Suspected Russian hack extends far beyond SolarWinds software
Investigators say they have found concrete evidence that almost one third of the attack victims had no direct connection to SolarWinds software. The incident demonstrated how attackers could leapfrog from one cloud-computing account to another by taking advantage of little-known idiosyncrasies in the ways that software authenticates itself on the Microsoft service. Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, said in an interview that some victims were compromised before SolarWinds deployed the corrupted Orion software about a year ago. He stated the attackers “gained access to their targets in a variety of ways…it is absolutely correct that this campaign should not be thought of as the SolarWinds campaign.”
Russian hack brings changes and uncertainty to US court system
In the story that never ends, the US court system is reeling from the prospect that its electronic case files may join those of scores of other federal agencies and private companies that may have been hacked through this same Russian attack, uncovering sealed documents, including trade secrets, espionage targets, whistleblower reports and arrest warrants. As a result, its new rules for filing sensitive documents are that they must be printed out and hand-delivered to the courthouse. The Administrative Office of U.S. Courts confirmed the court system breach on Jan. 6. Its full impact remains unknown.
Section 230 emerges as Robinhood’s shield from lawsuits
Robinhood, the online brokerage that raised the ire of amateur investors by restricting trading of GameStop during last week’s market frenzy, is already protected from pending class action lawsuits by its user agreement, but will also find protection in Section 230 of the Communications Decency Act, the same one that became the centerpiece of President Trump’s veto of the 2021 defense spending bill as well as debate over COVID-19 relief payments. Under the act, social media companies are generally not liable for user activity.
Microsoft 365 becomes haven for two new BEC innovations
Two new business email compromise (BEC) tactics have emerged, involving the manipulation of Microsoft 365 automated email responses to evade email security filters. The first sees scammers targeting victims by redirecting legitimate out-of-office (OOO) replies from an employee to them; and in the other, read receipts are being manipulated. Austin Merritt, cyber-threat intelligence analyst at Digital Shadows, told Threatpost “This is problematic for network defenders that already have traditional security solutions implemented because the phishing emails either trigger read receipt notifications or redirect to a separate recipient’s inbox, grabbing the attention of the intended victim.”
Thanks to our episode sponsor HID Global
Attackers use fake password expiration alerts to phish C-Suite executives
In a separate Office 365 story, security experts from Trend Micro have uncovered an ongoing phishing campaign spreading fake Office 365 password expiration reports to compromise email accounts of C-Suite executives. Emails attached with fake Office 365 password expiration reports prompts users to click on the “Keep Password” option if they want to continue using the same password. Once clicked, the option leads the user to the phishing page, which asks the user to enter login credentials. The campaign has been active since 2019, and ads selling account credentials of CEOs, CFOs, and other C-suite executives are already prevalent in multiple English- and Russian-speaking darknet forums.
Pro-Ocean emerges as a sophisticated cryptojacker
The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis installs. The malware is an evolution of a Monero cryptocurrency miner that was first spotted by Unit 42 researchers in 2019. Before installation, Pro-Ocean also attempts to remove other malware as well as any process that heavily uses the CPU. Analysis of the code revealed that it was specifically designed to target cloud applications, and among its targets there are Alibaba Cloud and Tencent Cloud.
Experts explain how to bypass recent improvement of China’s Great Firewall
Members of the Great Firewall Report group have analyzed the recent improvement implemented for China’s Great Firewall censorship system and revealed that it is possible to bypass it. The Chinese government had recently improved its surveillance system to detect and block the popular circumvention tools Shadowsocks and its variants. Shadowsocks, a free open-source encryption protocol project, leverages SOCKS5 proxies outside China to avoid government censorship. The experts have revealed that a more recent version of Shadowsocks (3.3.1) could still bypass the firewall.
Douglas Adams was right. The answer to life, the universe and everything is 42
In Douglas Adams’s much loved Hitchhikers Guide to the Galaxy novels, a deep learning computer determined the answer to life’s ultimate question as being 42, and now a recent academic paper published in Scientific and Academic Publishing and written by Jody Geiger of the Informativity Institute in Chicago, proves that the universe is indeed a product of the number 42, when measured in Planck Units. The paper describes the physical constants and laws of nature that are resolved from a simple geometry between two frames of reference that can be calculated to that value. Far from being a parody or novelty, the scientific paper, entitled Measurement Quantization Describes the Physical Constants, gives deep thought to the concept of measurement and is also noted for presenting a classical unification of gravity and electromagnetism.