Thursday, March 17, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal
Kremlin Has Restored Systems That Were Reportedly Hacked by 'Anonymous'’
FROM THE MEDIA: The Kremlin appears to have restored its website hours after global hackers group "Anonymous" said it took down the site, declaring cyber war. Nearly three weeks ago, Anonymous declared the technology attack against the Russian Federation to oppose the war on Ukraine. Though it hasn't been confirmed Anonymous is the source of the chaos, the Kremlin's website and other Russian internet sources were offline Wednesday. Anonymous took to Twitter Wednesday, posting alleged screenshots of the Kremlin's server status, "Kremlin.ru is down for everyone," early Wednesday. Newsweek has confirmed that the Russian government website is now back online. "Anonymous has ongoing operations to keep .ru government websites offline, and to push information to the Russian people so they can be free of Putin's state censorship machine," the group tweeted. "We also have ongoing operations to keep the Ukrainian people online as best we can."
READ THE STORY: Newsweek
A QUICK LOOK:
The "first deepfake" of Russia's invasion of Ukraine is... bad?
FROM THE MEDIA: For years, researchers and activists have warned that AI is getting so good at manipulating video and audio that bad actors can make it look like people said things they never did. These counterfeit videos — experts call them "deep fakes" — could have absolutely devastating consequences. Bad actors could stoke civil unrest by sowing fear and hate. They could start wars. They could spread almost any kind of misinformation. That's exactly what just happened in Ukraine. Earlier today, Ukrainian new station Channel 24 announced that hackers who'd broken into its website and TV channel had shared a deepfake that depicted Ukrainian president Volodymyr Zelenskyy telling Ukrainians to lay down their arms. The station explained in a Facebook post that the announcement was fake and the result of a hack. “The running line of the ‘Ukraine 24’ TV channel and the ‘Today’ website were hacked by enemy hackers and broadcast Zelenskyy's message about alleged ‘capitulation’❗️❗️❗️ THIS IS FAKE! FAKE !" the post reads in English.
READ THE STORY: Interesting Engineering
A QUICK LOOK:
War in Ukraine will push Asia – Europe rail cargo back to sea
FROM THE MEDIA: A report by UNCTAD on the trade and development impact of the war in Ukraine highlighted that Russia and Ukraine form a key component of the Eurasian Land Bridge. Restrictions on Russian air space, contractor uncertainty and security concerns, all impact both land and air cargo shipments between Asia and Europe. “While Russian airspace is closed to 36 countries and vice versa, some freight forwarders currently recommend not booking overland shipments between Asia and Europe,” UNCTAD said. Over the last two years of the pandemic and resulting global supply chain disruption shippers have increasingly turned to rail, air, and even trucking, from China to Europe to beat congestion on the ocean shipping trade between Asia and Europe that has driven freight rates to record levels, and dramatically reduced service reliability. “In 2021, 1.5 million ocean containers of cargo were shipped by rail west from China to Europe. If the volumes currently going by container rail were added to the Asia – Europe ocean freight demand, this would mean a 5 to 8% increase in an already congested trade route,” the report stated.
READ THE STORY: Seatrade Maritime // Lloydslist
A QUICK LOOK:
Ukrainian Cyber Official Offers Update on 'IT Army'
FROM THE MEDIA: War in Ukraine continues into its third week, and Russia is closing in on major Ukrainian cities, upping its targeting of civilian infrastructure. In the U.S., cybersecurity officials continue to urge a "Shields Up" approach - while the digital conflict has devolved deeply into the underground. According to The Washington Post, while speaking with reporters on Tuesday, Victor Zhora, Ukrainian Deputy Chairman of the State Service of Special Communications and Information Protection, confirmed that the country's now-famous "IT Army" of volunteer cyberwarriors, perhaps 400,000-plus strong, is actively working to protect Ukrainian infrastructure from state-backed Russian hackers. Industry watchers anticipated Russian actors being activated much earlier in the conflict, but cyber and foreign policy experts say the lack of an all-out cyber offensive could indicate the Russians did not hold great prepositioning on Ukrainian networks leading into the conflict. Others point to the immense foreign aid Ukraine received in 2015 and 2016, after its grid was taken down by the Russians.
READ THE STORY: Bank Info Security
A QUICK LOOK:
Russian ally ransomware group could target Australia, cyber security authorities warn
FROM THE MEDIA: A day after Israel was hit by what the country's authorities described as a cyber attack that temporarily knocked out a number of websites, including government portals, little information has surfaced as to the nature or origin of the attack. But both a former senior Israeli diplomat and cybersecurity experts saw a potential connection to Iran and Russia's conflict in Ukraine given the heightened geopolitical tensions that surrounded the incident. "In the past few hours, a DDoS attack (Distributed Denial of Service) against a communications provider was identified," the Israel National Cyber Directorate said in a statement shared with Newsweek on Monday. "As a result, access to several websites, among them government websites, was denied for a short time. As of now, all of the websites have returned to normal activity."
READ THE STORY: ABC News AU
A QUICK LOOK:
The shadowy hacker group waging a cyber war against Russia
FROM THE MEDIA: Shortly after Moscow’s invasion of Ukraine, a shadowy group of hackers announced it was launching a cyber war against Vladimir Putin-led Russia. When ‘Anonymous’ announced on Twitter that it was going to “paralyze” the Russian regime and its various arms, it had more than 7.9 million followers. Since then it has gained more than half-a-million new followers. Anonymous is a decentralized international activist-and-hacktivist collective. The movement is primarily known for its various cyberattacks against several governments, institutions and agencies, and corporations. Since the start of its anti-Russia push, Anonymous has claimed responsibility for disabling prominent Russian government, news and corporate websites and leaking data from entities such as Roskomnadzor, the federal agency responsible for censoring the media. Jeremiah Fowler is a co-founder of the cybersecurity company Security Discovery. He worked with researchers at Website Planet to attempt to verify the group’s claims. “Anonymous has proven to be a very capable group that has penetrated some high value targets, records and databases in the Russian Federation,” he wrote in a report summarizing the findings.
READ THE STORY: The Federal
A QUICK LOOK:
Germany Asks Businesses to Avoid Russia's Kaspersky Antivirus Tool, Fearing Cyberattack
FROM THE MEDIA: The German Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) has announced that businesses should avoid using popular Russian antivirus software Kaspersky due to concerns that it could be used in impending cyberattacks. Moscow-based Kaspersky has in the past faced accusations of operating on behalf of the Russian government. Following a specific event in 2017, the United States banned any government usage of the service. Now, the official statement from the German authority says: “The BSI recommends replacing applications from Kaspersky’s virus protection software portfolio with alternative products.” Fears that the antivirus software could be exploited by the Kremlin to help an international IT attack prompted the BSI to issue a warning to German organizations. These charges come as Russia continues to threaten NATO, the European Union, and Germany while intensifying its invasion of Ukraine. “A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its customers,” the statement further reads.
READ THE STORY: News18
A QUICK LOOK:
We Need to Stop Talking About the Grey Zone
FROM THE MEDIA: The concept of a grey zone in international affairs has gained popularity as analysts have tried to understand how states compete for strategic advantage in a more complex and interdependent world. But war in the Ukraine has underscored how the concept now obscures more than it clarifies. The “grey zone” blurs the differences between tools of modern statecraft and doesn’t provide any guidance as to how they should be used. Talk about the grey zone began not long after Vladimir Putin started sending unmarked forces – “little green men” – into eastern Ukraine in 2014. The grey zone is the murky area in between the black-and-white categories of war and peace posited by the rules-based international order. It encompasses fuzzy domains where international rules are unclear, such as in cyber or outer space. Western governments have adopted the theory. Australia’s 2020 Defense Strategic Update reported on increasing “grey zone activities” in the Indo-Pacific which “involve military and non-military forms of assertiveness and coercion aimed at achieving strategic goals without provoking conflict”, warning of a range of threats including militarization, cyber attacks, disinformation campaigns and economic coercion.
READ THE STORY: The Interpreter
A QUICK LOOK:
Bridgestone: 'Ransomware attack' caused cyber breach
FROM THE MEDIA: Bridgestone Americas Inc. has determined that its systems were compromised late last month "as a result of a ransomware attack." The tire maker, which is ramping production back up after a Feb. 27 cyber breach on its information systems, has determined that some of its data has been compromised and dumped on a leak site. "Bridgestone Americas detected an IT security incident (and) since then, we have proactively notified federal law enforcement and are staying in communication with them," the company told Rubber News. "We have determined this incident to be the result of a ransomware attack. "We are working around the clock with external security advisors to investigate and understand the full scope and nature of the incident." The company said it has no evidence that this was a targeted attack, and it remains unclear what type of information was compromised. As part of its investigation, Bridgestone said it has determined that "the threat actor" has followed a pattern of behavior "common to attacks of this type by removing information from a limited number of Bridgestone systems."
READ THE STORY: Tire Business
A QUICK LOOK:
LokiLocker ransomware crew bursts onto the scene
FROM THE MEDIA: The mysterious LokiLocker ransomware group caught the attention of BlackBerry researchers who say the outfit could become the next cybercrime group to menace enterprises. A newly-disclosed ransomware operation is posing a threat to enterprises already saddled with a daunting threat landscape. According to a BlackBerry Threat Intelligence report, the emerging cybercrime group is running the tried and true ransomware-as-a-service (RaaS) model where operators farm out the dirty work of breaking into networks and installing the malware before handing it off for collections. BlackBerry referred to the group as "LokiLocker," noting the outfit appears to use tricks and disguises, much like the mythic Norse god Loki. BlackBerry said LokiLocker was first detected in the wild in August 2021 and was initially distributed in specialized brute-force hacking tools that attacked consumer accounts on services like Spotify and PayPal. The group expanded and now includes approximately 30 affiliates that now targets English-speaking Windows systems within enterprises. When victims are slow to pay out the ransom demand, the attackers go a step further and delete the encrypted data.
READ THE STORY: TechTarget
A QUICK LOOK:
Devil-may-care Lapsus$ gang is not the aspirational brand infosec needs
FROM THE MEDIA: he Lapsus$ cyber-crime gang, believed to be based in Brazil, until recently was best known for attacks on that country's Ministry of Health and Portuguese media outlets SIC Notices and Expresso. However, the gang is climbing up the ladder, swinging at larger targets in the tech industry. Over the past few weeks, those have included Nvidia, Samsung, and Argentine online marketplace operator Mercado Libre. Now, Lapsus$ is suspected of attacking game developer Ubisoft. Lapsus$ in February compromised Nvidia, stealing a terabyte of data that included proprietary information and employee credentials, and dumping some of the data online. The crew also demanded the GPU giant remove limits on crypto-coin mining from its graphics cards, and open-source its drivers. Days later, the group broke into Samsung, hoping to unlock the secrets of its TrustZone secure environment, and eventually leaked almost 200GB of data, including algorithms related to its biometric technologies, source code for bootloaders, activation servers, and authentication for Samsung accounts, and source code given to chip-designing partner Qualcomm.
READ THE STORY: The Register
A QUICK LOOK:
Items of interest
As China Threat Looms over Taiwan, This is How India Can Keep Global Chip Industry Afloat(Article)
FROM THE MEDIA: As the Russia-Ukraine crisis continues, questions have been raised about how this might affect China’s decision-making process on Taiwan. The island nation remains under threat from potential Chinese aggression and its lucrative semiconductor industry hangs in the balance. India, as a growing semiconductor power, must look at Taiwan closely on technology cooperation in the domain and should not shy away from building a semiconductor alliance with the country. It is imperative that Taiwan’s semiconductor industry be protected in case of external aggression by building redundancy and resiliency through partnerships with key states like India.
READ THE STORY: News18
Dirty Pipe & Nvidia's Breach(Video)
In the 21st episode of Enterprise Linux Security, Jay and Joao discuss the recent "Dirty Pipe" vulnerability, as well as Nvidia's recent breach.
Google Drive Flags Macos '.Ds_store' Files For Copyright Violation(Video)
FROM THE MEDIA: So recently, we have noticed that Google Drive is flagging '.DS-Store' files which are created by the macOS file system. Now you might be thinking about why Google Drive is doing it? Well, the reason seems to be "violation of its copyright infringement policy". If you don't know what is '.DS_Store' then let me give you a short intro about it. It is a meta data file used in Apple devices only. If you are an Apple user then you might have seen it while transferring your folders or anything from macOS to any other operating system just like Windows. Finder application of macOS automatically creates '.DS_Store' files. These files are created to store meta data like image location and icon information, and custom attributes. But mostly, macOS usually keeps this kind of file hidden.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com