Thursday, May 21, 2020

What I'm Reading 5/21/2020 - Iranian APTs at it Again

Dancho Danchev - Two High-Profile OSINT and Technical Collection Analysis Reports on Iran's Hacking Scene and the Ashiyane Digital Security Team - Available for Free!
t's a pleasure and an honor to let you know that I've just made two of my most important and high-profile studies on Iran's Hacking Scene and Iran's Hacking Ecosystem including a high-profile and never-published before SNA (Social Network Analysis) of Iran's Hacking Scene using Maltego publicly accessible with the idea to get more people to read them and actually act upon them potentially assisting the U.S Intelligence Community and U.S Law Enforcement on its way to track down the prosecute the cybercriminals behind these campaigns.
Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal information that serves the country's geopolitical interests.

"Victims of the analyzed campaigns fit into the pattern preferred by this actor, such as air transport and government sectors in the Middle East," the researchers said in a report (PDF) shared with The Hacker News, adding at least one of the attacks went undiscovered for more than a year and a half since 2018.

Data likely stolen in the hack, which Mitsubishi disclosed earlier this year, included specifications of hypersonic missile prototypes that Japan is developing, according to a report in Asahi Shimbun, a Japanese newspaper. The Ministry of Defense had sent the specifications to multiple companies, including Mitsubishi, interested in bidding on the missile contract, the report said.
Nearly 38 percent of those surveyed say changing work patterns will lead to increases in cybersecurity and fraud incidents.

Pipikaite added that the corporate digital infrastructure that normally protects most organizations with multiple layers of security has become much tougher to manage while the majority of employees work from home. A blurring of the line separating corporate and personal systems heightens the risk of exposing sensitive information not appropriately secured and monitored on personal devices and home networks. 

Late last year, cybercriminals began to shift their focus from buying access to specific corporate servers, sometimes for as little as $20, to purchasing the ability to gain full network-level access, Positive Technologies says. The number of darknet ads for corporate network climbed to 88 in the first quarter of this year, compared to 50 in the fourth quarter, according to the company's report published Wednesday.

Network-level access is generally priced between $2,500 and $10,000, but the price can go as high as $100,000, the report notes.

 The Internal Revenue Service has yet to address more than 100 cybersecurity recommendations made by a federal watchdog, including some that require fixing some basic cybersecurity measures.

According to an audit by the Government Accountability Office released May 13, the IRS hasn’t addressed 114 cybersecurity recommendations from previous audits. In addition, the watchdog made 18 new recommendations, bringing the number of open recommendations to 132.

To benchmark the cyber resilience of these critical infrastructures, the researchers assessed a number of criteria. These included their ability to manage a major cyberattack, their ability to mitigate the impact of an attack, whether they had the necessary skills to recover after an incident, as well as their best practices, policies and corporate culture.

Infrastructure providers in the US were the most likely to score highly, with 50 percent of companies considered highly resilient. In Europe, the figure was lower at 36 percent. In Japan, is was just 22 percent.

Beijing faces mounting calls to reschedule loans for shipping hubs, electrical plants and transport links that look unsustainable as economies struggle and globalization slows. The projects’ reliance on Chinese workers could also draw greater opposition from local populations worried about fresh waves of coronavirus infections.

No major contracts have been canceled due to the pandemic, and the initiative is too important to Xi to be shelved. But seven years after the Chinese leader unveiled his vision of a modern Silk Road connecting continents, the future of travel and trade is uncertain. Analysts say the most ambitious international building spree since the Marshall Plan could be scaled down and refocused toward safer investments. 
The Pulitzer Prize-winning Washington Post reporter who documented the scope of the U.S. government’s surveillance on its own citizens after receiving leaked National Security Agency documents from Edward Snowden told Yahoo News that he believes the former NSA contractor will not be pardoned in his lifetime.
“Getting pardoned is going to be a very, very big lift for any president,” Gellman told Yahoo News’ “Skullduggery” podcast. “The intelligence community, the national security community, loathes Snowden and have long memories for this sort of thing, and I don’t think he’ll be pardoned in his lifetime.”


No comments: