Menu Close

Cyber Monitoring #3 (January 2022)

Cyberattacks in Ukraine: In the latest round of cyber incidents in Ukraine, attackers hijacked many government-run websites and some agencies even lost important data. Microsoft was the first security research team to discover the attack, who dubbed it “WhisperGate.” Security experts and government leaders are struggling with how to address these cyber attacks. Given the sensitivity around Ukraine and Russia currently, it’s unclear if these could be constituted as an act of war or anything that could lead to kinetic warfare. The U.S. Department of Homeland Security warned Americans that Russian state-sponsored actors could launch cyber attacks against critical infrastructure should the U.S. object to any kinetic warfare in Ukraine. Russian forces are currently gathering near the Ukrainian border, leading to concerns of a military conflict.

Cyberattacks in Canada: Threat actors targeted Canada’s foreign ministry’s network, disrupting some services, though the agency said it did not affect anything critical. The country’s leadership had also just recently warned of potential attacks from Russian state-sponsored actors.

Arrests of members from the REvil threat group: Russian authorities arrested several alleged members of the REvil ransomware group at the request of U.S. authorities. It also seized multiple millions of dollars in international currencies that likely came from cyber attacks.

A malware that steals and wipes: A well-known banking trojan targeting Android phones recently added a new feature that could completely wipe a target’s phone. The malware, Brata, factory resets the phone after it executes an unauthorized wire transaction.

Some dark web news: UniCC, one of the largest darknet forums for selling stolen credit card information, shut down last week when its founder retired. The creator of the forum claims to have made $358 million during the site’s lifespan.

A huge Internet blackout: The entire country of North Korea lost internet access for about six hours this week, possibly due to a distributed denial-of-service attack. This is the second time in as many weeks this happened to the country.

Threat group officially attributed to Iranian Intelligence: U.S. Cyber Command formally attributed the MuddyWater threat actor as an Iranian state-sponsored actor related to the Iranian Ministry of Intelligence (MOIS). The government also released an outline of the group’s tactics, techniques and procedures (TTPs) and likely entry points into victims’ networks.

A European DNS? The European Union is interested in building its own sovereign and recursive DNS service that will be made available to EU institutions and the general public for free. The proposed service, named DNS4EU, is currently in a project planning phase.
But what is a DNS? On the surface, browsing the web appears to be quite a simple process. Behind the scenes, after you type a URL in your device’s address bar, your device sends a query to a Domain Name Server (DNS) to translate the URL to a machine-readable IP address. Once your device receives the corresponding IP address, it opens the website. The EU said that DNS4EU would come with built-in filtering capabilities that will be able to block DNS name resolutions for bad domains, such as those hosting malware, phishing sites, or other cybersecurity threats.