Weekly Axis Of Easy #250
Last Week’s Quote was “Laws are like sausages, it is better not to see them being made,” was by Otto Von Bismarck and our winner is Nick. Well done!
This Week’s Quote: “Nothing strengthens authority so much as silence.” … by???
THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
In this issue:
- Attacking 5G via network slices: A new emerging threat
- New Linux Malware ‘Nearly Impossible to Detect’
- Anonymous hacktivists leaks 1TB of data from Russian law firm Rustam Kurmaev and Partners
- DHS disinformation board tried to censor content via social media platforms
- Hackers target Ukrainian officials’ phones
- A guide to avoiding falling victim to online, e-mail, and phone scams
- The most effective way to recover from a ransomware attack
- Euro police and US police take down cybercrime marketplace
- Hackers backed by governments take advantage of Follina
- Hackers display “Glory to Ukraine” messages on Russian ministry website
Researchers at Deloitte & Touche recently discovered an attack vector that targets network slices, a crucial part of 5G. A cyberattack on those systems could threaten public health, national security, and commercial services. But why?
The next-generation 5G networks will be the communications backbone for many mission-critical environments, including public safety, military services, critical infrastructure, and the Industrial Internet of Things. Further, they are crucial for supporting future applications with high latency expectations, such as automated cars and telemedicine.
A 5G network is made up of multiple adjacent network slices, each tailored to fulfill the requirements requested by a particular application. Deloitte collaborated with Virginia Tech on a 5G research project to explore whether it could exploit 5G by compromising one slice and then escaping it to compromise another. The answer turned out to be yes.
Attacking one slice of the 5G network to get to a second slice could be seen as a container escape in a cloud environment. The attacker would exploit open ports and vulnerable protocols to compromise a device on a second network slice.
According to Deloitte, a successful attack on a network would require many layers and steps and would likely require advanced recon and surveillance-detection techniques. It’s also dependent on how much money is spent and how serious the target application is.
Abdul Rahman, associate vice president, and Shehadi Dayekh, specialist leader from Deloitte, used the example of an attack against an industrial sensor network for a smart-factory application to show how malware can impact the data gathered from those sensors. This could cause false readings, false positives and impact manufacturing, energy, transportation, and health.
It’s crucial to ensure defense in depth. Rules get aged off, AI can be wrong, and platforms have gaps. Much of the defense work for 5G networks is about gaining a view into the infrastructure that doesn’t overwhelm defenders with information.
New Linux Malware ‘Nearly Impossible to Detect’
Initially seen in November of 2021, the symbiote malware appears much different than others before it. Rather than being a pure executable it is a shared object library. It loads itself using the LD_Preload file in Linux and hides itself, which makes it very difficult to detect.
When active, the threat actor can harvest credentials or access the victim machine remotely. It gives its owner a back door with a hard coded password allowing them to execute commands with the highest privileges.
According to researchers, using antivirus detection is moot. The best way to find is by looking for anomalous DNS requests.
Anonymous hacktivists leaks 1TB of data from Russian law firm Rustam Kurmaev and Partners
The Anonymous hacktivists collective has attacked again by leaking approximately 1TB of data from Rustam Kurmaev and Partners, a leading Russian law firm. It is worth noting that Anonymous waged a cyberwar against Russia in late February 2022 dubbed #OpRussia after the country invaded Ukrainian territories, referring it to “special military operation” to denazify and demilitarize Ukraine.
The collective leaked hundreds of gigabytes of data from the servers of Russia’s most significant media holdings. They shared the news on Twitter: “We are Anonymous – We have hacked RKPLaw (rkplawru) and leaked 1TB of files, emails, court files, client files, backups, and more! They have a huge (220 clients) and an interesting client list which I will post in the comments.” Rustam Kurmaev and Partners has been working in Russia for more than 20 years and represents around 500 clients, including the Volkswagen Group Russia, Ikea, Toyota, and Gillette. The leak could be devastating for the company considering it specializes in resolving real estate, construction, corporate, and commercial sector disputes.
DHS disinformation board tried to censor content via social media platforms
In recent documents, it was revealed that the Department of Homeland Security’s disinformation board planned to work with private social-media platforms to monitor their content. In the papers, DHS Secretary Alejandro Mayorkas outlines the issues that prompted his decision to create the board, including the copper virus pandemic and vaccine effectiveness.
Released by Republican Sens. Charles E. Grassley of Iowa and Josh Hawley of Missouri, the documents also showed that the board would have had input on disinformation budgets and how the department engages with “private sector stakeholders.”
Grassley and Hawley, who released the documents with a letter requesting more answers from Mayorkas, cautioned that the department should not enlist the private sector to silence opposing views.
The documents indicate a significant role for Mr. Mayorkas’ governance board, which Mr. Mayorkas and department officials had argued was more of an internal police force. However, its creation would never come to fruition, with the DHS announcing the board’s suspension on May 18.
From the outset, the rollout was botched, with Mr. Mayorkas first suggesting the board would engage with the private sector, only to have department officials walk back that announcement. Further trouble for the board came when Nina Jankowicz was hired as executive director.
In questioning the decision to hire Nina Jankowicz as executive director, the Senators cited her peddling erroneous information and furthering a debunked claim that former President Donald Trump had a “secret” computer server to communicate with a Russian bank.
“So this begs the question, if the (former) executive director of the DGB is incapable of determining what is and is not disinformation, how could the DGB ever have expected to unction properly under her leadership?” Grassley and Hawley said in their letter.
After tremendous pushback, Mayorkas ordered a “pause” on the board and assigned two former senior officials to lead a review. The purpose of the delay isn’t clear, although it may be an attempt to quietly sideline the board or a chance to revive it under more favorable circumstances.
As Russia pushes forward with its invasion of Ukraine, hackers are targeting the phones of Ukrainian officials. The deputy head of Ukraine’s state-owned special communications service, Victor Zhora, revealed that the country’s public servants’ phones had been repeatedly targeted.
“We see a lot of attempts to hack Ukrainian officials’ phones, mainly with the spreading of malware,” Zhora told reporters during an online news conference commemorating 100 days after Russian forces crossed the border.
Last year, a series of revelations emerged about hacking government officials’ devices, including the phones used by presidents, ministers, and other government officials. According to Zhora, his service has not seen any signs that the devices of Ukrainian government leaders were compromised. He said they were aware of the threat of zero-click intrusions but declined to comment.
A guide to avoiding falling victim to online, e-mail, and phone scams
The most effective way to recover from a ransomware attack
Euro police and US police take down cybercrime marketplace
Hackers backed by governments take advantage of Follina
Hackers display “Glory to Ukraine” messages on Russian ministry website
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
- June 6th, 2022: Unreasonably Suspicious: The Reason Ottawa Wants To Check Your Phone At The Border
- May 30th, 2022: A Crypto Hack Is More Than A Niche Issue; It Impacts Society As A Whole
- May 23rd, 2022: Cybergang Threatens To Topple Costa Rica’s Government With A Ransomware Attack
- May 16th, 2022: DEA Law Enforcement Data Breach Under Investigation
- May 9th, 2022: Citizens Should Be Told Government Tracks Their Movements, Says Canada’s Ethics Committee