Wednesday, February 16, 2022 // (IG): BB //Weekly Sponsor: BLKTRIANGLE
Ukraine defense ministry website, banks, knocked offline
FROM THE MEDIA: The online networks of Ukraine's defense ministry and two banks were overwhelmed on Tuesday and Ukraine's information security centre pointed the finger at neighboring Russia. "It is not ruled out that the aggressor used tactics of little dirty tricks because its aggressive plans are not working out on a large scale," the Ukrainian Centre for Strategic Communications and Information Security, which is part of the culture ministry, said in a statement. Kyiv has blamed Moscow for similar actions in the past and since Russia began massing more than 100,000 troops near the frontier, raising East-West tensions as the West fears Russia is planning to attack Ukraine, which Moscow denies. read more The type of disruption reported by Ukrainian authorities on Tuesday is known as a distributed denial-of-service - often abbreviated DDoS - but the scale of it wasn't immediately clear. The manoeuvre, which works by directing a fire hose of internet traffic from a multitude of sources against one set of servers or another, is a common across the internet and such attacks happen periodically in Ukraine and beyond.
READ THE STORY: Reuters
A QUICK LOOK:
Cyber Criminals Set Data Compromises Record in 2021
FROM THE MEDIA: The Identity Theft Resource Center's 2021 annual report shows a 68 percent increase in data compromises compared to 2020. The report also says ransomware may soon supplant phishing as the dominant cyber attack. Data compromises broke another record in 2021, and more businesses were targeted by cyber criminals armed with stolen personal information and passwords, according to the Identity Theft Resource Center's 2021 annual report. Publicly reported data compromises in the U.S., including breaches, exposures and leaks, totaled 1,862 in 2021, a 68% increase over 2020. Nearly 294 million people were victims. Cyber thieves increasingly attacked businesses using stolen individual credentials, such as logins and passwords, or by tricking people into revealing information needed for those attacks, the report found. "In 2021, we saw a shift in the identity crime space," said Eva Velasquez, president and CEO of the resource center, which is a national nonprofit that tracks publicly reported data compromises in the U.S. and provides free assistance to victims. "Too many people found themselves in between criminals and organizations that hold consumer information. We may look back at 2021 as the year when we moved from the era of identity theft to identity fraud," she said.
READ THE STORY: Govtech
A QUICK LOOK:
Poland raises alert against cyber attacks
FROM THE MEDIA: Poland has alerted the security services and public administration against threats in cyberspace, the Government Centre for Security said on Tuesday, just hours after Ukraine reported its defense ministry and two banks had been hacked. In a tweet late on Tuesday, the Government Security Centre said that the ALFA-CRP alert level, the lowest on a four-level scale, will be introduced across the country from 11:59 p.m. CET (1059 GMT) on Feb. 15 until 11:59 p.m. CET on Feb. 28. "The ALFA-CRP alert is a signal for security services and the whole public administration to be particularly vigilant," the Government Security Centre said in a tweet. "This means that the administration is obliged to conduct increased monitoring of the state of security of ICT systems," it added. Earlier on Tuesday, Ukraine said its defense ministry and two banks had been subject to a cyber attack, appearing to point the finger at Russia, as the West sought evidence from Moscow of a partial troop pullback. read more
READ THE STORY: Reuters
A QUICK LOOK:
GAO: DoD has to step up efforts in space, cyber and artificial intelligence to compete with China
FROM THE MEDIA: The U.S. Government Accountability Office in a new report says the Defense Department has to be better prepared to respond to China’s advances in space, cyberwarfare and artificial intelligence. “Successful preparation for strategic competition with China will depend on continuing efforts to increase U.S. combat credibility and enhance conventional deterrence that can help prevent conflict, protect U.S. interests and assure allies,” GAO said in the report titled “Challenges Facing DoD in Strategic Competition with China.” The three-page summary GAO published Feb. 15 is the unclassified version of a much more extensive report that is classified. Going forward, said GAO, the U.S. defense Department should be prepared to “maintain supply chains, gather intelligence, and responsibly leverage emerging space, cyber, and AI technologies in response to potential threats.” The watchdog agency suggested that Congress will need to pay close attention to DoD’s efforts in these areas and whether DoD takes “timely actions.”
READ THE STORY: SpaceNews
A QUICK LOOK:
Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities
FROM THE MEDIA: Ransomware attacks on critical infrastructure and a surge in exploited vulnerabilities are getting the attention of U.S. cybersecurity agencies, which highlighted the threats in a pair of warnings issued in recent days. The FBI and U.S. Secret Service issued a detailed advisory on the BlackByte Ransomware as a Service (RaaS) group, which has attacked critical infrastructure industries in recent months, among them government, financial and food and agriculture targets. And the Cybersecurity and Infrastructure Security Agency (CISA) added 15 more vulnerabilities to its list of actively exploited vulnerabilities. The warnings come amid rising global tensions over the possibility of a Russian invasion of Ukraine, which itself has been the subject of a number of U.S. cybersecurity advisories in recent weeks. The FBI-Secret Service warning came just ahead of news that the NFL’s San Francisco 49ers had also been hit by BlackByte ransomware. The ransomware encrypts files on compromised Windows host systems, including physical and virtual servers, the advisory noted, and the executable leaves a ransom note in all directories where encryption occurs, including ransom payment instructions for obtaining a decryption key.
READ THE STORY: EsecurityPlanet
A QUICK LOOK:
CISA tells federal agencies to patch actively exploited Chrome, Magento bugs
FROM THE MEDIA: The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source. The Chrome vulnerability (CVE-2022-0609) is a high severity use after free bug that can let attackers execute arbitrary code or escape the browser's security sandbox on computers running unpatched Chrome versions addressed in Chrome 98.0.4758.102. Adobe released an emergency update to fix a critical flaw (CVE-2022-24086) exploited in the wild "in very limited attacks" to gain remote code execution using exploits targeting Adobe Commerce and Magento Open Source versions 2.4.3-p1/2.3.7-p2. eCommerce security company Sansec warned that the Magento flaw is similar to the 2015 critical bug Magento Shoplift which enabled threat actors to take over vulnerable Magento sites. CISA said that all Federal Civilian Executive Branch Agencies (FCEB) agencies must deploy patches for these two security vulnerabilities until March 1st, 2022. The complete list of nine flaws added today to CISA's Known Exploited Vulnerabilities Catalog includes a mix of old and new bugs, ranging from 2013 to 2022, as shown in the table below.
READ THE STORY: Bleeping Computer
A QUICK LOOK:
China Issued Amended Cybersecurity Review Measures
FROM THE MEDIA: Recently, thirteen relevant Chinese government agencies (e.g. Cyberspace Administration of China, National Development and Reform Commission of China, China Securities Regulatory Commission, etc.) jointly released amended Cybersecurity Review Measures (the “New Measures”) to amend and supersede the prior version of such measures issued on April 13, 2020. The New Measures will become effective on February 15, 2022. According to Article 4 of the New Measures, the abovementioned thirteen Chinese government agencies will work together to establish the working mechanism of national cybersecurity review. The Cybersecurity Review Office, housed in the Cyberspace Administration of China, will be responsible for developing the rules and regulations related to cybersecurity review, as well as organizing and coordinating the cybersecurity review process.
READ THE STORY: Mondaq
A QUICK LOOK:
FTC Issues Stern Warning to Companies to Address Known Cybersecurity Vulnerability
FROM THE MEDIA: The Federal Trade Commission (FTC) issued a surprisingly strong warning to companies that they may face potential regulatory action if they fail to address known vulnerabilities, focusing in particular on the Log4j cybersecurity vulnerability. According to the January 4, 2022 alert (the FTC Alert), the FTC recognizes that the Log4j vulnerability poses a serious risk to consumer products and web applications, and if exploited, could cause serious irreversible harms, such as financial loss and loss of personal information.1 Citing its prior action over the vulnerability patching failure in Equifax, the FTC signaled its willingness to pursue companies that fail to mitigate Log4j or other known cybersecurity vulnerabilities. The Log4j vulnerability is the very first matter scheduled for review by the newly formed Cyber Safety Review Board (CSRB), a public-private partnership created in response to the President’s May Executive Order on Improving the Nation’s Cybersecurity.2 This board is a collaboration of top cybersecurity leaders from both industry and government agencies, and will be delivering strategic recommendations to both the President and the Secretary of Homeland Security. The board’s first review is scheduled to be released this summer (see the announcement for more details).
READ THE STORY: JDsupra
A QUICK LOOK:
Korean firms enhance car cybersecurity before Level 3 autonomous car releases
FROM THE MEDIA: China-nexus threat actors are getting better and quicker at weaponizing and deploying exploits for newly discovered common vulnerabilities and exposures (CVEs), and in the past 12 months leveraged new vulnerabilities at a “significantly elevated” rate when compared to 2020, according to CrowdStrike’s eighth annual Global threat report. CrowdStrike Intelligence said it had confirmed the exploitation of two vulnerabilities published in 2020 by China-nexus advanced persistent threat (APT) actors – in Oracle WebLogic and Zoho ManageEngine, respectively – but that last year it was able to confirm 12 vulnerabilities and nine different products being exploited, linked to 10 known APTs, including the infamous Wicked Panda (aka APT41 or Barium). The analysts said that although Chinese APTs have long developed and deployed their own exploits in the targeted intrusions, 2021 saw an increased volume of activity from Chinese APTs, highlighting an evolution in how these groups go about their work. “For years, Chinese actors relied on exploits that required user interaction, whether by opening malicious document or other files attached to emails or visiting websites hosting malicious code,” wrote the report’s authors. “In contrast, exploits deployed by these actors in 2021 focused heavily on vulnerabilities in internet-facing devices or services.”
READ THE STORY: PulseNews
A QUICK LOOK:
EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware
FROM THE MEDIA: The European Union's data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, calling out the technology's "unprecedented level of intrusiveness" that could endanger users' right to privacy. "Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy," the European Data Protection Supervisor (EDPS) said in its preliminary remarks. "This fact makes its use incompatible with our democratic values." Pegasus is a piece of highly advanced military-grade intrusion software developed by Israeli company NSO Group that's capable of breaking into smartphones running Android and iOS, turning the devices into a remote monitoring tool capable of extracting sensitive information, recording conversations, and tracking users' movements. Besides granting unrestricted access to the targeted devices, Pegasus is stealthily installed on devices by leveraging zero-click exploits, such as KISMET and FORCEDENTRY, that require no interaction from the users.
READ THE STORY: THN
A QUICK LOOK:
Items of interest
Supply chain boom turns box ships attractive cyberattack targets(Article)
FROM THE MEDIA: Speaking to Seatrade Maritime News Avital Sincai, Co-founder and COO of Cydome, said that the fact shipping companies in the supply chain now had large amounts of money made them a target for extortion through the likes of ransomware attacks. “When you look at the broader perspective and supply chain, a supply chain suffering from shortages, and it's delivering over 90% of world trade, and now maritime companies are very profitable. It’s been a very good year for maritime companies,” she said. These factors make maritime a “really interesting attack vector” as it provides an avenue to disrupt the supply chain and extort money from the companies in it. Sincai commented extortion was back on the table as there was much more money in the sector. With each containership both larger than in the past, and at full capacity due to high demand, attacking just a single vessel has the potential to create hundreds of millions of dollars, and more, worth of damage. “So now, each vessel is a more interesting as target,” she said. “Now we’ve also seen hackers attacking the supply chain as a vector.”
READ THE STORY: Sea trade Maritime
Cyber War Without Rules – Russia vs Ukraine(Video)
FROM THE MEDIA: The conflict between Russia and Ukraine moved into cyberspace almost a decade ago. Now the things are just getting worse. In a war of stolen or ransomed data and in a war of disinformation, any weapon can work. We will take an exclusive inside look into the current developments as well as at a history of the conflict.
Electronic & Cyber Warfare on China & Russia with Ret. Capt. Jim Darenkamp, CTO at Giesler(Video)
FROM THE MEDIA: Electronic and Cyber warfare for everyone to understand. How do the two come together and how is the battlefield changing. Ret. Capt. Jim Darenkamp joined me to discuss the latest trends and his personal battlefield experience.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com