Wednesday, March 23, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal
Taking the fight to Russia online
FROM THE MEDIA: In an interconnected world, the tech sector has a role to play when diplomacy fails and fighting starts. Russia's invasion of Ukraine has appalled people all over the world, prompting unified condemnation from Western nations and widespread economic sanctions. Likewise, tech giants such as Google, Apple, SpaceX and the independent tech community are banding together to fight back and support people inside Ukraine and those seeking to flee. Google: Aside from providing $US15 million in donations and in-kind support, Google has taken multiple steps to help people through added security protections and updated search and map functions. It has launched an SOS alert on Search throughout Ukraine, which directs people to United Nations information for refugees and asylum seekers. It has also disabled Maps features such as traffic and congestion information in Ukraine to avoid putting communities at risk.
READ THE STORY: Business News
A QUICK LOOK:
Hacktivists, new and veteran, target Russia with one of cyber’s oldest tools
FROM THE MEDIA: Distributed denial of service attacks aren't sophisticated, but they can still be effective for people looking to join the fight. M, a Ukrainian engineer in his early 20s, is not healthy enough to enlist in the military. So every day, he sits down at his computer to do what he can as part of Ukraine’s IT army, an informal group of volunteer hackers whose job it is to wreak as much havoc on Russian websites as possible. “I try to do whatever I can, whatever I can reach to end the war, to stop it, to stop killing Ukrainian people,” said M, who asked to use only an initial from his first name out of fear for the safety of him and his family. M's tool is a simple one: Flooding Russian websites with fake web traffic, an old and basic cyberattack more commonly known as a distributed denial of service, or DDoS. He can execute it from the computer in his bedroom in Lviv, Ukraine. Though unsophisticated, the DDoS attack has had a renaissance during the opening weeks of Russia’s invasion of Ukraine. And though the attacks do not tend to do much damage — many websites can either mitigate the attacks or come back online quickly — they’re a way for almost any hacktivist to participate.
READ THE STORY: NBCNEWS
A QUICK LOOK:
US arrested a Russian hacker accused of selling stolen digital data.
FROM THE MEDIA: Igor Dekhtyarchuk, 23, was part of the FBI's most wanted hacker list. An undercover agent carried out the special operation in which he managed to find the tech pirate. A 23-year-old Russian man has been indicted in the Eastern District of Texas for offenses related to operating a cyber-criminal marketplace that sold thousands of stolen login credentials, personal identifiable information, and authentication tools, announced Eastern District of Texas U.S. Attorney Brit Featherston. Igor Dekhtyarchuk, a resident and national of the Russian Federation (Russia), was named in an indictment returned by a federal grand jury on March 16, 2022, charging him with offenses related to operating a cyber-criminal marketplace that sold thousands of stolen login credentials, personal identifiable information, and authentication tools.
READ THE STORY: DOJ // INFOBAE
A QUICK LOOK:
Lapsus$ Data Kidnappers Claim Snatches From Microsoft, Okta
FROM THE MEDIA: Lapsus$ shared screenshots of internal Okta systems and 40Gb of purportedly stolen Microsoft data on Bing, Bing Maps and Cortana. Both Microsoft and Okta are investigating claims by the new, precocious data extortion group Lapsus$ that the gang has breached their systems. Lapsus$ claimed to have gotten itself “superuser/admin” access to internal systems at authentication firm Okta. It also posted 40GB worth of files to its Telegram channel, including screenshots and source code, of what the group said is Microsoft’s internal projects and systems. The news was first reported by Vice and Reuters. Okta confirmed on Tuesday that it had been hit and that some customers may have been affected. The scope of the breach isn’t yet clear, but it could be huge: According to Okta, it has hundreds of millions of users that use its platform to provide access to networks, including employees at thousands of large companies such as Fedex, Moody’s, T-Mobile, Hewlett Packard Enterprise and GrubHub, to name a few.
READ THE STORY: Threatpost
A QUICK LOOK:
Ransomware Group Claims Major Okta Breach
FROM THE MEDIA: A ransomware group's claims this week that it had stolen source code from Microsoft and had — at least at one point — gained control of a superuser account at identity authentication provider Okta has stirred widespread concern within the security industry. Some have described the incident at Okta — which the company’s CEO, Todd McKinnon, confirmed via Twitter on Tuesday — as especially worrisome given how some of the world's largest organizations use its technology for authenticating access to their systems and data. One researcher who analyzed screenshots that the ransomware group posted Monday said they indicated the attackers had used a third-party customer support engineer's system to gain access to an Okta back-end administrative panel for managing customers — among other things. But Okta's CSO David Bradbury in an updated statement on Tuesday described the incident as relatively minor and said that Okta customers needed to take no corrective actions because of the incident. He said a service provider that Okta hired to investigate the incident found the attackers had access to a support engineer's laptop for a five-day window of time between Jan. 16 and 21, 2022. But the access would not have allowed the attackers to take actions like creating or deleting users or downloading customer databases. Support engineers can facilitate the resetting of passwords — including multifactor authentication — but they do not have access to those passwords, Bradbury said.
READ THE STORY: Darkreading
A QUICK LOOK:
Ukraine war opened door to Starlink: SpaceX President Gwynne Shotwell
FROM THE MEDIA: SpaceX President Gwynne Shotwell has said that SpaceX was already close to offering internet service in Ukraine, but Russia’s invasion accelerated the process. Shotwell revealed this at the Satellite 2022 conference in Washington as reported by Bloomberg. “We were close to getting the approvals to offer service but the documents weren’t all signed," Gwynne Shotwell said. Russia's invading army destroyed much of Ukraine’s infrastructure and SpaceX’s Starlink service was one of the options Ukraine’s government sought. SpaceX activated the Starlink service on Feb. 26, the same day Ukrainian Deputy Prime Minister Mykhailo Fedorov implored SpaceX founder Elon Musk on Twitter to send Starlink terminals to help provide Internet service after Russia’s invasion two days earlier. SpaceX's Starlink too uses low earth orbit satellites to provide internet access to regions that are underserved or hard to reach for other service providers France and Poland are helping to fund Starlink terminal shipments to Ukraine, Shotwell told the New York Times. The company has “thousands" of terminals in Ukraine, a CNBC reporter tweeted, quoting Shotwell.
READ THE STORY: Mint
A QUICK LOOK:
Ukraine Just Captured Part Of One Of Russia's Most Capable Electronic Warfare Systems
FROM THE MEDIA: A curious 'container' that Ukrainian troops captured today looks to actually represent a significant Russian loss and a potential intelligence goldmine. What Ukraine's forces found looks to be a containerized command post that is part of the Krasukha-4 mobile electronic warfare system. The Krasukha-4 is primarily designed to detect and jam large radars, such as those on airborne early warning and control aircraft, such as the U.S. Air Force's E-3 Sentry, and spy satellites. Ukrainian forces reportedly found this command post container outside of the capital Kyiv. Twitter user @UAWeapons was among the first to identify it as most likely being a component of the Krasukha-4 system, which is also known by nomenclature 1RL257, based on a picture that had emerged online. A complete Krasukha-4 consists of two vehicles, both based on the 8x8 KAMAZ-6350 truck, one with the electronic warfare (EW) system and the other carrying the command post module.
READ THE STORY: The Drive
A QUICK LOOK:
FBI 'concerned' about Russian cyberattacks on critical US infrastructure
FROM THE MEDIA: FBI Director Christopher Wray said Tuesday the FBI is "concerned' with the possibility of Russian cyberattacks against critical U.S. infrastructure in the wake of Russia's war with Ukraine. "The reason we're concerned about it is not just based on our longstanding understanding of how the Russians operate, but it's actually the product of specific investigative work and surveillance work that we've been doing all together," Wray told an audience at the Detroit Economic Club. "Most cyberattacks don't just happen in an instant. There's activity that leads up to it. There's scanning and researching, researching a victim, scanning for vulnerabilities and systems. There's developing access to those systems. So, there's a whole range of preparatory work, which is what we've been seeing," he said.
READ THE STORY: ABCNEWS
A QUICK LOOK:
Russian news website blames hack for report of nearly 10,000 army deaths in Ukraine
FROM THE MEDIA: A Russian newspaper has accused hackers of planting fake news on its website after a report appeared there for more than six hours saying nearly 10,000 Russian soldiers had been killed in Ukraine. An article on the site of tabloid paper Komsomolskaya Pravda, captured by a web archive tool, quoted the Russian defense ministry as saying 9,861 Russian servicemen have been killed and 16,153 wounded in what Moscow calls its special military operation in Ukraine. Those figures had been removed from a version of the same article visible on the website on Tuesday. Instead, an advisory said: "On March 21, access to the administrator interface was hacked on the Komsomolskaya Pravda website and a fake insert was made in this publication about the situation around the special operation in Ukraine. The inaccurate information was immediately removed." If the figures were true, the Russian death toll from the 27-day-old war in Ukraine would equate to about two-thirds of the estimated 15,000 servicemen who died during the 10-year Soviet occupation of Afghanistan from 1979.
READ THE STORY: Reuters
A QUICK LOOK:
HubSpot hacked, putting major crypto firms at risk
FROM THE MEDIA: HubSpot suffered a cyberattack that saw data belonging to a number of high-profile cryptocurrency businesses taken, the company confirmed. In a blog post, HubSpot said that a bad actor compromised an account of one of its employees, and used it to target its customers in the cryptocurrency industry. HubSpot claims data was exported from “fewer than 30 HubSpot portals,” and that the company notified all affected firms, terminated the account, and reworked its account privileges to make sure something like this doesn’t repeat. Although HubSpot did not say which companies were affected, some media managed to discover a few names. Decrypt published a letter that Pantera Capital, an American hedge fund that specializes in cryptocurrencies, sent out to its customers, which said "Pantera uses Hubspot as a client relationship management platform. The information that may have been accessed includes first and last names, email addresses, mailing addresses, phone numbers, and regulatory classifications,"
READ THE STORY: Techradar
A QUICK LOOK:
Items of interest
Ukraine conflict presents a minefield for Anonymous and hacktivists(Article)
FROM THE MEDIA: The Russian invasion of Ukraine has sparked a surge of volunteer hackers, or hacktivists, battling on the digital frontline with Moscow. Groups such as Anonymous, Squad303 and Cyber Partisan have carried out several cyberattacks against Russian targets over the past few weeks. But these highly publicized attacks against Russian sites also pose a danger. Weeks after declaring an “electronic war” on the “Kremlin’s criminal regime”, Anonymous – a hacking collective – claimed to have hacked 2,500 Russian and Belarusian government, state media and other sites “in support of Ukraine”. The claim, which was posted on Twitter on March 17, was impossible to verify. Corroborating assertions by a decentralized collective of anonymous hacktivists – which anyone can claim to be – is extremely difficult.
READ THE STORY: France 24
Ukrainian forces captured Russian Torn-1 electronic warfare(Video)
Ukrainian forces captured Russian Torn-1 electronic warfare.
Hacktivist group breached Russian printers(Video)
FROM THE MEDIA: Hacktivist group GhostSec has apparently decided that even in modern warfare the pen is mightier than the sword, and is claiming to have remotely hijacked more than 300 Russian printers, forcing them to run antiwar messages until their ink runs dry.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com