2023.03.01.News You Should Know

Google Chrome 110, slated for release on Feb 7th will drop support for Windows 7 and Windows 8.1. This matches Microsoft’s end-of-life date for Windows 7 and 8.1 extended support.

Raspberry Robin targets financial institutions in Europe, current victim profiles seem to show Threat Actors targeting Spanish and Portugeuse speaking institutions. The offensive framework recently underwent updates to provide polymorphic code, preventing hashes or signatures to have much effect against detection. Regardless, researches have identified threat actor infrastructure to develop indicators of compromise.

Focusing on short-term quarterly returns instead of strategic technology upgrades and improvements seems to have set Southwest up for continued failures. After the holidays saw thousands of flights cancelled by the carrier, 15% of flights are still delayed or cancelled and thousands of bags are still lost, missing, or stolen at airports nationwide.

As unknown threat actors target the power grids within the United States, Russia-aligned threat actor Trident Ursa aka Gamaredon has attempted to disrupt petroleum refining within NATO territories. Though unsuccessful, businesses operating within the EU and former Soviet Bloc nations, should expect these types of critical infrastructure attacks to increase.

In a first of its kind report, a woman was arrested in Paris, France while under the influence of narcotics. Inspection of her vehicle revealed a digital device encased in a Pelican case with multiple antenna. Fearing an explosive, Paris police detonated what would later be identified as an IMSI Catcher, known to western audiences as the Harris Stingray. Devices are able to passively intercept cellular traffic or actively operate a man-in-the-middle attack to capture and relay traffic within an area. Unfortunately, due to the quick work of Paris’ finest, we won’t know exactly what the device was being used for unless the woman comes clean.

Lockbit ransomware group recieved a lot of positive publicity over the holidays after an affiliate of the group attacked a children’s pediatric hospital in Canada. This violated Lockbit’s affiliate agreements, causing them to publically denounce the affiliate and release a decryptor to the hospital. What followed was saccharine headlines reading “Lockbit group has heart”.

From the Reading List:

Atlantic Council’s 2012 article, Beyond Attribution remains relevant when discussing state-sponsored attacks. The paper outlines 10 states of attribution ranging from State Prohibited to State Integrated. This Spectrum of State Responsibility is essential to attribution discussions in light of world events. PDF available here

Worth Watching:

The HackerSploit Youtube channel provided a half-hour introduction to ChatGPT for Cybersecurity. The OpenAI chatbot has rocketed to the forefront of conversation as its shown a capable ability to distill information around complex but well documented systems and issues. In the video, users learn how to generate shellcode, create macros, and perform fuzzing; among other offensive techniques.