Daily Drop(19)

1-17-22

Monday, January 17, 2022

European Union simulated a cyber attack on a fictitious Finnish power company

FROM THE MEDIA: The European Union simulated a cyber attack on a fictitious Finnish power company to test its cyber-defense capabilities. Cyber drills are essential to test the resilience of our infrastructure, the European Union simulated a cyber attack on a fictitious Finnish power company to test its cyber-defense capabilities. The simulation took place on Friday and is part of a six-week exercise aimed at testing also the cooperation among member states and their joint response. “The Finnish attack is part of a six-week exercise to stress-test Europe’s resilience, strengthen preparedness and cooperation among member states, and improve the effectiveness of a joint response.” reads the post published by Bloomberg. “The tests are expected to conclude during a meeting of EU foreign ministers at the end of February.” The scenario for the drill sees an attack against software used by a major energy company. The experts chose software that is widely adopted across sectors and member states in order to evaluate the impact of the incident.

READ THE STORY:  Security Affairs

A QUICK LOOK: 

Microsoft says 'destructive malware' being used against Ukrainian organizations

FROM THE MEDIA: Microsoft said it has discovered a destructive malware being used to corrupt the systems of multiple organizations in Ukraine. In a blog published on Saturday, Microsoft Threat Intelligence Center (MSTIC) said it first discovered the ransomware-like malware on January 13. The news comes days after more than 70 Ukrainian government websites were defaced by groups allegedly associated with Russian secret services. But Microsoft said it "has not found any notable associations" between the malware it found and the website attacks that occurred last week. " MSTIC assesses that the malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom," Microsoft explained. 

READ THE STORY:  ZDnet

A QUICK LOOK:

Custom-written malware discovered across Windows, macOS, and Linux systems

FROM THE MEDIA: Several indicators point to the remote access trojan (RAT) as the work of an advanced threat actor. In December 2021, the security team at Intezer identified custom-written malware on a leading educational institution's Linux web server. The malware, since named SysJoker, was later discovered to also have Mac and Windows-based variations, increasing its ability to infect desired systems. The macOS and Linux variations are currently undetectable by most antivirus products and scanners. The custom-written, C++ based remote access trojan (RAT) that went completely undetected for several months may have been released around mid to late 2021. Named SysJoker by Intezer's security team, the program conceals itself as a system update within the target's OS environment. Each variation of the malware is tailored to the operating system it targets, many of which have proven to be difficult or impossible to detect. According to VirusTotal, an antivirus and scan engine aggregator, the macOS and Linux versions of the program are still undetectable.

READ THE STORY:  Techspot

A QUICK LOOK:  

SnatchCrypto attack hits DeFi and Blockchain Platforms with backdoor

FROM THE MEDIA: In a blog post, Kaspersky researchers explained how the attack works and how unsuspected users are tricked into giving away their funds. “When the compromised user transfers funds to another account, the transaction is signed on the hardware wallet. However, given that the action was initiated by the user at the very right moment, the user doesn’t suspect anything fishy is going on and confirms the transaction on the secure device without paying attention to the transaction details.” Kaspersky researchers claim that the SnatchCrypto campaign is the work of an advanced persistent threat group known as BlueNoroff, which is suspected of having links with the North Korean hacking group Lazarus APT. Lazarus is tied to cyberattacks against the financial and banking sector and specializes in SWIFT-based intrusions in Bangladesh, Vietnam, and Taiwan. The group was branded as one of the leading threats to FinTech firms along with FIN7 and Cobalt Strike.

READ THE STORY:  Hackread

A QUICK LOOK: 

eNom information middle migration mistakenly knocks websites offline

FROM THE MEDIA: A data center migration from eNom web hosting provider caused unexpected domain resolution problems that are expected to last for a few hours. Customers started to complain that they could no longer access their websites and emails due to Domain Name System (DNS) issues. The company said that it received reports of domains using eNom nameservers that were failing to resolve and acknowledged the problem. "We are receiving some reports of domains using our nameservers which are failing to resolve. Owing to the migration we are unable to research and fully address the issue until the migration is complete. This is not an expected outcome from the migration, and we are working to address it as a priority" - eNom. An initial maintenance notice from the company said that the data center migration would take 12 hours, between 6 AM PST and 6 PM PST on Saturday, January 15. During this period, enom.com and enomcentral.com would be unavailable and customers would not be able to log into their account from the web interface and the API would be down.

READ THE STORY:  Bleeping Computer

A QUICK LOOK:

Why cyber defense in Japan is so unreliable

FROM THE MEDIA: For the past two years, people have struggled with the coronavirus pandemic, and part of that has entailed experiencing the benefits and challenges of cyberspace. In terms of challenges, we have experienced a great number of new incidents caused by the abuse and misuse of cyberspace. For one, ransomware attacks created by combining conventional cyberattacks – malicious email attachments – with cryptocurrency, inflicted significant damage to vital infrastructure, including medical institutions hit by COVID-19 and energy suppliers. The attacks proved extremely effective against lifeline infrastructure such as Colonial Pipeline Co., the operator of the largest fuel conduit system in the United States, and vaccine production. New threats to cyberspace highlighted not only the vulnerability of spatial connections but also new weaknesses in digitally connected industrial structure.

READ THE STORY:  Japantimes

A QUICK LOOK:

‘We have to show strength’: Calls grow for U.S. to deter Russian hackers

FROM THE MEDIA: Kremlin saber-rattling on the Ukrainian border is increasing worries that a confrontation could fuel cyberattacks on the U.S. Worries about a potential cyber conflict with Russia are placing a rising demand on President Joe Biden: Make it clear how the U.S. will respond if Moscow goes too far. The concern is growing more urgent as tensions ramp up over the 100,000 troops that Russia has placed on Ukraine’s border, and as U.S. officials warn that Vladimir Putin’s regime may be fomenting a pretext to invade. The Biden administration has threatened to respond with sanctions that would cripple the Russian economy — a development that could in turn prompt Russia to retaliate with cyberattacks against the U.S. That risk — underscored by a barrage of hacks that crippled and defaced more than a dozen Ukrainian government websites Friday — follows years of calls from national security experts for the U.S. to stiffen its deterrence against Russian cyber-aggression. Efforts to respond to past intrusions by imposing sanctions, indicting hackers and ejecting Moscow’s diplomats have failed to stem subsequent cyber-espionage operations or criminal ransomware attacks emanating from Russia.

READ THE STORY:  Politico

A QUICK LOOK:

Cyber leak is timely reminder to boost online security in 2022

FROM THE MEDIA: A cyber attack late last year where the personal details of 80,000 South Australian Government employees were stolen is a further wake-up call for all businesses. The attack has implications for the thousands of SA businesses including SMEs that rely on government work. They need to ensure they have the proper protections in place to guard against the loss of not only the personal details of employees but also critical commercially valuable information. Failure to do so will mean they lose contracts. Government is increasingly wanting to see how a business protects and then monitors its systems to detect and respond to any breaches. A business must comply with mandatory cyber security requirements and in turn have in place appropriate contracts and processes to ensure that their suppliers, sub-contractors and service providers also meet these information security requirements. In December, the Commonwealth released an inaugural Australian Data Strategy and Action Plan, which aligns with its existing Cyber Security Strategy.

READ THE STORY:  Indaily

A QUICK LOOK:

South Carolina Traffic Sign Hacked To Display The N-Word

FROM THE MEDIA: The person responsible for this is being sought for a reward of $5000.  Clearly this was an attempt to stoke hate, or maybe start a civil war on an interstate.  I am not surprised where it happened because it could happen anywhere.  I am surprised how it happened, considering there would seem to be some kind of knowledge required to pull it off. “HONK IF YOU HATE (N-Word),” the sign read on Saturday in Sumter, South Carolina Police are on a search in South Carolina for the person who tampered with an electronic road sign, changing its text to display a racial slur.  The text on the sign, set up in the city of Sumter, was altered to display an offensive command that included the n-word. Sumter has a population of roughly 43,000 with a racial divide of roughly 49% Black and 44% white, according to the U.S. Census Bureau. The racist language on the sign has been removed, police said. Sumter Police Chief Russell Roark characterized the incident as an extremely disturbing “scar on the city and its residents that is in no way indicative of the community where we work and live.”

READ THE STORY:  Dailykos

A QUICK LOOK:

Safari exploit can leak browser histories and Google account info

FROM THE MEDIA: Apple device users appear to be vulnerable to a significant browser privacy flaw. According to 9to5Mac, FingerprintJS has disclosed an exploit that lets attackers obtain your recent browser history, and even some Google account info, from Safari 15 across all supported platforms as well as third-party browsers on iOS 15 and iPadOS 15. The IndexedDB framework (used to store data on many browsers) is violating the "same-origin" policy that prevents documents and scripts from one location (such as a domain or protocol) from interacting with content from another, letting appropriately coded websites deduce Google info from signed-in users as well as histories from open tabs and windows. The flaw only compromises the names of the databases rather than the content itself. However, this would still be enough for a malicious site owner to grab your Google username, discover your profile picture and otherwise learn more about you. The history could also be used to piece together a rudimentary profile of the sites you like. Private browsing won't defeat the exploit, FingerprintJS said.

READ THE STORY:  Engadget

A QUICK LOOK:

Items of interest

‘Zombies ahead!’ A study of how hacked digital road signs destabilize the physical space of roadways(Paper)

FROM THE MEDIA: This article explores some of the ways in which hacked Changeable Message Signs (CMSs) destabilize the physical space of motor transport spaces and jeopardize the institutionalized function of travel. While CMSs draw attention to the correlation between motorists’ current positions, possible inconveniences ahead and their final destination, hacked CMSs and the subsequent projection of unsanctioned messages destabilize this correlation. Hence, the seemingly straightforward relationship between motor transport spaces and the activities of motorists, pedestrians and passers-by is in fact fashioned by the particular kind of message that is displayed at any given moment. Focusing on the spatial effects of hacked CMSs and how the dissemination of unsanctioned information points to the social stratifications of motor transport spaces, hacking is understood as a means of combating the disciplinary regimes of roadways.

READ THE STORY:  Science Direct

How Russian Hackers Compromised the U.S. Government and Reducing the Chances of It Happening Again(Video)

FROM THE MEDIA:  This is a special edition of Social-Engineer's Human Element Series Podcast. Chris Hadnagy will discuss Covid-19 testing site scams, and how you can protect yourself against them.

Verbal Judo: Diffusing Conflict Through Conversation(Video)

FROM THE MEDIA: Academic-turned-cop and best-selling author George Doc Thompson describes how tactical language allows leaders to achieve their goals. Daniel Ames, the Sanford C. Bernstein & Co. Associate Professor of Leadership and Ethics, confirms that managing conflict is a critical predictor of leadership success and shows how what works in the streets converges with recent findings in social science. The workshop was part of the Program on Social Intelligences Science Meets Practice series, which pairs hands-on leadership training with breaking insights in psychology research.

About this Product

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com