Sunday, March 27, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal
Feds allege destructive Russian hackers targeted US oil refineries
FROM THE MEDIA: For years, the hackers behind the malware known as Triton or Trisis have stood out as a uniquely dangerous threat to critical infrastructure: a group of digital intruders who attempted to sabotage industrial safety systems, with physical, potentially catastrophic results. Now the US Department of Justice has put a name to one of the hackers in that group—and confirmed the hackers' targets included a US company that owns multiple oil refineries. On Thursday, just days after the White House warned of potential cyberattacks on US critical infrastructure by the Russian government in retaliation for new sanctions against the country, the Justice Department unsealed a pair of indictments that together outline a years-long campaign of Russian hacking of US energy facilities. In one set of charges, filed in August 2021, authorities name three officers of Russia's FSB intelligence agency accused of being members of a notorious hacking group known as Berserk Bear, Dragonfly 2.0, or Havex, known for targeting electrical utilities and other critical infrastructure worldwide, and widely suspected of working in the service of the Russian government.
READ THE STORY: Arstechnica
A QUICK LOOK:
'Preparation, not panic': Top US cyber official asks Americans to look out for Russian hacking efforts
FROM THE MEDIA: The US government is wary about the possibility of a Russian cyberattack on US critical infrastructure paired with Kremlin attempts to spread disinformation about any incident's effects to sow panic among Americans, a top US cyber official told CNN. "All businesses, all critical infrastructure owners and operators need to assume that disruptive cyber activity is something that the Russians are thinking about, that are preparing for, that are exploring options, as the President said," Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said in an exclusive interview with CNN's Pamela Brown. "That's why we are so focused on making sure that everybody understands the potential for this disruptive cyber activity," Easterly said. "And it's not about panic. It's about preparation." Easterly pointed to the example of a cybercriminal attack on Colonial Pipeline last year, which shut down delivery of fuel to the East Coast for days and led to Americans hoarding gasoline.
READ THE STORY: CNN
A QUICK LOOK:
Okta: "We made a mistake" delaying the Lapsus$ hack disclosures
FROM THE MEDIA: Okta has admitted that it made a mistake delaying the disclosure hack from the Lapsus$ data extortion group that took place in January. Additionally, the company has provided a detailed timeline of the incident and its investigation activities. On Friday, Okta expressed regret for not disclosing details about the Lapsus$ hack sooner and shared a detailed timeline of the incident and its investigation. The hack from the Lapsus$ data extortion group originated at Sitel, Okta's third-party provider of customer support services. "On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer's Okta account. This factor was a password," explains Okta. "Although that individual attempt was unsuccessful, out of an abundance of caution, we reset the account and notified Sitel" who further engaged a leading forensic firm to perform an investigation. "We want to acknowledge that we made a mistake," states Okta, further admitting that it is ultimately responsible for its contracted service providers like Sitel. Okta claims that in January it wasn't aware of the extent of the incident which, the company believed, was limited to an unsuccessful account takeover attempt targeting a Sitel support engineer.
READ THE STORY: Bleeping Computer
A QUICK LOOK:
Elon Musk Raises Question Against Twitter Over Free Speech; 'Is A New Platform Needed?'
FROM THE MEDIA: Raising questions against microblogging site Twitter, Tech billionaire Elon Musk on Saturday hinted at a need for 'a new platform'. On Friday, March 25, Musk had initiated a poll asking to vote if users 'believe Twitter rigorously adheres' to the principle under the subject of 'free speech under democracy'. The poll results showed that 70% of the 2,035,924 citizens voted 'No'. 'Is a new platform needed?' tweeted Tesla chief Elon Musk, which has now become a highlight. "Given that Twitter serves as the de facto public town square, failing to adhere to free speech principles fundamentally undermines democracy. What should be done?" he asked in one other post. Some of the replies to this question asked Musk to 'buy twitter or please build one'. While another user, Eric Weinstein said, "We need to invent something that fills this space that hasn’t existed…yet." Congresswoman representing Georgia’s 14th District - Marjorie Taylor Greene's Twitter account commented, "It's time to end the U.S. Intelligence operations against America."
READ THE STORY: Republic World
A QUICK LOOK:
An estimated three million customers affected by TransUnion breach
FROM THE MEDIA: As part of their ongoing investigation to the recent data breach at TransUnion South Africa, the credit bureau says it can confirm at least three million consumers could be impacted. TransUnion made the confirmation in a recent statement addressing the cyber incident that saw a group hack TransUnion servers and gain access to the personal records of 54 million people containing data such as ID numbers, dates of birth, gender, contact details, marital status and information. The identity of people’s employers, their duration of employment, their vehicle finance contract numbers, and VIN numbers may also be contained in the data set. “Based on our investigation to date, we believe that the incident impacted an isolated server holding limited data from our South African business. We believe that the 54 million records relate to a 2017 data incident unrelated to TransUnion,” said the credit bureau in a statement. “At present, we have no evidence to suggest this incident extends further than Africa.” What happened to TransUnion South Africa?According to reports, a server belonging to the South African arm of the global agency was accessed by a “criminal third party” identified as N4aughtysecTU, a group that claims to be from Brazil.
READ THE STORY: Citizen
A QUICK LOOK:
Why Telegram became the go-to app for Ukrainians – despite being rife with Russian disinformation
FROM THE MEDIA: End-to-end encryption has enabled illegal activity on the app including by extremist groups such as the Islamic State. One study found the number of Telegram groups or channels shared in darkweb cybercrime and hacking forums increased from 172,035 in 2020, to more than one million in 2021.Telegram provides criminals and hackers the same opportunities as the Darknet, VPNs and proxy servers all of these tools make it difficult to trace the location of a cybercriminal, and therefore hinder efforts to gather intelligence. Telegram is also valuable for Ukraine’s military, as it can help circumvent Russian surveillance and conduct intelligence operations. For weeks, Russia's military assault on Ukraine has been complemented by full-fledged information warfare. The Kremlin has propagandized Russian state media and is trying to control the narrative online too. We've seen a bombardment of "imposter content" circulating – including fake news reports and deepfake videos – while Ukrainians and the rest of the world have scrambled to find ways to tell the real story of the invasion.
READ THE STORY: DEVDISCOURSE
A QUICK LOOK:
Elon Musk said it would not be easy for Russia and China to 'take out' Starlink satellites if they attempted to
FROM THE MEDIA: Elon Musk reacted quickly when he was asked by Ukraine's digital minister to send Starlink systems as Russia invaded the country. In an interview with Mathias Döpfner, the CEO Axel Springer, Insider's parent company, the SpaceX and Tesla founder discussed Russia's invasion of Ukraine, space travel, and what makes human beings special. Prompted on whether there would be a potential threat if Starlink satellites were targeted by Russia and China, Musk said: "It was interesting to view the Russia anti-satellite demonstration a few months ago in the context of this conflict." "It caused a lot of strife for satellite operators. It even had some danger for the space station, where there are Russian cosmonauts," he added. The Starlink satellite system is helping an elite Ukrainian drone unit destroy Russian weaponry, Insider previously reported. The system ensures drone teams can work even if there are internet or power outages. However, Musk warned Starlink users in Ukraine that they should turn to the system "only when needed," as they may be targeted in the ongoing war.
READ THE STORY: Business Insider
A QUICK LOOK:
FCC lists Kaspersky as a national security threat
FROM THE MEDIA: The cybersecurity company Kaspersky Labs has become the first Russian company to make the U.S. Federal Communications Commission (FCC) list of entities that present an “unacceptable risk to US national security.” The list is dominated by Chinese companies, including the likes of Huawei and ZTE, and indeed Kaspersky was accompanied by two more from the country: China Mobile and China Telecom International. “I am pleased that our national security agencies agreed with my assessment that China Mobile and China Telecom appeared to meet the threshold necessary to add these entities to our list,” said FCC Commissioner Brendan Carr in a press release announcing the trio of additions. “Their addition, as well as Kaspersky Labs, will help secure our networks from threats posed by Chinese and Russian state backed entities seeking to engage in espionage and otherwise harm America’s interests.”
READ THE STORY: Toms Guide
A QUICK LOOK:
How do aircraft tracking sites do their job?
FROM THE MEDIA: On March 21, a China Eastern Airlines domestic flight, on its way from Kunming to Guangzhou, descended sharply in mid-flight and crashed, killing all 123 passengers and nine crew. Without any survivors, the focus was on retrieving the so-called black box – an orange-coloured box that contains flight data and the cockpit voice recorder. There have been times when an aviation incident or accident has taken place and FlightRadar24 or similar websites like FlightAware or RadarBox have had to say they were not tracking the particular flight at the time it occurred. Most of these sites, including Flightradar24, Radarbox and FlightAware, started as small-time flight tracking websites and have been trying to climb up the ladder. FlightAware receives data from air traffic control systems in over 45 countries, FlightAware's network of ADS-B ground stations is present in 195 countries. ADS-B is short for Automatic Dependent Surveillance-Broadcast. ADS-B, manufactured by the American company Aerion, has a datalink (satellite/VHF) with every major satellite communication provider, including ARINC, SITA, Satcom Direct, Garmin, and Honeywell GoDirect. Here is a look at how flight tracking works.
READ THE STORY: Money Control
A QUICK LOOK:
How Russia's 'Google' has begun to crumble following the war in Ukraine
FROM THE MEDIA: It was February 11, his birthday, and the 58-year-old billionaire CEO and cofounder of Yandex, the Russian tech behemoth, was in the sort of open, engaging mood that could be called privetliviy, after the casual Russian word privet for hello. He was speaking from his car in Tel Aviv, bragging about his father—an oil geologist in his eighties who had “discovered” oil in Israel, Volozh said—as we chatted about my upcoming trip to Tel Aviv to interview him for this story. For more than 20 years, Yandex has been known as “Russia’s Google”: It began as a search engine in 1997 and still has a 60 percent share of the Russian search market. But for the past decade, this tag has understated the company’s inescapable ubiquity in Russians’ daily life. Yandex Music is the country’s leader in paid music streaming, and Yandex Taxi is the top ride-hailing app. Millions of Russians use Yandex Navigator, Yandex Market, Yandex News, and Yoo Money (formerly Yandex Wallet) to get around, shop online, read, and spend money. Volozh has only recently begun to make his company less reliant on its Russian business—and on the whims of President Vladimir Putin—by tiptoeing westward. Yandex Taxi formed a joint venture with Uber in 2017, and in 2020 Yandex began testing self-driving cars in Ann Arbor, Michigan.
READ THE STORY: Wired
A QUICK LOOK:
Google Issues An Emergency Security Alert To 3.2 Billion Chrome Users — Attacks Are Already In Progress
FROM THE MEDIA: Issues with the Google Chrome update have been released to address a strange zero-day vulnerability. We learned about the zero-day Chrome attack earlier this month, which state-sponsored hackers in North Korea were able to exploit for a little over a month until a fix was released in mid-February. In that scenario, the hackers were able to deceive the naïve by acquiring identical domain names on both hacked actual websites and fake ones. Now, for the second time in 2022, a Chrome zero-day has been discovered, and Google is releasing yet another remedy. On Friday, Google released a new stable channel desktop Chrome update for Windows, Mac, and Linux. Google states in a Chrome Releases Blog post (via Bleeping Computer) that the release includes one security update for the zero-day attack CVE-2022–1096, which was initially disclosed to the company by an anonymous tip on March 23. The zero-day vulnerability is a flaw in Chrome’s JavaScript engine that hackers may exploit to insert malicious code into your browser. It’s precisely the type of thing that bad guys like to do to their victims.
READ THE STORY: Medium
A QUICK LOOK:
Items of interest
The hard truth behind Biden’s cyber warnings(Article)
FROM THE MEDIA: The Biden administration has offered ominous warnings about looming Russian cyberattacks. But another reality is equally foreboding: The U.S. may have too many targets to defend them all. The roster of potential cyber victims critical to American life includes banks, power companies, food manufacturers, drugmakers, fuel suppliers and defense contractors — all of which have fallen victim in recent years to hackers from Russia and elsewhere. So have government bodies ranging from local police departments to the agency that manages the U.S. nuclear arsenal. Security experts have expressed the most worry about hacks on the energy and finance industries. However, each of the nation’s crucial sectors is at risk in some way. “We should consider every sector vulnerable,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, during a three-hour call this week with around 13,000 participants from multiple industries on the Russian hacking threat. “In some ways, we should assume that disruptive cyber activity will occur.” Inevitably, some attack will break through if an adversary like Russia puts enough resources behind it.
READ THE STORY: Politico
How Far Would You Go For Revenge? Why One Guy Is Single-Handedly CRASHING North Korea’s Internet(Video)
What’s the furthest you’ve ever gone for revenge? Spreading a rumor? Maybe being a petty ex? What about consistently taking down a country’s internet? That’s what one man did after North Korean hackers allegedly targeted him personally. The man goes by P4x -- But apparently, this vendetta all began after P4x was targeted by hackers, likely due to his work as a security researcher. And that’s not too shocking, for a while North Korea carried out attacks against this group in the hopes of acquiring some of the more sophisticated hacking tools that researchers in the US have access to. The hack didn’t amount to much, as P4x was able to stop it, but he was pissed. He went to US officials about the hacks and they just… ignored it. So for a year, P4x let it simmer before deciding, in essence, “fuck this” and engaging in his own attacks against North Korea over the last two weeks. Now, North Korea has very few websites. Right, mostly just news outlets, some government pages, and buying tickets for its airlines. But all of those were taken down when P4x saw that North Korean infrastructure was full of vulnerabilities that made them susceptible to DDOS attacks.
Satellite Jamming(Video)
FROM THE MEDIA: Satellite interference on Arab TV channels has become a very common issue in the Middle East. Millions of viewers are unable to enjoy their favorite channels due to continuous signal jamming. In 2009 the London based Arab channel “Al Hiwar” suffered from satellite interference during its coverage of the Egyptian Parliamentary elections. Later on the channel was removed and banned from the Egyptian owned satellite company “Nilesat”. In 2010 the FIFA world cup opening match on Al Jazeera Sports channel was signal jammed. Since 2011, Al Jazeera News Channels continue to be the subject of interference. What is Satellite Interference and how does it work? Is it intentional or non-intentional and how to determine that? This film focuses on Satellite Interference discussing its technical, legal and political impact.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com