Wednesday, December 07, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
Can Bitcoin Be a Weapon of War in the Ongoing Israeli-Palestinian Conflict
FROM THE MEDIA: Can Bitcoin become a weapon of war? First, Russia-Ukraine, and now Palestinians in the Gaza Strip are showing interest in Bitcoin and other cryptocurrencies. While the answers may become obvious, there are still some practical issues with crypto usage pre- and post-war. How does a war, whether on a state or national level, affect cryptocurrencies? Geopolitical tensions are at an all-time high, while the threat of a potential world war continues to rage on, most recently triggered by the unfortunate conflicts between Russia and Ukraine. These instances demonstrate that cryptocurrencies such as Bitcoin play a vital role in a fight to survive.
READ THE STORY: BEINGCRYPTO
How a Russian oil tanker tried to conceal its location
FROM THE MEDIA: A Russian oil tanker sought to disguise its whereabouts by using sanction-busting techniques, adding to growing evidence that Moscow-linked operators have acquired the means to blunt western oil export restrictions imposed in retaliation for Vladimir Putin’s invasion of Ukraine. Shipping brokers have warned that Russia has amassed a “shadow fleet” of more than 100 tankers to carry crude and circumvent an EU ban on seaborne oil imports and a G7-led initiative to impose a price cap on Russian crude shipped elsewhere.
READ THE STORY: FT
Microsoft: Hackers target cryptocurrency firms over Telegram
FROM THE MEDIA: Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's Lazarus Group. DEV-0139 via Telegram groups used to communicate with the firms' VIP customers. "Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies," the company's Security Threat Intelligence team revealed.
READ THE STORY: Bleeping Computer // THN
UK lawmakers warned of cyber-attacks and possible harassment from Iranian operatives
FROM THE MEDIA: British lawmakers have been warned to be on alert for cyber-attacks and possible harassment from Iranian operatives, according to correspondence sent to lawmakers in both the upper and lower chambers last month. In letters sent on November 21, which were obtained by CNN, the speakers of the House of Commons and the House of Lords reminded members of parliament to increase the security of their mobile devices. The speakers said the police and intelligence agencies had not discovered “any hostile Iranian activity specifically focused on Parliamentarians.”
READ THE STORY: CNN
Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks
FROM THE MEDIA: A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful exploitation of ProxyShell flaws in the Microsoft Exchange Server. Initial compromise leveraged binaries vulnerable to side-loading techniques, followed by using a mix of legitimate and bespoke tools to conduct reconnaissance, harvest data, move laterally across the environment, and evade detection.
READ THE STORY: THN
How Elon Musk is complicating America’s understanding of free speech
FROM THE MEDIA: Last week, Elon Musk promised the world that a treasure trove of internal Twitter documents showing how the social media company had suppressed reporting on Hunter Biden’s laptop in 2020 would be released. These so-called Twitter Files were proof of “free speech suppression,” the billionaire claimed. The document dump, such as it was, turned out to yield little new information. But for supporters, the details are less important than the narrative: another battle in Musk’s grand war to protect and enable “free speech” — seemingly everywhere and anywhere.
READ THE STORY: NBC NEWS
How Far Should Tech Companies Go to Neutralize Cyber Threats
FROM THE MEDIA: A recent article in Lawfare highlighted the increasing role of the private sector in a nation’s cyber defense posture during periods of armed conflict. Specifically, the article emphasized Microsoft’s role in defending not only Ukraine, but the larger global community, from the cyber attacks that have occurred since Russia invaded its neighbor. The message is clear: Microsoft’s unique position as an international tech company with global visibility into the activities transpiring in cyberspace has made it an integral partner for governments.
READ THE STORY: OODALOOP
How one Russian group exposed the soft underbelly of federal cyber defenses
FROM THE MEDIA: In early November, at least two agencies fell victim to a cyber attack from a group based in Russia. The hacking group Killnet took responsibility on Twitter for taking down sites run by the Commerce Department and the Cybersecurity and Infrastructure Security Agency in the Department of Homeland Security. While the distributed denial of service (DDoS) attack was more of a headache than anything else.
READ THE STORY: Federal News Network
Microsoft: (Cyber) winter is coming as DDoS attack disrupts Russian bank
FROM THE MEDIA: Microsoft has warned Europe to be on alert for cyber attacks from Russia this winter, just as a series of attacks hit Russian organizations – including the country's second-largest bank. The government-controlled St Petersburg-based VTB financial institution announced on Tuesday it was facing an "unprecedented cyber attack from abroad," and added that the DDoS flood was the largest in the bank's history. "Analysis of the DDoS attack indicates that it is planned and large-scale," the bank said in a statement released to Russian media. "Its purpose is to cause inconvenience to the bank's customers by hindering the operation of banking services."
READ THE STORY: The Register
Swiss Government Wants to Implement Mandatory Duty to Report Cyber-Attacks
FROM THE MEDIA: The Swiss government has asked Parliament to amend the Information Security Act to make it mandatory for critical infrastructure providers to report cyber-attacks to the National Cyber Security Centre (NCSC). The move would be aimed at shedding light on hackers and sounding the alarm more widely on cyber-threats in the country. "Successful cyber-attacks can have far-reaching consequences for the availability and security of the Swiss economy," reads a press release published last Friday.
READ THE STORY: InfoSecMag
Amnesty International Canada claims attack by China-backed forces
FROM THE MEDIA: The Canadian branch of Amnesty International was the target of an attack it has pinned on a Chinese state-sponsored actor. The human rights organization said it could not find evidence of donor or membership data theft, but it was speaking publicly about the attack to "caution other human rights defenders on the rising threat of digital security breaches." The attackers reportedly sought the organization's contacts and details of its future plans. The org brought on cyber security and forensic experts to investigate and protect its systems after it detected suspicious activity in its IT infrastructure in early October.
READ THE STORY: The Register // Bleeping Computer
Iran-backed hackers allegedly responsible for phishing attacks on human rights activists
FROM THE MEDIA: An investigation from Human Rights Watch has uncovered an Iranian government-backed social engineering and credential phishing campaign targeting activists, journalists, and politicians working on issues in the Middle East and North Africa. Two Human Rights Watch staff members are among the victims, along with at least eighteen other individuals, including a correspondent for a major US newspaper, a women’s rights defender based in the Gulf region, and Nicholas Noe, an advocacy consultant for Lebanon-based Refugees International. Victims received messages on WhatsApp containing links to fake login pages where their email password and authentication code were captured.
READ THE STORY: The Cyberwire
Microsoft warns that Russian cyberattacks may extend beyond Ukraine
FROM THE MEDIA: As 2022 draws to a close and the Russian-Ukrainian conflict continues, Microsoft’s Digital Threat Analysis Center is warning that a recent ransomware-style attack on Poland and the amplification of Russian propaganda may be a preview for countries aiding Ukraine. In a Dec. 3 blog post, Clint Watts, the general manager of Microsoft’s threat center, said wiper attacks on infrastructure by Russian-affiliated cyberthreat actors moved outside Ukraine to Poland in a “possible attempt to disrupt the movement of weapons and supplies to the front.” "We believe these recent trends suggest that the world should be prepared for several lines of potential Russian attack in the digital domain over the course of this winter," Watts wrote.
READ THE STORY: SCMAG
Antwerp's city services down after hackers attack digital partner
FROM THE MEDIA: The city of Antwerp, Belgium, is working to restore its digital services that were disrupted last night by a cyberattack on its digital provider. The disruption has affected services used by citizens, schools, daycare centers, and the police, which have been working intermittently today. An investigation is ongoing, but the little information available points to a ransomware attack from a threat actor that has yet to be disclosed. According to Het Laatste Nieuws (HLN), the hackers were able to disrupt Antwerp's services after breaching the servers of Digipolis, the city's digital partner that provides administrative software.
READ THE STORY: Bleeping Computer
Overshadowed by failures, crypto hacking exacts higher price
FROM THE MEDIA: The cryptocurrency industry is circling the wagons in defense as hackers siphon more money from the sector each year. Hackers made off with more than $3 billion in digital assets so far this year, according to research firm Chainalysis. In October alone, $718 million was taken in 11 different hacks, making it the worst month in the worst year for crypto hacking, the firm said. That included $100 million from the largest cryptocurrency exchange in the world, Binance, when its blockchain network, Binance Smart Chain, was exploited.
READ THE STORY: OODALOOP
Suspects arrested for hacking US networks to steal employee data
FROM THE MEDIA: Four men suspected of hacking into US networks to steal employee data for identity theft and the filing of fraudulent US tax returns have been arrested in London, UK, and Malmo, Sweden, at the request of the U.S. law enforcement authorities. The suspects identified in four recently unsealed U.S. indictments are Akinola Taylor (Nigeria), Olayemi Adafin (United Kingdom), Olakunle Oyebanjo (Nigeria), and Kazeem Olanrewaju Runsewe (Nigeria). The four men are accused of transnational wire fraud and identity theft for filing false tax claims with the United States Internal Revenue Service (IRS) to steal money from the agency through tax refunds.
READ THE STORY: Bleeping Computer
Samsung Galaxy S22 hacked twice on first day of Pwn2Own Toronto
FROM THE MEDIA: Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event. The STAR Labs team was the first to successfully exploit a zero-day on Samsung's flagship device by executing their improper input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points. Another contestant, Chim, also demoed a successful exploit targeting the Samsung Galaxy S22 and was able to execute an improper input validation attack earning $25,000 (50% of the prize for the second round of targeting the same device) and 5 Master of Pwn points.
READ THE STORY: Bleeping Computer
Rise of the bots: ‘Scary’ AI ChatGPT could eliminate Google within 2 years
FROM THE MEDIA: It’s the little engine that could … bring down Google and perhaps the human race. A tech company has developed a state-of-the-art AI chatbot so sophisticated that it could render search engines — not to mention countless jobs — obsolete. Unveiled last week by the OpenAI company, ChatGPT has already amassed more than 1 million users worldwide with its advanced functions, which range from instantaneously composing complex essays and computer code to drafting marketing pitches and interior decorating schemes.
READ THE STORY: NYPOST
New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network
FROM THE MEDIA: A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. The botnet "contains several modules, including self-replication, attacks for different protocols, and self-propagation," Fortinet FortiGuard Labs researcher Cara Lin said. "It also communicates with its command-and-control server using the WebSocket protocol." The campaign, which is said to have commenced after November 18, 2022, primarily singles out the Linux operating system to gain control of vulnerable devices.
READ THE STORY: THN // CyberScoop
Threat Actors Use Malicious File Systems to Scale Crypto-Mining Operations
FROM THE MEDIA: Threat actors have been observed using an open-source tool called PRoot to increase the scope of their operations to several Linux distributions. The Sysdig Threat Research Team (TRT) has discovered the technique and explained earlier this week why it is particularly dangerous. “Typically, the scope of an attack is limited by the varying configurations of each Linux distribution,” the company wrote in an advisory published on Monday. “Enter PRoot, an open-source tool that provides an attacker with a consistent operational environment across different Linux distributions, such as Ubuntu, Fedora, and Alpine. PRoot also provides emulation capabilities, which allow for malware built on other architectures, such as ARM [advanced RISC machine], to be run.”
READ THE STORY: InfoSecMag
Largest Dark Web Webinjects Marketplace “In The Box” Discovered
FROM THE MEDIA: According to Resecurity’s cybersecurity researchers, the new marketplace, called “In The Box” has been available for scammers and cybercriminals on the TOR network since at least early May 2020. Since then, the marketplace has evolved into a full-fledged cybercrime services facilitator and has become the Dark Web’s largest marketplace, given the many unique tools and WEB-injects up for sale. Cybercriminals can use these tools for online banking and financial fraud, including theft.
READ THE STORY: HACKREAD
What Will It Take to Secure Critical Infrastructure
FROM THE MEDIA: Securing critical infrastructure is complicated because of the vast network of facilities and management systems. Threats targeting this sector can have dire consequences, and when attacks do happen, they're often accompanied by a media storm. This generates interest among concerned citizens, which prompts a reaction from politicians, who are spurred into action to ensure the necessary cyber protections are implemented to calm the concerned citizens — the electorate.
READ THE STORY: DarkReading
Want to detect Cobalt Strike on the network? Look to process memory
FROM THE MEDIA: Enterprise security pros can detect malware samples in environments that incorporate the highly evasive Cobalt Strike attack code by analyzing artifacts in process memory, according to researchers with Palo Alto Networks' Unit 42 threat intelligence unit. Cobalt Strike is possibly the best-known example of legitimate commercial security software – it was designed to help red teams test their organizations' cyber defenses – that has been co-opted by threat groups that use it to get around those defenses. The Nighthawk command-and-control framework could become another example of abused legit infosec software.
READ THE STORY: The Register
South Pacific vacations may be wrecked by ransomware
FROM THE MEDIA: New Zealand's Privacy Commission has signalled it may open an investigation into local managed services provider Mercury IT, which serves many government agencies and businesses and has been hit by ransomware. Mercury's website is, at the time of writing, a single page that states "Mercury IT provides a wide range of IT services to customers throughout New Zealand." But according to the privacy commissioner, on or before November 30 Mercury was attacked.
READ THE STORY: The Register
This dangerous botnet might have been taken down by a simple typo
FROM THE MEDIA: A threat actor irretrievably destroyed its own botnet with nothing more than a typo. Cybersecurity firm Akamai spotted the blunder in KmsdBot, a cryptomining botnet that also had distributed denial of service (DDoS(opens in new tab)) capabilities, before recently crashing and reporting an “index out of range” error. Akamai’s researchers were monitoring the botnet while an attack on a crypto-focused website was taking place.
READ THE STORY: TechRadar
Crypto hacking behind N. Korea’s renewed nuclear ambition
FROM THE MEDIA: Borders were closed and trade was cut off while international sanctions continued throughout the COVID-19 pandemic, further isolating North Korea, one of the world’s most impoverished nations. But its regime has discovered new ways of raking in funds to continuously pursue its missile ambitions and divert sanctions and regulations at the same time — via hacking cryptocurrencies. Through such highly engineered methods, North Korean hackers have been channeling billions of dollars into the secluded regime’s pockets, according to experts from the US and South Korea.
READ THE STORY: ANN
Chinese tech companies nurtured by CCP’s handbook to censor, condition public opinion
FROM THE MEDIA: Chinese tech companies are nurtured by the Chinese Communist Party’s (CCP) handbook to monitor, censor, and condition public opinion online and they support state-driven agenda to promote absolute control of cyberspace in the country, says an article by Sergio Restelli in The Times of Israel. It notes that the surveillance tools are utilized to conduct intensive surveillance operations on targeted groups that are presumed to be threats to social stability.
READ THE STORY: The Print
Items of interest
Regulation won't fix internet routing security
FROM THE MEDIA: Without the global internet routing system, you wouldn’t be reading this. You wouldn’t be doing anything online, actually. That routing system enables the internet to function by distributing countless bits of data around the world at a moment’s notice. That’s why routing system security is essential. It’s critical to maintaining privacy online and making sure your information isn’t hijacked by malicious actors and that the information a business, critical infrastructure operator or government agency sends — and receives — is trustworthy.
READ THE STORY: CyberScoop
The Weaponization Of The Dollar (Video)
FROM THE MEDIA: The sanctions on Russia’s central bank use the reserve currency status of the US dollar to punish an American adversary. Will the US dollar lose its exorbitant privilege? What currency might replace the US Dollar as a reserve currency?
Musk’s Twitter files make Watergate look like ‘jaywalking’: Clay Travis (Video)
FROM THE MEDIA: OutKick founder Clay Travis reacts to Elon Musk’s decision to expose Twitter’s previous suppression of the Hunter Biden laptop story on ‘Fox & Friends Weekend.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com