Menu Close

Cyber Newsletter (#1) – September 2023

CISA: Hardware Bill of Materials (HBOM)
United States of America

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the “Hardware Bill of Materials” (HBOM) framework to reduce supply chain risks for physical products. HBOM complements the “Software Bill of Materials” (SBOM) and requires hardware vendors to provide detailed information about product components. It aims to enhance supply chain transparency so “stakeholders can identify and address potential risks within the supply chain, ensuring that the digital landscape remains robust and secure against emerging threats and challenges”.

BlackTech APT Poses Threats to Japanese and US Overseas Subsidiary Companies
Japan & United States of America

On the 27th of September, the Japanese and the US security agencies (CISANSANPA) jointly warned about the activities of the BlackTech APT group, “a multinational threat linked to the People’s Republic of China (PRC)”. According to advisories, the threat actor has been hacking the overseas subsidiaries of US and Japanese companies and later infiltrating their corporate headquarters. BlackTech (also known as Palmerworm, Temp. Overboard, Circuit Panda, and Radio Panda) gained initial access through internet-facing routers, mostly Cisco routers. To maintain access, they patch router firmware with a modified version containing an SSH backdoor, using custom TCP or UDP packets to enable or disable the backdoor.

Encryption: UK Government’s Clash with Meta over the Balance between Privacy and Security
United Kingdom 

The UK government has escalated its conflict with Meta over the implementation of end-to-end encryption on Facebook and Instagram. On Wednesday 20 September, the home Secretary Suella Braverman launched a campaign, expressing concerns that encryption would hinder law enforcement efforts to combat online child sexual abuse. Meta, aiming to complete the encryption rollout by year-end, claims it will continue monitoring its platforms for child abuse content using various controls. The campaign is part of an ongoing battle between tech companies and the UK government, primarily focused on the controversial Online Safety Bill, that will grant regulatory powers to Ofcom (UK communications regulator) to compel tech companies to monitor messenger apps for illegal content. 

Apple Urgent Security Updates to Address Zero-day Vulnerabilities Exploited by Pegasus Spyware

On Thursday 7 September, Apple urgently released security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day vulnerabilities exploited by the NSO Group’s Pegasus spyware. The flaws identified by Citizen Lab are CVE-2023-41061 (a validation issue in Wallet allowing arbitrary code execution) and CVE-2023-41064 (a buffer overflow issue in the Image I/O component resulting in arbitrary code execution). These vulnerabilities were used in a zero-click iMessage exploit chain named BLASTPASS to deploy Pegasus on fully-patched iPhones. The exploit involved PassKit attachments with malicious images, bypassing Apple’s BlastDoor sandbox framework. The discovery coincides with reports of the Chinese government banning the use of iPhones and foreign-branded devices for work, citing cybersecurity concerns.

Cybersecurity: a new step into the Palestine-Israeli conflict
Israel – Palestine

Cybersecurity has tremendously changed the way we approach new conflits and the recent attack on Israeli targets by Hamas has proved it to be right. Along with the physical attacks, cyber attacks were also utilized in a way to distract the opponent from Sunday to Monday. Various groups launched denial-of-service attacks (DDos) at government and private websites but the most effective of them was the one against the website of the Jerusalem Post, an major source in reporting the conflict.  Those attacks were claimed by Anonymous Sudan (linked to KillNet, a russian nationalist hacking group) but AnonGhost (pro-palestininan hacker) has also claimed the attacks on an app used to warn residents of incoming rocket strikes. Earlier this year, the group Storm-1133 (Gaza Strip Group) had also made suspicious moves targeting energy, defense and telecommunications companies which are more proof of preparation.

Pro-Palestine hackers target India 

As the conflict grows in the region, other nations have been affected as well. As a matter of fact, Palestine supporters have been attempting cyber attacks on Indian government websites in an actio to condemn any country siding with Israel. Most of the attacks were in the shape of denial-of-service and were fended off during 48 hours. In retaliation, cyber groups with links to India have targeted the Hamas website as well as the Palestinian National Bank and the National Telecommunications Company. These hackers have been working with groups such as the ThreatSec which is pro-israeli.