimed was stolen in the incident. The attack on Japan-based Denso occurred at a company office in Germany, which was “illegally accessed by a third party on March 10,” the company said in a press statement on its website. “After … detecting the unauthorized access, Denso promptly cut off the network connection of devices that received unauthorized access and confirmed that there is no impact on other Denso facilities,” the company said in the statement.

READ THE STORY:  Threatpost

A QUICK LOOK:

Ukraine detains ‘hacker’ accused of aiding Russian troops amid broader struggle to secure communications

FROM THE MEDIA: Ukrainian authorities have detained a “hacker” who was allegedly helping the Russian military send instructions via mobile phone networks to its troops, Ukraine’s SBU security service said Tuesday. The suspect, whom the SBU did not identify, was accused of being on “thousands” of phone calls to Russian officials, including senior military officers and of sending text messages to Ukrainian officials suggesting that they surrender. The equipment seized was used to route Ukrainian mobile phone traffic to Russian networks, according to Victor Zhora, a senior cybersecurity official in the Ukrainian government. It’s the latest development in the ongoing battle for communications networks in Ukraine as the Russian military continues to shell the capital of Kyiv. From Moscow to the front lines of the war in Ukraine, the ability to communicate to troops and citizens alike has been contested by suspected Russian and pro-Ukrainian hackers. Hackers last week caused outages at a Ukrainian internet service provider Triolan, which has customers in major cities. Triolan blamed “the enemy,” a reference to Russia, but did not provide evidence supporting that claim. Carmine Cicalese, former chief of cyberspace and information operations at US Army headquarters, said functional mobile phone networks are of particular importance to non-military personnel in Ukraine who are taking up arms against Russia and who do not have access to tactical communications equipment.

READ THE STORY:  KESQ // LADBIBLE

A QUICK LOOK: 

Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and ‘PrintNightmare’ Vulnerability

FROM THE MEDIA:  The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory today with technical details, mitigations, and resources regarding previously demonstrated ability of Russian state-sponsored cyber actors to gain network access through exploitation of default multifactor authentication (MFA) protocols and a known vulnerability in Windows Print Spooler, “PrintNightmare.” As early as May 2021, the Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization, allowing them to enroll a new device for MFA and access the victim’s network. The actors then exploited a critical vulnerability “PrintNightmare” (CVE-2021-34527) to run arbitrary code with system privileges, and then were able to access cloud and email accounts for document exfiltration. This advisory, titled “Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and ‘PrintNightmare’ Vulnerability,” provides observed tactics, techniques, and procedures (TTPs); indicators of compromise (IOCs); and mitigation recommendations.

READ THE STORY:  HSTODAY

A QUICK LOOK:

Iran Threats, Russia-Ukraine Conflict Eyed in Israel's Massive Cyber Attack

FROM THE MEDIA:  A day after Israel was hit by what the country's authorities described as a cyber attack that temporarily knocked out a number of websites, including government portals, little information has surfaced as to the nature or origin of the attack. But both a former senior Israeli diplomat and cybersecurity experts saw a potential connection to Iran and Russia's conflict in Ukraine given the heightened geopolitical tensions that surrounded the incident. "In the past few hours, a DDoS attack (Distributed Denial of Service) against a communications provider was identified," the Israel National Cyber Directorate said in a statement shared with Newsweek on Monday. "As a result, access to several websites, among them government websites, was denied for a short time. As of now, all of the websites have returned to normal activity."

READ THE STORY:  Newsweek

A QUICK LOOK:

Social media in times of war

FROM THE MEDIA:  The dominant narrative of social media during the ongoing war in Ukraine is often reduced to considerations of stopping the spread of dis/misinformation. Reducing social media’s capacity and power in this manner can not only ignore some of the other dangers of social media during crises, but also tends to ignore how social media spaces organize collectives of individuals for beneficial uses. To justify military actions in Ukraine, it was important for Putin to get buy-in from Russian citizens and the state-controlled media, like TV channels Rossiya 1 and Channel 1, became essential in this effort. However, tuned into the varied streams of news media, including worldwide social media, not all Russians were buying into the narrative. Thousands flocked to the streets of Russian cities to protest war (and thousands were also soon arrested). Social media was an integral information source that, arguably, Putin had not foreseen impacting both Russia’s economy or war tactics. Russian disinformation tactics are not new. During Lithuania’s independence movement from the Soviet Union in 1991, the Soviet army moved towards the Lithuanian capital city Vilnius. On 13 January 1991, Soviet soldiers in tanks took over the building of the national TV and Radio and announced via loudspeaker that the “parliament has fallen” and the “national rescue committee” will help guide Lithuanians back into the Soviet Union. Russia’s disinformation tactics remain similar 31 years later, using TV, radio, and social media to spread propaganda.

READ THE STORY:  The Interpreter

A QUICK LOOK:

The non-shooting war: NATO helping Ukraine fend off an onslaught of Russian cyberattacks

FROM THE MEDIA: Shortly after Russia seized Crimea in 2014, the cyberattacks on Ukraine began. Some were vicious and damaging, and Kyiv attributed the attacks to Moscow. That year, the Ukrainian vote-tallying system was hacked four days before the national election. In 2015, hackers pulverized the country’s electrical grid, triggering blackouts – the first attack of its kind in cyberwarfare. A big one came in 2017, when the NotPetya malware attack on Ukraine messed up its banks and government offices before spreading to many other countries, including the United States, Australia and Germany. The White House attributed NotPetya to the Russian military and called it “the most destructive and costly cyberattack in history.”

READ THE STORY:  The Globe and Mail

A QUICK LOOK:

Container vulnerability opens door for supply chain attacks

FROM THE MEDIA:  A vulnerability in the way Linux machines handle containers may be leaving the door open to remote takeover attacks. CrowdStrike researchers, which discovered the flaw, say that the CRI-O container engine and the Linux kernel are the source of CVE-2022-0811, an elevation of privilege vulnerability that could allow an attacker to elevate their privilege from local user to administrator. CRI-O is an open source implementation of Kubernetes' Container Runtime Interface (CRI). Updating to the latest version of CRI-O will prevent exploitation of the bug. The bug has been given the nickname "Cr8escape". While elevation of privilege flaws are generally not considered to be high-risk vulnerabilities, in the context of containers like Kubernetes, a successful exploit would allow an attacker to get remote control over servers and potentially poison the container with attack code.

READ THE STORY:  Tech Target

A QUICK LOOK:

Anonymous hacks Russian firm running Ukrainian nuclear plant

FROM THE MEDIA:  In a long series of cyberattacks, anonymous claims to have hacked the site of the Russian state corporation for nuclear energy Rosatom. Hackers from the anonymous group hacked the site of the Russian state corporation for nuclear energy Rosatom on Tuesday. The corp is allegedly running Zaporizhzhya, a Ukrainian nuclear power plant seized by Russia. Anonymous changed the interface on the site and made it otherwise inaccessible. They also claimed to have gained access to gigabytes of data, which they plan to leak to the public. On March 4, Russian forces seized control of Ukraine’s Zaporizhzhya nuclear power plant, with parts of the plant damaged during the fighting. Both Ukraine and the rest of the world showed great concern as to the state of the plant, with Ukraine informing the International Atomic Energy Agency (IAEA) multiple times that they cannot confirm the state of the nuclear plant.

READ THE STORY:  JPOST

A QUICK LOOK:

Anonymous cripples Russian Fed Security Service (FSB) & other top sites

FROM THE MEDIA: Anonymous says it also attacked the official website of the Russian Stock Exchange which, at the time of publishing this article, was offline. Anonymous hacktivists collective are claiming to have targeted top Russian government websites in a series of DDoS attacks. As a result, the official website of the Federal Security Service (aka FSB, the principal security agency of Russia), Stock Exchange, Analytical Center for the Government of the Russian Federation, and Ministry of Sport of the Russian Federation have been forced to go offline. For your information, in a DDoS attack (distributed denial-of-service attack), a website or service is bombarded with a high volume of internet traffic until it stops functioning and eventually goes offline. The cyberattack, which was part of Anonymous’ ongoing operation called OpRussia, took place around 12:12 PM (GMT), March 15th, 2022. However, the severity of the attack can be quantified by the fact that almost seven hours have passed since the attack took place, yet all targeted websites were still unreachable and offline for visitors.

READ THE STORY:  Hackread

A QUICK LOOK:

Fuel under attack: examining Europe’s newest cyber target

FROM THE MEDIA: European fuel supplies are under threat from a dangerous and invisible new adversary: ransomware. Recently, the major German fuel supplier Oiltanking Deutschland GmbH & Co. KG was hit by a ransomware attack that majorly restricted its operations and supply, and it wasn’t the only European fuel business that fell under fire. SEA-Invest in Belgium and Evos in the Netherlands also saw cyber incidents occur, and European authorities are still investigating the cyber-attacks upon these key fuel suppliers. It’s clear that ransomware is the flavour of the week (and month, and year) when it comes to critical infrastructure: and cybersecurity professionals are noticing frightening similarities between these incidents and the infamous Colonial Pipeline ransomware attack in May 2021. Last year ransomware operators saw record-breaking profits, and despite containing their incident, Colonial Pipeline alone paid a ransom demand of almost US$5mln. But, when every sector is facing up to new technological challenges and increased digital threat, why is critical infrastructure being targeted?

READ THE STORY:  IM3

A QUICK LOOK:

Items of interest

Dozens of ransomware variants used in 722 attacks over 3 months(Article)

FROM THE MEDIA: The ransomware space was very active in the last quarter of 2021, with threat analysts observing 722 distinct attacks deploying 34 different variants. This massive amount of activity creates problems for the defenders, making it harder to keep up with individual group tactics, indicators of compromise, and detection opportunities. Compared to Q3 2021, the last quarter had 18% higher attack volume, while the comparison to Q2 2021 results in a difference of 22%, so there’s a trend of increasing attack numbers.

READ THE STORY:  Bleeping Computer

Anonymous - Modern Weapon Against Putin? Who Are The Hacktivists & What Did They Do?(Video)

There has been a lot of talk about the mysterious group of hacktivists known as Anonymous. Especially since Russia invaded Ukraine, as the collective got to work in attempts to bring the aggressor country down. And this had many asking who exactly are the famous hackers? When did the group start? How do they work and who are their leaders? What other famous actions have they been involved in? And are they the good guys or the bad guys?

Tesla CEO Elon Musk's Issues Warnings, Tips on Starlink In Ukraine(Video)

FROM THE MEDIA:  Tesla CEO Elon Musk's Issues Warnings, Tips on Starlink In Ukraine Elon Musk, the CEO of SpaceX, has warned Starlink customers in Ukraine that the service is likely to be targeted since it is the only non-Russian communications system in some sections of the nation. According to Reuters, Musk's warning came after John Scott-Railton, a senior researcher at the Citizen Lab project at the University of Toronto, suggested Russia may use Starlink's uplink signals in Ukraine as airstrike beacons. He described Russia's significant expertise in targeting people who use satellite phones and other types of satellite technology in a lengthy Twitter conversation.

About this Product

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com