Saturday, January 28, 2023

IMAGINE THAT >> Federal agencies hacked using legitimate remote desktop tools

CISA, the NSA, and MS-ISAC warned today in a joint advisory that attackers are increasingly using legitimate remote monitoring and management (RMM) software for malicious purposes.

More worryingly, CISA discovered malicious activity within the networks of multiple federal civilian executive branch (FCEB) agencies using the EINSTEIN intrusion detection system after the release of a Silent Push report in mid-October 2022.

This activity was linked to the "widespread, financially motivated phishing campaign" reported by Silent Push and was detected on "many other FCEB networks" after first being spotted on a single FCEB network in mid-September 2022.

Security

CISA: Federal agencies hacked using legitimate remote desktop tools

CISA, the NSA, and MS-ISAC warned today in a joint advisory that attackers are increasingly using legitimate remote monitoring and management (RMM) software for malicious purposes.

Sergiu Gatlan
January 25, 2023
04:18 PM
0

Hive

The U.S. Department of State today offered up to $10 million for information that could help link the Hive ransomware group (or other threat actors) with foreign governments.

In November, the FBI revealed that this ransomware operation had extorted around $100 million from over 1,500 companies since June 2021.

"If you have information that links Hive or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government, send us your tip via our Tor tip line. You could be eligible for a reward," the State Department's Rewards for Justice Twitter account said.

"For information on the identification or location of any person who, while acting at the direction of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act."

"Send us your information on Signal, Telegram, WatshApp, or via our Tor-based tip line."

During the last two years, the State Department also offered rewards of up to $15 million for tips that could help locate members of the Conti [1, 2], REvil (Sodinokibi), and Darkside ransomware operations.

The State Department offers these rewards as part of its Transnational Organized Crime Rewards Program (TOCRP), through which over $135 million in rewards have been paid since 1986.

Disrupted after FBI infiltrated Hive's servers

This offer comes after Hive ransomware's Tor websites were seized today as part of an international law enforcement operation.

The Justice Department revealed that the FBI infiltrated Hive servers at a hosting provider in California last July and secretly monitored the operation for six months (Dutch police gained access to backup servers hosted in the Netherlands).

As a result, the FBI could warn targets as it learned about attacks before they occurred and distribute over 1,300 decryption keys to Hive victims, thus saving them at least $130 million in ransom payments.

Besides decryption keys, the FBI also discovered Hive communication records, malware file hashes, and information on 250 Hive affiliates.

The gang's Tor payment and data leak sites now display an animated seizure banner warning other ransomware gangs of this coordinated action and listing the law enforcement organizations and countries involved in this international takedown operation.

"This hidden site has been seized. The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware," the seizure notice reads.

"This action has been taken in coordination with the United States Attorney's Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol."

Bear CyberWarfare Dominance

Biz & IT / Information Technolog

#GermanyRIP. Kremlin-loyal hacktivists wage DDoSes to retaliate for tank aid

Killnet hacktivist group appears to have indirect ties to the Russian government.

by Dan Goodin - Jan 27, 2023 12:39pm MST

111

An iteration of what happens when your site gets shut down by a DDoS attack.

"Threat actors loyal to the Kremlin have stepped up attacks in support of its invasion of Ukraine, with denial-of-service attacks hitting German banks and other organizations and the unleashing of a new destructive data wiper on Ukraine.

Germany's BSI agency, which monitors cybersecurity in that country, said the attacks caused small outages but ultimately did little damage.

“Currently, some websites are not accessible,” the BSI said in a statement to news agencies. “There are currently no indications of direct effects on the respective service and, according to the BSI's assessment, these are not to be expected if the usual protective measures are taken.”

The distributed denial-of-service attacks, typically called DDoSes, appeared to come as retaliation for the German government’s decision to allow its advanced Leopard 2 tanks to be supplied to Ukraine. Researchers at security firm Cado Labs said on Wednesday that Russian-language hacktivist groups—including one calling itself Killnet—issued calls for its members to wage DDoSes against targets in Germany. The campaign, which began on Tuesday as the Leopard 2 tank decision appeared immanent, used the hashtag #ГерманияRIP, which translates to “#GermanyRIP.”

Messages soon followed from other Russian-speaking groups claiming attacks against the websites of major German airports, including Hamburg, Dortmund, Dresden, and Dusseldorf; German development agency GIZ; Germany’s national police site; Deutsche Bank; and online payment system Giropay. It wasn’t clear if any of the attacks successfully shut down the sites.

Another group calling itself “Anonymous Sudan,” meanwhile, also claimed responsibility for DDoS attacks against the websites of the German foreign intelligence service and the Cabinet of Germany, in support of Killnet.

“As we’ve seen throughout the Russia-Ukraine war, cyber threat actors are quick to respond to geopolitical events, and are successful in uniting and mobilizing groups with similar motives,” Cado Labs researchers wrote. “The involvement of a group purporting to be the Sudanese version of Anonymous is interesting to note, as it demonstrates the ability for Russian-language hacktivist groups to conduct this mobilisation and collaboration on an international level.”

Killnet emerged shortly after Russia’s invasion of Ukraine. Last June, it took credit for what the Lithuanian government called “intense” DDoSes on the country’s critical infrastructure, including parts of the Secure National Data Transfer Network, which helps execute Lithuania's strategy for ensuring national security in cyberspace. Discussions on a Killnet Telegram channel at the time indicated the attacks were in retaliation for the Baltic government closing transit routes to Russia earlier that month.

In September, security firm Mandiant said it uncovered evidence that Killnet had indirect links to the Kremlin. Specifically, Mandiant researchers said Killnet coordinated some of its activities with a group called Xaknet and that Xaknet, in turn, had coordinated some activities with threat actors from the Russian Main Intelligence Directorate, or GRU.

In related news, on Friday, researchers from security firm Eset reported that another Kremlin-backed threat actor, known as Sandworm, unleashed a never-before-seen data wiper on Ukrainian targets. The destructive malware, dubbed SwiftSlicer, is written in the Go programming language and uses randomly generated 4096-byte blocks to overwrite data."

Dan Goodin / Dan is the Security Editor at Ars Technica, which he joined in 2012 after working for The Register, the Associated Press, Bloomberg News, and other publications. Find him on Mastodon at: https://infosec.exchange/@dangoodin

Russia

"The Ukrainian Computer Emergency Response Team (CERT-UA) found a cocktail of five different data-wiping malware strains deployed on the network of the country's national news agency (Ukrinform) on January 17th.

"As of January 27, 2023, 5 samples of malicious programs (scripts) were detected, the functionality of which is aimed at violating the integrity and availability of information (writing files/disks with zero bytes/arbitrary data and their subsequent deletion)," CERT-UA said (automated translation from Ukrainian).

The list of destructive malware deployed in the attack against Ukrinform includes CaddyWiper (Windows), ZeroWipe (Windows), SDelete (Windows), AwfulShred (Linux), and BidSwipe (FreeBSD).

Two of the five strains, ZeroWipe and BidSwipe, are either new malware or are tracked by the Ukrainians under different names than those used by anti-malware vendors.

The attackers launched the CaddyWiper malware using a Windows group policy (GPO), showing that they had breached the target's network beforehand.

As CERT-UA found during the investigation, the threat actors gained remote access to Ukrinform's network around December 7th and waited more than a month to unleash the malware cocktail.

However, their attempt to wipe out all the data on the news agency's systems failed. The wipers only managed to destroy files on "several data storage systems," which didn't impact Ukrinform's operations.

"The CERT-UA emphasizes that the cyberattack was only a partial success, specifically with regard to a limited number of data storage systems," the State Service of Special Communications and Information Protection (SSSCIP) of Ukraine added.

Cyberattack linked to Russian Sandworm military hackers

CERT-UA linked the attack to the Sandworm threat group last week, a hacking outfit part of the Russian Military Unit 74455 of the Main Intelligence Directorate (GRU).

Sandworm has also used the CaddyWiper data wiper in another failed attack from April targeting a large Ukrainian energy provider.

In that attack, the Russian hackers used a similar tactic, deploying CaddyWiper to erase traces left by Industroyer ICS malware, together with three other wipers designed for Linux and Solaris systems, and tracked as Orcshred, Soloshred, and Awfulshred.

Since Russia invaded Ukraine in February 2022, multiple strains of data-wiping malware have been deployed on the networks of Ukrainian targets besides CaddyWiper.

This list also includes the likes of DoubleZero, HermeticWiper, IsaacWiper, WhisperKill, WhisperGate, and AcidRain.

Microsoft and Slovak software company ESET have also linked recent ransomware attacks targeting Ukraine to the Sandworm hacking group."

CHASM-1: Meet Up with Halloween Creek creates a New Antarctic Iceberg

This news is classified in: Aerospace Space

Jan 25, 2023

"Satellite imagery confirms an enormous iceberg, around five times the size of Malta, has finally calved from Antarctica’s Brunt Ice Shelf. The new berg, estimated to be around 1550 sq km and around 150 m thick, calved when the crack known as Chasm-1 fully extended northwards severing the west part of the ice shelf.

✓ This crack was first revealed to be extending in early 2012 after having been dormant for some decades. After several years of desperately clinging on, image data from the Copernicus Sentinel missions visually confirm the calving event.

The timing of the calving event, although unexpected, had long been anticipated. Glaciologists have monitored the many cracks and chasms that have formed in the thick Brunt Ice Shelf, which borders the Coats Land coast in the Weddell Sea sector of Antarctica, for years. It was only a matter of time that Chasm 1, which had been dormant for decades, would meet with the Halloween Crack, first spotted on Halloween 2016.r

Satellite-Based Cloud Computing Market - Analysis and Forecast, 2022-2032

A Global and Regional Analysis: Focus on End User, Application, Product, and Country

Download free sample pag

The new iceberg is anticipated to be named A-81 with the smaller piece to the north likely identified as either A-81A or A-82. Icebergs are traditionally identified by a capital letter indicating the Antarctic quadrant in which they were originally sighted, followed by a sequential number, then, if the iceberg breaks into smaller pieces, a sequential letter suffix.

✓The split was first reported by the British Antarctic Survey (BAS) as having occurred on 22 January between 19:00 and 20:00 UTC during a spring tide. BAS’s Halley VI Research Station, where glaciologists have been monitoring the behaviour of the ice shelf, has remained unaffected by the calving event.

The research station was relocated in 2017 to a more secure location after the ice shelf was deemed unsafe. The station is currently around 20 km from the line of rupture and there are currently 21 staff working on the station to maintain power supplies and facilities that keep the scientific experiences operating throughout winter.

ESA’s Mark Drinkwater said, “After several years of iceberg calving watch, the long-awaited separation of the Brunt iceberg A81 has finally taken place. The northward propagation of Chasm 1 and timely decision for BAS to move the Halley Base to safer ground have been accompanied by what has been perhaps the most detailed and longest duration scrutiny of events leading to natural calving from an Antarctic ice shelf.

“Thanks to Copernicus, coupled with in-situ and airborne measurements made by the British Antarctic Survey, the safety of the Halley Base has been preserved. Meanwhile the combination of summer images from Sentinel-2 and availability of year-round and winter monitoring by Sentinel-1 radar placed the pattern of strain and propagation of an ice shelf fracture under the worldwide public microscope.”

Dominic Hodgson, BAS glaciologist, added, “This calving event has been expected and is part of the natural behaviour of the Brunt Ice Shelf. It is not linked to climate change. Our science and operational teams continue to monitor the ice shelf in real-time to ensure it is safe, and to maintain the delivery of the science we undertake at Halley.”

Routine monitoring from satellites offers unparalleled views of events happening in remote regions and show how ice shelves are actively responding to changes in ice dynamics, air and ocean temperatures. In February 2021, another giant berg, around 1270 sq km, broke off from the northern section of Brunt. Spotted by Sentinel-1 imagery, it has already drifted away from the Brunt Ice Shelf into the Weddell Sea.

So, what happens now?
The calving of ice bergs from an ice shelf has been observed to be followed by adjustment in the flow of ice into the ice shelf. If Brunt now experiences an acceleration, it could influence the behaviour of other cracks in the area.

Mark explained, “The calving of iceberg A74, and latest separation, now focuses attention back onto the Halloween crack – whose extension could contribute to further destabilisation of the Brunt Ice Shelf.

“A typical accompaniment to such strain release events and removal of pinning of an ice shelf front by bottom features such as McDonald Bank which forms the McDonald Ice Rumples may be an acceleration in the velocity of ice flowing into the ice shelf. We will be using the capabilities of the Copernicus Sentinels to closely monitor the behaviour and stability of the remaining Brunt Ice Shelf."

ESA - Giant iceberg breaks away from Antarctic ice shelf - European Space Agency

www.esa.int › Applications › Copernicus

3 days ago · Satellite imagery confirms an enormous iceberg, around five times the size of Malta, has finally calved from Antarctica's Brunt Ice Shelf.

Giant iceberg breaks off from Antarctica. Aerial view is 'spectacular' - The Washington Post

www.washingtonpost.com › 2023/01/24

4 days ago · A yet-to-be-named, 600-square-mile iceberg broke away from an ice shelf Sunday, but researchers say the event appears to be part of a ...

Giant iceberg breaks away from the Brunt Ice Shelf in Antarctica - CBS News

www.cbsnews.com › video › giant-iceber...

Video for Giant iceberg breaks away from Antarctic ice shelf

Duration: 0:59
Posted: 5 days ago

Brunt Ice Shelf in Antarctica calves giant iceberg - British Antarctic Survey

www.bas.ac.uk › News

5 days ago · ANTARCTICA – 23 January 2023. A huge iceberg (1550 km²), almost the size of Greater London, has broken off the 150m thick Brunt Ice Shelf.

Giant iceberg breaks off near Antarctica research station | News | Al Jazeera

www.aljazeera.com › news › giant-iceber...

3 days ago · A huge iceberg nearly the size of Greater London has broken off the Antarctic ice shelf near a research station, the second such split in ...

Antarctic: Giant iceberg breaks away in front of UK station - BBC News

www.bbc.com › news › science-environ...

Giant iceberg breaks away from Antarctic ice shelf from www.bbc.com

5 days ago · It is on the Brunt Ice Shelf, which is the floating protrusion of glaciers that have flowed off the Antarctic continent into the Weddell Sea. On ...

Chaos Economic Theory Objectified: Wearable Jewelry

The concept of chaos might suggest complete randomness, but to scientists, it denotes systems that are so sensitive to initial conditions that their output appears random, obscuring their underlying internal rules of order: the stock market, rioting crowds, brain waves during an epileptic seizure, or the weather. In a chaotic system, tiny effects are amplified through repetition until the system goes critical. The roots of today's chaos theory rest on a serendipitous discovery in the 1960s by mathematician-turned-meteorologist Edward Lorenz.

Not just inspired by chaos theory, but directly created from its mathematical principles.

Chaotic shapes 3D-printed in bronze represent the first step in the transformation from chaos to manufacturable forms.
F. Bertacchini/P.S. Pantano/E. Bilotta

"A team of Italian scientists has figured out a way to turn the striking, complex twisting shapes of chaos theory into actual jewelry, according to a new paper published in the journal Chaos. These pieces aren't simply inspired by chaos theory; they were directly created from its mathematical principles.

"Seeing the chaotic shapes transformed into real, polished, shiny, physical jewelry was a great pleasure for the whole team. Touching and wearing them was also extremely exciting," said co-author Eleonora Bilotta of the University of Calabria. "We think it is the same joy that a scientist feels when her theory takes form, or when an artist finishes a painting."

. . .Lorenz thought the advent of computers provided an opportunity to combine mathematics and meteorology for better weather prediction. He set out to construct a mathematical model of the weather using a set of differential equations representing changes in temperature, pressure, wind velocity, and the like. Once he had his skeleton system, he kept a continuous simulation running on his computer, which would produce a day’s worth of virtual weather every minute. The resulting data resembled naturally occurring weather patterns—nothing ever happened the same way twice, but there was clearly an underlying order.

One wintry day early in 1961, Lorenz decided to take a shortcut. Instead of starting the whole run over, he started midway through, typing the numbers straight from an earlier printout to give the machine its initial conditions. Then he walked down the hall for a cup of coffee. When he returned an hour later, he found that, instead of exactly duplicating the earlier run, the new printout showed the virtual weather diverging so rapidly from the previous pattern that, within just a few virtual “months,” all resemblance between the two had disappeared.

F. Bertacchini et al., 2023

A sample of attractors made from Chua's circuit.
F. Bertacchini et al., 2023

Strange attractors derived from many dynamical systems. Their names are linked to the scientists who first discovered and visualized them.

Six decimal places were stored in the computer’s memory. To save space on the printout, only three appeared. Lorenz had entered the shorter, rounded-off numbers, assuming that the difference—one part in a thousand—was inconsequential, similar to a small puff of wind that is unlikely to have much impact on large-scale features of the weather. But in Lorenz’s particular system of equations, such small variations proved catastrophic.

✓ This is known as sensitive dependence on initial conditions. Lorenz subsequently dubbed his discovery “the butterfly effect”: The nonlinear equations that govern the weather have such an incredible sensitivity to initial conditions—that a butterfly flapping its wings in Brazil could theoretically trigger a tornado in Texas. The metaphor is especially apt. To investigate further, Lorenz simplified his complex weather model, focusing on rolling fluid convection in our atmosphere: basically, a gas in a solid rectangular box with a heat source on the bottom and cooled from above, in which warm air rises to the top and cooler air sinks to the bottom. He simplified a few fluid dynamics equations and found that plotting the results of specific parameter values in three dimensions produced an unusual butterfly-shaped figure.

✓ It's called a strange attractor. In a linear dynamic system, an attractor is a component that makes it more likely that other system components will come closer to a specific point, ultimately finding a stable configuration that is less sensitive to minor perturbations. The classic example of an attractor is the lowest point in the arc of a damped pendulum (i.e., with friction). With a strange attractor, however, you never know exactly where that point will be. And strange attractors are non-periodic, meaning the system's motion never repeats exactly.

Lorenz may have discovered the first strange attractor, but it was Leon O. Chua who introduced Chua's circuit in 1983: a simple electronic circuit design that produces an oscillating waveform that never repeats. It was later variations on Chua's circuit that inspired the chaotic jewelry created by Bilotta and her co-authors. "These chaotic configurations are complex structures that had never been observed before," said Bilotta. "The depictions of such [strange attractors] are strikingly beautiful, continually shifting when the point of view is changing. Jewelry seemed to be the best way to interpret the beauty of chaotic shapes."

F. Bertacchini et al., 2023

Earrings and necklace made with different attractors. They were cast and finished with traditional methods by a craftsman using a cast.

The first phase was to create a simulation of the various attractors so that users could explore different parameters to choose their desired shape—essentially enabling them to "make exclusive and mathematically encoded jewelry," per the authors.

> A 3D printer file was produced based on the chosen shape and sent to the printer to make a resin-molded model, thereby capturing all the necessary detail and structure. The mold was then sent to a goldsmith, who produced the final metal print. The computational system is automated to allow quick prototyping of single shapes, which can then be connected to make rings, necklaces, earrings, or bracelets. Some sample jewelry is featured in the gallery above."

Jennifer Ouellette / Jennifer Ouellette is a senior writer at Ars Technica with a particular focus on where science meets culture, covering everything from physics and related interdisciplinary topics to her favorite films and TV series. Jennifer lives in Los Angeles.

Friday, January 27, 2023

TechDirt Podcast - This week, Margaret joins us on the podcast to talk about her many valuable ideas and pieces of advice for the future of media.

Techdirt Podcast Episode 342: Margaret Sullivan On The Future Of Media

Journalism

from the inside-insight dept

Wed, Jan 25th 2023 01:30pm - Leigh Beadon

For a brief and interesting time, the New York Times employed a Public Editor to serve as a liaison with its readers. One of the most interesting of these was the fifth, Margaret Sullivan, who would go on to become a media columnist with the Washington Post and then, as of today, a weekly columnist for The Guardian. She also recently published a book, Newsroom Confidential, full of insight drawn from her years of journalism and media experience. This week, Margaret joins us on the podcast to talk about her many valuable ideas and pieces of advice for the future of media.

Follow the Techdirt Podcast on Soundcloud, subscribe via Apple Podcasts or Spotify, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.

Filed Under: journalism, margaret sullivan, media, podcast

Rob Warnock: Visualizing Mesa + Nationwide Rent Growth 2018-2022

Hi Tim,

A new data tool from Apartment List tells the story of how the rental market transformed from stable growth before the pandemic to wild, divergent swings after. Rents in some cities cratered in 2020, while rents in other cities soared. A year later, rent inflation gripped the whole country in 2021, but is subsiding today.

This tool was designed by the Apartment List Research Team, which has been tracking rent prices for more than half a decade. Visualizing five years of market data across 100 U.S. cities, it shows how Mesa fits into the broader national picture. Below is total annual rent growth over the last five years:

2018: +9% in Mesa, +3% nationwide
2019: +9% in Mesa, +2% nationwide
2020: +7% in Mesa, -1% nationwide
2021: +29% in Mesa, +18% nationwide
2022: -1% in Mesa, +4% nationwide

The tool is available here in slideshow format.