WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

Chinese APT Scarab Targets Ukraine

A report on Chinese nation-state cyber operations targeting Ukraine in support of the Russian invasion.

• Ukraine CERT (CERT-UA) has released new details on UAC-0026, which SentinelLabs confirms is associated with the suspected Chinese threat actor known as Scarab.

This detailed report includes TTPs and IOCs of this operation,

That QR Code Could be a Malware

Quick Response (QR) codes have become a standard method of conducting contactless transactions during the COVID-19 pandemic. However, cyber criminals are exploiting the lax security that […]  From CHIPS

Strengthening Cybersecurity of SATCOM Network Providers and Customers

Original release date: March 17, 2022

CISA and the Federal Bureau of Investigation (FBI) are aware of possible threats to U.S. and international satellite communications (SATCOM) networks. Successful intrusions into SATCOM networks could create additional risk for SATCOM network customer environments.

In response, CISA and FBI have published joint Cybersecurity Advisory (CSA) Strengthening Cybersecurity of SATCOM Network Providers and Customers, which provides mitigations and resources to strengthen SATCOM provider and customer cybersecurity.

CISA and FBI strongly encourage critical infrastructure organizations and, specifically, organizations that are SATCOM network providers or customers to review the joint CSA and implement the mitigations. CISA and FBI will update the joint CSA as new information becomes available.

5 ways to save business bucks on the cloud

Used correctly, the cloud can save your company real money. Used incorrectly, and you’re just throwing money away.

Webinar on cyberattacks in Ukraine – summary and Q&A

On March 10, 2022 Kaspersky’s Global Research and Analysis Team (GReAT) shared their insights into the current (and past) cyberattacks in Ukraine. In this post we address the questions that we did not have the time to answer and provide the Indicators of Compromise (IoCs) that can help you defend against the identified threats. You can watch the full recording of the webinar here: ‘A look at current cyberattacks in Ukraine‘

The webinar included an historical overview of attacks on Ukraine; and an overview of current cyber-activity in the country, which comprises known APT activity, unknown parties carrying out DDoS attacks and leveraging commodity RATs, hacktivism, activities by cybercriminals and unattributed attacks.

Cybersecurity: Attacker uses websites’ contact forms to spread BazarLoader malware

A new social engineering method is spreading this malware, and it’s very easy to fall for. Here’s what it’s doing and how to avoid it.

Mobile malware is on the rise: Know how to protect yourself from a virus or stolen data

Don’t let mobile malware ruin your day or your device. Be aware of how this threat happens and take good precautions to avoid it.

Secret CIA Data Collection Program

[2022.02.15] An alert from Bruce Schneier.  Two US senators claim that the CIA has been running an unregulated — and almost certainly illegal — mass surveillance program on Americans.

The senator’s statement. Some declassified information from the CIA.

A New Cybersecurity “Social Contract”

By Bruce Schneier [2022.02.22] The US National Cyber Director Chris Inglis wrote an essay outlining a new social contract for the cyber age:

The United States needs a new social contract for the digital age — one that meaningfully alters the relationship between public and private sectors and proposes a new set of obligations for each. Such a shift is momentous but not without precedent. From the Pure Food and Drug Act of 1906 to the Clean Air Act of 1963 and the public-private revolution in airline safety in the 1990s, the United States has made important adjustments following profound changes in the economy and technology.

A similarly innovative shift in the cyber-realm will likely require an intense process of development and iteration. Still, its contours are already clear: the private sector must prioritize long-term investments in a digital ecosystem that equitably distributes the burden of cyberdefense. Government, in turn, must provide more timely and comprehensive threat information while simultaneously treating industry as a vital partner. Finally, both the public and private sectors must commit to moving toward true collaboration — contributing resources, attention, expertise, and people toward institutions designed to prevent, counter, and recover from cyber-incidents.

The devil is in the details, of course, but he’s 100% right when he writes that the market cannot solve this: that the incentives are all wrong. While he never actually uses the word “regulation,” the future he postulates won’t be possible without it. Regulation is how society aligns market incentives with its own values. He also leaves out the NSA — whose effectiveness rests on all of these global insecurities — and the FBI, whose incessant push for encryption backdoors goes against his vision of increased cybersecurity. I’m not sure how he’s going to get them on board. Or the surveillance capitalists, for that matter. A lot of what he wants will require reining in that particular business model.

Good essay — worth reading in full.

An Elaborate Employment Con in the Internet Age

By Bruce Schneier [2022.02.24]  [Editor comment: I have covered employment scams like this one in the Friday Phish Fry.]  The story is an old one, but the tech gives it a bunch of new twists:

Gemma Brett, a 27-year-old designer from west London, had only been working at Madbird for two weeks when she spotted something strange. Curious about what her commute would be like when the pandemic was over, she searched for the company’s office address. The result looked nothing like the videos on Madbird’s website of a sleek workspace buzzing with creative-types. Instead, Google Street View showed an upmarket block of flats in London’s Kensington.  […]

Using online reverse image searches they dug deeper. They found that almost all the work Madbird claimed as its own had been stolen from elsewhere on the internet — and that some of the colleagues they’d been messaging online didn’t exist.  […]

At least six of the most senior employees profiled by Madbird were fake. Their identities stitched together using photos stolen from random corners of the internet and made-up names. They included Madbird’s co-founder, Dave Stanfield — despite him having a LinkedIn profile and Ali referring to him constantly. Some of the duped staff had even received emails from him.

Read the whole sad story. What’s amazing is how shallow all the fakery was, and how quickly it all unraveled once people started digging. But until there’s suspicion enough to dig, we take all of these things at face value. And in COVID times, there’s no face-to-face anything.

Insurance Coverage for NotPetya Losses

[2022.02.28] Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons..”

Other Articles from Bruce Schneier

If you have not already added Bruce Schneier’s blog to your threat feed, do so now.  Here are some other Bruce Schneier articles from the last month.

Bypassing Apple’s AirTag Security  [2022.02.23]

Vulnerability in Stalkerware Apps  [2022.03.02]

Samsung Encryption Flaw  [2022.03.04]

Hacking Alexa through Alexa’s Speech  [2022.03.07]

Fraud on Zelle  [2022.03.09]

Where’s the Russia-Ukraine Cyberwar?  [2022.03.10]

Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on security technology. To subscribe, or to read back issues, see Crypto-Gram’s web page.

You can also read these articles on my blog, Schneier on Security.