Sunday, March 20, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal
Is Russia holding back from cyberwar?
FROM THE MEDIA: After three weeks of fighting, Russia is beginning to deploy increasingly brutal tactics in Ukraine, including indiscriminate shelling of cities and “medieval” siege warfare. Other elements of its military strategy, however, are conspicuously absent — cyberwarfare among them. Russia has a history of employing cyberwarfare tactics, which some experts believed could feature prominently in its invasion of Ukraine. The cyberattacks launched by Russia in the conflict so far have been relatively minimal, though, and far less damaging than they could have been. While Ukrainian government websites were the target of distributed denial of service (DDoS) attacks shortly before the invasion, for example, a larger attack, possibly knocking out Ukraine’s power grid or other key infrastructure, hasn’t taken place. “I think the biggest surprise to date has been the lack of success for Russia with cyber attacks against Ukraine,” Stephen Wertheim, a senior fellow in the American Statecraft Program at the Carnegie Endowment for International Peace, told Vox. “This has not been a major part of the conflict.”
READ THE STORY: VOX
A QUICK LOOK:
Telegram, WhatsApp duck Russia bans (High Prob. Compromised)
FROM THE MEDIA: Chat platforms like WhatsApp and Telegram have avoided being blocked by Russia -- unlike some of the world's biggest social networks -- in a tenuous tolerance that experts warn could end suddenly. Years of tension between Moscow and US-based Facebook and Twitter erupted into confrontation after the invasion of Ukraine, with the platforms targeting state-tied media and then finding themselves restricted in Russia. YouTube, which has barred channels linked to Russian state media globally, was on Friday also facing a direct threat of being blocked after Russia's media regulator, Roskomnadzor, accused the site's owner Google of being "anti-Russian." Messaging apps, however, have gotten a pass so far in part because Meta-owned WhatsApp is less suited for mass communication, while Telegram's ability to blast information to large groups has made it useful both for independent media and the Kremlin.
READ THE STORY: International Business Times
A QUICK LOOK:
Ukraine’s IT Army – Everyman’s Tinker, Tailor, Soldier, Spy
FROM THE MEDIA: If you are glued to your TV set or smartphone to keep abreast of the latest news on the Russia-Ukraine war, you are not alone. So is the rest of the world, thanks to Big Tech. Be forewarned, however, that in the WYSIWYG (what you see is what you get world of computers, the real news is buried in a sea of misinformation. When this misinformation is disseminated on social media, either purposefully or through sheer ignorance stemming from a lack of critical thinking skills, it can result in significant collateral damage to social, geo-political, and economic structures. Surely, camera footage from photojournalists can capture Russian and Ukrainian tanks and troops battling it out on the ground, but is it capable of recording the much larger war that is being fought in cyberspace – a cyberwar that involves not just Russia and Ukraine but NATO countries as well?
READ THE STORY: Deccan Herald
A QUICK LOOK:
Play for Ukraine: A Game to Attack Russian Websites Gains Popularity
FROM THE MEDIA: A game developed by Ukrainian software engineers, ‘Play for Ukraine’, which crowdsources and gamifies participation in distributed denial-of-service (DDOS) attacks on specified Russian government and media websites, is now gaining popularity. Based on the popular number puzzle game 2048, in Play for Ukraine, each action by a participant from anywhere in the world aids in a DDOS attack on a particular Russian web server. According to reports, the game became live on February 28, soon after Russia began its so-called “special military operation” against Ukraine. The game developers shared several FAQs, directions to play and described the objective behind the game. It also has social media channels—Twitter, Instagram and Telegram. On its Twitter page, the developers shared a screenshot of real-time users’ data on March 16 that showed over 6,000 users in the past 30 minutes. A majority of them were mobile users (54%), followed by desktop and tablet users, 45.4% and 0.6%, respectively.
READ THE STORY: News 18
A QUICK LOOK:
Lapsus$ hack leaves NVIDIA in a tight spot
FROM THE MEDIA: According to an IBM report, ransomware was the top attack type (again) in 2021. Recently, NVIDIA confirmed the hack attack that compromised their internal systems. The infamous hacker group Lapsus$ claimed credit for the attack. Later, Lapsus$ also hacked Ubisoft. Lapsus$ broke into NVIDIA’s internal network and managed to steal sensitive data–from hashed login credentials to trade secrets. The hackers wanted NVIDIA to remove the mining hashrate limiters on their RTX 3000-series GPU as ransom. Lapsus$ said if NVIDIA failed to agree to their demand by March 4, they would leak the latter’s trade secrets. And NVIDIA didn’t submit to their ransom demand. Later, the hackers leaked NVIDIA’s official code signing certificates. Now, bad actors are using them to bypass Windows Defender’s built-in executable verification and sneak in malware. The hackers can make malicious programs look like legit NVIDIA software. Lapsus$ started leaking employee credentials and proprietary information as downloadable files on the internet. NVIDIA found out about the breach on February 23. The company also said the breach would not disrupt its business.
READ THE STORY: Analytics India Mag
A QUICK LOOK:
Researchers Warn on Risk of Using AI in Agriculture, Says Risk To Farmers, Farms and Food Security
FROM THE MEDIA: Researchers have published a study in the science journal Nature, warning that the use of Artificial Intelligence (AI) in agriculture can pose serious risks for farmers, farms, and food security, and moreover these risks are not fully understood. According to the study, deploying AI and Machine Learning (ML) at scale for agricultural use can affect small farmers as use of AI tended to be led by larger commercial farmers who have more capital to invest and ability to harvest marginal gains in productivity over larger area. However small farmers who do not have money and resources to deploy AI can be affected and there is a potential of widening the divide between large farmers and smallholders. At the same time, with freely available ML platforms like TensorFlow and PyTorchas, commercial farmers' reliance on AI may become absolutely necessary for precision agriculture. While TensorFlow is developed by Google, PyTorchas is an open-source ML framework developed by Facebook's AI Research lab.
READ THE STORY: Indian Web 2
A QUICK LOOK:
Fiat is Far More Common Than Bitcoin for Money Laundering, Confirms US Treasury Department
FROM THE MEDIA: Earlier this month, the US Treasury Department released three-yearly reports covering money laundering, terrorist financing, and proliferation financing – all of which extensively discussed virtual assets. While noting many of their risks in these areas, they note that fiat currency and traditional networks are still far more commonly used than crypto in illicit finance. The National Money Laundering Risk Assessment named “virtual assets” as an ever-evolving world within money launderers’ growing toolkit for hiding their funds. It specifically named DeFi and “anonymity enhancing technologies” as potential culprits. Virtual assets have also reportedly played a significant role in both phishing attacks and ransomware scams throughout the pandemic. Nefarious actors may use promises of gains from the volatile crypto market to bait victims into revealing their personal information or to plant malware on their devices. Then, the attackers may demand to be paid in crypto after attacking, which is both pseudonymous and irreversible.
READ THE STORY: Crypto Potato
A QUICK LOOK:
TransUnion faces R10-million fine for hack
FROM THE MEDIA: Credit bureau TransUnion could be slapped with a R10-million fine after it suffered a data breach that compromised the personal information of millions of South Africans, the Information Regulator of South Africa has said. The company confirmed on Thursday that a criminal third party had gained access to one of its servers by using an authorized client’s credentials. “We have received an extortion demand, and it will not be paid,” TransUnion South Africa confirmed. N4ugthysecTU, a group claiming to be based in Brazil, took responsibility for the attack and demanded $15-million (R223-million) in Bitcoin to prevent the data from being leaked online. According to the attackers, they have obtained 4TB of data, including identity information of 54 million South Africans. TransUnion initially informed customers that the affected data might include telephone numbers, email addresses, identity numbers, and physical addresses.
READ THE STORY: MyBroadband
A QUICK LOOK:
Anonymous: How hackers are trying to undermine Putin
FROM THE MEDIA: The Anonymous hacktivist collective has been bombarding Russia with cyber-attacks since declaring "cyber war" on President Vladimir Putin in retaliation for the invasion of Ukraine. Several people operating under its banner spoke to the BBC about their motives, tactics and plans. Of all the cyber-attacks carried out since the Ukraine conflict started, an Anonymous hack on Russian TV networks stands out. The hack was captured in a short video clip which shows normal programming interrupted with images of bombs exploding in Ukraine and soldiers talking about the horrors of the conflict. The video began circulating on the 26 February and was shared by Anonymous social media accounts with millions of followers. "JUST IN: #Russian state TV channels have been hacked by #Anonymous to broadcast the truth about what happens in #Ukraine," one post read. It quickly racked up millions of views.
READ THE STORY: BBC
A QUICK LOOK:
Android Devices Running On Chinese UNISOC Chips Have Critical Security Error
FROM THE MEDIA: A mobile security firm has raised alerts to users who have purchased smartphones powered by a UNISOC chipset. These chipsets have a critical security error that allows bad actors to access system and call logs, text messages, contacts and other private data. Keep reading to know more about the error and the devices that can be affected by it. On March 15, 2022, a mobile security and privacy solutions company Kryptowire announced that they "have identified a critical security and privacy vulnerability affecting mobile devices with UNISOC, China's largest designer of chips for mobile phones." Adding to it, the firm says that "the vulnerability within the chipset, if exploited, allows malicious actors to take control over user data and device functionality." This is bad news for Android smartphones that run on UNISOC chipsets, even in India.
READ THE STORY: Republic World
A QUICK LOOK:
Items of interest
Is the West Weaponizing Ukrainian Nationalism to Checkmate Russia?(Article)
FROM THE MEDIA: The conflict in Ukraine has rolls over to fourth week of devastation, resulting in over three million refugees, numerous military and civilian casualties, and intermittent reconciliatory tones of hopeful dialogue, alternated with rhetoric from opposing sides to continue fighting. While the West continues to give standing ovations to President Zelensky’s emotional speeches and responds with a package of military hardware and funds, it is pouring fuel to the fire by prolonging global agony and encouraging Ukrainians to fight to the death in order to weaken Russia. While NATO can claim that Ukraine is not part of it; hence its not obligated to join fight with Russia through ‘No Fly Zone’ as repeatedly requested by Zelensky, risking the potential to trigger Third World War/Nuclear war, but NATO is very much part of the conflict through economic war, information war, diplomatic war, political war and other instruments of Non-contact warfare. Any offensive into another sovereign country has disastrous consequences for the people and must be condemned, whether it’s current Russian offensive in Ukraine or earlier NATO invasions in Iraq and other parts of MENA. With few security guarantees, this was avoidable, but the big power contestation continues to spiral it, with display of heroics of President Zelensky, failing to read the extent, depth, and impact of Western support and President Putin’s resolve, least realising that the nationalism and his peoples resolve is being used as an instrument to prolong an unwinnable, proxy war, leading his country to disaster. The war of narrative seems getting dangerous with references to nuclear, biological and chemical dimensions in heated exchanges/allegations.
READ THE STORY: Modern diplomacy
How China Used a Tiny Chip to Infiltrate Amazon and Apple -2018(Video)
Steve Grobman, McAfee's chief technology officer, comments on the Bloomberg Businessweek investigation that showed Chinese hackers implanted tiny microchips on servers that made their way into data centers at Amazon.com Inc., Apple Inc. and other companies. He speaks with Bloomberg's Emily Chang and Jordan Robertson on "Bloomberg Technology."
The Real Danger of Using Telegram App Instead of WhatsApp(Video)
FROM THE MEDIA: There is a reason these apps are allowed in Russia.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com