The CyberWire Daily Briefing.

"Cyberespionage accusations, Netscaler backdoors, LinkedIn hijacking."

Views expressed in this cybersecurity, cybercrime, and cyberespionage update are those of the reporters and correspondents.  Accessed on 16 August 2023, 2045 UTC.

Content provided by email subscription to "The CyberWire Daily Briefing.

Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGtwghftvqDKfWcqcQxrjCphSnK ("The CyberWire Daily Briefing").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

More signal, less noise.

Final Weeks to Register for Mandiant's mWISE

Don't miss this targeted security conference for frontline practitioners.

Daily Briefing

August 16, 2023.
ANNOUNCEMENT

N2K Response to White House Cyber Workforce Strategy.

In July, the Biden Administration released their National Cyber Workforce and Education Strategy (NCWES) to address the hundreds of thousands of vacant cybersecurity jobs in the U.S. In response, N2K has developed a free cyber workforce development strategy guide for employers to improve hiring, development, and retention for cyber talent and buy down risk using a data-driven workforce intelligence strategy. Get your free copy today.

SUMMARY

At a glance.

  • China accuses US of installing backdoors in Wuhan seismic laboratory.
  • NetScaler backdoors found.
  • Phishing scam targets executives.
  • LinkedIn sees a surge in account hijacking.
  • Raccoon Stealer gets an update.
  • Cryptocurrency recovery scams.
  • Moscow court fines Reddit, Wikipedia, for unwelcome content about Russia's war.

China accuses US of installing backdoors in Wuhan seismic laboratory.

China's Ministry of State Security has accused the US of "a cyberattack incident targeting the Wuhan Earthquake Monitoring Center. The Global Times, a news service operated by the Central Committee of the Chinese Communist Party, quotes Xiao Xinguang of the National Committee of the Chinese People's Political Consultative Conference: "US intelligence agencies not only actively collect various signal intelligence, but have also long obtained other countries' comprehensive earth system science remote-sensing and telemetry data as strategic intelligence through various means." Chinese statements express concern about collection of technical information and the possibility of collateral interference with earthquake alerts and emergency response. Seismic data could serve as a source of MASINT, the Record writes, noting as well that seismic monitoring has long provided information about nuclear testing. China's announcement also serves, whatever merit it may or may not have, as an influence operation, pushback to US accusations of Chinese cyberespionage and staging of potentially disruptive malware in critical infrastructure.

Sponsored by ActiveState

How to Fire Up your Open Source Supply Chain Security with SLSA - Webinar.

Join ActiveState's CPO, Loreli Cadapan, and Kusari's Co-founder and CTO, Michael Lieberman, on August 24 as they discuss how SLSA can be implemented with real-world examples. SLSA is the emerging and spicy security framework developed by Google and embraced by Microsoft, IBM, and VMWare. It is designed to help organizations level up their supply chain security with escalating rigor around the build and source elements of development, but like any framework, it can be confusing and difficult to implement in the real world. Loreli and Michael will simplify the path to securing your open source and talk about why SLSA is better with GUAC.  Save your seat now!

NetScaler backdoors found.

NCC Group’s Fox-IT has discovered a massive exploitation campaign of approximately 2,000 Citrix NetScaler products. A threat actor automated the exploitation of CVE-2023-3519, a remote code execution vulnerability, to place webshells on the devices. The researchers note, “The adversary can execute arbitrary commands with this webshell, even when a NetScaler is patched and/or rebooted. At the time of writing, more than 1900 NetScalers remain backdoored. Using the data supplied by Fox-IT, the Dutch Institute of Vulnerability Disclosure has notified victims.”

Sponsored by CyberVista

N2K Response to White House Cyber Workforce Strategy.

In July, the Biden Administration released their National Cyber Workforce and Education Strategy (NCWES) to address the hundreds of thousands of vacant cybersecurity jobs in the U.S. In response, N2K has developed a free cyber workforce development strategy guide for employers to improve hiring, development, and retention for cyber talent and buy down risk using a data-driven workforce intelligence strategy. Get your free copy today.

Phishing scam targets executives.

Proofpoint is tracking “a dramatic surge of over 100% in successful cloud account takeover incidents impacting high-level executives at leading companies.” The threat actors used the EvilProxy phishing tool to target executives at more than one-hundred organizations around the world between March and June of 2023. The researchers state, “Amongst the hundreds of compromised users, approximately 39% were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Attackers have also shown interest in lower-level management, focusing their efforts on personnel with access to financial assets or sensitive information.”

Sponsored by CyberArk

The future of security is identity and with CyberArk, the future of identity is secure.

With 84% of organizations experiencing an identity-related breach, identity is the new battlefield. As the pioneers of privileged access management, we started by protecting the most privileged users and most critical data. With intelligent privilege controls, today we’re applying the same levels of security and protection to every identity – both human and machine. CyberArk offers the most advanced identity security platform in the world, surrounding every identity with a powerful force field of continuous protection.

LinkedIn sees a surge in account hijacking.

Cyberint researchers are tracking an increase in the hijacking of LinkedIn accounts. Much of the evidence the researchers have collected is circumstantial, like a surge in such Google searches as “LinkedIn account hacked” or “LinkedIn account recovery.” "While LinkedIn has not yet issued an official announcement," CyberInt says, "it appears that their support response time has lengthened, with reports of a high volume of support requests." Unsurprisingly, poorly protected accounts--that is, accounts with weak passwords or without two-factor authentication--are most vulnerable. Better protected accounts typically see a temporary disruption while LinkedIn verifies the owner's identity.

The more poorly protected accounts suffered "full account compromise." In these cases the owners were unable to regain access on their own. The attacks followed a common process. First, the attacker gains access (either through credential theft or brute forcing of weak credentials). Second, they alter the email address associated with the account. Third, they change the account password. The second step is the one that renders it difficult for the legitimate owner to recover access, since they can no longer receive a recovery email. The new email addresses assigned to the hijacked accounts often use the mail system of rambler.ru, a Russian online platform and news service owned by the government-controlled financial institution Sberbank.

The motive for the hijacking is unclear, the clues inconsistent. There have been reports of ransom messages directed to the legitimate account owners, but the ransoms demanded don't amount to much--only "tens of dollars." Cyberint concludes, " Although the specific intentions of the threat actors are uncertain yet, whether they are financial, phishing, or internal information acquisition, the potential impact on victims is serious."

Raccoon Stealer gets an update.

The developers of the Raccoon Stealer malware have returned after a six-month hiatus with a new version of their infostealer, BleepingComputer reports. This version includes a new search feature that allows threat actors to find credentials and other information stolen in data breaches. The new version is also better at evading bots used by security researchers. Additionally, the developers added various new features that make it easier for less skilled threat actors to use the tool. The criminal-to-criminal market, here as elsewhere, responds to customer feedback. The malware’s developers said in a forum post, “Changes were implemented based on feedback and analysis of our customers’ requirements and market trends.”

Cryptocurrency recovery scams.

The US Federal Bureau of Investigation (FBI) has warned that criminals are exploiting fear of cryptocurrency scams to operate cryptocurrency recovery scams. The criminals claim to be businesses that can trace and recover stolen cryptocurrency. They reach their victims either by contacting them directly through messaging or social media services, or by attracting marks with ads or news articles hawking their bogus services. Sometimes they pose as law enforcement authorities (and, as the FBI points out, law enforcement agencies don't charge crime victims for their services). The scam either obtains payment from its victims or collects their personal information in furtherance of other crimes.

BleepingComputer ran an experiment in which they tweeted a call for assistance in recovering lost cryptocurrency. The tweet, which was nicely phrased ("I need trust wallet metamask phantom yoroi support! I lost all my crypto and password recovery phrase.") drew an "immediate" response from bots offering to direct them to people who could help. The FBI advises reporting recovery service fraud come-ons to the IC3 portal.

Moscow court fines Reddit, Wikipedia, for unwelcome content about Russia's war.

Cybernews reports that a Russian magistrate court in separate actions yesterday fined Reddit and Wikipedia a billion rubles each (the equivalent of a little more than $20,000, the ruble not being what it used to be) for their failure to remove content not in line with the Kremlin's view of its special military operation, that is, its war against Ukraine. Wikipedia has been fined before and has no intention of complying with the takedown orders that accompanied the fine.

The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.

[1083]

Notes.

Today's issue includes events affecting Bangladesh, Belarus, China, Poland, Russia, Singapore, Ukraine, the United Kingdom, and the United States.

SPONSORED EVENTS

Cyber Security Summits This Summer (Multiple Locations / Virtual, July 20 - August 17, 2023) Join us In-Person and network over breakfast, lunch & a cocktail reception on 7/20 in DC, on 7/27 in Pittsburgh & on 8/17 in Detroit. Learn about the latest threats and solutions from The FBI, U.S. DHS / CISA, US Secret Service & more. Earn CPE/CEU credits with your attendance. Get $100 off admission w/ code CyberWire23 at CyberSecuritySummit.com

mWISE early bird registration is open. Get the lowest price we offer. Washington, D.C. or online (Washington, D.C. / Virtual, September 18 - 20, 2023) Early bird registration for Mandiant’s mWISE, the targeted security conference where we use the power of collective intelligence to combat emerging threats. Get the best price we offer at this highly targeted, vendor-neutral, community-focused event. mWISE Conference 2023 Registration is Open

SELECTED READING

Dateline: Russia's hybrid war against Ukraine.

Ukraine at D+538: More use of illegals as spies. (CyberWire) Ukraine continues its slow advance toward the Sea of Azov, and Russia continues missile strikes ...

Russia-Ukraine war: List of key events, day 539 (Al Jazeera) These are the main developments as the Russian invasion of Ukraine enters its 539th day.

Russia-Ukraine war at a glance: what we know on day 539 of the invasion (the Guardian) Three killed in Russian strikes on Volyn; Russia raises interest rates to 12%

Find MORE on our website.

Attacks, Threats, and Vulnerabilities

Emerging hacking group Team NWH Security targets Bangladeshi banks and military (Cybersecurity Connect) A relatively obscure hacking collective has gone on a DDoS rampage targeting two banks and the navy ...

Ministry warns of data security risks after US agencies identified behind cyberattack on Wuhan Earthquake Monitoring Center (Global Times) China's Ministry of State Security (MSS) on Wednesday warned of data security risks after recent ...

China accuses U.S. intelligence agencies as source behind Wuhan cybersecurity attack (ZDNET) Chinese officials say the July attack on Wuhan Earthquake Monitoring Center targeted sensitive data ...

Find MORE on our website.

Security Patches, Mitigations, and Software Updates

CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released two Industrial Control Systems (ICS) advisories on August 15, 2023. These advisories ...

Zoom revises terms again to say it doesn’t use customer data to train AI models (Record) Zoom has updated its terms of service (TOS) again to remove language about using content collected ...

Trends

CrowdStrike report shows ID attacks and keyboard activity monitoring on the rise (APDR) CrowdStrike announced the release of the CrowdStrike 2023 Threat Hunting Report. The company’s sixth ...

Bribery and Corruption Concerns Drive 650% Increase for Regtech AI - African Eye Report (African Eye Report) A new study from Juniper Research, the foremost experts in fintech, has found that the total number ...

6 things you may have missed at Hacker Summer Camp (Security Boulevard) Tens of thousands of the world’s top cybersecurity pros descended on Las Vegas last week for the ...

Find MORE on our website.

Marketplace

What could your company do with $2M? (DataTribe) This is the last week for teams to submit an application for the $2M DataTribe Challenge. The ...

Bitdefender Completes Acquisition of Horangi Cyber Security (Bitdefender) Transaction Expands Bitdefender Product and Services Portfolio with Cloud Infrastructure Entitlement ...

OX Security Receives Strategic Investment From IBM Ventures (Dark Reading) OX Security, a supply chain security solution and founding member of the Open Software Supply Chain ...

Find MORE on our website.

Products, Services, and Solutions

KnowBe4 Launches New National Cybersecurity Awareness Month Resource Kit (KnowBe4) KnowBe4 Launches New National Cybersecurity Awareness Month Resource Kit

Mandiant Releases Scanner for Citrix ADC Bug (Decipher) Mandiant has released a scanner to identify appliances that have been compromised through ...

SandboxAQ Collaborates with More Than 30 Universities, Corporations and Educational Organizations to Expand AI and Quantum Training (PR Newswire) SandboxAQ today announced it has formed relationships with more than 30 major universities and other ...

Find MORE on our website.

Technologies, Techniques, and Standards

How to prevent and prepare for a cyber catastrophe (Security Intelligence) Ransomware and data leaks are inconvenient and costly. But is your organization prepared for a cyber ...

Pentagon’s vulnerability disclosure program developing expansion plans to cover more contractors (Federal News Network) Melissa Vice, the director of the Department of Defense’s Vulnerability Disclosure Program, said the ...

3 Major Email Security Standards Prove Too Porous for the Task (Dark Reading) Nearly 90% of malicious emails manage to get past SPF, DKIM, or DMARC, since threat actors are ...

Find MORE on our website.

Design and Innovation

Italian team wins Space Force's first on-orbit Hack-A-Sat contest (Breaking Defense) The five finalists in the Hack-A-Sat 4 contest competed in nine different challenges, seven of them ...

Academia

Back to school security against ransomware attacks on K-12 and colleges (BleepingComputer) As we get back to school, K-12 and colleges are increasingly at risk from ransomware and data theft ...

Legislation, Policy, and Regulation

The AI Power Paradox (Foreign Affairs) Can States Learn to Govern Artificial Intelligence—Before It’s Too Late?

Presidential Election candidates urged to guard against foreign interference, cybersecurity threats (CNA) Singapore is not immune to foreign interference, which undermines political sovereignty and harms ...

CISA Closing in on Final Cyber Guidelines for Microsoft, Google Cloud (Meritalk) The Cybersecurity and Infrastructure Security Agency (CISA) has led a handful of identity security ...

Find MORE on our website.

Litigation, Investigation, and Law Enforcement

‘Real and growing threat’: Almost every state government body hit in cyberattack surge (The Age) Ninety per cent of Victorian government agencies were targeted in cyber attacks last year, exposing ...

Voting machine hacking plot figures into Trump indictment (Nextgov.com) A plot allegedly hatched by lawyer Sidney Powell to use stolen data to rewrite the results of the ...

Trump faces 13 counts in Georgia indictment; 18 others charged (Washington Post) Former president Donald Trump and 18 others were criminally charged in connection with efforts to ...

Find MORE on our website.

SPONSOR & SUPPORT

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
The CyberWire logo
 
Twitter IconFacebook IconLinkedIn IconEmail Icon
 

Copyright © 2023, CyberWire Inc. Views and assertions of the various sources cited, Selected Reading articles, and images are those of the authors and artists, not the CyberWire, Inc.

This email was sent to kh6jrm@gmail.com
why did I get this?  |  unsubscribe  |  manage subscription preferences

Comments

Popular posts from this blog

BleepingComputer.com

The Cyberwire Daily Briefing

SecurityWeek Briefing