Daily Drop(79)

3-18-22

Friday, March 18, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal

Cyber, fire and fury

FROM THE MEDIA: Delegates at the UN in New York have wrapped up a two-week (28 February-11 March) meeting to kick off the negotiations for a global cybercrime treaty. Overshadowed by Russia’s invasion of Ukraine – and with relations between the West and Russia at a low point – member states did nevertheless manage to achieve consensus on the negotiation’s processes, but major differences on policy remain unresolved. The crisis and human tragedy of the invasion have already left an indelible mark on this process and will shape the rest of this negotiation. The likelihood of bridging the gaps needed for a consensual and progressive outcome is under more stress than ever. The first session of the inaugural meeting of the UN Ad Hoc Committee (AHC) on 24 February was a procedural one. However, it was immediately apparent that the war would overshadow the negotiation process of the cybercrime treaty – which was itself instigated by Russia. Many delegates condemned the invasion, while some (the US and Australia, and France speaking on behalf of the EU) questioned outright how it could even be possible to negotiate with Russia in these conditions. They drew attention to reported cyberattacks in Ukraine after Russia had advanced into its territory.

READ THE STORY:  Global Initative

A QUICK LOOK: 

The Israeli-Iranian Cyber War Is Just Heating Up

FROM THE MEDIA:  In recent years, Israel and Iran’s cyber warfare campaign has evolved from clandestine computer network attacks like Stuxnet to more public attacks via cognitive warfare and influence in the social networks. Cyber has increasingly become a space for strategic confrontation between Israel and Iran—two rather advanced, cyber-capable states—over the past decade. In fact, Iran and Israel have engaged in a long-running cyber conflict throughout the last decade. The conflict started with the "Stuxnet" worm, which was aimed at Iranian nuclear facilities, and was attributed to the West, including Israel. This worm, which was exposed in 2011, disrupted the centrifuge site at Natanz. This attack is considered a watershed in cyber-attacks history and an example of a computer network attack-type (CNA) surgical attack which required cyber capabilities at the highest level.

READ THE STORY:  National Interest // Algemeiner

A QUICK LOOK:

Ukraine Satellite Internet Service Hit by Cyber Attack, Intelligence Agencies Investigating (ViaSat review)

FROM THE MEDIA: A cyber attack that disrupted international satellite internet and TV provider Viasat is being investigated by French, United States and Ukrainian intelligence services as a potential action by Russian hackers. The service interruption began on the morning of February 24 as Russian forces began direct assaults on several Ukrainian cities. The full impact of the disruption is not yet known, but at minimum satellite internet service was cut off for tens of thousands of customers throughout Europe. The attack targeted modems meant to link the satellite internet service to customers in Ukraine and other countries. Ukrainian intelligence is probing the cyber attack along with analysts from the U.S. National Security Agency (NSA) and the French cybersecurity organization ANSSI. Hacking and sabotage of the satellite internet service have been confirmed, but there has yet to be any public attribution to Russia (or ally Belarus, which has also been linked to cyber attacks during the Ukraine war). The cyber attack disabled the modems of customers interfacing with the Viasat KA-SAT satellite for their internet service.

READ THE STORY:  CPO Magazine

A QUICK LOOK: 

Russia ready to launch cyber attacks on the West in retaliation for economic sanctions

FROM THE MEDIA:  Western governments and companies need to be on a “heightened state of preparedness” for the “high probability” of cyber attacks, as economic sanctions on Russia begin to bite, a senior cyber security expert has told GB News. Russia has been accused of launching dirty tricks after Priti Patel and Ben Wallace were targeted with hoax phone calls. And it is expected Russia will soon step up its campaign against the West with cyber attacks. Critical national infrastructure and the banking sector could be the main targets of any attack ordered by Vladimir Putin, according to Richard Staynings, chief security strategist at cyber security firm, Cylera. He said: “I would say there's a fairly high probability, based upon the types of hybrid warfare that Putin and the Kremlin have executed in the past, that cyber attacks will be launched this time round. “In Chechnya in the 90s, Russia launched its cyber weapons against opposing forces. We've seen it in Georgia and South Ossetia. We've seen it in other parts of the World, where Russia has wanted to extend its influence and to coerce and to bully its neighbors or adversaries. “I think it's a weapon that's being held in reserve right now, but we certainly need to be on a heightened level of preparedness.

READ THE STORY:  GBNEWS

A QUICK LOOK:

‘TSA has screwed this up’: Pipeline cyber rules hitting major hurdles

FROM THE MEDIA:  The government’s first attempt to require pipeline companies to meet basic cybersecurity standards is floundering — a worrisome sign as the U.S. tries to strengthen cyber defenses for the sprawling collection of critical infrastructure seen as a prime target for foreign hackers. Oil and gas pipeline operators say the TSA’s cyber regulations are full of unwieldy or baffling requirements that could actually jeopardize pipeline safety and fuel supplies. Others in the energy sector, and cyber experts who help defend these systems, agree with these objections and say the TSA’s small cyber team has been overwhelmed by a flood of industry requests for workarounds. “In every sense, TSA has screwed this up,” said Robert M. Lee, the CEO of Dragos, a cybersecurity firm that works with critical infrastructure companies. “It is a giant cluster and in many ways is a perfect example of what not to do with a regulatory process.”

READ THE STORY:  Politico

A QUICK LOOK:

LokiLocker ransomware, Instagram phishing attack and new warnings from CISA

FROM THE MEDIA:  There’s never a dull moment in the world of cybersecurity but this week was busier than most. In addition to dealing with threats designed to take advantage of the war in Ukraine, companies and governments face fresh attacks from new and existing vulnerabilities on many fronts. Security researchers and the Cybersecurity and Infrastructure Security Agency (CISA) shared new information this week about these threats. Here’s a recap and recommendations about how to defend against these attacks. CISA added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog this week to draw attention to vulnerabilities bad actors are actively exploiting. These vulnerabilities are a frequent attack vector for malicious cyber attackers and pose significant risk to governments and private companies. Greg Fitzgerald, co-founder of Sevco Security, said it’s encouraging to see the government update the list but these changes won’t protect against exploits within the IT assets they’ve abandoned or forgotten about.

READ THE STORY:  Techrepublic

A QUICK LOOK:

Inside the plan to fix America’s never-ending cybersecurity failures

FROM THE MEDIA: The 2021 hack of Colonial Pipeline, the biggest fuel pipeline in the United States, ended with thousands of panicked Americans hoarding gas and a fuel shortage across the eastern seaboard. Basic cybersecurity failures let the hackers in, and then the company made the unilateral decision to pay a $5 million ransom and shut down much of the east coast’s fuel supply without consulting the US government until it was time to clean up the mess. From across the Atlantic, Ciaran Martin looked on in baffled amazement. “The brutal assessment of the Colonial hack is that the company made decisions off of narrow commercial self-interest, everything else is for the federal government to pick up,” says Martin, previously the United Kingdom’s top cybersecurity minister. Now some of the US’s top cybersecurity officials—including the White House’s current Cyber director—say the time has come for a stronger government role and regulation in cybersecurity so that fiascos like Colonial don't happen again. The change in tack comes just as the war in Ukraine, and the heightened threat of new cyberattacks from Russia, is forcing the White House to rethink how it keeps the nation safe. “We're at an inflection point,” Chris Inglis, the White House’s national cyber director and Biden’s top advisor on cybersecurity, tells MIT Technology Review in his first interview since Russia’s invasion of Ukraine. “When critical functions that serve the needs of society are at issue, some things are just not discretionary.”

READ THE STORY:  TechnologyReview

A QUICK LOOK:

Anonymous Threatens to 'Not Be Kind' to 'Russian Asset' U.S. Rep. Greene

FROM THE MEDIA:  International hacker group Anonymous has leveled a threat at Congresswoman Marjorie Taylor Greene: "History will not be kind to you, nor will we." The threat comes a day after Greene released a nearly 10-minute video in which she stated that Ukrainians are fighting "a war [against Russia] they cannot win." Her video—posted on Facebook Live hours after Ukrainian President Volodymyr Zelensky spoke to the U.S. Congress—also criticized President Joe Biden for "saber-rattling" and "dragging America into World War III" by offering financial and military support to Ukraine. While Greene's comments echoed those of other conservative pundits, they likely angered the hacker group, since the collective has actively pursued Russian cyber targets since Russia invaded Ukraine. "Russian asset Marjorie Taylor Greene will go down in history as one of the dumbest politicians ever. History will not be kind to you, nor will we," the Twitter account @YourAnonNews wrote on Wednesday afternoon. The account is one of several "decentralized" Twitter accounts associated with the group.

READ THE STORY:  newsweek

A QUICK LOOK:

Multiple Automotive Manufacturers Infected With Emotet

FROM THE MEDIA:  Telemetry from industrial systems security firm Dragos has spotted the malware command-and-control servers communicating with several automotive manufacturer systems. A wave of potential pre-ransomware activity has been spotted targeting the manufacturing sector: OT security firm Dragos warned this week of several automotive manufacturers now infected with the infamous Emotet backdoor malware that's commonly used as an initial infection vector to drop ransomware. Ransomware attackers for some time now have been training their campaigns on manufacturing companies. Dragos said it has identified Emotet command-and-control servers communicating with servers at automotive manufacturing companies. While so far there's been no sign of actual ransomware payloads getting dropped onto the manufacturers — based in North America and Japan — Dragos says the activity appears to be the possible first stage of ransomware attacks. "These Emotet servers are suspected to be controlled by the Conti ransomware group," Dragos wrote in its blog. The firm said it first spotted the traffic in December of 2021 and that it has continued through March 2022.

READ THE STORY:  Darkreading

A QUICK LOOK:

The TTPs of Conti’s initial access broker

FROM THE MEDIA: Automation might be the way to go for many things, but a recently published report by Google’s Threat Analysis Group (TAG) shows why targeted phishing campaigns performed by human operators are often successful, and how the Conti ransomware gang excels at targeting organizations with the help of an initial access broker. Exotic Lily: A threat actor specializing in gaining initial access into organizations. TAG researchers Vlad Stolyarov and Benoit Sevens have delineated the tactics, techniques and procedures (TTPs) used by an initial access broker (IAB) they dubbed Exotic Lily. Their (very consistent) modus operandi starts with registering a domain that looks like that of an existing organization – e.g., company.us (or .co, .biz, etc.) to spoof company.com.  

READ THE STORY:  Help Net Security

A QUICK LOOK:

Elon Musk humiliates Putin as Starlink becomes Ukraine's most downloaded app

FROM THE MEDIA: Elon Musk's Starlink app, which allows people access to a satellite-based internet service, has become the most-downloaded app in Ukraine, no doubt much to Vladamir Putin 's dismay. The SpaceX CEO, 50, gave Ukraine access to the satellite-internet system Starlink, comprised of some 2,000 satellites designed to bring web access to under-served areas of the world. It allows residents to bypass any internet outages, reports of which been rising across Ukraine since Russia invaded three weeks ago. Figures show that Elon's Starlink app has been downloaded almost 100,000 times in Ukraine, with global downloads more than tripling in the last couple of weeks. The billionaire has challenged Russian President Vladimir Putin to “single combat”, with the “stakes” being Ukraine, the Daily Star reports.

READ THE STORY:  Mirror

A QUICK LOOK:

Items of interest

Starlink Offers Internet Access in Times of Crisis, but Is It Just a PR Stunt?(Article)

FROM THE MEDIA: The undersea cable connecting Tonga to the global Internet and phone systems was finally restored in late February. The archipelagic nation’s access had been cut off since January 15, when the largely submerged Hunga Tonga–Hunga Ha‘apai volcano unleashed a gargantuan blast and tsunami. Powerful underwater currents, perhaps triggered by the volcano’s partial collapse, severely damaged a 50-mile stretch of the 510-mile-long undersea cable that linked Tonga to the rest of the world. Parts of the government-owned cable were cut into pieces, while other sections were blasted several miles away or buried in silt. This left most of Tonga’s 105,000 residents isolated (aside from a handful of satellite-linked devices called “Chatty Beetles” that could transmit text-based alerts and messages). When it became clear this would last more than a month, a controversial figure stepped in: In late January Elon Musk, billionaire CEO of Tesla and SpaceX, tweeted, “Could people from Tonga let us know if it is important for SpaceX to send over Starlink terminals?” Musk’s offer of this satellite Internet connectivity equipment appeared to be well-received by Tongans reeling from the disaster. Almost immediately, the company flew a team of its engineers to the remote Pacific islands.

READ THE STORY:  Scientific American

Emerging Issues in Int'l Criminal Law: Cyberwarfare(Video)

As news media report potential Russian cyberattacks on infrastructure in Ukraine, the potential of cyberoperations to have disastrous effects is increasingly apparent. In what circumstances might cyberoperations qualify as international crimes? Can cyberattacks amount to acts of aggression, and what do cyberwar crimes look like? In August 2021, a council of advisers convened by the permanent mission of Liechtenstein to the United Nations issued a report on the application of the International Criminal Court statute to cyberwarfare.

Drones in Ukraine and Cybersecurity(Video)

FROM THE MEDIA:  his week we had a wonderful discussion with veteran Paul Herrera. Paul served our country in battle and continues to serve through his company Everything Lifesaving. Join us as we get deep into conversation about how drones are being used in Ukraine, how to keep your data secure, and how technology is influencing the modern battlefield.

About this Product

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com