Wednesday, June 15, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
PSA: NEWSLETTER HAS MOVED SUBSCRIBE TO RECIEVE THESE
Chinese Threat Actor Employs Fake Removable Devices as Lures in Cyber-Espionage Campaign
FROM THE MEDIA: One of the primary hallmarks of an advanced persistent threat (APT) group is its ability to operate undetected for years while carrying out its specific mission. The newest example is "Aoqin Dragon," a China-based APT actor that researchers at SentinelOne recently discovered has been spying on organizations across multiple countries for the past 10 years. The group's primary mission appears to be cyber espionage, and its targets have included organizations in the government, telecommunications, and education sectors in Australia, Cambodia, Hong Kong, Singapore, and Vietnam.
READ THE STORY: DarkReading
Cloudflare says it mitigated the largest HTTPS DDoS attack on record
FROM THE MEDIA: Internet infrastructure company Cloudflare said it was able to detect and mitigate a record-breaking distributed denial-of-service (DDoS) attack, which generated 26m requests a second. It added that the massive attack was able to generate more than 212m requests from more than 1,500 networks in less than 30 seconds.
The attack targeted an unnamed Cloudflare customer using the company’s free plan. Cloudflare said the DDoS attack originated mostly from cloud service providers rather than residential internet service providers. This suggests that the threat actor used hijacked virtual machines and powerful servers to generate the attack, instead of “much weaker” IoT devices.
READ THE STORY: Silicon Republic
Malaysia-linked DragonForce hacktivists attack Indian targets
FROM THE MEDIA: A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party (BJP) making remarks felt to be insulting to the prophet Muhammad.
The BJP has ties to the Hindu Nationalist movement that promotes the idea India should be an exclusively Hindu nation. During a late May debate about the status of a mosque in the Indian city of Varanasi – a holy city and pilgrimage site – BJP rep Nupur Sharma made inflammatory remarks about Islam that sparked controversy and violence in India.
READ THE STORY: The Register
Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users
FROM THE MEDIA: Confiant security researchers have shared details of a large-scale operation launched by a technically advanced, sophisticated threat actor. The actor distributes backdoored applications through fake versions of authentic cryptocurrency wallet websites to drain funds. The activity cluster is dubbed SeaFlower, reportedly targeting iOs and Android users.
Confiant researchers noted that the trojanized cryptocurrency apps are identical to their real versions. However, they contain a backdoor that can steal a user’s security phase, allowing attackers to access their digital assets.
READ THE STORY: HackRead
A Ragtag Band of Hackers Is Waging Cyberwar on Putin’s Supply Lines
FROM THE MEDIA: Russia’s military began sending large numbers of weapons and troops into Belarus in late January. The official purpose of the movement was a joint military exercise, but Belarus, which has a 650-mile border with Ukraine and a government closely aligned with Moscow, was also a logical staging point for Russian President Vladimir Putin to carry out an invasion.
Several days after the troops arrived weird things started happening to the computer systems that ran the Belarus national railway system, which the Russian military was using as part of its mobilization. Passengers gathered on train platforms near Minsk, the capital, watched as information screens flickered and normal messaging was replaced by garbled text and an error message. Malfunctioning ticket systems led to long lines and delays as damaged software systems caused trains to grind to a halt in several cities, according to railway employees and posts that circulated on Belarusian social media.
READ THE STORY: Bloomberg
Microsoft fixes under-attack Windows zero-day Follina
FROM THE MEDIA: Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.
Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.
Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.
READ THE STORY: The Register
Chips Can Boost Malware Immunity
FROM THE MEDIA: Security is becoming an increasingly important design element, fueled by increasingly sophisticated attacks, the growing use of technology in safety-critical applications, and the rising value of data nearly everywhere.
Hackers can unlock automobiles, phones, and smart locks by exploiting system design soft spots. They even can hack some mobile phones through always-on circuits when they are turned off. Earlier this year, Okta, a security firm that provides authentication services to many companies, also was hacked.
The Critical Vulnerability cyberattack, known as CVE – CVE-2022-1654 (mitre.org), and rated at a critical level of 9.9, put 90,000 websites at risk of being completely controlled by hackers. Even more alarming, much of this can slip by security software completely undetected. For example, Enterprise Security Information and Event Management (SIEM), an always-on cybersecurity analytics tool, could not detect 80% of cyberattack techniques, according to CardinalOps.
READ THE STORY: Semi Engineering
Ransomware gang creates site for employees to search for their stolen data
FROM THE MEDIA: The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack. When ransomware gangs conduct attacks, they quietly steal corporate data. After harvesting everything of value, the threat actor starts to encrypt devices. The stolen data is then used in double-extortion schemes, where the hackers demand a ransom payment to deliver a decryptor and prevent the public release of corporate data.
READ THE STORY: BleepingComputer
Nintendo hacker mastermind unrepentant, despite Bowser being sent to jail
FROM THE MEDIA: Nintendo hacker group boss Max Louarn has been interviewed on his company's activities, following the 40-month prison sentence handed down to colleague Gary Bowser.
Bowser remains the only member of Louarn's company Team Xecuter to be arrested, deported and now imprisoned in the US, for his part in the group's sale of console mod devices that allowed people to play pirated games. Louarn, a French citizen, meanwhile lives in Avignon and was recently interviewed by Le Monde (paywall), via TorrentFreak.
"I wasn't going to end up as an engineer earning €5k a month when I realized, at 18, that hacking was not just fun, but that there was a way to make a lot of money," Louarn says, of how he got into the hacking game. "Stealing from companies that make billions, what do I care?"
READ THE STORY: EuroGamer
The rise of phishing as a service (PhaaS) and how to tackle it
FROM THE MEDIA: Cyber security should always be a critical consideration for c-suite investment, but with new threats including phishing as a service (PhaaS) increasing in popularity, experts are now warning companies to check their defenses are solid. According to cloud security company Zscaler, 2021 saw a 29% rise in phishing attacks, driven – it believes, in part – by PhaaS. Across retail and wholesale, a 400% increase in phishing attacks was observed over the last 12 months, while financial and governmental sectors saw a more-than 100% increase.
PhaaS is becoming a key cog in the cyber crime landscape, meaning businesses need to know how it manifests, and how to avoid falling victim to attacks.
READ THE STORY: ITpro
Large supermarket chain in southern Africa hit with ransomware
FROM THE MEDIA: One of the largest supermarket chains serving multiple countries across southern Africa has been hit with ransomware. The Shoprite Group released a statement late last week announcing a cyberattack. The RansomHouse ransomware group took credit for the attack on Tuesday.
The company – which has more than 2,943 stores across Africa and over 149,000 employees – said it “became aware of a suspected data compromise, impacting on a specific subset of data and which may affect some customers who engaged in money transfers to and within Eswatini and within Namibia and Zambia.”
READ THE STORY: The Record
Critical Atlassian Confluence flaw remains under attack
FROM THE MEDIA: A remote code execution flaw in Atlassian's developer tools has morphed into a ransomware threat. The vulnerability, which affects on-premise versions Atlassian Confluence Server and Data Center products, was first disclosed on June 3 amid reports of exploitation in the wild and patched the following day. Researchers with Microsoft say that the bug, designated CVE-2022-26134, has now been abused by ransomware threat actors in the wild.
In particular, Microsoft researchers observed the flaw being exploited by hackers to deploy the Cerber2021 ransomware package. Targeted machines were loaded up with not only the ransomware package, but a host of the traditional malware including cryptocurrency miners and lateral movement tools.
READ THE STORY: Techtarget
GlobalFoundries, STMicroelectronics said to mull French fab
FROM THE MEDIA: As Intel plans to start construction on a massive chip manufacturing site in Germany, chipmakers GlobalFoundries and STMicroelectronics are reportedly mulling a joint venture to build a fab in France.
The proposed fab in question – reported by Bloomberg – would help Europe fight future chip shortages and support the European Union's goal of producing 20 percent of the world's semiconductors by 2030.
New York-based GlobalFoundries and Geneva-based STMicroelectronics are hoping to get government subsidies for the French fab as part of the EU's proposed European Chips Act, the report suggested, citing sources familiar with the discussions. The potential focus for the France factory could be "energy efficient chips with advanced technology," it said, without offering specifics.
READ THE STORY: The Register
OCC Seeks Data on Crypto Assets and Identity Theft
FROM THE MEDIA: The Office of the Comptroller of the Currency (OCC) published last week, on June 7 and 8, two notices seeking comments about the agency’s plans to collect more information from banks and other institutions on crypto assets and identity theft red flags.
The risk of money laundering associated with cryptocurrencies has been a constant concern for regulators for the last few years. Just last week, U.S. policymakers held two different hearings in Capitol Hill about the role of cryptocurrencies in ransomware attacks and about illicit finance of terrorist activities.
One of the recommendations from Sen. Gary Peters, chairman of the Senate Committee on Homeland Security and Government Affairs, in a recent report on this issue was that U.S. agencies should have more data to fight these crimes.
READ THE STORY: PYMNTS
Canada wants companies to report cyber attacks and hacking incidents
FROM THE MEDIA: Canadian businesses operating in critical infrastructure sectors would be required to report cyber attacks to the federal government and would have to fortify their cyber systems under a new law introduced on Tuesday. The legislation identifies finance, telecommunications, energy and transportation sectors as being vital to national security and public safety, but stops short of naming any companies.
"There was a lot of thought given into identifying which sectors are vital to national security and public safety," Public Safety Minister Marco Mendicino told reporters, adding that operators of critical infrastructure would be identified after consulting the sectors.
READ THE STORY: StreetInsider
Should Brazil Ban Huawei?
FROM THE MEDIA: My home country of Canada just announced that it would ban Huawei after coming under pressure from other members of the Five Eyes intelligence-sharing community (Australia, New Zealand, the United States, and the United Kingdom) to do so. Canada justified the banning of the telecommunications giant on concerns for national security.
Huawei has been associated with a number of scandals, including the notion that it operates as a tool for the Chinese security state to collect signals intelligence on millions (and potentially billions) of users through back channels.
READ THE STORY: The Diplomat
Understanding China’s Data Regulatory Regime: China Solicits Public Comments on Certification Rules for Cross-Border Data Processing Activities
FROM THE MEDIA: China’s regulatory regime for cross-border data transfers is still evolving. Compared with the other two transfer mechanisms under the Chinese data regime (i.e., governmental security review and standard contractual clauses), the certification route has received relatively less attention from international companies.
The proposed Certification Rules seem to have been specifically tailored to the needs of multinational companies and overseas data controllers, and provide an alternative to the standard contractual clauses route for companies that are not subject to a mandatory security review. There is no published timeline on when the Certification Rules will be finalized. But, given the standard contractual clauses have not been published yet, it is possible that the Certification Rules may be finalized and take effect earlier. International companies may accordingly wish to keep a close watch on the development of this alternative data transfer mechanism.
READ THE STORY: Lexology
U.S., EU Plan Joint Foreign Aid for Cybersecurity to Counter China
FROM THE MEDIA: The U.S. and the European Union plan to introduce joint funding of secure digital infrastructure in developing countries, according to officials involved in the talks.
The effort marks the first time the EU and U.S. will work together to fund and help protect other countries’ critical infrastructure against cyberattacks. By working together on cybersecurity, the EU and U.S. aim to help countries that otherwise might be eager to accept funding from China, an EU official said.
Initial projects, likely in Africa or Latin America, could be under way by the end of the year, officials said. Russia’s invasion of Ukraine has underscored the importance of supporting telecommunications networks and other hardware in countries vulnerable to nation-state cyberattacks, they said.
READ THE STORY: WSJ
'Reputation launderers,' disinformation campaigns hinder sanctions and financial crime compliance efforts
FROM THE MEDIA: "Reputation launderers," particularly public relations and law firms, and their role in promulgating disinformation increasingly hinder sanctions and financial-crime compliance teams' ability to conduct enhanced due diligence and make accurate judgments about risks customers pose, according to policymakers and researchers. The services such professionals provide permit kleptocrats, oligarchs and politically exposed persons (PEP) to layer their wealth into Western economies where it is difficult for compliance staff and law enforcement to detect and, ultimately, to disentangle.
Reputation laundering is a growing industry of lawyers, accountants, public relations firms, and image consultants who guide and advise kleptocratic actors and PEPs through a process of rebranding, from despot to debutante. Often this process involves giving large sums to charities, universities, and political parties, buying citizenship through "golden visa" schemes, inviting politicians onto their company boards, as well as placing flattering articles about themselves in showcase publications.
READ THE STORY: JDSUPRA
Items of interest
What does swatting mean? Netflix documentary Web of Make Believe: Death, Lies and the Internet to explore tech crimes
FROM THE MEDIA: Dive deep into the internet's dark corners and the chilling tales of people falling down rabbit holes with Netflix's Web of Make Believe: Death, Lies, and the Internet. SWATting, an act of deceiving emergency services, is now considered a criminal offense, and Brian Knappenberger's docu-series is set to bring focus to such swindling actions. Web of Make Believe: Death, Lies, and the Internet is a six-part anthology docuseries that will explore technology and crime.
As per the Cambridge University Dictionary, SWATting is the action of making a false report of a severe emergency to the SWAT team. In such cases, the team will go to the person's house after receiving a report from someone who wants to frighten, upset or cause problems for that person.
It is a form of criminal harassment and was derived from the law enforcement unit SWAT, who are equipped with tactical gear and weapons that differ from patrol units and are usually called to situations that are deemed high risk.
READ THE STORY: SportsKeeda
Purple Teaming with MITRE ATT&CK in the Energy Sector (Video)
FROM THE MEDIA: Over the last two years, cyberattacks have increased significantly against the energy sector as geopolitical tensions have increased and ransomware groups focused their attacks on oil, gas, and electric companies following the success of the Colonial Pipeline attack. Join AttackIQ researchers and experts in this demo to explore how the AttackIQ Security Optimization Platform helps energy companies improve their defense effectiveness. This demo will include a look at the AttackIQ adversary research team’s new attack graph on the Russian government-built HAVEX malware and a review of the top ten MITRE ATT&CK techniques impacting the global energy sector.
How Cyberwarfare Actually Works (Video)
FROM THE MEDIA: How Cyberwarfare looks in a real world.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com