Thursday, March 31, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal
Apple and Meta gave user data to hackers who forged legal requests
FROM THE MEDIA: Apple Inc and Meta Platforms Inc, the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order. Snap Inc received a forged legal request from the same hackers, but it isn’t known whether the company provided data in response. It’s also not clear how many times the companies provided data prompted by forged legal requests. Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the UK and the US One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp, Samsung Electronics Co. and Nvidia Corp., among others, the people said. City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing. An Apple representative referred Bloomberg News to a section of its law enforcement guidelines.
READ THE STORY: Indian Express
Russia's Ruble Rebound Raises Questions of Sanctions' Impact
FROM THE MEDIA: The Russian ruble by Wednesday had bounced back from the fall it took after the U.S. and European allies moved to bury the Russian economy under thousands of new sanctions over its invasion of Ukraine. Russian President Vladimir Putin has resorted to extreme financial measures to blunt the West’s penalties and inflate his currency. While the West has imposed unprecedented levels of sanctions against the Russian economy, Russia’s Central Bank has jacked up interest rates to 20% and the Kremlin has imposed strict capital controls on those wishing to exchange their rubles for dollars or euros. It’s a monetary defense Putin may not be able to sustain as long-term sanctions weigh down the Russian economy. But the ruble’s recovery could be a sign that the sanctions in their current form are not working as powerfully as Ukraine's allies counted on when it comes to pressuring Putin to pull his troops from Ukraine. It also could be a sign that Russia's efforts to artificially prop up its currency are working by leveraging its oil and gas sector.
READ THE STORY: USNEWS
Sloppy sanctions will blunt themselves
FROM THE MEDIA: The West has sown the seeds of a growing sanctions backlash in emerging markets. The United States designed the sweeping restrictions it slapped on Russia for its invasion of Ukraine to allow Europe to procure the energy it needs read more , and is coordinating gas deliveries to help keep the lights on. Now the White House has belatedly realized the brutal side-effects the measures are having on poorer nations. A U.S. treasury official acknowledged the problem on Tuesday, noting allies must work together to address global food security challenges. Ukraine and Russia account for 38% of global wheat read more exports, and Russia is a major exporter of fertilizers, accounting for about one fifth of the market in some cases. Developing nations that struggled through the pandemic now face a food crisis that could destabilize their governments. Waivers and workarounds, the traditional methods for granting relief to countries caught in diplomatic crossfire, might be less effective this time around given the sweeping scope of the sanctions and the complexity of trading links, exacerbated by logistical challenges as shippers struggle with poor security conditions and difficulties insuring themselves.
READ THE STORY: Reuters
Jets linked to Russian oligarchs appear to have kept flying despite sanctions
FROM THE MEDIA: Private jets linked to Russian oligarchs and officials appeared to continue flying into and out of EU and UK airports despite flight bans and sanctions imposed after Russia’s invasion of Ukraine, a Guardian data investigation found. The investigation, in collaboration with the Organized Crime and Corruption Reporting Project (OCCRP), identified and tracked jets linked to sanctioned businesspeople and officials including Roman Abramovich, Alisher Usmanov and Igor Shuvalov, a former Russian deputy prime minister. While some plane movements appeared to comply with airspace bans and sanctions, including asset freezes, others appeared to escape restrictions. Guardian analysis also showed jets linked to Russians under sanctions flew to the United Arab Emirates in greater numbers during the week after the start of the invasion than any other week of 2022. The UAE is popular with Russians as a finance and leisure center. Jets linked to Shuvalov were tracked flying into and out of EU airports after sanctions were imposed by the bloc on 23 February, the day before Russia began its invasion of Ukraine. His Bombardier Global Express jet, registration LX-ABC, made several flights between Geneva, Munich, Paris, Milan and Helsinki after that date, according to data provided by the flight tracking service Flightradar24. The records do not include details of who was on board the plane, which typically sells for $10m (£7.6m).
READ THE STORY: The Guardian
Ronin customers lose $818m in second largest ever crypto hack
FROM THE MEDIA: A whopping US$615 million (A$818 million) has been stolen in the second largest ever theft of cryptocurrency to date. The Ronin Network, a project that powers the popular mobile game Axie Infinity, noticed the hack six days after it occurred. On March 23, a hacker transferred 173,600 ether tokens and 25.5 million USD Coin tokens out of the Ronin Network. The crypto company realized something was seriously wrong when a customer complained on Tuesday local time that they couldn’t access any of their funds. When the cyber attack occurred, the hacker made off with US$540 million (A$718 million). Since then, Ethereum and USD Coin has gone up slightly in value, meaning the haul is now worth US$615 million (A$818 million). Just past 8am AEDT Thursday, Ronin provided an update to its thousands of customers revealing they had not yet recovered the money but were working hard to do so. As well as revealing they were working with other groups to track the funds, Ronin assured investors using the platform that all the lost money would be fully reimbursed. “We are committed to ensuring that all of the drained funds are recovered or reimbursed,” they said on Twitter. The crypto provider earlier said that the hack had happened because the cyber criminal stole the private keys to people’s accounts, giving them the passwords needed to access funds.
READ THE STORY: News
Open ports and ‘risky services’ create exposure for financial firms
FROM THE MEDIA: Besides basic vulnerabilities, financial institutions face potential access from bad actors due to employees leaving ports open or making use of "risky services," according to a recent report from LookingGlass. While the report noted that “there has never been a more serious time for U.S. critical infrastructure sectors to shore up their cybersecurity defenses than right now,” the study pointed out a number of exposures and vulnerabilities for financial institutions that could be exploited, especially with Russian fraudsters being particularly aggressive. “While ensuring internal cybersecurity solutions are blocking and detecting nefarious activities is critical, security leaders need to understand their external attack surface,” according to the LookingGlass report. “This outside-in view highlights the vulnerabilities and exposures that threat actors can enumerate on your network.” The report features a “heat map,” illustrating the areas of the country that are most under fire from cybercrime groups. Not surprisingly, major metropolitan areas are the most active areas for attacks, including New York, Chicago, San Francisco and Los Angeles.
READ THE STORY: SC Magazine
Ex-NSA man may face Democrat ire over investigating Hunter Biden emails
FROM THE MEDIA: Former NSA hacker Jake Williams could find himself the target of Democrat ire after he took on a paid job to determine the veracity of emails found on a laptop belonging to Hunter Biden, the son of US President Joe Biden. Williams, a genial sort whose comments on technology issues have often been published by iTWire, took on the mission for The Washington Post, along with another security expect, Matthew Green of John Hopkins University. The Post said in a story on Wednesday about the job done by the two experts: "Thousands of emails purportedly from the laptop computer of Hunter Biden, President Biden’s son, are authentic communications that can be verified through cryptographic signatures from Google and other technology companies." The same laptop caused a huge controversy before the 2020 presidential elections when a story written about it by the New York Post was blocked from being posted on Twitter. Facebook also reacted to the story by saying it would limit its distribution until it could verify the source material. To date, Facebook has not informed anyone about the result of its investigations into the emails. The two social media companies acted after a number of former intelligence officials were reported as claiming that the emails provided to the New York Post was Russian disinformation. What the ex-spooks actually said was: "We want to emphasize that we do not know if the emails, provided to the New York Post by President Trump’s personal attorney Rudy Giuliani, are genuine or not and that we do not have evidence of Russian involvement - just that our experience makes us deeply suspicious that the Russian government played a significant role in this case.
READ THE STORY: iT Wire
Putin's failing war: GCHQ boss rips apart the 'incompetent' invasion of Ukraine in an unprecedented attack as he reveals new intelligence shows soldiers refusing orders, sabotaging their own equipment and accidentally shooting down their own aircraft
FROM THE MEDIA: The director of GCHQ has launched an unprecedented attack on Vladimir Putin, claiming his bungled 'personal war' in Ukraine has backfired badly. In an excoriating verdict on the 'failing' invasion, Sir Jeremy Fleming said the command and control of Russia's campaign was in 'chaos' in his first public statements on the invasion. Highlights of Sir Jeremy's speech: 'We’re now seeing Putin trying to follow through on his plan. But it is failing. And his Plan B has been more barbarity against civilians and cities.' 'It increasingly looks like Putin has massively misjudged the situation. It’s clear he misjudged the resistance of the Ukrainian people. He under-played the economic consequences of the sanctions regime.' 'He over-estimated the abilities of his military to secure a rapid victory. We’ve seen Russian soldiers – short of weapons and morale - refusing to carry out orders, sabotaging their own equipment and even accidentally shooting down their own aircraft.' The spy chief revealed new intelligence showing that ill-prepared Russian soldiers are refusing to carry out orders, sabotaging their own equipment and even accidentally shooting down their own aircraft. He also claimed Putin's own advisors are lying to him about Russia's startling losses, speaking to the despot's isolation and authoritarian approach. Sir Jeremy said Putin's 'misjudgments,' had forced him to adopt plan B – 'barbarity against civilians and cities'. The head of Britain's eavesdropping intelligence agency also warned China not to be 'too closely aligned' with a country that willfully breaks all the rules and 'norms for a new global governance'.
READ THE STORY: DailyMail
Huawei faces dilemma over Russia links that risk further US sanctions
FROM THE MEDIA: The last time western sanctions hit Russia after it annexed Crimea, President Vladimir Putin turned to Huawei to rebuild and upgrade the territory’s communication infrastructure. Now the controversial Chinese technology company is positioned to aid the Putin regime on a much larger scale, despite the threat of Washington hitting it with more sanctions. In Crimea, Russia “ripped out western telecom gear in the heavily militarized territory and replaced it with Huawei and ZTE”, said Hosuk Lee-Makiyama, a telecoms expert at the European Centre for International Political Economy. If Nokia and Ericsson do fully exit Russia, Moscow would “need Chinese companies more than ever, especially Huawei”, he said. Despite an initial plunge in phone shipments, Huawei has been an early winner from the Ukraine war. Its phone sales in Russia rose 300 per cent in the first two weeks of March, while other Chinese brands Oppo and Vivo also recorded triple-digit sales increases, according to analysts at MTS, Russia’s largest mobile operator. Its four Russian research centres are recruiting dozens of engineers, including machine learning scientists in Novosibirsk, speech recognition researchers in St Petersburg and big data analysts in Nizhny Novgorod. Huawei has also added new sales and business development openings in Moscow since the invasion of Ukraine began, according to its website.
READ THE STORY: FT
Valve says sanctions are blocking payments to Steam game devs in Ukraine, Russia
FROM THE MEDIA: Game developers in Ukraine and Russia are currently blocked from accessing their income from digital marketplace Steam, and storefront owner Valve says it’s working on a solution. Russia’s invasion of Ukraine has spurred economic sanctions and unrest in the wake of the war, and Valve says the bank it uses for business in the region have instituted new regulations. Affected game developers took to Twitter to raise awareness of the situation, which has yet to be resolved. Stas Shostak, a Ukranian developer, shared an email he received from Valve explaining the situation. The message read, in part: This past week, our bank notified us that they will begin requiring that we provide intermediary bank information for all wire payments to accounts in Russia and Ukraine. In addition, they will no longer be allowing payments to Belarus. We are working to understand all the new requirements, create a path to collect this information from you and send it to the bank. This will take us some time to complete, but will not be available for the payments to the affected accounts due at the end of March. Developers dealing with this issue can either wait for Valve to complete this process, or change their payment instructions to a bank that sits outside of Ukraine, Russia, or Belarus. Small or solo developers are the most affected by these changes, and some have taken to Twitter to speak out about the issue.
READ THE STORY: Polygon
Items of interest
The State of Cybercrime - LAPSUS$ (Video)
FROM THE MEDIA: LAPSUS$ infiltrated Microsoft, Okta, NVIDIA, LG, and Samsung. Could the most prolific cybercrime group of 2022 be run by teenagers? Join our Senior Director of Incident Response, Matt Radolec, for a closer look at the LAPSUS$ playbook as we examine why they’ve been so hard to detect, even for organizations with advanced security maturity.
5th Generation Warfare: History, Modern Context, and (Some) Solutions(Video)
FROM THE MEDIA: 450 man-hours, 107 books, and 3 copyright strikes later, we finally have our latest video. Let's see how many people we can get to unsubscribe with this one. This is intended to be more of a reference for later, so that when we mention 5GW in future videos or other content, we can have a video to refer back to for those unfamiliar with the topic. As always, sticking with purely the academic explanations and solutions ignores significant problems that are very real, so we also provide some thoughts and solutions that hopefully create a more rounded explanation, especially in a civilian context.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com