Tag Archive for: middle

DPRK hacking for profit. MedusaLocker warning. C2C market notes. Cyber conflict in the Middle East and in Russia’s war.

/in


Dateline Ashgabat, Moscow, Kyiv, and Washington: Russia restates its security objectives.

Ukraine at D+127: Strikes against civilians along the Black Sea coast. (The CyberWire) Having withdrawn from Snake Island (as a humanitarian gesture, says the Kremlin; because the Ukrainians drove them out, says basically everyone else) Russian forces struck an apartment building along the Black Sea coast with Kh-22 Kitchen missiles, killing at least nineteen noncombatants, Norway recovers from what looks like a deniable Russian state DDoS attack, and NATO plans its rapid cyber response capability.

Russia-Ukraine war: what we know on day 128 of the invasion (the Guardian) At least 19 dead after Russian missile strikes multi-story apartment building in Odesa; Russian forces withdraw from Snake Island in Black Sea

Russia-Ukraine war: List of key events, day 128 (Al Jazeera) As the Russia-Ukraine war enters its 128th day, we take a look at the main developments.

Russian missiles kill at least 19 in Ukraine’s Odesa region (AP NEWS) Russian missile attacks on residential areas in a coastal town near the Ukrainian port city of Odesa early Friday killed at least 19 people, authorities reported, a day after Russian forces withdrew from a strategic Black Sea island.

Russian forces withdraw from Ukraine’s Snake Island (Washington Post) Russian forces say they have withdrawn from Ukraine’s Snake Island, a highly contested speck of land in the Black Sea they captured shortly after the start of the war — presenting a small but strategic win for Ukraine on Thursday.

Ukraine “big victory” at Snake Island could be a turning point (Newsweek) Russian troops’ ejection from the Black Sea island is of major significance, Ukraine’s former defense minister told Newsweek.

Why Ukraine’s Snake Island victory could be a major blow for Putin (The Telegraph) In Ukrainian hands, the threat to Moscow’s Black Sea fleet will go up, and the risk of an amphibious assault on Odesa will go down

Snake Island: Why Ukraine just won’t let it go (The Telegraph) The rocky Black Sea outcrop where 13 Ukrainian border guards famously refused to surrender has taken on a new significance

Putin’s week: Facing NATO expansion, West’s unity…

Source…

The Acronis cyberthreats report 2022 reveals ongoing malware pandemic – Middle East & Gulf News

/in


Acronis, a global leader in cyber protection, recently released its annual Acronis Cyberthreats Report, the 2022 version, providing an in-depth review of cybersecurity trends and threats worldwide.

The report warns that managed service providers (MSPs) are particularly at risk, with more of their own management tools, such as PSA or RMM, used against them by cybercriminals, and thus are becoming increasingly vulnerable to supply chain attacks.

Supply-chain attacks on MSPs are particularly devastating since attackers gain access to both their business and clients, as seen in the SolarWinds breach last year and the Kaseya VSA attack earlier in 2021.

The report also shows that during the second half of 2021, only 20% of companies reported not having been attacked, as opposed to 32% last year.

Key trends of 2021 and predictions for 2022

Beyond the growing efficiency of cybercriminals and the impact on MSPs and small businesses, the Acronis Cyberthreats Report 2022 shows:

  • Phishing remains the main attack vector. 94% of malware gets delivered by email, using social engineering techniques to trick users into opening malicious attachments or links. just this year, Acronis reported blocking 23% more phishing emails and 40% more malware emails in Q3, as compared with Q2 of the same year.
  • Phishing actors develop new tricks, move to messengers. Now targeting OAuth and multifactor authentication tools (MFA), these new tricks allow criminals to take over accounts. To bypass common anti-phishing tools, they will use text messages, Slack, Teams chats and other tools for attacks such as business email compromise (BEC).
  • Ransomware is still the #1 threat. High-value targets include the public sector, healthcare, manufacturing, and other critical organizations. Ransomware continues to be one of the most profitable cyber attacks these days. Acronis predicts ransomware damages will exceed $20 billion before the end of 2021.
  • Cryptocurrency among the attackers’ favorite playing cards. Info stealers and malware that swaps digital wallet addresses are the reality today. We can expect more such attacks waged directly against smart contracts in 2022. Attacks against Web 3.0 apps will also occur more…

Source…

How reporting on the Middle East prepared one journalist to cover Facebook

/in


For Sheera Frenkel, a New York Times reporter and the co-author of An Ugly Truth: Inside Facebook’s Battle for Domination covering the social media giant was a result of “happenstance.” 

As a freelance foreign correspondent, Frenkel published her first big stories from Israel, although she actually got her start in South America. Frenkel, who speaks Hebrew and Arabic, moved to the Middle East in search of stories to report just before Israel’s disengagement from the Gaza Strip in 2005.

“I left stuff with a friend in Argentina because I was so sure that I was just going to be gone for six months,” she recalled. “I have not been back to Argentina since then, and who knows what happened to my suitcases.”

She joined The New York Times in 2017, assigned to the cybersecurity beat. “I was very, very pregnant, and pretty much immediately after joining, I went on maternity leave,” Frenkel told Jewish Insider in a recent phone interview. The end of her maternity leave coincided with the departure of the paper’s Facebook beat reporter, who left to write his own book on the company. 

“They needed somebody that could fill in for a couple months while he was off writing his book,” Frenkel recalled. 

Four years later, Frenkel has become a must-follow reporter on the Facebook beat — an auspicious place to be, as news about the company’s pursuit of profit at all costs continues to emerge. Last week, Frances Haugen, a former Facebook employee-turned-whistleblower,  testified to Congress about how Facebook executives, including CEO Mark Zuckerberg, suppressed internal research demonstrating the harms of the company’s products, especially Instagram. Frenkel felt vindicated.

“It was, I would say, incredibly satisfying to see the receipts, in a way, for everything we had been told for years,” she said.  

In conversation with JI, Frenkel talked about what covering authoritarian governments taught her about the social media giant, how to use Facebook responsibly and why she separates her Jewish identity from her reporting. 

This conversation has been edited and condensed for length and clarity. 

Jewish Insider: To start with recent…

Source…

Here are ransomware groups that businesses need to watch our for – Middle East & Gulf News

/in


By Doel Santos and Ruchna Nigam

As part of Unit 42’s commitment to stop ransomware attacks, we conduct ransomware hunting operations to ensure our customers are protected against new and evolving ransomware variants.  During our operations, we have observed four emerging ransomware groups that are currently affecting organizations and show signs of having the potential to become more prevalent in the future:

  • AvosLocker is ransomware as a service (RaaS) that started operations in late June, using a blue beetle logo to identify itself in communications with victims and “press releases” aimed at recruiting new affiliates. AvosLocker was observed promoting its RaaS program and looking for affiliates on dark web discussion forums and other forums. Like many of its competitors, AvosLocker offers technical support to help victims recover after they’ve been attacked with encryption software that the group claims is “fail-proof,” has low detection rates, and is capable of handling large files. This ransomware also has an extortion site, which claims to have impacted six organizations in the following countries: the US, the UK, the UAE, Belgium, Spain, and Lebanon. Initial ransom demands ranged from $50,000 to $75,000.

  • Hive Ransomware is double-extortion ransomware that started operations in June. Since then, Hive has impacted 28 organizations that are now listed on the group’s extortion site, including a European airline company and three U.S.-based organizations. Hive uses all tools available in the extortion toolset to create pressure on the victim, including the date of initial compromise, countdown, the date the leak was actually disclosed on their site, and even the option to share the disclosed leak on social media.
  • HelloKitty is not a new ransomware group; it can be tracked as early as 2020, mainly targeting Windows systems. However, in July, a Linux variant of HelloKitty targeted VMware’s ESXi hypervisor, which is widely used in cloud and on-premises data centers. There were two clusters of activity. Across the observed samples, some threat actors preferred email communications, while others used TOR chats for communication with the victims. The observed…

Source…