Tag: geopolitics
Russian gang shuts down two Indiana counties
Clay County, Indiana, in the US, is sounding a Local Disaster Declaration in the wake of a “criminal ransomware attack” that occurred last week, following reports of increasing cyber-attacks on local governments across America. “Clay County local government suffered a significant ransomware attack in the early morning hours of July 9, 2024. This has resulted in an inability to provide critical services required for the daily operation of all offices of the Clay County Courthouse, Community Corrections, and Clay County Probation,” said the county in an official statement.
Public sector phishing attacks increase fourfold
With national elections coming up later this year, US public-sector organizations are experiencing unprecedented levels of phishing attacks designed to dupe government staff into opening weaponized links in fake emails. According to email security firm Abnormal Security: “Between May 2023 and May 2024, public sector organizations experienced an astounding 360 percent growth in phishing attacks. While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary.”
Exclusive: Deepfakes being used to manipulate share prices
Cash-rich cybercriminals are learning that the easiest way to make money on the stock markets while laundering cash at the same time is to use deepfake videos to impact share prices, albeit temporarily. According to Tim Grieveson, Senior Vice President of Global Cyber Risk, BitSight: “Using video and audio deepfakes to manipulate share prices for financial gain is definitely happening, but is something no one is currently talking about.” “Using a deepfake to announce a takeover could, for instance, drive up a stock in which the threat actor owns shares. Alternatively, a negative announcement such as a dire profits warning could be used to lower the share price so that the threat actor could buy the shares at a knock-down price, only to sell them again when the profits warning was seen to be fake” adds Grieveson.
US to block use of Chinese semiconductor equipment
The US Congress has introduced a new act to prevent the Chinese and “other foreign entities of concern” from infiltrating the US’s domestic chipmaking industry. The bill, the Chip Equipment Quality, Usefulness, and Integrity Protection Act of 2024 (Chip EQUIP Act), follows on from the CHIPS and Science Act, enacted in 2022, which earmarked roughly $280 billion in new funding to boost US domestic research and manufacturing of semiconductors. It included $39 billion in subsidies plus tax breaks for US chipmakers. However, China has recently matched this with a new $40 billion investment in its own semiconductor industry, which will heavily focus on chip manufacturing equipment. In April, Chinese tech giant Huawei announced investing in new R&D capabilities to rival US, Japanese, and Dutch firms.
Cyber Tsunami Set to Overwhelm Paris Olympics
The Olympic games, which kick off in Paris towards the end of next month, are expected to attract over 15 million visitors to the French capital and generate around €11 billion. But there are also growing fears that the four-yearly global event will be the target of a tsunami of cybercrime and terrorism. “The Tokyo Games in 2021 suffered 450 million computer attacks. Paris expects eight times more!” says the networking giant Cisco, an official partner for Paris 2024.
Game over for European criminal botnet networks
An international operation coordinated by Europol has resulted in several arrests and the takedown of numerous cybercriminal networks. The operation focused on tackling the growing problem of the weaponization of botnets, which are strings of connected computers. Cybercriminal gangs use botnets to install droppers, a type of malicious software designed to install other malware, such as ransomware, onto a targeted system. Between 27 and 29 May of this year, Europol’s “Operation Endgame” targeted droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. The actions focused on disrupting criminal services, making arrests, taking down criminal infrastructures, and freezing illegal proceeds.
Chinese Hackers Using ORB Networks to Evade Detection – May 23rd
Mandiant revealed that Chinese-linked state-backed hackers rely on operational relay box (ORBs) network proxy meshes to avoid detection for cyber espionage campaigns. For example, Mandiant pointed out that these advanced persistent threat actors (APTs) used ORBs for the 'SPACEHOP' critical vulnerability campaign earlier this year.
Critical infrastructure at risk from modem flaws
“Critical flaws” have been identified in modems deployed in millions of devices worldwide. Cybersecurity firm Kaspersky has issued a report warning companies of severe security vulnerabilities in Cinterion cellular modems. According to Kaspersky, Cinterion modems are cornerstone components in machine-to-machine (M2M) and Internet of Things (IoT) communications and now offer a back door for all kinds of threat actors. They support various applications, ranging from industrial automation and vehicle telematics to smart metering and healthcare monitoring. Gemalto, the initial developer of the modems, was subsequently acquired by Thales. In 2023, Telit acquired Thales’ cellular IoT products business, including the Cinterion modems.
SSCL named as breached MoD contractor
UK-based Shared Services Connected Limited (SSCL) has been named as the Ministry of Defence (MoD) contractor hacked by, according to senior government sources, China. British defense minister Grant Shapps has admitted that the personal and financial details of 272,000 service personnel were hacked by “a malign actor.” However, the breach is now being widely attributed to China, despite China’s dismissal of the allegations as “absurd”. But while the compromised payment system has now been taken offline, there are growing fears that the breach may not merely be confined to the MoD, as SSCL handle a number of UK government contracts. “We’re the largest provider of critical business support services for the Government, the UK Military & Veterans (MoD), Metropolitan Police Service, and the Construction Industry Training Board (CITB),” boasts SSCL on its website.
FBI warns of fresh North Korean hacking tactic
The US Federal Bureau of Investigation (FBI) has issued a joint advisory warning of a new tactic being used by North Korean intelligence-gathering cyber group Kimsuky. The warning is squarely aimed at think tanks, academic institutions, non-profit organizations, and members of the media in Western countries. Despite North Korea’s previous reliance on revenue from international crime to finance its weapons and military programs, the FBI reports that Kimsuky’s role is intelligence gathering. Kimsuky exploits an improperly configured Domain Name System (DNS) to mimic legitimate email senders and hack targeted individuals. Without properly configured DNS Domain-based Message Authentication, Reporting, and Conformance (DMARC) policies, malicious hackers can send spoofed emails as if they came from a legitimate domain’s email exchange.
Cyber-attackers try to divert a commercial flight
Airline security has just entered a new era with the news that on Saturday, cybercriminals hacked the communications network on a commercial flight and tried to divert the plane to a fake destination, putting it in the hands of the gang. On Sunday, EL AL Israel Airlines confirmed the attack on one of its planes. During the attack, instructions were given to the El Al crew that differed from their set route, alerting them to the possibility that terrorists were planning to crash the plane or that their attackers were planning a kidnapping. However, despite the nationality of the airline concerned, the motive behind hacking into the airline’s communications is thought not to have been primarily political. Although the attack took place over an area where Iran-backed Houthis are known to be active, it is believed that the hackers are most likely based in Somaliland, which last month signed a controversial territorial agreement with neighboring Ethiopia.
US blocks sales of citizens’ data to hostile powers
In what is being seen by some on the Hill as a case of too little too late, Washington has this week finally blocked the sale of US citizens’ personal sensitive data to four hostile foreign powers: North Korea, China, Russia, and Iran. Sensitive data includes ordinary people’s social security numbers, financial account numbers, biometric information, genetic information, precise geolocation information, and most of their private communications. Washington’s Energy and Commerce Committee top Democrat, Congressman Frank Pallone Jr, simultaneously issued a statement highlighting the massive threat foreign data sales present to ordinary people.