Sunday, January 30, 2022 // Contact: Bob Bragg-IG //Weekly Sponsor: T&R
U.S. bans China telecom over national security concerns
FROM THE MEDIA: The Federal Communications Commission revoked the license that allows China’s largest telecom operator to do business in the U.S., citing national security concerns, dealing the latest in a series of blows against major Chinese businesses in the country. The FCC said it was taking action against the state-owned China Telecom Corp.’s U.S. business because the company was “subject to exploitation, influence, and control by the Chinese government.” The action follows a recommendation from executive branch agencies during the Trump administration last year and extends from a broader effort to remove Chinese links to U.S. telecommunications infrastructure that has targeted Huawei Technologies Co. among others. The ban comes as communications are stepped up between China and the U.S. and a deal last month between the economic superpowers that led to the release of a Huawei Technologies Co. executive detained in Canada. China Telecom didn’t immediately respond to a request for comment. Previously, it has denied allegations that it posed a security risk and said it was working cooperatively with U.S. regulators.
READ THE STORY: WSJ // Cyber Report
A QUICK LOOK:
Security experts doubt Ukraine readiness against Russian cyber attack
FROM THE MEDIA: “We're going to begin today's program in Ukraine, where a major existential question hangs over the country - will Russia attack? More than 100,000 Russian troops are amassed on Ukraine's borders. Ukraine's president says his country is ready for hybrid warfare. NPR's Daniel Estrin is in the country's capital and has been looking into how well Ukrainians are prepared on multiple fronts.”
DANIEL ESTRIN, BYLINE: In 2015, a Ukrainian power plant operator filmed his computer screen as his mouse cursor started moving around, clicking and opening folders - a mysterious hacker.
UNIDENTIFIED PERSON #1: (Non-English language spoken).
UNIDENTIFIED PERSON #2: (Non-English language spoken).
UNIDENTIFIED PERSON #1: (Non-English language spoken).
ESTRIN: What's he trying to do? the operator says. Section breakers - he's trying to switch them off.
UNIDENTIFIED PERSON #1: (Non-English language spoken).
ESTRIN: About 200,000 Ukrainians lost power in the winter cold. Same thing happened the following winter in part of Kyiv. The year after that, NPR's Morning Edition reported this.
(SOUNDBITE OF ARCHIVED NPR BROADCAST)
STEVE INSKEEP: A cyberattack has hit tens of thousands of computers worldwide.
READ THE STORY: NPR // Capradio
A QUICK LOOK:
US, NATO allies preparing for possible Russian cyber attacks
FROM THE MEDIA: As tensions rise between Ukraine and Russia, the United States and NATO allies are bolstering in their cyber defenses, fearing the possibility of Russian retaliation. A cyber security expert at Virginia Tech believes that Russia is likely to try to retaliate against the U.S. online for our government’s support of Ukraine. “I think we should be very concerned,” David Simpson said. NATO Secretary General Jens Stoltenberg says NATO Allies are ramping up their cyber defenses and are “very aware that Russia has been responsible for cyber attacks before.” U.S. Joint Chiefs Chairman General Mark Milley says the U.S. military is prepared and has a significant amount of capabilities to defend and do what is necessary to protect the country. This week, an internal memo from the U.S. Department of Homeland Security said Russia could target critical infrastructure in the U.S. Simpson said Russia’s goal would be “to have us be angry at each other and to not be confident in our government.” Last year, President Joe Biden signed an executive order to bolster cyber security within the federal government and private sector, but Simpson says the effort may have been too little, too late.
READ THE STORY: PHL17
A QUICK LOOK:
Japan to launch police bureau to counter cybercrime
FROM THE MEDIA: Japan's cabinet has endorsed a bill to enable the National Police Agency to set up a new bureau and team in April dedicated to responding to serious cybercrimes. The bill is part of Japan's efforts to centralize police activities related to cybercrimes that are currently handled by multiple bureaus, with concern increasing about alleged state-sponsored attacks from China, North Korea and Russia. After the revised police bill is passed by the Diet, the bureau and team will be launched on April 1. The Cabinet endorsement came as reliance on online communication has grown due to the coronavirus pandemic, increasing opportunities for cybercrime. With the reorganization, the police plan to beef up cybercrime investigations using advanced technology as well as cooperation with overseas counterparts. The number of cybercrime cases confirmed by police nationwide stood at 12,275 in 2021, up about 20 percent from the year before.
READ THE STORY: Japan Today
A QUICK LOOK:
Putin orders apparent new system for banning internet content
FROM THE MEDIA: Russian President Vladimir Putin has ordered his administration to consider an apparent new system to ban "toxic" internet content, although details were not released. The new system, contained in a list of presidential orders on the Kremlin website, was described as a "self-regulated register of toxic content" which would be used "to protect minors". The Kremlin would review it by June 1. The order, with Thursday's date, was first reported by Russian media on Saturday. Putin has hinted at plans for a more sweeping crackdown on online content, blaming the internet for corrupting youth and for fueling street protests by political opponents branded extremists by the authorities. Russia stepped up pressure last year on foreign tech companies, imposing punishments including a nearly $100 million fine against Google (GOOGL.O) for failing to delete banned content. read more
READ THE STORY: Reuters
A QUICK LOOK:
Over 20,000 data center management systems exposed to hackers
FROM THE MEDIA: Researchers have found over 20,000 instances of publicly exposed data center infrastructure management (DCIM) software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks. Data centers house costly systems that support business storage solutions, operational systems, website hosting, data processing, and more. The buildings that host data centers must comply with strict safety regulations concerning fire protection, airflow, electric power, and physical security. Years of pursuing operational efficiency have introduced "lights-out" data centers, which are fully automated facilities managed remotely and generally operate without staff. However, the configuration of these systems isn't always correct. As a result, while the servers themselves may be adequately protected from physical access, the systems that ensure physical protection and optimal performance sometimes aren't. Investigators at Cyble have found over 20,000 instances of publicly exposed DCIM systems, including thermal and cooling management dashboards, humidity controllers, UPS controllers, rack monitors, and transfer switches.
READ THE STORY: Bleeping Compter
A QUICK LOOK:
North Korean hackers launch attack using Windows Update and GitHub
FROM THE MEDIA: The attack uses fake documents with embedded macros designed to resemble Lockheed Martin employment information. Once the macro is executed, the exploit uses Windows Update and GitHub to deliver payloads and infect unsuspecting users. The state-sponsored organization, already suspected in past attacks such as WannaCry and numerous attacks against U.S media outlets, was discovered using Windows Update to deliver malicious payloads while using GitHub as a primary command and control (C2) server. The attacks loosely followed the group's earlier dream job campaign, which targeted organizations as well as specific individuals in the defense, aerospace, and civilian government contracting sectors. The spear phishing attack used two decoy MS Word documents with embedded macros (Lockheed_Martin_JobOpportunities.docx and Salary_Lockheed_Martin_job_opportunities_confidential.doc) that were designed to appear as valid Lockheed Martin job announcement information. Once the malicious macros are executed by an unsuspecting user, the malware package completes a series of injections on the target system to ensure persistence across target machine startups.
READ THE STORY: Techspot
A QUICK LOOK:
Sovereignty a grey area in cyber space: Experts
FROM THE MEDIA: BENGALURU: Despite international laws and regulations, sovereignty in cyberspace remains a grey area. During a discussion on ‘Demystifying Sovereignty in Cyberspace,’ organized by the Synergia Foundation in partnership with Cisco on Friday, the panelists spoke on how countries are using Internet tools to define and protect their sovereignty in cyber space and the flawed laws on cyber crime. Synergia Foundation is a Bengaluru-based strategic think tank. The speakers looked to deconstruct the concepts of national security, sovereignty, and the growing digital influence in warfare in relation to cyberspace. Lt Gen Rajesh Pant, National Cybersecurity Coordinator, National Security Council of India, said that the concept of sovereignty should include cyber space. “There’s a method that cyber space can be defined,” he added, while stressing on the importance of data safety. Aaron Shull, chief executive officer, Centre for International Governance Innovation, Canada, said that “although there is an international consensus that we do not go after each other’s critical infrastructure, that consensus is often breached. When force is used, states take advantage of ambiguity because of operational capacity,” he said while adding that the realm in cyber space is important to maintaining a safe global cyber environment.
READ THE STORY: New Indian Express
A QUICK LOOK:
Home windows vulnerability with new public exploits helps you to turn out to be admin
FROM THE MEDIA: A safety researcher has publicly disclosed an exploit for a Home windows native privilege elevation vulnerability that enables anybody to realize admin privileges in Home windows 10. Utilizing this vulnerability, menace actors with restricted entry to a compromised system can simply elevate their privileges to assist unfold laterally throughout the community, create new administrative customers, or carry out privileged instructions. The vulnerability impacts all supported assist variations of Home windows 10 earlier than the January 2022 Patch Tuesday updates. As a part of the January 2022 Patch Tuesday, Microsoft fastened a ‘Win32ok Elevation of Privilege Vulnerability’ vulnerability tracked as CVE-2022-21882, which is a bypass for the beforehand patched and actively exploited CVE-2021-1732 bug. Microsoft attributes the invention of this vulnerability to RyeLv, who shared a technical evaluation of the vulnerability after Microsoft launched the patch.
READ THE STORY: News Axes
A QUICK LOOK:
NSO chief rejects criticism of spyware firm: ‘I sleep soundly at night’
FROM THE MEDIA: The Houthi rebels are continuing to violate a UN-imposed arms embargo in Yemen and to recruit children to fight in the seven-year war, according to a report provided to the Security Council and published today. In an annual report, a panel of UN experts says it has concluded that “all military and paramilitary forces loyal to the Sanaa-based authorities fall under this definition” of having violated the arms embargo. The rebels control the capital Sanaa. The 300-page report says the Houthis have continued “to source critical components for their weapon systems from companies in Europe and Asia, using a complex network of intermediaries to obscure the chain of custody.” It says that “most types of uncrewed aerial vehicles, waterborne improvised explosive devices and short-range rockets are assembled in Houthi-controlled areas.”
READ THE STORY: Times of Israel
A QUICK LOOK:
The battle for the world’s most powerful cyberweapon
FROM THE MEDIA: The complete New York Times report on how Israel reaped diplomatic gains around the world from NSO’s Pegasus spyware. America and India have been named among the NSO clients. In June 2019, three Israeli computer engineers arrived at a New Jersey building used by the F.B.I. They unpacked dozens of computer servers, arranging them on tall racks in an isolated room. As they set up the equipment, the engineers made a series of calls to their bosses in Herzliya, a Tel Aviv suburb, at the headquarters for NSO Group, the world’s most notorious maker of spyware. Then, with their equipment in place, they began testing. The F.B.I. had bought a version of Pegasus, NSO’s premier spying tool. For nearly a decade, the Israeli firm had been selling its surveillance software on a subscription basis to law-enforcement and intelligence agencies around the world, promising that it could do what no one else — not a private company, not even a state intelligence service — could do: consistently and reliably crack the encrypted communications of any iPhone or Android smartphone.
READ THE STORY: Kashmir Times
A QUICK LOOK:
Items of interest
The Cybersecurity 202: 'This Is How They Tell Me The World Ends' sheds new light on a global cyberweapons arms race(Paper)
FROM THE MEDIA: The U.S. government is paying hackers for vulnerabilities it finds in software and hardware used by corporations and governments. Once they've bought those vulnerabilities, they're turning them into cyberweapons employed in attacking or spying on adversaries. That's the moral, political and economic dilemma explored by “This Is How They Tell Me The World Ends: The Cyberweapons Arms Race,” a new book out today by New York Times cybersecurity reporter Nicole Perlroth. After starting to cover cybersecurity a decade ago, Perlroth almost immediately began hearing stories about the government paid hackers to turn over vulnerabilities in software and hardware it could exploit for espionage, she writes. Despite a chorus of sources warning her she wouldn't get very far, Perlroth was determined to learn everything she could about the black market for cyberweapons.
READ THE STORY: Washington Post
Security BSides Dublin 2021 – Derek Middlemiss’ ‘Cyber Espionage Reloaded’(Video)
FROM THE MEDIA: Cyber Espionage reloaded this is the pdf from the talk.
Security BSides Dublin 2021 – Juan Aray’s ‘Introduction To Fileless Malware’(Video)
FROM THE MEDIA: Fileless Malware this is the pdf from the talk.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com