Daily Drop(86)

3-26-22

Saturday, March 26, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal

Cyber War Wide Open as Ukraine Loudly Pwns Russian Assets

FROM THE MEDIA: In multiple channels I keep getting updates about a “hidden” cyber war, with “little” visibility” and how “quiet” attacks are when they run over networks instead of roads or through forests. Nothing could be further from the truth. The Ukraine war is the loudest and most obvious integration of cyber (information technology) into conflict I have ever seen. To be fair, I have studied war for more than three decades and earned two degrees in the topic before spending all my professional life engaged in many forms of hot and cold power disputes related to technology. Perhaps I see things differently. It reminds me, for example, of my post about the Allied troops laughing out loud in 1942 about how incompetent Rommel was, versus people today trying to see Rommel as something more than a failure. Perhaps someday in the future a journeyman will read the news that I see today and wonder who was reading it.

READ THE STORY:  Security Boulevard

A QUICK LOOK: 

Italian rail operator stops ticket sales after suspected cyberattack

FROM THE MEDIA:  Suspicious activity on the company’s network indicated an assault similar to those using the CryptoLocker malware. ‘Since this morning, elements that could be linked to a Cryptolocker infection have been detected on the computer network of Trenitalia and RFI,’ the FS said. ‘The network is currently being checked,’ it added. Unnamed security officials told Italian news agency Ansa that the type of attack indicated Russian hackers were likely behind it. It’s unclear if the attack is related to the conflict in Ukraine. As a precaution, FS temporarily shuttered ticket booths and turned off self-service ticketing. However, online sales were functioning normally, and passengers could still buy tickets from the conductor. FS added that the incident had no impact on train traffic, which was running smoothly. The network is currently being examined. Trenitalia told Italian website Cybersecurity360 that some self-services were securely reactivated on Thursday. A company representative said no ransom letter had been received and the damage was very limited. The spokesperson added that the commercial network was isolated following the detection of the attack to prevent the ransomware from spreading. They added that FS would only reactivate the network after ensuring that no trace of ransomware is left in the system.

READ THE STORY:  Echo // National Cyber Security News

A QUICK LOOK:

Statement on the US Department of Justice indictment of cyber actors

FROM THE MEDIA: The Australian Government is concerned about global malicious cyber intrusions, as detailed in the indictments by the United States Department of Justice. The indictments note the US Department of Justice is bringing criminal charges against four individuals working on behalf of the Russian government for their respective roles in separate cyber campaigns that targeted the global energy sector between 2012 and 2018. In total, the hacking campaigns outlined in the indictment targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries, including Australia. One indictment concerns the alleged efforts of an employee of a Russian Ministry of Defense research institute and his co-conspirators to damage critical infrastructure outside the United States. The second indictment concerns the actions of three officers of the Russian Federal Security Service (FSB) and their co-conspirators to target and compromise the computers of hundreds of entities related to the energy sector worldwide.

READ THE STORY:  Foreign Minister AU

A QUICK LOOK: 

‘Don’t Leave the Space Open’ — How the West Can Defeat Putin in Cyberspace and Beyond

FROM THE MEDIA:  Victories in cyber and information warfare should be a model for confronting the Russian military, says Molly McKew, a longtime adviser to former Soviet republics on information warfare. Many aspects of Russia’s war against Ukraine have surprised analysts in the West, from the fact that the Russian offensive ran aground to the lack of a cyberwar to the fact that the invasion happened at all. But Molly McKew isn’t one of those people — she’s been arguing for years that Russia was at war with the West and that the primary battlefield was the information space and cyberspace. Since those warnings now seem prescient, I went back to her this week to ask what has surprised her about this conflict. One of those things is good news — that the West, led by the United States, has learned some important new tricks to counter the Russians, from dismantling their cyber networks to undermining disinformation with real information.

READ THE STORY:  Politico

A QUICK LOOK:

Ransomware actors steal detention slips in Illinois K-12 hack

FROM THE MEDIA:  New details on a January ransomware attack on a school district in central Illinois show that while malicious actors were successful in exfiltrating thousands of documents and posting them to a leak site in hopes of extorting the district, most the documents do not appear to be very potent. According to DataBreaches.net, a site affiliated with the ransomware gang Vice Society posted more than 3,000 documents taken from the Griggsville-Perry School District, which sits about an hour west of Springfield. But while some of the documents appeared to be enrollment lists showing students names, many more were files related to various school functions that didn’t contain any information that would be considered personally identifying information — like dates of birth or Social Security numbers — under the Family Educational Rights and Privacy Act. (Names that appear on an enrollment sheet without any other data are considered directory information.) Other ransomware attacks against K-12 districts have exposed students’ and teachers’ personal information, such as a September 2020 incident affecting Fairfax County, Virginia, Public Schools, in which some employees’ Social Security numbers were posted online. And last year, hackers targeting a school district in Allen, Texas, made emailed local parents with threats to expose their kids’ personal information if educators did not pay a ransom.

READ THE STORY:  StateScoop

A QUICK LOOK:

‘Precursor malware’ infection may be sign you're about to get ransomware, says startup

FROM THE MEDIA: Ransomware is among the most feared of the myriad cyberthreats circulating today, putting critical data at risk and costing some enterprises tens of millions of dollars in damage and ransoms paid. However, ransomware doesn't occur in a vacuum, according to security startup Lumu Technologies. A ransomware infection is usually preceded by what Lumu founder and CEO Ricardo Villadiego calls "precursor malware," essentially reconnaissance malicious code that has been around for a while and which lays the groundwork for the full ransomware campaign to come. Find and remediate that precursor malware and a company can ward off the ransomware attack is the theory. "The moment you see your network – and by network, I mean the network defined the modern times, whatever you have on premises, whatever is out in the clouds, whatever you have with your remote users – when you see any assets from your network contacting an adversarial infrastructure, eliminate that contact because that puts you in your zone of maximum resistance to attacks," Villadiego told The Register.

READ THE STORY:  The Register

A QUICK LOOK:

Elon Musk says successfully resisted Starlink jamming, hacking attempts in Ukraine

FROM THE MEDIA: Tech billionaire Elon Musk had warned earlier this month that his communications satellite Starlink, the only non-Russian system working in war-torn Ukraine, had a high probability of being targeted by hackers. Today, in a tweet, the SpaceX CEO said that Starlink has successfully resisted all jamming and hacking attempts so far. Tesla CEO was replying to a news report that claimed that Russian military had hacked satellite communication devices in Ukraine at the onset of the war when he said his company has still been able to keep hackers at bay. “Starlink, at least so far, has resisted all hacking and jamming attempts,” Musk, 50, tweeted. Earlier this month, Musk had tweeted out a warning. “Important warning: Starlink is the only non-Russian communications system still working in some parts of Ukraine, so probability of being targeted is high. Please use with caution,” the tweet read. The following day, Musk said that SpaceX, that operates Starlink, has been reprioritized to cyber defense and overcoming signal jamming. The step will cause slight delays in Starship and Starlink V2, Musk gave a heads up.

READ THE STORY:  Money Control

A QUICK LOOK:

Russia’s space weapons may be the next frontier in the Ukraine conflict

FROM THE MEDIA:  As a fierce Ukrainian resistance frustrates Russia’s invading military, it is critical for the West to fully understand a fourth domain where the Kremlin might try to gain superiority through its toolkit of aggression: space. This is particularly vital since space capabilities also enable Moscow’s nuclear infrastructure, which Russian President Vladimir Putin has put on high alert. Space assets like GPS signals are important for, among other things, Ukrainian unmanned aircraft that could be used to target Russian artillery. It isn’t a stretch to imagine that Russia might try to use space capabilities against Ukraine. Here’s a look at Russia’s possible range of space weapons and how the West can respond, both to blunt attacks and hold Moscow accountable. Though Russia’s billion-plus-dollar military space program has faced setbacks over the years, it has recently shifted its focus to capabilities that allow it to jam or interfere with other nations’ space assets. Some reports suggest that Russia has already attempted GPS jamming and spoofing—faking geographical coordinates—in Ukraine. This can degrade critical unmanned aircraft operations and weapons use by Ukraine, while concealing Russian troop movements.

READ THE STORY:  Atlantic Council

A QUICK LOOK:

Cyber Snipers: Anonymous Claims to Have Hacked Russia Central Bank, Threatens to Out Secret Papers

FROM THE MEDIA:  This week, a Twitter account claiming to be affiliated with nebulous hacking group Anonymous stated that it had hacked Russia’s central bank and planned to disclose 35,000 papers exposing “secret agreements" over the following 48 hours. In a video released shortly after Russia invaded Ukraine a month ago, the hackers’ group declared cyberwar on Russian President Vladimir Putin. In late February, Anonymous declared in a video on Twitter: “Soon you will feel the wrath of the world’s hackers.” So far, the organization claims to have followed through on its threat. Hackers belonging to Anonymous said they hacked Russian state TV networks and momentarily halted programming to show footage of Ukrainian buildings being attacked in an interview with the BBC earlier this week. The Russian government maintains tight control over the country’s media, while Putin passed a law earlier this month that makes reporting that contradicts the government’s official stance on the Ukraine conflict illegal.

READ THE STORY:  News 18

A QUICK LOOK:

Unsealed DOJ documents offer stark warning about Russian cyberattacks

FROM THE MEDIA: The United States has indicted three Russian intelligence officers for their role in a yearslong, global hacking campaign that targeted some 500 energy companies both in the U.S. and across more than 130 countries, according to the Department of Justice. According to one indictment, newly unsealed on Thursday, the alleged Russian FSB operatives — Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov — worked for years to hack energy firms in a bid to further Russia’s effort to “maintain surreptitious, unauthorized and persistent access” to energy industry networks. Their targets spanned at least 500 entities, prosecutors said, and included the U.S. Nuclear Regulatory Commission and a nuclear plant in Kansas, where one official said they allegedly breached the company’s business network but stopped short of gaining access to its control systems. Though the identities of the alleged FSB operatives have previously been disclosed, the DOJ chose to unseal the indictments as part of a broader effort to warn the public about the scope and severity of Russia’s malign cyberactivity.

READ THE STORY:  Washington Examiner

A QUICK LOOK:

Items of interest

FCC Declares Kaspersky “threat to U.S. national security”(Article)

FROM THE MEDIA: Kaspersky in 2018 lost its rather stupid lawsuit that claimed the U.S. government couldn’t prohibit products harmful to society. U.S. District Court Judge Colleen Kollar-Kotelly wrote in her May 30 opinion that U.S. networks and computer systems are “extremely important strategic national assets” whose security depends on the government’s ability to act swiftly against potential threats, even if such actions cause adverse affects for third-party providers like Kaspersky Labs. “These defensive actions may very well have adverse consequences for some third-parties. But that does not make them unconstitutional,” Kollar-Kotelly wrote. On a related note the Americans I know who foolishly agreed to attend Kaspersky CEO’s invite-only security “bash” on a tropical island… experienced food poisoning and severe illness. Today’s news is that under a 2019 law the FCC has just formally added AO Kaspersky Lab along with China Telecom and China Mobile to a national security threat list. Kaspersky also was in the news recently for German government advisory against using it, and their CEO making a tone-deaf message about the Ukraine war.

READ THE STORY:  SecurityBoulevard

America's Infrastructure Is Crumbling(Video)

America’s infrastructure is in desperate need of more than $4 trillion in upgrades and improvements. President Trump campaigned heavily on overhauling the country's crumbling infrastructure and promised to invest big to fix it. VICE correspondent Thomas Morton explores the most vital bridges, tunnels, and waterways in the U.S. to see how much the situation has deteriorated and to find out if the Trump Administration's promise is being kept.

Why is US INFRASTRUCTURE so BAD? (And what is BIDEN’s plan?)(Video)

FROM THE MEDIA:  In the United States, the world's leading power, it is quite normal to have to drive on roads full of potholes, railway accidents are not uncommon and bridges that fall down due to lack of maintenance are far more common than you would expect in a country with so many economic resources. That is why every president for decades has listed infrastructure renewal as a national priority. Despite this, however, little has actually been achieved when it comes down to it. Now, the new President of the United States, Joe Biden, hopes to change that trend. Taking advantage of the Democratic majority in the House of Representatives and also in the Senate, the Biden administration has presented a macro plan of more than Two trillion dollars. But why does the US infrastructure have so many problems, what exactly does Biden's plan consist of, and will it really succeed in reversing the growing decay of a lot of US infrastructure? In this video we tell you all the details.

About this Product

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com