 Killnet, a Russian hacker group, has claimed responsibility for a DDoS attack on Lithuania today. The group stated that it would launch more attacks until Lithuania lifted the measures it took a few days ago. More: - Lithuania recently banned the transport of goods on its railways between Russia and Kaliningrad. The latter is a Russian region that is sandwiched between Lithuania and Poland and shares no land border with Russia. Kaliningrad is home to Russia's only ice-free port on the Baltic Sea.
- The move caused an uproar among Russian officials. The Russian government stated that Lithuania would suffer heavy consequences if it did not reverse its decision, but the Baltic country has shown no signs of returning. The EU has called for a peaceful solution.
- Killnet today attacked Lithuania's government website and numerous private institution websites. The group has claimed that it will continue to do so until the country changes its decision.
- Lithuanian authorities believe that Killnet may target critical sectors such as energy, finance, transportation, and others. While Lithuania is in NATO, Russia holds hypersonic missile systems in Kaliningrad, making for a potentially dangerous situation.
- The group is known for its DDoS attacks, especially ever since the Ukraine invasion. Killnet has attacked numerous countries, including Romania, Moldova, Italy, Czechia, etc. Killnet also reportedly tried to disrupt Eurovision 2022's live stream.
Zoom Out: - The U.S. had sent a group of experts just a few months ago to help Lithuania deal with possible Russian cyber threats.
| |
 A breach of a Vodafone supplier that occurred in 2021 could have put the entire telecom industry at risk. While Vodafone did not confirm which supplier was breached, researchers believe the breach happened to a U.S. supplier that processes billions of texts daily. More: - Vodafone is a telecommunications company headquartered in the U.K. but with networks in over 22 countries. The telecom company has over 9,000 direct suppliers, spending over $24B in transactions with these suppliers.
- The company reported that the breach happened in Sept. 2021. The victim of the breach was a supplier that deals with roaming charges between different networks.
- Researchers believe that the supplier who has hacked may be Syniverse. The U.S.-based company reported that it had been breached in May 2021 and that the attack had gone unnoticed for years. The hack is believed to have first been executed in 2016. Syniverse operates with 300 mobile networks worldwide and processes 740 billion texts per day. The threat actor that breached the company is unknown at this point.
- Syniverse stated that investigating the breach had cost it over $4.7M and that no malware had been installed during the breach. The attack also did not result in any leak of customer data.
Zoom Out: - This attack may be related to previous reports on unknown hacker groups breaching different telecom companies during the same period in which the Syniverse hack happened.
- CISA, the NSA, and the FBI have previously warned telecom companies of potential hacking campaigns by China-backed threat actors.
| |
 A message from SECURITY COMPASS Current approaches to Threat Modeling simply don’t work. - They are manual and inconsistent
- They take too long
- They don’t scale
- They don’t give developers what they need
Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure software. Learn more about current threat modeling challenges. See how a new, developer-centric approach to threat modeling can help your organization deliver secure software faster. Read Series on Threat Modeling And, yes, we understand that threat modeling is a time-consuming process that requires the expertise of security professionals and figuring out the best approach to mature application security programs can be difficult, especially with increasing internal demands for a faster time to market. According to this Total Economic Impact™study, SD Elements enabled its users to decrease the time needed to develop security requirements for products by 90%. See How
| |
 An Iranian-state-owned steel company had to stop production due to a cyberattack. The company, named Khuzestan Steel Company, has a monopoly in one of the world's top 10 steel exporting countries. More: - The company's website has been down since the attack.
- The Iranian government denounced the attack but has not yet blamed any particular threat actors.
- While Khuzestan Steel Company had to stop production, the attack did not cause irreversible damage to the factory due in large part to a coincidental power outage.
- A hacker group claimed responsibility for the attack, but the validity of that claim is still to be confirmed.
- Iran's authorities are investigating the issue at the current moment, while the company is expected to resume normal production by tomorrow.
Zoom Out: - Iran's diplomatic position has made it both a target of cyber attacks and an origin-place of numerous hacker groups, some state-backed. Iran's railroad system was hacked in 2021, while another cyberattack breached gas stations in the country. The attack managed to shut down virtually all of them, causing long lines.
- Iranian municipality websites had also been previously hacked, while Iran-backed threat actors attempted to breach the Boston Children's Hospital earlier this year.
| |
 A new ransomware named Black Basta is spreading in the U.S., U.K., Canada, Australia, and New Zealand. The ransomware is believed to have been created by some Conti group members. More: - The ransomware has been active only for about two months, but it has already managed to breach almost 50 victims. The ransomware is believed to have been created specifically to breach English-speaking targets.
- Black Basta uses the vulnerabilities found in VMware machines that use Linux. VMware has recently suffered from multiple breaches that have had a high chance of risk for its victims. Similarly, Black Basta's risk potential is evaluated as being very high.
- The ransomware targets companies across all industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, etc.
- Black Basta steals sensitive documents and. Information, which it then uses against the victim as leverage for negotiating ransom.
- Black Basta has partnered with the Qbot malware gang to attack its victims. Qbot is known for attacking banking organizations. The group has the ability to use the attack on Windows devices in addition to Linux ones but prefers Linux due to its speed.
| |
 New malware is infecting users through a phishing campaign. The threat is being tracked as Matanbuchus and is being sold on Russian-speaking internet forums. More: - Matanbuchus is a malware-as-a-service that is being sold for $250. Being a malware loader, it utilizes Command and control(C2) infrastructure to target its victims.
- The malware has managed to breach targets in the U.S. and Europe.
- The malware can launch a .exe or .dll file in memory, leverage schtasks.exe to modify systems, launch custom PowerShell commands, etc.
- When the malware is used through Microsoft Excel, it uses Excel cells to store the code individually in each of the cells.
| |
Quick Hits: - Testim helps teams accelerate software testing with fast authoring of AI-powered, resilient tests. Sign up for your free account!*
- CafePress has been fined $500,000 by the FTC for failing to take preventive security measures, resulting in a data leak.
- The U.S. House of Representatives has passed a cybersecurity bill that aims to improve the U.S. government's ability to protect from potential cyber-attacks by threat actors such as Russia.
- Microsoft has stated that it will fix a vulnerability known as RRAS during a patch update in June.
- A hacker group known as Vice Society has claimed it stands behind the attack on the Medical University of Innsbruck, located in Austria.
- Assets are getting larger, and end-users have you stuck between the cloud and a hard place. Deliver far beyond user expectations with Cox Edge's CDN.*
*This is a sponsored post.
| |
Upcoming events at Inside: - June 30 - HR Strategies to Retain Remote Employees (Register Here)
- July 20 - The Rise of Metaverse Gaming (Register Here)
- July 27 - Need To Know NoCoder - Yassine Tahi (Kinetix) (Register Here)
- August 17 - Build Your Diversified Portfolio: How To Invest in Bear Markets (Register Here)
- September 14 - Are Electric Cars Worth It? (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
