Sunday, January 23, 2022 // Contact: Bob Bragg-IG //Weekly Sponsor: T&R
What Is the Blister Malware? Tips to Stay Protected
FROM THE MEDIA: No matter which shape or form malware takes, it's annoying and can even be devastating. And sometimes, you don't even know you're a victim until it's too late. That's the case with Blister malware, a particularly stealthy example of malicious software. So, what exactly is the Blister malware, and what does it do? And are there any ways to protect against malware? Discovered by Elastic Security, Blister malware is an evasive malware campaign that takes advantage of valid code signing certificates to tiptoe past security defenses such as anti-viruses, and, in doing so, manages to avoid detection. Named after one of its payloads called Blister—which is well-known for deploying second-stage payloads—the main aim of this malware is to deploy Cobalt Strike and BitRAT payloads on compromised systems. Blister malware rears its ugly head by dropping and executing another malware or by injecting its payload. Cybercriminals sometimes use code-signing to evade detection and bypass security checks with ease. The Blister malware employs this same tactic and uses a Sectigo issued certificate to cloak the loader malware in a way that it appears as legitimate to security products. That makes it especially dangerous as you won't even realize you've been compromised.
READ THE STORY: MOU
A QUICK LOOK:
Experts Find Strategic Similarities with NotPetya and WhisperGate Attacks on Ukraine
FROM THE MEDIA: Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, and information technology entities in the nation, attributing the intrusions to an emerging threat cluster codenamed "DEV-0586." "While WhisperGate has some strategic similarities to the notorious NotPetya wiper that attacked Ukranian entities in 2017, including masquerading as ransomware and targeting and destroying the master boot record (MBR) instead of encrypting it, it notably has more components designed to inflict additional damage," Cisco Talos said in a report detailing its response efforts. Stating that stolen credentials were likely used in the attack, the cybersecurity company also pointed out that the threat actor had access to some of the victim networks months in advance before the infiltrations took place, a classic sign of sophisticated APT attacks.
READ THE STORY: THN
A QUICK LOOK:
Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure
FROM THE MEDIA: An lively espionage marketing campaign has been attributed to the risk actor recognized as Molerats that abuses legit cloud products and services like Google Push and Dropbox to host malware payloads and for command-and-regulate and the exfiltration of data from targets across the Middle East. An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information security company Zscaler, continuing previous efforts by the hacking group to conduct reconnaissance on the target hosts and plunder sensitive information. Molerats, also tracked as TA402, Gaza Hackers Team, and Extreme Jackal, is an advanced persistent threat (APT) group that's largely focused on entities operating in the Middle East. Attack activity associated with the actor has leveraged geopolitical and military themes to entice users to open Microsoft Office attachments and click on malicious links.
READ THE STORY: The Cyber Security News
A QUICK LOOK:
Will the Ukraine Conflict Lead to More Global Cyber Attacks?
FROM THE MEDIA: Recent cyber attacks against Ukrainian websites have focused global attention on the potential for wider online conflict. So what are the new cyber threats and potential scenarios to be prepared for? Just days before the start of the Winter Olympics in China, all eyes are on the Ukrainian border. As athletes head to Beijing, global leaders are anxiously watching and waiting for the next steps from Russian President Putin. And in the midst of ongoing global diplomacy, phrases like "cyber attack" and "cyber war" keep showing up in the media as steps leading to a possible military conflict or all-out war.
READ THE STORY: GOVTECH
A QUICK LOOK:
Suspected Belarus ties to Ukrainian hacks complicate Biden’s quandary
FROM THE MEDIA: After 70 Ukrainian government websites were attacked, the U.S. government ponders what to do. Intelligence reports suggesting one of Russia’s European allies perpetrated last week’s hacking of Ukrainian government websites are creating a new dilemma for the Biden administration — how to respond if other countries launch cyberattacks on Russia’s behalf. Ukrainian officials suspect that a group called UNC1151, which has been linked to Belarusian intelligence, carried out the cyberattack that defaced and disabled around 70 government websites, Reuters reported. The targets included the sites of Ukraine’s foreign and education ministries. While the U.S. and other governments have not confirmed Belarus’ involvement, its possible role creates a tougher call for President Joe Biden on when to hack back and whom to hit if tension over Ukraine breaks out into cyberwar. Russia’s use of Belarus or another third country to launch cyberattacks on Ukraine could muddy the waters on who to blame, making it harder for the U.S. to justify a counterattack. Administration officials pledged this week to respond in kind if Russia launches cyberattacks against Ukraine, but the U.S. has not explained how it would handle attacks from countries coordinating with Russia or supporting its aggression against Ukraine.
READ THE STORY: Politico
A QUICK LOOK:
Multichain hack: Hacker returns $1 million, keeps $150k as bug bounty
FROM THE MEDIA: Multichain is a cross-chain protocol that became a victim of crypto theft after they announced that six tokens were vulnerable to hackers. In a surprise twist, one hacker turned out to be a white hat hacker, who returned 80% of the stolen amount to the protocol. According to Multichain, a protocol that was previously known as Anyswap, the hacker has returned 322 Ether, approximately $ 1 million ($974,000 to be precise at the time of return) to the protocol and kept 62 ETH, nearly $150,000, as his bug bounty, according to a tweet from Tal Be’ery, the chief tech officer of ZenGo crypto wallet. The protocol is still at a loss of 528 ETH, which is equivalent to $1.6 million. For your information, Multichain allows users to swap tokens between blockchains.
READ THE STORY: Hackread
A QUICK LOOK:
Someone Appears to Have Hacked the USDA’s Website to Share Pirated Movies
FROM THE MEDIA: Something at the website of the United States Department of Agriculture (USDA) has gone bad. Though the federal department is typically known for handling policy about agriculture and food safety, it looks like it’s been dipping its toes into a new area: pirated movies. A large cache of publicly-accessible PDFs recently started appearing on USDA.gov that link to pirated media including movies, TV shows, sporting events, and video games in what appears to be either a hack, an inside job, or some kind of bizarre glitch. Check out these links, archived from USDA.gov, for illegal streams of “Spider-Man: No Way Home,“ “The Matrix Resurrections,” or the new “Ghostbusters” movie. Richard Forno, the assistant director of the University of Maryland, Baltimore County’s Center for Cybersecurity, told Futurism of the apparent breach. “How has this not been noticed?” The PDFs were specifically appearing on a subdomain of USDA.gov dedicated to SNAP-Ed, a program aimed at educating people on food assistance about shopping and cooking healthy meals. The PDFs, which contain spammy links to pirated media on third-party websites along with garbled text, were sandwiched between wholesome pages on the subdomain about topics such homemade holiday meals and onions.
READ THE STORY: Futurism
A QUICK LOOK:
OpenSubtitles Hacked- Data Breach Affected 7 Million Subscribers
FROM THE MEDIA: OpenSubtitles is one of the most popular subtitles websites that’s the latest victim of hacking leading to a data breach. According to the site admin OSS, a hacker notified them via Telegram in August 2021, confirming that they accessed their user data. OSS revealed that they didn’t implement robust security measures as cybersecurity wasn’t such a critical issue back in 2006 when the website was launched. In the preceding years, they didn’t improve the site’s security. That’s why attackers could compromise the website by hacking a SuperAdmin’s low-security password and accessing user data after performing SQL injection. The attacker downloaded the SQL dump, including usernames, passwords, and email addresses of almost 7 million users (6,783,158). However, the website admin OSS has confirmed that credit card details weren’t compromised in the attack because these are stored on another platform. But, as per the details shared by Have I Been Pwned, the data dump also included the user’s IP addresses and geographic location. OpenSubtitles is a famous subtitle repository where millions of subtitle files are downloaded weekly in different languages to be paired with downloaded TV shows and movies. The website was launched by a Slovakian programmer who developed this idea while drinking beer at a local pub.
READ THE STORY: Hackread
A QUICK LOOK:
Police Used NSO Malware to Spy on Three Mayors
FROM THE MEDIA: The Israeli police used the NSO Group spyware to monitor mayors of local authorities and those close to them, including relatives and associates, said a report released Sunday. The financial daily Calcalist, last week released a multipart exposé into the law enforcement organization’s dealings, which revealed the police’s SIGINT unit has been allegedly employing the controversial Pegasus malware to spy on civilians. The latest chapter of the shocking revelation shows the law enforcement tapped the phones of at least three mayors and heads of local councils for the purposes of “phishing” – all under the guise of intelligence activities. The three were allegedly suspected of engaging in corrupt activities but in all three cases no indictment was eventually filed. The use of Pegasus, however, led to the mayors and heads of local councils being investigated. Some were even arrested, with their homes searched. Their family members, friends and aides were also summoned for questioning, some of whom were arrested as well. According to the Calcalist report, in one of the cases the police decided to tap the phone of the suspect’s wife after “phishing” of his phone had failed to yield evidence.
READ THE STORY: Hamodia
A QUICK LOOK:
‘China’s Media Warfare seeks global totalitarian thought control’
FROM THE MEDIA: India and other countries would do well to study how China employs Media Warfare to try to undermine Taiwan’s democratic institutions, fracture national unity, demoralize the public and military, and create social instability in pursuit of its goal of annexing this sovereign country. In this edition of “Indo-Pacific: Behind the Headlines”, we speak with Prof Kerry K. Gershaneck. Prof Gershaneck, author of the influential book, Political Warfare: Strategies for Combating China’s Plan to “Win without Fighting”, is a former US Marine officer with extensive national-level experience in strategic communications and counterintelligence. He has been a Visiting Scholar (Taiwan Fellow) at the National Chengchi University in Taipei for more than three years and was the Distinguished Visiting Professor at Thailand’s Chulachomklao Royal Military Academy and the Royal Thai Naval Academy for six years. We talk to him about the findings in his new book, Media Warfare: Taiwan’s Battle for the Cognitive Domain.
READ THE STORY: Sundayguardianlive
A QUICK LOOK:
Items of interest
The Gray Legion: Information Warfare Within Our Gates(Paper)
FROM THE MEDIA: The information environment, once viewed as an unassailed common for human knowledge, has revealed itself to be a vector for malicious narratives in the ongoing battle for global hegemony. Since 2014, the United States has been under siege from information attacks on multiple fronts, from cyber infrastructure and goods to the cognitive outlooks of its citizenry. Disinformation as a social media tool represents a novel and grave danger to democracy; it serves as a means for sowing unrest and influencing policy changes while enabling conventional conflict or—in the best case for those who would exploit and manipulate narratives—avoiding it entirely. In this article, we identify the harbinger of a dire threat that circles outside, and now inside, the United States' walls by exploring the theoretical dynamics of foreign, state-sponsored disinformation in democracies throughout the West. We examine the mechanisms through which this approach operates and why it is Russia’s preferred course of action
READ THE STORY: USF
Analyzing Chinese Information Operations with Threat Intelligence(Video)
FROM THE MEDIA: Chinese Information Operations (InfoOps) on social media platforms have received unprecedented attention across the globe. In major events such as the Hong Kong protest, the COVID-19 pandemic, and the U.S. presidential elections, the Chinese threat actors have weaponized social media to shape narratives and manipulate online users for the strategic interest of the People's Republic of China. TeamT5 Inc., as a cybersecurity firm based in Taiwan, has been investigating Chinese InfoOps since 2016. By adopting the mindset of threat intelligence, we have managed to illustrate the Chinese InfoOps threat landscape as well as identify threat actors emerging across social media. In this presentation, we will share trends in Chinese InfoOps which we observed this year.
How China Uses Cyber Warfare And Its Hacker Army Against India(Video)
FROM THE MEDIA: This is the age of cyber warfare where an army of hackers launch daily cyber attacks on each other, triggering blackouts, switching off petrochemical lines, erasing critical data and much more. While the 2 big boys, Russia and the US play this game openly, the silent player in this cyberwarfare is China. And on its target is India. Watch the video to know more.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com