Daily Drop(21)

1-19-22

Wednesday, January 19, 2022

Ukraine hit with destructive malware attacks amidst turmoil

FROM THE MEDIA: The U.S. government is sounding alarms after Microsoft reported a series of attacks targeting networks in Ukraine. The Cybersecurity and Infrastructure Security Agency (CISA) passed on warnings from the software giant over multiple discoveries of a new family of "destructive malware" that seeks to erase data on targeted systems under the guise of being a ransomware attack. CISA warned that, unlike a normal ransomware attack that offers victims the ability to retrieve their data after paying out, the attacks seen in Ukraine simply wipe the host regardless of payment status. The malware, referred to as WhisperGate by Microsoft, targets the master boot record (MBR) of the target and render the machine inoperable. "According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the ransom note is a ruse because the malware actually destroys the MBR and the targeted files," CISA said.

READ THE STORY:  Techtarget

A QUICK LOOK: 

Apple warns antitrust legislation could expose Americans to malware

FROM THE MEDIA: Apple warned congressional lawmakers Tuesday that two antitrust bills that would rein in Big Tech could put Americans' device security at risk. In the letter, obtained by 9to5Mac, Apple officials argued to the Senate Judiciary Committee that millions of Americans with iPhones would suffer malware attacks if the two pieces of legislation become law. The American Innovation and Choice Online Act would limit dominant companies from choosing their own products over their rivals, and the Open App Markets Act, which is focused predominantly on app stores, according to CNBC. This legislation in particular would prevent companies with widely used app stores from requiring the developer to use the store's in-app payment system, according to the outlet. Both bills would have significant implications for Google and Apple, two giants of Silicon Valley. Apple said the bills would give way to sideloading, giving users the ability to download apps outside of Apple's store. "The most glaring problem with these bills is the risk they pose to the privacy and security of Americans’ personal devices."

READ THE STORY:  Thehill

A QUICK LOOK:  

Researchers Explore Hacking VirusTotal to Find Stolen Credentials

FROM THE MEDIA: Security researchers have found a method to collect vast amounts of stolen user credentials by executing searches on VirusTotal, the online service used to analyze suspicious files and URLs. With a €600 (around $679) VirusTotal license and a few tools, the SafeBreach research team collected more than a million credentials using this technique. The goal was to identify the data a criminal could gather with a license for VirusTotal, which is owned by Google and provides a free service that can be used to upload and check suspicious files and links using several antivirus engines. A licensed user on VirusTotal can query the service's dataset with a combination of queries for file type, file name, submitted data, country, and file content, among others. The SafeBreach team created the idea of "VirusTotal hacking" based on the method of "Google hacking," which criminals use to look for vulnerable websites, Internet of Things devices, Web shells, and sensitive data leaks.

READ THE STORY:  Darkreading

A QUICK LOOK:  

Russia using ransomware groups as a bargaining chip, cyber experts warn

FROM THE MEDIA: Russia is using ransomware groups as a bargaining chip to entice the U.S. to steer clear of future economic sanctions, cyber experts warn. President Joe Biden got a win earlier this week when Moscow arrested more than a dozen Russia-based ransomware operators, one of whom was involved in the attack last summer against the Colonial Pipeline. That intrusion took one of the U.S.'s largest oil pipelines out of commission for nearly a week. Biden has spent months pressuring Russian President Vladimir Putin to stop the flow of cyber attacks against the U.S. It's the first evidence of progress toward wrangling the hackers involved in the attack, and it also comes as Putin threatens to invade Ukraine. Moscow opposes its neighbor joining NATO.

READ THE STORY:  KATV

A QUICK LOOK: 

North Korea targets cryptocurrency startups. Earth Lusca conducts cyberespionage and financially motivated attacks. Cloud services abused to distribute malware.

FROM THE MEDIA: Researchers at Kaspersky have warned that the North Korean threat group BlueNoroff, believed to be operating under the umbrella of Pyongyang's Lazarus Group, has been targeting small- to medium-sized cryptocurrency companies. The attackers are using a combination of targeted social engineering and malware to redirect payments: "According to our research this year, we have seen BlueNoroff operators stalking and studying successful cryptocurrency startups. The goal of the infiltration team is to build a map of interactions between individuals and understand possible topics of interest. This lets them mount high-quality social engineering attacks that look like totally normal interactions. A document sent from one colleague to another on a topic, which is currently being discussed, is unlikely to trigger any suspicion. BlueNoroff compromises companies through precise identification of the necessary people and the topics they are discussing at a given time."

READ THE STORY:  TheCyberWire

A QUICK LOOK:

IOC disputes Citizen Lab's security concerns about Chinese Olympics app

FROM THE MEDIA: The International Olympic Committee has defended China's MY2022 Olympics app following a report from Citizen Lab that found serious privacy issues with the platform. All attendees of the 2022 Olympic Games in Beijing need to download and use the app, but Citizen Lab released a report on Monday that said a "simple but devastating flaw" allows the encryption protecting users' voice audio and file transfers to be "trivially sidestepped." According to Citizen Lab, passport details, demographic information, and medical/travel history in health customs forms are also vulnerable. Server responses can be spoofed, allowing an attacker to display fake instructions to users, according to the report. The MY2022 app also allows users to report "politically sensitive" content and includes a censorship keyword list involving topics like Xinjiang and Tibet. Citizen Lab noted that the app may violate Google's Unwanted Software Policy, Apple's App Store guidelines, and China's own laws and national standards pertaining to privacy protection. Google and Apple did not respond to requests for comment.  The report caused widespread outrage, since the thousands of people at the games will have no choice but to download the app if they want to represent their country. 

READ THE STORY:  ZDNET

A QUICK LOOK:

FBI, US agencies look beyond indictments in cybercrime fight

FROM THE MEDIA: The FBI and other federal agencies are increasingly looking to counter cyber threats through tools other than criminal indictments, the head of the bureau’s cyber division said in an interview with The Associated Press. Arrests and indictments of foreign cybercriminals are still appropriate in certain circumstances and something the FBI pursues “every day of the week,” said Assistant Director Bryan Vorndran. But as federal agencies look to have the most disruptive impact possible on cyber crime, FBI officials are thinking carefully about how best to time an indictment, or whether an indictment is even the best action. “We’re just much more mature in the space of working with our interagency partners, and really keeping an eye down the road in terms of how we have the biggest impact,” Vorndran said. The FBI, he said, is now “very open to being told” that when it comes to an adversary, “‘You know what, as a team member, it may not be the right time to deploy an indictment, but it very much may be the right time to deploy’” an action from U.S. Cyber Command.

READ THE STORY:  DailyNews

A QUICK LOOK:

Europol shuts down VPN service used by ransomware groups

FROM THE MEDIA: Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors. The disruptive joint action was coordinated by Europol and took place on January 17, 2022. It involved simultaneous law enforcement actions in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States, and the United Kingdom. The law operatives seized 15 servers used by the VPNLab.net service and took down its main site, so the platform is no longer available. Cybercriminals use VPN (virtual private network) services to hide their real location and identity and obfuscate their online tracks by redirecting network traffic through multiple encryption tunnels. Compared to standard consumer VPN services, the solutions geared towards illicit use are slower and more cumbersome because they feature multiple layers of encryption and bouncing.

READ THE STORY:  Cyber Reports

A QUICK LOOK:

Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts

FROM THE MEDIA: Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers said in a report shared with The Hacker News. The cybersecurity company said it reported the issue to the cloud service provider on November 2, 2021, post which fixes were issued by Box. MFA is an authentication method that relies on a combination of factors such as a password (something only the user knows) and a temporary one-time password aka TOTP (something only the user has) to provide users a second layer of defense against credential stuffing and other account takeover attacks.

READ THE STORY:  THN

A QUICK LOOK:

McAfee and FireEye merge to form Trellix to fight cyber crime

FROM THE MEDIA: US cybersecurity companies McAfee Enterprise and FireEye have merged to form a “stronger entity”, named Trellix, to thwart cyber attacks and fight sophisticated criminals, the new company’s chief executive Bryan Palma said. Trellix will be a part of California-based private equity firm Symphony Technology Group that has a portfolio of more than 35 global companies. The new company is valued about $1.7 billion. With about 4,500 employees around the world, it has more than 40,000 customers globally. The merger was originally announced in October, but the new brand identity and other details were made public on Wednesday. Middle East customers are very conscious about cyber security and this market will a key growth area for us ... we are also looking to have good business from Asia, Europe and the US market. Trellix will deliver “XDR [extended detection and response] capabilities to organizations through machine learning and automation”, Mr Palma told The National in an exclusive interview.

READ THE STORY:  Computer Weekly

A QUICK LOOK:

Items of interest

A Beginner’s Guide to Cyber War, Cyber Terrorism and Cyber Espionage(Paper)

FROM THE MEDIA: The industry lacks a rubric of clear and standardized definitions of what constitutes cyber war, cyber terrorism, cyber espionage and cyber vandalism. Because of this, it’s becoming increasingly difficult for those of us in the profession to cut through the noise and truly understand risk. For example, on one hand, we have politicians and pundits declaring that the US is at cyber war with North Korea, and on the other hand President Obama declared the unprecedented Sony hack was vandalism. Who’s right? The issue is exacerbated by the fact that such terms are often used interchangeably and without much regard to their real-world equivalents. The objective of this article is to find and provide a common language to help security managers wade through the politicking and marketing hype and get to what really matters.

READ THE STORY:  Security Boulevard

Charity Fraud and Cyber-crime: the impact of the pandemic(Video)

FROM THE MEDIA:  Charity Fraud and Cyber-crime webinar where we discuss the key findings from a survey completed recently culminating in the 'Charity Fraud in the Pandemic Report'.

Pentagon Explains What The Purpose Of Ukraine Cyber Attack Could Be(Video)

FROM THE MEDIA: Pentagon John Kirby speaks about Russia during a Press Briefing.

About this Product

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com