“FBI and CISA warn over threats to satellite communications networks”
The FBI and CISA warn satellite communications network provider over threats and to bump up their security. However, the satellite communications network provider are aware of the threats that can happen.
The outage started on February 28, of this year, coinciding with Russia’s invasion of Ukraine. The same day German energy firm Enercon reported remote communications to 5800 wind turbines was down due to a satellite outage.
As the article mentions, the warning provides mitigation actions for both SATCOM operators and their customers to take amid US and European investigations into a major outage affecting Viaset’s internet service for fixed broadband customers in Ukraine and elsewhere on its European KA-SAT satellite network.
The agencies are recommending SATCOM operators to review the security communications to and from end-user terminals, and to review the Office of the Director’s National Intelligence’s February report, which details Russia’s anti-satellite technologies, including directed energy weapons, for jamming civilian and military satellite GPS and communication services.
”Manufacturing is the most targeted sector by ransomware in Brazil“
Cybercriminals have discovered the critical role companies play in supply chains to force victims to pay ransoms, according to a new study. The researchers noted that Latin America has a higher rate of business email compromise (BEC) attacks than any other region in the world, with Brazil accelerating from 0% in 2019 to 26% in 2021. BEC is the second most common type of attack in the region. In 2021, unpatched vulnerabilities account for 18% of attacks. Another report on cyber threats by SonicWall earlier this month found that Brazil was second only to the US, Germany and the UK in ransomware attacks. The country had more than 33 million intrusion attempts in 2021, ranking ninth in the same ranking the previous year, with 3.8 million ransomware attacks.
Open source software risks and supply chain attacks are always a discussion when it comes to application security. However, this recent political protest against Russia involving NPM is a new level of concern for security professionals and developers with over 40,000 downloads. The author of node-IPC replaced a module with a wiper code to include Ukraine messaging which downloaded a file directly to a user’s desktop. Barring political opinion at the time of download there was no way for a user to know whether the file is malicious or safe causing unnecessary panic to unsuspecting users. The author claims it is a nondestructive protest and draws attention to developers exercising more control over their node modules.
This article from thehackernews displays that amidst all of the latest politically motivated threat actors that have been exercising their ability lately, there still remains the financially motivated ones who are also improving their technical attack strategies. Threat actor dubbed UNC2981 by Mandiant has recently deployed a previously unknown rootkit that is targeting ATMs using Oracle Solaris systems. Furthermore, many other attacks making headlines lately are leveraging the ignorance of targets and using phishing for initial access and are overall not entirely high-skill attacks (unfortunately). However, this attack is on the opposite end as it is actually the result of “a high degree of OPSEC, and leverage[s] both public and private malware, utilities, and scripts to remove evidence and hinder response efforts” per Mandiant’s analysis. The attacks are very similar to another threat actor, UNC1945, using common tools, backdoors, log erasing scripts, and similar methods of advanced exploitation of linux/UNIX systems that evade most analyses outside of seasoned linux security researchers who even overlook many of the overwritten binaries like systemd.
Bridgestone Americas recently has an information security incident on February 27. Accordingly, to the article they are unsure of the scope of the incident or of any potential impact of the incident. Bridgestone Americas has stated they are still in process of investigating the incident. As soon as they have identified the incident on the February 27, they have started the containment process while ensuring the other IT systems stays secure. After discovering the incident, the Bridgestone Americas has disconnected many of their manufacturing and retreading facilities in Latin America and North America from their network to prevent any potential impact to those systems.
Anonymous hacktivists warned that the next #OpRussia target will be corporations that refuse to pull their business from Russia as one group of hackers decided to try to use their data haul from a Russian company to financially help the people of Ukraine.
“We call on all companies that continue to operate in Russia by paying taxes to the budget of the Kremlin’s criminal regime: Pull out of Russia! We give you 48 hours to reflect and withdraw from Russia or else you will be under our target!” a prominent Anonymous account tweeted Sunday.
The same account reported Thursday that the #OpRussia cyber offensive started nearly a month ago by the collective was “launching unprecedented attacks on the websites of Russian gov’t. Increasing their capacity at peak times from 500 GB earlier, it is now up to 1 TB. That is, two to three times more powerful than the most serious incidents.”
And one hacker who has promised for days a major data dump tweeted that they were first expecting a reply on a ransom request — stressing that if the ransom was paid it would not be lining their pockets but would be donated as “free money for Ukraine.”
The White House warned that the Russian Government is exploring options for potential cyberattacks. The White House recommends all companies but especially critical infrastructure invest in and accelerate efforts toward becoming more mature from a cybersecurity perspective. This implies that an impending attack from Russia on our critical infrastructure could be coming. The White House is offering information regarding best practices and mitigation guidance through the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
The cyber gang LAPSUS$ which has victimized Nivida, Samsung, Vodafone, and others have struck again. Microsoft and Okta and investigating a potential breach. LAPSUS$ posted screenshots and source code of internal projects and systems of Microsoft and Okta on their telegram channel. LAPSUS$ also stated that they found the security measures which are FEDRAMP approved to be poor. It seems that the breach was not intended to access Okta’s database but rather Okta’s customers, and access was received through a Cloudflare tenant that allows you to reset employee passwords.
The article talks about the growth of this market that is basically linked to the growing demand for application security in the banking sector, rising data breaches in business applications, favorable government regulations, and increasing demand for SaaS based mobile application security. This article proffers an extensive e analysis of the global application security market. The global application security market is supported by component (software tools, services), type (web application security, mobile application security), deployment mode (on-premises, cloud), organization size (SMEs, large enterprises), and end user (BFSI, manufacturing, healthcare, retail, government, education, media & entertainment, IT & telecom, energy & utilities, another end user). The article also determines industry competitors and analyses the market at the country level. https://www.infosecurity-magazine.com/application-security/
The article I am choosing to summarize this week is about Checkmarx’s new Supply Chain Security solution. Supply chain security is a byproduct of application security and has to do with open-source software and software pipelines, and how attackers have been able to infiltrate software pipelines that have been previously trusted for years. These pipelines include public websites and databases that store open-sourced software for download, companies that market and sell open-sourced software solutions, and more. Checkmarx’s Supply Chain Security solution will provide a SBOM (Software Bill of Materials) about open-sourced software packages (general knowledge of the software’s contents and support community), malicious package detection, a contributor reputation database, behavioral analysis of software packages via testing in a detonation chamber, and continuous updates of their vulnerability and contributor reputation database. Checkmarx considers themselves the AppSec testing leader, and claims that nearly half of the Fortune 50 trusts their security technology, expert research, and global services to securely optimize development at speed and scale.
“Over 40,000 London Voters Have Data Leaked to Strangers”
The Election Service in London sent out regular emails to registered voters last week. However, 43,000 voters (about 13% of residents) received names, addresses, and voting instructions from non-family members. The council says the information contained in these emails is publicly available in the voter register, a public document that any public member can view at any time of the year. Voters are now concerned that their personal information is being released online.
Half of the security pros say their public clouds were breached during the pandemic.
I came across this article published on March 22, 202, and thought it would be helpful in this week’s topic.
Research released on Tuesday found that 50% of security pros say their public cloud environments experienced a breach in 2020 or 2021.
The survey found that as companies go digital, security teams are managing an increasingly complex multi-cloud environment and are struggling with a lack of visibility, inadequate controls, and a rising shadow data problem. Shadow — or unknown, unmanaged data — has become an issue as both IT and business users can self-provision cloud services and stand-up instances for app development and testing. In addition, 58% say that their cloud data had been knowingly exfiltrated among those who say they were breached.
The survey results validate the fact that cloud-native application security requires a different approach, including a defense-in-depth strategy to protect data; traditional security is not enough for cloud-native applications because their larger attack surface heightened risk of lateral, movement, and complex compliance needs.
Google Experts Found a Record Number of Zero-Day Security Bugs Last Year
Project Zero, an in-house team of Google experts and analysts tasked with finding advanced cybersecurity threats known as zero-day vulnerabilities and exploits, detected a record-breaking 58 in-the-wild exploits in 2021, according to a report from the team published on April 18, 2022.
“FBI and CISA warn over threats to satellite communications networks”
The FBI and CISA warn satellite communications network provider over threats and to bump up their security. However, the satellite communications network provider are aware of the threats that can happen.
The outage started on February 28, of this year, coinciding with Russia’s invasion of Ukraine. The same day German energy firm Enercon reported remote communications to 5800 wind turbines was down due to a satellite outage.
As the article mentions, the warning provides mitigation actions for both SATCOM operators and their customers to take amid US and European investigations into a major outage affecting Viaset’s internet service for fixed broadband customers in Ukraine and elsewhere on its European KA-SAT satellite network.
The agencies are recommending SATCOM operators to review the security communications to and from end-user terminals, and to review the Office of the Director’s National Intelligence’s February report, which details Russia’s anti-satellite technologies, including directed energy weapons, for jamming civilian and military satellite GPS and communication services.
Reference:
https://www.zdnet.com/article/cisa-and-fbi-warn-over-threats-to-satellite-communications-networks/
”Manufacturing is the most targeted sector by ransomware in Brazil“
Cybercriminals have discovered the critical role companies play in supply chains to force victims to pay ransoms, according to a new study. The researchers noted that Latin America has a higher rate of business email compromise (BEC) attacks than any other region in the world, with Brazil accelerating from 0% in 2019 to 26% in 2021. BEC is the second most common type of attack in the region. In 2021, unpatched vulnerabilities account for 18% of attacks. Another report on cyber threats by SonicWall earlier this month found that Brazil was second only to the US, Germany and the UK in ransomware attacks. The country had more than 33 million intrusion attempts in 2021, ranking ninth in the same ranking the previous year, with 3.8 million ransomware attacks.
https://www.zdnet.com/article/manufacturing-is-the-most-targeted-sector-by-ransomware-in-brazil/
Open source software risks and supply chain attacks are always a discussion when it comes to application security. However, this recent political protest against Russia involving NPM is a new level of concern for security professionals and developers with over 40,000 downloads. The author of node-IPC replaced a module with a wiper code to include Ukraine messaging which downloaded a file directly to a user’s desktop. Barring political opinion at the time of download there was no way for a user to know whether the file is malicious or safe causing unnecessary panic to unsuspecting users. The author claims it is a nondestructive protest and draws attention to developers exercising more control over their node modules.
https://www.darkreading.com/application-security/recent-code-sabotage-incident-latest-to-highlight-code-dependency-risks
This article from thehackernews displays that amidst all of the latest politically motivated threat actors that have been exercising their ability lately, there still remains the financially motivated ones who are also improving their technical attack strategies. Threat actor dubbed UNC2981 by Mandiant has recently deployed a previously unknown rootkit that is targeting ATMs using Oracle Solaris systems. Furthermore, many other attacks making headlines lately are leveraging the ignorance of targets and using phishing for initial access and are overall not entirely high-skill attacks (unfortunately). However, this attack is on the opposite end as it is actually the result of “a high degree of OPSEC, and leverage[s] both public and private malware, utilities, and scripts to remove evidence and hinder response efforts” per Mandiant’s analysis. The attacks are very similar to another threat actor, UNC1945, using common tools, backdoors, log erasing scripts, and similar methods of advanced exploitation of linux/UNIX systems that evade most analyses outside of seasoned linux security researchers who even overlook many of the overwritten binaries like systemd.
https://thehackernews.com/2022/03/hackers-target-bank-networks-with-new.html
Bridgestone Americas recently has an information security incident on February 27. Accordingly, to the article they are unsure of the scope of the incident or of any potential impact of the incident. Bridgestone Americas has stated they are still in process of investigating the incident. As soon as they have identified the incident on the February 27, they have started the containment process while ensuring the other IT systems stays secure. After discovering the incident, the Bridgestone Americas has disconnected many of their manufacturing and retreading facilities in Latin America and North America from their network to prevent any potential impact to those systems.
Reference:
https://portswigger.net/daily-swig/bridgestone-americas-disconnects-manufacturing-facilities-following-security-incident
Anonymous hacktivists warned that the next #OpRussia target will be corporations that refuse to pull their business from Russia as one group of hackers decided to try to use their data haul from a Russian company to financially help the people of Ukraine.
“We call on all companies that continue to operate in Russia by paying taxes to the budget of the Kremlin’s criminal regime: Pull out of Russia! We give you 48 hours to reflect and withdraw from Russia or else you will be under our target!” a prominent Anonymous account tweeted Sunday.
The same account reported Thursday that the #OpRussia cyber offensive started nearly a month ago by the collective was “launching unprecedented attacks on the websites of Russian gov’t. Increasing their capacity at peak times from 500 GB earlier, it is now up to 1 TB. That is, two to three times more powerful than the most serious incidents.”
And one hacker who has promised for days a major data dump tweeted that they were first expecting a reply on a ransom request — stressing that if the ransom was paid it would not be lining their pockets but would be donated as “free money for Ukraine.”
https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/
The White House warned that the Russian Government is exploring options for potential cyberattacks. The White House recommends all companies but especially critical infrastructure invest in and accelerate efforts toward becoming more mature from a cybersecurity perspective. This implies that an impending attack from Russia on our critical infrastructure could be coming. The White House is offering information regarding best practices and mitigation guidance through the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
The cyber gang LAPSUS$ which has victimized Nivida, Samsung, Vodafone, and others have struck again. Microsoft and Okta and investigating a potential breach. LAPSUS$ posted screenshots and source code of internal projects and systems of Microsoft and Okta on their telegram channel. LAPSUS$ also stated that they found the security measures which are FEDRAMP approved to be poor. It seems that the breach was not intended to access Okta’s database but rather Okta’s customers, and access was received through a Cloudflare tenant that allows you to reset employee passwords.
https://thehackernews.com/2022/03/lapsus-hackers-claim-to-have-breached.html
The article talks about the growth of this market that is basically linked to the growing demand for application security in the banking sector, rising data breaches in business applications, favorable government regulations, and increasing demand for SaaS based mobile application security. This article proffers an extensive e analysis of the global application security market. The global application security market is supported by component (software tools, services), type (web application security, mobile application security), deployment mode (on-premises, cloud), organization size (SMEs, large enterprises), and end user (BFSI, manufacturing, healthcare, retail, government, education, media & entertainment, IT & telecom, energy & utilities, another end user). The article also determines industry competitors and analyses the market at the country level.
https://www.infosecurity-magazine.com/application-security/
The article I am choosing to summarize this week is about Checkmarx’s new Supply Chain Security solution. Supply chain security is a byproduct of application security and has to do with open-source software and software pipelines, and how attackers have been able to infiltrate software pipelines that have been previously trusted for years. These pipelines include public websites and databases that store open-sourced software for download, companies that market and sell open-sourced software solutions, and more. Checkmarx’s Supply Chain Security solution will provide a SBOM (Software Bill of Materials) about open-sourced software packages (general knowledge of the software’s contents and support community), malicious package detection, a contributor reputation database, behavioral analysis of software packages via testing in a detonation chamber, and continuous updates of their vulnerability and contributor reputation database. Checkmarx considers themselves the AppSec testing leader, and claims that nearly half of the Fortune 50 trusts their security technology, expert research, and global services to securely optimize development at speed and scale.
https://www.darkreading.com/application-security/checkmarx-launches-comprehensive-supply-chain-security-solution
“Over 40,000 London Voters Have Data Leaked to Strangers”
The Election Service in London sent out regular emails to registered voters last week. However, 43,000 voters (about 13% of residents) received names, addresses, and voting instructions from non-family members. The council says the information contained in these emails is publicly available in the voter register, a public document that any public member can view at any time of the year. Voters are now concerned that their personal information is being released online.
https://www.infosecurity-magazine.com/news/over-40000-london-voters-data/?&web_view=true
Half of the security pros say their public clouds were breached during the pandemic.
I came across this article published on March 22, 202, and thought it would be helpful in this week’s topic.
Research released on Tuesday found that 50% of security pros say their public cloud environments experienced a breach in 2020 or 2021.
The survey found that as companies go digital, security teams are managing an increasingly complex multi-cloud environment and are struggling with a lack of visibility, inadequate controls, and a rising shadow data problem. Shadow — or unknown, unmanaged data — has become an issue as both IT and business users can self-provision cloud services and stand-up instances for app development and testing. In addition, 58% say that their cloud data had been knowingly exfiltrated among those who say they were breached.
The survey results validate the fact that cloud-native application security requires a different approach, including a defense-in-depth strategy to protect data; traditional security is not enough for cloud-native applications because their larger attack surface heightened risk of lateral, movement, and complex compliance needs.
Source:
https://www.scmagazine.com/news/cloud-security/half-of-security-pros-say-their-public-clouds-were-breached-during-the-pandemic
Google Experts Found a Record Number of Zero-Day Security Bugs Last Year
Project Zero, an in-house team of Google experts and analysts tasked with finding advanced cybersecurity threats known as zero-day vulnerabilities and exploits, detected a record-breaking 58 in-the-wild exploits in 2021, according to a report from the team published on April 18, 2022.
Source:
https://www.cnet.com/tech/services-and-software/google-experts-found-a-record-number-of-zero-day-security-bugs-last-year/