Monday, March 28, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal
US and Australia boost space and cyber co-operation to counter China
FROM THE MEDIA: The US and Australia are boosting security co-operation in space and the cyber domain as the Indo-Pacific allies strengthen efforts to counter China, which is investing heavily in space and weapons such as hypersonic missiles. Admiral John “Lung” Aquilino, head of US Indo-Pacific Command, said the nations wanted to accelerate what the Pentagon called “integrated deterrence”, combining all the elements of the military power of the US and its allies. “We’ve come a long way in a short time to be able to integrate the space and cyber domains,” said Aquilino, adding that Australia had capabilities that made it an “extremely high-end partner”. “We’re going to continue to work that and move the ball even further to synchronize those domains with our allies and partners,” the former Navy “Top Gun” fighter pilot told the Financial Times in an interview. Aquilino was joined by General James Dickinson, head of US Space Command, and Lieutenant General Charles “Tuna” Moore, an Air Force fighter pilot who serves as deputy head of US Cyber Command. The three flag officers were speaking ahead of meetings with Australian military and intelligence officials at Pine Gap, a top-secret joint US-Australia intelligence facility near Alice Springs that is instrumental in operating American reconnaissance satellites.
READ THE STORY: FT
A QUICK LOOK:
Marshall Islands telecom service hit by cyber attack
FROM THE MEDIA: When internet systems in the Marshall Islands went on the blink in mid-March, it wasn't immediately clear what was causing the rolling outages. The Marshall Islands National Telecommunications Authority experienced a major distributed denial of service (DDoS) cyber attack in March that disrupted internet services for about 10 days. Pictured: The telecom's HQ in Majuro. Photo: Giff Johnson Home, business and government DSL and dedicated lines as well as mobile 4G services became intermittent or non-functional, forcing the National Telecommunications Authority (NTA) to repeatedly issue messages updating customers about "intermittent disruptions" and "urgent maintenance" needed to restore service. Information technology and security staff at NTA responded by working long nights to fix and reboot the systems. "But then in the morning, we were getting the same error messages," said NTA CEO Tommy Kijiner, Jr. Friday. "After several days, it became apparent that NTA systems were shutting down as the result of a large-scale "distributed denial of service" (DDoS) attack, he said.
READ THE STORY: RNZ
A QUICK LOOK:
Hive ransomware ports its Linux VMware ESXi encryptor to Rust
FROM THE MEDIA: The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim's ransom negotiations. As the enterprise becomes increasingly reliant on virtual machines to save computer resources, consolidate servers, and for easier backups, ransomware gangs are creating dedicated encryptors that focus on these services. Ransomware gang's Linux encryptors typically target the VMware ESXI virtualization platforms as they are the most commonly used in the enterprise. While Hive has been using a Linux encryptor to target VMware ESXi servers for some time, a recent sample shows that they updated their encryptor with features first introduced by the BlackCat/ALPHV ransomware operation. When ransomware operations attack a victim, they try to conduct their negotiations in private, telling victims if a ransom is not paid their data will be published and they will suffer a reputational hit. However, when ransomware samples are uploaded to public malware analysis services, they are commonly found by security researchers who can extract the ransom note and snoop on negotiations.
READ THE STORY: Bleeping Computer
A QUICK LOOK:
Moscow suffers IT 'brain drain' putting it at risk of cyber attacks
FROM THE MEDIA: While much has been made of Moscow's ability to conduct cyber warfare, a brain drain means its own defenses may be weak. But experts warn Vladimir Putin may try to infiltrate government operatives among those leaving to "create havoc in the West". At least 70,000 tech experts, mostly programmers, have left since the invasion of Ukraine began a month ago. This figure may rise to 100,000 by next month, according to the Russia Association for Electronic Communications, as sanctions cause a shortage of critical software with no Russian-made alternatives yet on the horizon. While most may head for former Soviet republics such as Georgia and Armenia, others are expected to venture further west where job prospects and pay are better. The exodus has pushed forward plans by 'Kremlin is desperate to stem the exodus'. Putin to "insulate" Russia from the worldwide web in order to protect it from Western cyber activities by as much as 10 years, according to some experts. So desperate is he to stem the tide that he has even offered to give IT experts exemption from conscripted military service to persuade them to stay. But Russia's offensive cyber capabilities remain unchanged. In a warning last week, the Foreign Office revealed Russia's Federal Security Service (FSB) was behind a "historic global campaign" targeting critical infrastructure.
READ THE STORY: Express
A QUICK LOOK:
Ethical hackers ‘hit the jackpot’ as tech groups pay for protection
FROM THE MEDIA: In late 2019, Dawn Isabel was on the hunt for glitches and vulnerabilities in a particular mobile application. She was taking part in the app maker’s “bug bounty” program — the development stage when a business hires hackers to find weaknesses in its systems. “On TV, it looks exciting, with lots of bright green text, and six screens,” Isabel says, of the way this work is sometimes portrayed. “In reality, it’s me hunched at my laptop for hours straight, scrolling.” But, eventually, Isabel — who also works full time as the director of research at mobile security company NowSecure — “hit the jackpot”. She discovered a devastating vulnerability in the app and soon collected a tidy five-figure sum as a reward. Dawn Isabel, director of research at mobile security company NowSecure Dawn Isabel, director of research at mobile security company NowSecure It is this work by so-called ethical hackers that helps to protect the companies — from Big Tech giants such as Google, Microsoft and Facebook through to bootstrapped start-ups — against nefarious digital actors. And it has proven increasingly lucrative for those taking on the task. “Companies have been opening up more and more,” says Tanner Emek, a 32-year-old ethical hacker. Over the past four years, he estimates to have made $1mn in bug bounties.
READ THE STORY: FT
A QUICK LOOK:
Deadline passes for R220m extortion demand in TransUnion cyber attack
FROM THE MEDIA: TransUnion South Africa missed the Friday (March 25) deadline for paying a $15 million – around R220 million – ransom demanded by a group of hackers going under the name N4ughtySecTU, allegedly based in Brazil. TransUnion says it will not pay the demand, adding that this was an extortion demand, not a ransomware attack. The hackers demanded $15 million in bitcoin. The data breach occurred just over a week ago when the hackers obtained access to a TransUnion South Africa server through misuse of an authorized client’s credentials. The company issued a statement over the weekend saying that it had suspended that client’s access and had appointed a world-leading forensic firm to lead the investigation. “We are also working closely with South African regulators and law enforcement in South Africa and the US,” says the statement. The hack is reportedly limited to an isolated server holding limited data from the SA branch of TransUnion.
READ THE STORY: Moneyweb
A QUICK LOOK:
Ukraine’s Asymmetric War
FROM THE MEDIA: Reports from Ukraine are filled with stories of Javelin antitank missiles and Turkish Bayraktar TB2 unmanned aerial vehicles taking out Russian tanks and armored vehicles. The Biden administration has announced $800 million in defensive weapons for Ukraine, including Javelins, Stinger antiaircraft weapons and Switchblade drones. More amazing is what Ukraine has also been doing on the cheap. And I don’t mean Molotov cocktails. Wars are increasingly asymmetric—the lesser-armed side can put up a strong fight. The U.S. learned this in Iraq with insurgent use of improvised explosive devices, basically roadside bombs triggered with cellphones. Similarly, Ukraine has been deploying inexpensive, almost homemade weapons and using technology to its advantage. The Times of London reports that Ukraine is using $2,000 commercial octocopter drones, modified with thermal imagers and antitank grenades, to find and attack Russian tanks hiding between homes in villages at night. Ukraine’s Aerorozvidka, its aerial reconnaissance team, has 50 squads of drone pilots who need solid internet connections to operate.
READ THE STORY: WSJ
A QUICK LOOK:
As I See It: Two Front War
FROM THE MEDIA: History records that the Second World War began when Germany invaded Poland, breaching its western border on September 1, 1939. For the Poles, however, that accounted for only half of their unfolding misery. Largely forgotten, 16 days later, the Russians invaded Poland from the East. Being situated between Germany and Russia in the war-ravaged 20th century turned out to be geographically inauspicious. Long after the Germans were defeated, the Russians stayed. Opportunistic invasion turned into long-term occupation. A similar story is unfolding in Ukraine, where a two-front war is being waged: one analog, the other digital. Weeks before tanks and troops were unleashed, cyber and social media attacks designed to destabilize the economy and panic the populace were well under way. Attacks on Ukraine’s financial and communications systems, partnered with a flood of baseless articles, social media posts, and manipulated video clips released by Russian state media, attempting to brand Ukrainians as the aggressors and their country as a nuclear threat. And thus began what is arguably the first livestreamed war.
READ THE STORY: IT Jungle
A QUICK LOOK:
Four Russian Government Employees Charged For Hacking Critical Infrastructure Worldwide
FROM THE MEDIA: Two indictments were unsealed today by the Department of Justice, accusing four defendants belonging to Russian nationals who operated for the Russian government. They were charged for attempting, supporting, and carrying out computer intrusions that specifically aimed at the global energy sector in two separate conspiracies between 2012 and 2018. In total, thousands of computers in hundreds of firms and organizations in approximately 135 countries were targeted in these hacking efforts. United States v. Evgeny Viktorovich Gladkikh, a June 2021 indictment returned in the District of Columbia, concerns the alleged efforts of a Russian Ministry of Defense research institute employee and his co-conspirators to harm critical infrastructure outside the United States, leading to two separate emergency shutdowns at a foreign targeted facility. Following that, the conspiracy attempted to get into the systems of a US corporation that managed identical national infrastructure entities in the US. United States v. Pavel Aleksandrovich Akulov, et al., an indictment returned in August 2021 in the District of Kansas, details allegations about a separate, two-phased campaign carried out by three officers of Russia’s Federal Security Service (FSB) and their co-conspirators to target and compromise the computers of hundreds of entities related to the energy sector around the world.
READ THE STORY: Cybersecurity
A QUICK LOOK:
When Nokia Pulled Out of Russia, a Vast Surveillance System Remained
FROM THE MEDIA: Nokia said this month that it would stop its sales in Russia and denounced the invasion of Ukraine. But the Finnish company didn’t mention what it was leaving behind: equipment and software connecting the government’s most powerful tool for digital surveillance to the nation’s largest telecommunications network. The tool was used to track supporters of the Russian opposition leader Aleksei A. Navalny. Investigators said it had intercepted the phone calls of a Kremlin foe who was later assassinated. Called the System for Operative Investigative Activities, or SORM, it is also most likely being employed at this moment as President Vladimir V. Putin culls and silences antiwar voices inside Russia. For more than five years, Nokia provided equipment and services to link SORM to Russia’s largest telecom service provider, MTS, according to company documents obtained by The New York Times. While Nokia does not make the tech that intercepts communications, the documents lay out how it worked with state-linked Russian companies to plan, streamline and troubleshoot the SORM system’s connection to the MTS network. Russia’s main intelligence service, the F.S.B., uses SORM to listen in on phone conversations, intercept emails and text messages, and track other internet communications.
STORY: NYTIMES
A QUICK LOOK:
Kaspersky, China Telecom, China Mobile named 'threats to US national security'
FROM THE MEDIA: The United Stations Federal Communications Commission (FCC) has labelled Kaspersky, China Mobile, and China Telecom as threats to national security. The three companies join Huawei, ZTE, Chinese radio-comms vendor Hytera, and Chinese video surveillance systems vendors Hangzhou Hikvision Digital Technology Company and Dahua Technology Company. Kaspersky is the first non-Chinese company to be added to the FCC's list, but the agency did not tie its decision to Russia's illegal invasion of Ukraine. The companies were named under the USA's Secure and Trusted Communications Networks Act of 2019 – a law that "prohibits the use of certain federal funds to obtain communications equipment or services from a company that poses a national security risk to US communications networks." While the FCC's labelling of the three as threats to national security is therefore dramatic, the effect of this news is less so. The pool of funds the Act covers is small, US government agencies were already required to remove Kaspersky products in 2017, and US operations of China Mobile and China Telecom were already constrained by the Clean Network plan's requirement that no Chinese carriers touch US networks.
READ THE STORY: The Register
A QUICK LOOK:
Items of interest
Customer data platforms step up to the challenge of cyber crime(Article)
FROM THE MEDIA: Understanding customers’ needs has been a challenge for businesses since the dawn of commerce. Covid restrictions, at least, made obvious their growing desire for digital transactions. But this shift means companies must now replace existing customer relationship management software with something that can handle multichannel online interactions. Many companies have chosen to replace or supplement their existing systems with customer data platforms, which enable them to automatically collect data from any “touchpoint” — including social media, company websites, email and text messages. This has led to the rise of platforms such as Twilio Segment, which is now used by more than 20,000 businesses, including Levi’s, IBM, and Fox. These platforms, which give companies a single repository of customer data, use artificial intelligence and data analytics to help companies understand their customers, acquire new ones and carry out personalized marketing. The technology can also make it easier to manage customer data and privacy preferences. Sheryl Kingstone © Eric Baumann “If you know where . . . [customer] data is, you’re one step ahead of a lot of companies,” says Sheryl Kingstone, research director specializing in customer experience at the advisory firm 451 Research. “Many companies don’t even know where all their customer data is.” But the consolidation of data — including names, addresses, financial data and contact details — creates a tempting target for hackers. “If you put all your data in one place, then that becomes a very lucrative target for cyber criminals, for economic disruption or theft for monetization,” says Duncan Brown, vice-president of enterprise research, Europe, at research company IDC. “[Customer data platforms] are essentially banks for data.”
READ THE STORY: FT
“Chinese Drones Aiding Putin’s Forces Launch Missile Strikes” Ukraine Makes A Request To Beijing(Video)
Ukraine has accused Russia of using Chinese-made civilian drones of DJI to coordinate missile attacks. Ukraine’s Vice-Prime Minister, in a letter to Chinese firm DJI, to restrict its products that enable Russia to target Ukrainians. This comes after Chinese Foreign Minister Wang Yi called Moscow Beijing’s “most important strategic partner” earlier this month.
DJI Mavic 3 is perfect spy drone to keep eye on Russian troops in Ukraine(Video)
FROM THE MEDIA: DJI Mavic 3 is perfect spy drone to keep eye on Russian troops in Ukraine It turns out that the DJI Mavic 3 is the perfect spy drone to keep an eye on Russian troop movements in Ukraine. Take a look at the video below that was posted on Twitter today. The aerial footage shows three reportedly Russian armored vehicles and five soldiers working on one of them. We know from earlier reports that the Russian army likes to hide their vehicles in villages to deter the Ukrainian army from shelling them as there would be a high likelihood of hitting civilians. The Ukrainian army has successfully used drones to launch precision attacks on the Russian troops. This video is almost certainly recorded with a new DJI Mavic 3 drone. This latest DJI flagship drone was launched late last year and features a less-than-smooth hybrid zoom function where it combines the view from both the main wide-angle camera and the telephoto lens of the secondary camera.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com