This week’s top cybersecurity headlines cover security advisories, fundraiser results, cybersecurity unit establishments at various places, and the attack landscape in general. Here are the details of these cyber events that happened over the week.
Wiper Called DoubleZero Targets Ukrainian Enterprises
A wiper dubbed DoubleZero is targeting Ukrainian enterprises as per recent warnings by Ukraine CERT-UA. The governing body noted that it’s not unusual for malware-based attacks to target Ukrainian organizations, but the wiper DoubleZero has been discovered for the first time. The government CERT first observed the DoubleZero campaign on 17th March 2022, when adversaries used it to launch spear-phishing attacks.
After an analysis, it was found that DoubleZero was designed to destroy the infected system. Several ZIP archives were found that employed the destructive DoubleZero program created using the C # programming language. One of these ZIP files was called “Virus … extremely dangerous !!!. Zip”. The wiper reportedly used two techniques – using API-calls NtFileOpen, NtFsControlFile, and overwriting system content with zero blocks of 4096 bytes. Cybersecurity experts note that the malware deletes the Windows registry like HKU, HKCU, HKLM \ BCD, and HKLM before crashing the infected system.
Japan Launches Cyber-Defense Unit
Japan’s Self-Defense Forces have newly launched a cyber-defense unit to enhance the nation’s response to cyberattacks. Since cyberthreats play a vital role in global conflicts, the Japanese Self-Defense Force is taking this initiative to strengthen its cyber defense.
The new unit comprises approximately 540 personnel, engaging in training human resources, managing information and communication networks, and supporting practical training. The Japanese government perceives cyberspace, outer space, and the electromagnetic spectrum as vital aspects of nations’ military balance. Therefore this move comes as one of its significant attempts to boost its defense capabilities.
The Defense Ministry headquarters in Tokyo now has a new cyber unit that reflects the immediacy of the project and inherent urgency to strengthen the SDF’s cyber capabilities. The Japanese Defense Minister Nobuo Kishi also reiterated the nation’s objective behind launching the cyber defense unit and mentioned its plans of integrating the hitherto dispersed cybersecurity measures (among the maritime, ground, and air self-defense forces) into a centralized body.
New Phishing Technique In Talks – BitB
A new, almost invisible phishing technique created by a penetration tester and security researcher has taken the cyber world by storm. Known as Browser-in-the-Browser (BitB), this new phishing technique can steal users’ sensitive information. A cybersecurity researcher called mr.d0x mentioned that BitB targets websites with third-party single sign-on options that usually offer pop-up windows for authentication. These could be the websites offering sign-in with Facebook, Apple, Google, or Microsoft as options.
As per mr.d0x, a malicious version of this pop-up window can be created to con users into sharing their personal information. Reportedly, the adversaries used basic CSS/HTML to create a fraudulent log-in window for Canva. This fake pop-up opens a browser window within the browser and spoofs a legitimate domain – all of which appear to be very genuine and convincing to the user. There is no going back from the attack-owned website after users have come this far, and they need to enter their credentials on this site before they can move anywhere else.
As is understandable, the BitB attack evades both HTTPS and URL encryption and a hover-over-it security check. The attack steals both usernames and passwords of users despite 2FA being enabled. Thus, to ensure ransomware protection from an attack like BitB, users must rely on proof of identity coming from registered tokens or devices only.
New Mexico Appoints First Senior Advisor For Cybersecurity And Critical Infrastructure
New Mexico governor Michelle Lujan Grisham recently appointed a senior advisor for the state’s cybersecurity and critical infrastructure. This happens to be the first time the state has appointed anyone for such a position. Annie Winterfield Manriquez has been selected for the said post. Manriquez brings with her years of experience in cybersecurity and aspires to strengthen New Mexico’s cybersecurity infrastructure and systems by working closely with key stakeholders across the private sector.
This initiative comes when more and more sophisticated cyberattacks are targeting New Mexico. The state is hopeful that Manriquez will emerge as the leader they need right now. Having graduated from the University of California, she started her professional career as a research assistant at the James Martin Center for Nonproliferation Studies in Monterey, California. During this time, Manriquez also worked for the Intelligence Analysis and Strategy Department of the MITRE Corporation. In addition, she has been associated with the Woodrow Wilson Center for International Scholars as a national security fellow and the Department of Energy’s National Nuclear Security Administration.
Having such an experienced and qualified person on board, New Mexico hopes to be able to endure all cyber offenses that may target the state.
FBI Warns Russian Attacks On Energy Companies
The FBI has recently released a notice warning of cyberattacks targeting energy companies. Russian hackers have increased attacks on energy companies ever since the beginning of its war against Ukraine. The Associated Press obtained an FBI advisory where the agency mentioned that it had scanned over five energy companies and 18 other companies across defense and financial sectors in the recent past for vulnerabilities. Although the advisory doesn’t mention the companies, its findings revealed that while there is no obvious indicator of cyberattacks, the Biden administration has major cybersecurity concerns owing to the ongoing Russia-Ukraine war.
Around the same time, the White House expressed its concerns over the ‘evolving intelligence,’ suggesting Russia’s intentions of launching cyberattacks against US critical infrastructure. White House’s deputy national security adviser for cyber and emerging technologies – Anne Neuberger, informed that the US is struggling to fix certain critical infrastructure entities that Russian hackers could potentially exploit.
ForAllSecure Raised $21 Million In Series B Investment Round
ForAllSecure is a famous application security testing firm that recently announced its collection at the Series B investment round. It could raise $21 million in the investment round bringing the total to $36 million. Along with ForAllSecure, the funding round was led by New Enterprise Associates (NEA) and Koch Disruptive Technologies (KDT).
ForAllSecure is an automated software testing center that began ten years ago and specializes in improving security for Fortune 1000 companies across sectors like automotive, aerospace, high-tech, and even the US military. Its autonomous security testing platform, called Mayhem, improves productivity by integrating security testing into continuous workflows. The company plans to use the funding to increase its growth by building newer cybersecurity solutions and hiring new talents.