Wednesday, January 26, 2022 // Contact: Bob Bragg-IG //Weekly Sponsor: T&R
Cyber-Partisans hackers hit Belarus railroad system with ransomware attack
FROM THE MEDIA: A hacktivist group calling itself Belarusian Cyber-Partisans claims it hacked the Belarus railroad system as it allows the “occupying troops” (referring to the Russian military) to enter the country. A Belarusian hacktivist group known as The Belarusian Cyber-Partisans allegedly launched a ransomware attack against Belarus’s railway system to protest against the government of president Alexander Lukashenko and the surge in Russian troop movements across Belarus. The hacktivist group took to Twitter to reveal details of the hack. The group claimed it encrypted the Belarusian Railways’ networks, which crippled the system and disrupted their ticket sales. The hacktivists criticized the policies of Lukashenko, referring to him as a “terrorist,” and posted a list of demands to provide encryption keys to unlock the system. Here are the excerpts of their post.
READ THE STORY: Hackread // Wired
A QUICK LOOK:
PrinterLogic vendor addresses triple RCE threat against all connected endpoints
FROM THE MEDIA: A trio of vulnerabilities in enterprise print management software PrinterLogic offer attackers a route to remote code execution (RCE) on all connected endpoints, security researchers have revealed. All assigned a CVSS rating of 8.1, the high severity flaws include object injection (CVE-2021-42631), hardcoded APP_KEY (CVE-2021-42635), and command injection (CVE-2021-42638) issues. Researchers from The Paranoids, Yahoo’s vulnerability research team, achieved RCE on the web stack server via abuse of PrinterLogic’s single-click printer installation feature. The bugs, discovered during research conducted between April and June 2021, were addressed by PrinterLogic vendor Vasion in security update 19.1.1.13-SP10, issued on January 21. All prior versions are vulnerable. The update also addresses a raft of medium and low severity bugs uncovered by Yahoo’s security research arm.
READ THE STORY: Cyber Reports
A QUICK LOOK:
Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet
FROM THE MEDIA: Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country’s only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population. A massive Minecraft tournament styled after the Netflix blockbuster Squid Game (known, of course, as “SquidCraft”) apparently inspired a distributed denial of service (DDoS) attack that took down the sole (and state-owned) internet service provider in Andorra. Amulti-day Netflix’s Squid Game-inspired gaming tournament titled SquidCraft on Minecraft was held between January 19th to January 24th. The event was hosted by Twitch Rivals. But it impacted a small European country named Andorra in the most bizarre manner. For your information, Twitch Rivals is an esports tournament and online competitive event featuring Twitch streamers and former pro players. Unfortunately, during the event that ended just yesterday, Andorra’s only Internet service provider (ISP) Andorra Telecom, was targeted with a series of massive DDoS attacks causing the whole country’s internet to shut down. Reportedly, the DDoS attack happened during the tournament’s second day, when eight or more competitors got their connections disrupted simultaneously, and the country’s internet infrastructure went offline.
READ THE STORY: Threatpost
A QUICK LOOK:
MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks
FROM THE MEDIA: A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy. A new family of cyber-espionage malware targeting macOS and delivered via a Safari exploit was used against politically active, pro-democracy residents of Hong Kong, in August watering-hole attacks initially discovered by Google TAG, researchers said on Tuesday. The watering-hole attacks – which TAG reported to Apple that same month – were serving an in-the-wild malware that exploited what was then a zero-day flaw to install a backdoor on the iOS and macOS devices of users who visited Hong Kong-based media and pro-democracy sites. As TAG reported in November, a zero-day XNU privilege-escalation vulnerability (CVE-2021-30869) that was then unpatched in macOS Catalina led to the installation of a previously unreported backdoor on victims’ macOS and iOS systems.
READ THE STORY: We live Security
A QUICK LOOK:
US, NATO Discuss Ukrainian Cyber Aid Amid Tensions
FROM THE MEDIA: As tensions continue to flare between Ukraine and Russia, which has amassed at least 100,000 troops along Ukraine's eastern border, the U.S. continues to mull intervention, a part of which includes bolstering Ukraine's cyber defenses. This comes as experts warn that cyberwarfare could play an increasingly significant role in any direct offensive. The U.S. Department of Homeland Security on Sunday reportedly issued an Intelligence and Analysis bulletin to law enforcement agencies around the country, warning that the Russian government or its proxies could initiate a cyberattack on the U.S. if provoked, according to ABC News, which viewed the bulletin (see: Report: DHS Fears Russian Cyberattack If US Acts on Ukraine). It reportedly said that U.S. or NATO intervention on a possible invasion of Ukraine could prompt the Kremlin to employ a "range of offensive cyber tools" - ranging from "low-level denial-of-service attacks" or a "destructive" campaign against critical infrastructure. Despite warnings from U.S. President Joe Biden to the Kremlin, Russian President Vladimir Putin has remained steadfast on preventing Ukraine's NATO entry - and he has sought a NATO troop removal from Eastern Europe, terms that prompted international condemnation.
READ THE STORY: Govinfo Security
A QUICK LOOK:
DDoS attacks are still a key weapon for corporate extortion
FROM THE MEDIA: Given all the editorial space devoted to ransomware over the past couple of years, you might be forgiven for thinking that other cyber security threats have gone away. While it’s true that organised criminals have focussed attention and resources on ransomware attacks, as these have proven to be the most profitable, it’s far from the whole picture. Viewed through the lens of extortion – and that’s what ransomware is – it’s easy to see the looming presence of other threats. Take distributed denial of service (DDoS), for example. DDoS attacks have become part and parcel of many ransomware ones, courtesy of the more advanced ransomware groups providing their affiliates with the ability to execute them directly from the “dashboard” software they have access to. In a ransomware attack, DDoS is used as just another twist of the leverage knife to “encourage” victims to pay up quickly. Outside of ransomware, DDoS attacks have continued as a standalone method of either causing corporate pain (for hacktivism purposes, petty revenge, or even competitive advantage) or good old-fashioned extortion.
READ THE STORY: IT PRO
A QUICK LOOK:
Canadian government investigating hacking incident
FROM THE MEDIA: The Canadian government said it is investigating a cyberattack on Global Affairs Canada (GAC) -- its department for foreign and consular relations -- that occurred on January 19. The Treasury Board of Canada Secretariat (TBS), Shared Services Canada, and Communications Security Establishment said in a statement released Monday evening that they are working with GAC to address the incident. "Critical services for Canadians through Global Affairs Canada are currently functioning. Some access to internet and internet-based services are not available as part of the mitigation measures and work is underway to restore them. There is no indication that any other departments have been impacted by this incident," the federal agencies said. "There are systems and tools in place to monitor, detect, and investigate potential threats, and to take active measures to address and neutralize them when they occur."
READ THE STORY: ZDnet
A QUICK LOOK:
NSO subsidiary companies involved in intercepting drones and hacking IoT devices
FROM THE MEDIA: A petition filed to the Tel Aviv District Court provides a glimpse into the NSO Group’s widespread activities. Wayout is the most secretive of them all, and its founder is the group’s president’s brother. A petition filed to the Tel Aviv District Court by some of the NSO Group’s subsidiaries has provided a glimpse into the group’s widespread activities. The three groups who filed the petition are Gotlib Holdings and two other smaller companies that remain under its control, and according to estimates, jointly employ around 40 people. Gotlib and the two smaller companies - Wayout Group and Convexum Ltd - filed a request to the court through Advs. Dr. Shlomo Nass, Shai Glickman, and Yonatan Gamernik, and along with the support from NSO’s foreign shareholders, announced that they wish to break away from the group by appointing a trustee, claiming that NSO CEO Shalev Hulio is trying to saddle them with the company's hefty $460 million debts. The decision indicates that the applicants were engaged in developing defensive cyber products, while it is well-known that other NSO Group subsidiaries are engaged in developing and marketing offensive cyber products.
READ THE STORY: CTECH
A QUICK LOOK:
Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected
FROM THE MEDIA: A surge in identity theft during the pandemic underscores how easy it has become to obtain people’s private data. As hackers are all too happy to explain, many of them are cashing in on it. Consider some of the episodes last year in which large quantities of personal data were stolen: 300 million customer and device records for users of a service that’s supposed to shield internet traffic from prying eyes; a 17.6-million-row database from a second organization, containing profiles of people who participated in its market research surveys; 59 million email addresses and other personal data lifted from a third company. These sorts of numbers barely raise an eyebrow these days; none of the incidents generated major press coverage. Cybertheft conjures images of high-tech missions, with sophisticated hackers penetrating multiple layers of security systems to steal corporate data. But these breaches were far from “Ocean’s Eleven”-style operations. They were the equivalent of grabbing jewels from the seat of an unlocked car parked in a high-crime neighborhood.
READ THE STORY: Propublica
A QUICK LOOK:
What Happens When Russian Hackers Come for the Electrical Grid
FROM THE MEDIA: Emergency training at a restricted facility off Long Island has aimed to minimize the potentially catastrophic effects of a cyberattack on U.S. power infrastructure. Five times over three years, a desperate scenario has played out on Plum Island, an isolated spit of land just off the northeastern tip of New York’s Long Island. A large part of the power grid has gone down, leaving the population in the dark and critical facilities such as hospitals growing desperate. A team of utility operators and cybersecurity experts scrambles to get the grid back up, while hackers try to keep it down. Each emergency was a drill held by the Defense Advanced Research Projects Agency (Darpa), the Pentagon’s moonshot research arm. Its goal was to expose utilities accustomed to dealing with hurricanes, blizzards, and other challenges to the reality of a successful cyberattack on the U.S. electrical grid.
READ THE STORY: Bloomberg
A QUICK LOOK:
Items of interest
Representation of the USA in the context of Imperialism in the propaganda posters published in the Peoples Republic of China(Paper)
FROM THE MEDIA: A negative process started in Sino-USA relations after establishing the People's Republic of China (PRC), PRC made policies against the USA, which it accused of being imperialist. Tensions between China and the USA led to the presentation of the USA to the masses as an imperialist country and the national enemy of Chinese people in Chinese media. The study tried to reveal how the USA was presented to the masses and through which messages it was built as an enemy country in the context of imperialism in anti-US posters in China. For this purpose, 8 posters determined within the scope of the study were analyzed in the light of the German linguist Karl Bühler's Organon Model, using the semiotic analysis method. As a result of the study, it was claimed in the posters that the USA had imperialist goals and led to war to achieve these goals. For this reason, the message that the imperialist aims of the USA posed a threat to both China and world nations, and world nations must act against the USA in order to end the danger posed by the USA was given. Thus, the Chinese administration tried to legitimize the anti-USA policies implemented during the Cold War.
READ THE STORY: OJS
Flubot Scam: 220 MILLION Dollars STOLEN By New Text Messaging Mobile Malware(Video)
FROM THE MEDIA: The Flubot scam has stolen 220 million dollars of peoples money in 2021! The way that the Flubot Malware steals your data is via an application sent by text messages and or phone calls claiming to be from popular companies like DHL, Amazon or GOOGLE. If you want to be safe please remember to delete all of these fake spam messages and block their numbers and if you receive a phone call from the scammers you can also block their number as well from your phone book. Always have some sort of free or paid for anti virus software installed on your mobile phone. If you have accidently installed their application then factory reset your phone ASAP. If you have not done it yet please backup ALL DATA on your phone after watching this video just to be safe (Assuming you have not installed the Flubot)
WANNACRY: The World's Largest Ransomware Attack(Video)
FROM THE MEDIA: In May of 2017, a worldwide cyberattack by the name of WannaCry affected over 200 countries in less than 24 hours, and cost the world billions of dollars. This is the story of the world's largest ransomware attack.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com