Reporters Without Borders (RSF) raised concerns over two old draft laws resubmitted to the Iraqi parliament, one dealing with cybercrime and the other with freedom of expression and the right to protest peacefully. According to RSF, the two bills were first submitted to the parliament in 2011, and then resubmitted in their original form every time a new parliament took office, ignoring previous debates and amendments.
The cybercrime draft law is seen as containing threats to journalists and freedom of the press. For instance, it imposes penalties ranging from a minimum fine of 10 million Iraqi dinars (more than €6,500) to prison terms of seven to ten years for anyone who uses the internet ‘with the intention to undermine religious, family or social values and principles’. The second draft law is criticised for containing ‘vague and ambiguous language that is open to interpretation and therefore to manipulation by the authorities’.
The Computer Emergency Response Team of Ukraine (CERT-UA) revealed that users of the DELTA situational awareness program were receiving phishing emails and instant messages from a compromised email account at the Ukrainian Ministry of Defense. The emails and messages were intended to infect computers with malware that steals information.
CERT-UA alerted Ukrainian military forces about the malware attack. The team had not linked the identified operation to any known threat actors yet.
DELTA was developed by Ukraine and its partners as an intelligence collection and management system to aid the military in tracking the movements of hostile forces.
A new variant of the Agenda ransomware, a ransomware targeting healthcare and education entities, has been identified. Agenda uses the practice of partial or intermittent encryption and configures parameters that are used to determine the percentage of the file content to be encrypted. The new variant is also able to disable user account control – which otherwise could help mitigate the impact of malware by requiring administrative access to launch a program or a task.
Microsoft warned users about a cross-platform botnet that targets private Minecraft servers with distributed denial-of-service (DDoS) attacks. The botnet, dubbed MCCrash, has a unique technique of spreading that allows it to infect Linux systems even though it originates in malicious software downloaded on Windows operating systems.
An analysis of the DDoS botnet identified functionalities designed to target private Minecraft Java servers using crafted packets, most likely as a service sold on darknet sites or forums.
A breakdown of the systems affected by the botnet over a period of three months showed that most of the devices were located in Russia, but they have also been recorded in countries such as Kazakhstan, Uzbekistan, Ukraine, Belarus, the Czech Republic, Italy, and India.
The US government has launched a Digital Transformation with Africa (DTA) initiative dedicated to ‘expand[ing] digital access and literacy and strengthen[ing] digital enabling environments across the continent’. The USA plans to dedicate over US$350 million to this initiative, which is expected to support the implementation of both the African Union’s Digital Transformation Strategy and the US Strategy Towards Sub-Saharan Africa. DTA’s objectives revolve around three pillars:
- Digital economy and infrastructure: (a) expanding access to an open, interoperable, reliable, and secure internet; (b) expanding access to key enabling digital technologies, platforms, and services and scale the African technology and innovation ecosystem; (c) facilitating investment, trade, and partnerships in Africa’s digital economy.
- Human capital development: (a) facilitating inclusive access to digital skills and literacy, particularly for youth and women; (b) fostering inclusive participation in the digital economy; (c) strengthening the capacity of public sector employees to deliver digital services.
- Digital enabling environment: (a) strengthening the capacities of authorities and regulators to develop, implement, and enforce sound policies and regulations; (b) supporting policies and regulations that promote competition, innovation, and investment; (c) promoting governance that strengthens and sustains an open, interoperable, reliable, and secure digital ecosystem.
The third edition of Cyber Signals, a yearly report which highlights security trends and insights from Microsoft’s 8,500 security experts and 43 trillion daily security signals, was recently launched. In this edition, experts present new information on broader threats to critical infrastructure posed by converging information technologies, the Internet of Things (IoT), and operational technology (OT) systems.
Some of the report’s highlights include:
- Unpatched, high-security vulnerabilities identified in 75% of the most common industrial controllers in customer OT networks.
- Over one million connected devices publicly visible on the internet running Boa, an outdated and unsupported software widely used in IoT devices and software development kits.
- An 78% increase in disclosures of high-severity vulnerabilities from 2020 to 2022 in industrial control equipment produced by popular vendors.
The US Federal Bureau of Investigation’s (FBI’s) security platform InfraGard, a platform created to provide cyberthreat information-sharing collaborations with the private sector, has been hacked. The InfraGard programme holds details of high-profile personalities in the private sector, most of whom manage critical national security and welfare infrastructure such as, but not limited to, power and drinking water plants, financial services, transportation, manufacturing, healthcare, nuclear energy, and communication firms. A database containing contact details of over 87,000 members of InfraGard appears to have been posted on BreachedForums, a cybercrime and hacking forum.
ChatGPT, recently created by OpenAI, has alarmed cybersecurity experts. Essentially, this chatbot is an optimising language model which assists users in generating human-like text. Cybersecurity experts have warned that there is a high chance that cybercriminals could use this model to teach them how to craft cyberattacks. Suleyman Ozarslan, the co-founder of cyber resilience organisation Picus Security, tested the chatbot by describing its tactics and techniques of ransomware without using the word ransomware as such. ChatGTP generated a text which provided the ‘pieces’ for ransomware. Namely, Ozarslan stated that the chatbot wrote effective virtualisation/sandbox evasion code that hackers could use, eventually enhancing cybercrime.
Trend Micro security researchers have identified an advanced remote access trojan (RAT) named CHAOS that enhances Linux cryptocurrency mining attacks. It is based on an open-source project in which the main downloader script and further payloads are hosted in different locations to ensure the campaign remains active and constantly spreading. Investigation shows that the main server appears to be in Russia, which is also used for cloud bulletproof hosting. Trend Micro researchers stated that the infection routine of cryptocurrency mining malware seems minor, but organisations and individuals should stay cautious.
Cybersecurity researchers found that North Korean hackers pretend to work for a think tank to obtain opinions and reports from foreign experts to better understand Western policy on North Korea. According to Reuters, some of the issues raised in the emails concerned China’s reaction to North Korea’s nuclear tests, while researchers dubbed Thallium to be among these hacking groups, which have been targeting government employees, think tanks, academics, and human rights organisations. Microsoft Threat Intelligence Center (MSTIC) told Reuters that the impersonation tactic appears to be quicker than hacking someone’s account, but makes it harder for defenders to stop the emails as it is up to the recipient to identify them most of the time.
