News Items

Data from Lookout reveals that mobile phishing encounter rates reached an all-time high in 2022, with an average of over 30 percent of personal and enterprise users exposed to these attacks each quarter. Since 2021, mobile phishing has risen by almost 10 percent on enterprise devices and by more than 20 percent on personal devices. The percentage of users who fall for multiple mobile phishing links is gradually increasing per year. According to Lookout, the percentage of mobile users in workplace environments who click on more than six malicious links per year has increased from 1.6 percent in 2020 to 11.8 percent in 2022. Companies in highly regulated industries, such as insurance, banking, legal, healthcare, and financial services, were the most common targets. An analysis estimates that mobile phishing could cost a company with 5,000 employees around $4 million annually. In the second quarter of 2022, non-email-based phishing attempts such as vishing (voice phishing), smishing (SMS phishing), and quishing (QR code phishing) also increased significantly. This article continues to discuss key findings from Lookout's new report on the global state of mobile phishing.

BetaNews reports "Over 30 Percent of Mobile Users Encounter Phishing Attacks"

Three Dutch men have recently been arrested on suspicion of participating in a major cyber-extortion campaign affecting tens of millions of victims. According to Dutch Police, a 21-year-old from Zandvoort is the prime suspect, alongside a 21-year-old from Rotterdam and an 18-year-old. An investigation into their alleged activities began in March 2021 and uncovered evidence of attacks on thousands of organizations, both domestic and global. The police noted that after gaining initial access to targeted companies and stealing sensitive customer information, the men allegedly extorted their victims by threatening to destroy their "digital infrastructure" or to leak the info publicly, similar to ransomware actors. However, the police claimed that "in many cases," the hackers sold the stolen data even after receiving a ransom payment. Ransom demands were in the $106,000-$740,000 range, with one report claiming the prime suspect made as much as $2.6m over the past few years. The police noted that among the data stolen by the trio were names, addresses, telephone numbers, dates of birth, bank account numbers, credit card details, passwords, license plate numbers, national ID numbers, and passport data. Among those breached were hospitality firms, training institutes, online stores, software companies, and even social media providers.

Infosecurity reports: "Police Arrest Trio in Multimillion-Dollar Extortion Case"

Since the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) released the first edition of Best Practices for MITRE ATT&CK Mapping about two years ago, the ATT&CK framework has evolved, expanded, and enhanced its ability to offer more than just cyber threat intelligence for the cybersecurity community. CISA has issued a second edition of its mapping guide and introduced a new companion tool called Decider. This tool guides users through a mapping process by asking them questions about adversary activity to help them determine the appropriate tactic, technique, or sub-technique to apply. With the tool, users are presented with a fact sheet and a video on Decider's key features and capabilities. These features include guided questions concerning adversary activity to help users confirm whether they are mapping correctly. Decider's key features also include a search and filtering functionality to help users zero in on what is most pertinent to their analysis. This article continues to discuss the purpose and development of CISA's new Decider tool as well as updates to CISA's mapping guide.

CISA reports "Helping Cyber Defenders 'Decide' to Use MITRE ATT&CK"

In response to last year's cyberattacks faced by Optus and Medibank, the Australian government is exploring a new cybersecurity strategy. Claire O'Neil, Minister for Cyber Security, released a discussion paper aimed at answering questions regarding the government's role in improving Australia's cyber resilience. The government will also establish a National Office of Cyber Security and a Coordinator for Cyber Security position inside the Department of Home Affairs. Due to a lack of policy or regulation, O'Neil stated that the government was trying to establish proper solutions to the major hacks of the last year. Each of the breaches experienced by Optus and Medibank affected around one-third of the Australian population. The information leaked by hackers included driver's licenses, passports, and highly sensitive medical information. In both cases, government assistance was required, such as the development of procedures for replacing driver's license identification numbers. The discussion paper contains 21 questions, many of which are focused on how government and industry should collaborate. Two points, however, stand out as being of the utmost importance: whether the government should prohibit ransomware payments and whether the government should be able to seize control of companies' Information Technology (IT) systems. This article continues to discuss questions and concerns regarding Australia's new cybersecurity agenda.

The Conversation reports "Australia Has a New Cybersecurity Agenda. Two Key Questions Lie at Its Heart"

Researchers from the cybersecurity company Uptycs warn of attacks using the Parallax Remote Access Trojan (RAT) on cryptocurrency organizations. Since December 2019, the Parallax RAT has been spread via malvertising and phishing attacks. Common RAT capabilities supported by the malware include keylogging, capturing login credentials, file access, and remote control of compromised systems. The sample used in recent attacks applies injection techniques to conceal itself within legitimate processes and evade detection. After successfully injecting malicious code, threat actors are able to communicate with their victim via Windows Notepad. The first payload examined by the researchers is written in C++ and is a 32-bit executable. The RAT is injected into a valid Microsoft pipanel.exe process through the process-hollowing approach. The malware gains persistence by creating a copy of itself in the Windows Startup folder. The second payload collects sensitive information from affected systems. This article continues to discuss the new wave of attacks against cryptocurrency entities, involving the use of the Parallax RAT for infiltration.

Security Affairs reports "Parallax RAT Used in Attacks Aimed At Cryptocurrency Entities"

Satellite television company Dish Network has recently revealed that ransomware was the cause of a multi-day outage impacting customers. The Colorado-headquartered firm, which also owns wireless service provider Boost Mobile and streaming provider Sling, revealed the news in an SEC filing yesterday. Dish Network stated it "experienced a network outage that affected internal servers and IT telephony" on February 23. Dish Network noted that they immediately activated their incident response and business continuity plans designed to contain, assess and remediate the situation. The company has hired cybersecurity experts to help investigate the incident. On February 27, 2023, the company became aware that certain data was extracted from the corporation's IT systems as part of this incident. The company noted that the investigation might reveal that the extracted data includes personal information. The incident downed both the Dish and Boost Mobile website and support lines. Boost Mobile users were reportedly also told they may have trouble paying their bill. The company stated that Dish, Sling, and its wireless and data networks remain operational, however, the corporation's internal communications, customer call centers, and internet sites are still dealing with and are affected by the incident.

Infosecurity reports: "Dish Network Confirms Ransomware Outage"

A vulnerable Kubernetes container and weak permissions enabled an adversary to transform an opportunistic cryptojacking attack into a widespread invasion impacting intellectual property and sensitive data. The attack, dubbed "SCARLETEEL" by the cloud security company Sysdig, began with a threat actor exploiting a Kubernetes cluster, using an internal service to obtain temporary credentials, and then using those credentials to enumerate other Elastic Compute Cloud (EC2) services that had been deployed in the infrastructure of the targeted company. Ultimately, the company, which was not identified in the incident report, limited the scope of permissions for the stolen identity, therefore neutralizing the attack. Michael Clark, head of security research at Sysdig, notes that companies must be cautious when setting the controls that enable cloud resources to work with one another. The sophisticated cyberattack also demonstrates that cybercriminals are increasingly attacking cloud infrastructure. In the past, threat actors focused on rudimentary interactions with cloud services, such as the deployment of cryptojacking software. However, cloud-focused attacks are becoming more prevalent as threat actors gain a better understanding of the vulnerabilities introduced by businesses. This article continues to discuss the SCARLETEEL attack on a company's Amazon Web Services (AWS) account.

Dark Reading reports "Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist"

Clemson University is opening a National Center where researchers will develop new methods to bolster the transportation system security against cyberattacks. The new National Center for Transportation Cybersecurity and Resilience (TraCR) will receive a five-year grant of $20 million from the US Department of Transportation. Researchers are working to develop software and hardware that will serve as impenetrable cyber defense. Connecting cars wirelessly to each other and to the roadway infrastructure can reduce traffic congestion, accidents, fuel consumption, pollution, and social disparities. However, it also exposes the transportation system to cyber threats from hackers, criminal gangs, terrorists, and other malicious actors. With each car and piece of infrastructure that connects to the Internet, there is the potential to steal data, breach privacy, demand a ransom, deliver false information, or even bring down an entire system. The new center will place Clemson University at the frontline of the nation's defense against major infrastructure threats. Benedict College, Florida International University, Morgan State University, Purdue University, South Carolina State University, the University of Alabama, the University of California, Santa Cruz, and the University of Texas at Dallas are partner institutions. The center's researchers plan to examine multiple modes of transportation, from cars, trucks, and bicycles to passenger rail, maritime transport, and pipelines. Researchers will create an adaptive and resilient platform to help detect threats and defend against attacks that hackers have not yet invented. The team will also delve into quantum computing, looking at how to evaluate threats from quantum computers and how such computers can be used to defend against cyberattacks. This article continues to discuss the new National Center for TraCR at Clemson University, which will develop software and hardware to combat cyberattacks on the nation's transportation systems.

Clemson University reports "Clemson University Joins Nation's Frontline Defense against Cyberattacks on the Transportation System"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has released a Cybersecurity Advisory (CSA) titled "CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks," describing a red team assessment of a large organization with a mature cyber posture that manages critical infrastructure. CISA's new CSA delves into the red team's tactics, techniques, and procedures (TTPs) as well as key findings for network defenders wanting to take proactive steps to decrease the threat posed by malicious cyber actors. As described in the CSA, the CISA red team gained persistent network access to the organization, moved laterally across numerous geographically separate facilities, and gained access to systems close to the organization's sensitive business systems. This advisory emphasizes the significance of early detection and ongoing monitoring of cyber assets. This article continues to discuss the CSA on CISA red team findings to help network defenders improve the monitoring and hardening of their networks.

HSToday reports "CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks"

Pentera surveyed 300 CIOs, CISOs, and security leaders from businesses in Europe and the US, revealing that a cyberattack had impacted 88 percent of organizations over the past two years. The Pentera study finds that this is the case despite companies employing an average of nearly 44 security solutions. While regulatory requirements first drove the need for penetration testing, the primary reasons for such testing today are security validation, potential damage assessment, and cyber insurance. With only 22 percent of respondents reporting compliance as their top reason for the activity, regulatory or executive obligations remain significant but are not the key driver of penetration testing. This article continues to discuss key findings from Pentera's survey of CIOs, CISOs, and security executives.

BetaNews reports "88 Percent of Organizations Have Suffered Cyber Breaches in the Last Two Years"

Security researchers at Rapid7 discovered that in 2022, the widespread exploitation of new vulnerabilities was down 15% over the previous year, zero-day attacks declined 52% from 2021, and there were 33% fewer vulnerabilities known to have been exploited as part of a ransomware attack. The researchers noted that, on the surface, it might appear that things were easier for security teams last year. That would be wrong. During their study, the researchers also found that the time from vulnerability disclosure to exploitation is decreasing. A large number of vulnerabilities are being exploited before security teams have any time to implement patches or other mitigations. To be precise, 56% of the vulnerabilities were exploited within seven days of public disclosure, a 12% increase over 2021 and an 87% increase over 2020. The researchers noted that resources for triaging and remediating vulnerabilities remain limited, and priorities can be misdirected. The researchers believe that there are three primary takeaways from their current research. The first is that widespread threats remain high, even though they are down from 66% in 2021 to 56% in 2022's dataset. The second takeaway is the complexity of the ransomware ecosystem and how that affects visibility and statistics. And the last takeaway is that ransomware groups are leveraging fewer new vulnerabilities than they did in 2021.

SecurityWeek reports: "Vulnerabilities Being Exploited Faster Than Ever: Analysis"

Security experts are warning that remote workers in the UK capital are being bombarded with cyberattacks after recording 91 million threats over a 28-day period in January. Insurer Coalition set up a series of honeypots in a project with police non-profit the Cyber Resilience Centre for London in a bid to calculate the cyber threat level to organizations operating in the region. Coalition's UK security researcher, Simon Bell, stated that they use honeypots to learn about threat actors and their methods. Once the attack happens, one can see what vulnerabilities the cybercriminal is looking for and how they try to exploit them. Bell noted that in this exercise, their honeypots were given IP addresses that were identified as physical data centers in London. The study recorded 2000 attacks per minute targeting the honeypots, with 85% of them attempting to hijack remote desktop connections used by employees working outside the office. The attacks were traced back to 101,000 different threat actors, with Russia as the largest single source of attacks, followed by Bulgaria, Monaco, and Panama. However, Coalition quickly pointed out that many threat actors hide their true location using VPNs routed through other countries. Bell argued that the research showed how working from home has significantly widened the corporate attack surface.

Infosecurity reports: "London Honeypots Attacked 2000 Times Per Minute"

According to new research, pet and animal-related apps pose cybersecurity risks to their owners. Many pet owners may find the ability to track their cats and dogs appealing since it can bring peace of mind. However, enabling a third party to track their movements can be less appealing. Through the analysis of 40 popular Android apps for pets, computer scientists from Newcastle University and Royal Holloway, University of London, have uncovered a number of security and privacy problems. Several of these apps put their users at risk by disclosing their login credentials or location information. One of the issues revealed by the researchers was password weakness. They found three apps that had user login details visible in plain text within non-secure HTTP traffic. This means that anyone can look at the Internet traffic of an individual using one of these apps and obtain their login credentials. In addition to login information, two of the apps displayed user details that may allow cybercriminals to access their devices and launch an attack. The researchers identified the use of trackers as an additional area of concern. All apps except for four were discovered to include tracking software. The team also cautions that the privacy policies of the apps are poorly communicated to the user. Their study reveals that 21 apps track the user in some manner prior to the user's authorization, thus violating existing data protection regulations. This article continues findings from the research on the cybersecurity risks posed by pet and animal-related apps.

Newcastle University reports "Are Our Pets Leaking Information About Us?"

According to CrowdStrike's annual Global Threat Report, adversaries have become more sophisticated and destructive in their cyberattacks. Malware activity has declined, indicating that threat actors are experimenting with alternative means of attack. Seventy-one percent of all detections were malware-free in 2022, up from 62 percent in 2021. This was in part due to the exploitation of valid credentials by adversaries to facilitate access and persistence in victim environments. CrowdStrike stated that the rate at which new vulnerabilities were disclosed and the speed at which adversaries were able to deploy exploits also played a role. Meanwhile, interactive intrusion campaigns or attacks that required a more 'hands-on' approach from cybercriminals surged by 50 percent, indicating that threat actors are increasingly seeking ways to circumvent automated detections. Another notable trend is decrease in the time it takes for an adversary to move laterally from one compromised host to another within the victim's environment or network of targeted computer systems. This reduced from 98 minutes in 2021 to 84 minutes the year prior, meaning that defenders were under increased pressure to detect and respond to an incursion. CrowdStrike, which monitors more than 200 adversaries, also reported an increase in "China-nexus" espionage. In the last year, threat actors associated with China attacked all 39 global industry sectors and 20 geographic regions. This article continues to discuss key findings from CrowdStrike's Global Threat Report.

Cybernews reports "Threat Actors Getting Smarter as China-Linked Attacks Rise"

The Russia-Ukraine conflict has impacted cyberspace on all levels, from nation-state Advanced Persistent Threats (APT) groups to low-level carders on Dark Web forums. A new report from Recorded Future details the numerous cyberspace repercussions of that event. Cybercrime activity has changed, allies have become foes, power structures have been restructured, and more. According to the Recorded Future report "Themes and Failures of Russia's War Against Ukraine," despite "compounding strategic and tactical failures," Moscow presumably remains focused on conquering Kiev, overturning the Ukrainian government, and scoring a decisive military triumph. Russia's offensive cyber operations have been unable to complement Russia's conventional military success and will likely turn to targeting civilian infrastructure in an effort to degrade Ukraine's morale. Russia's continued reliance on proxy groups to achieve its objectives in Ukraine while maintaining plausible deniability has shed additional light on the connections between Russian Intelligence Services (RIS) and non-state actors, as evidenced by Russia's direct, indirect, and tacit relationships with cybercriminal and hacktivist groups. This article continues to discuss key points from Recorded Future's report on the disruption of the cybercriminal ecosystem by Russia's war against Ukraine.

Dark Reading reports "How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever"

Exfiltrator-22 is a new post-exploitation framework being promoted by threat actors to spread ransomware across corporate networks while evading detection. According to threat analysts at CYFIRMA, this new framework was developed by former LockBit 3.0 affiliates with expertise in anti-analysis and defense evasion, offering a powerful solution for a monthly price. Exfiltrator-22 is priced between $1,000 per month and $5,000 for lifetime access, with ongoing updates and support included. The framework's buyers are provided with an admin panel hosted by a Virtual Private Server (VPS) from which they could control the malware and issue commands to compromised systems. On November 27, 2022, the first version of the Exfiltrator-22 framework was discovered in the wild. About ten days later, its makers created a Telegram channel to advertise the framework to other cybercriminals. By the end of the year, threat actors had disclosed additional features that helped mask traffic on hacked devices, indicating that the framework was actively being developed. In January 2023, its authors deemed the framework to be 87 percent complete, and subscription prices were released, allowing interested users to purchase access to the tool. The threat actors uploaded two videos on YouTube on February 10, 2023, demonstrating Exfiltrator-22's lateral movement and ransomware-spreading capabilities. This article continues to discuss the Exfiltrator-22 framework being promoted by threat actors.

Bleeping Computer reports "New Exfiltrator-22 Post-exploitation Kit Linked to LockBit Ransomware"

According to researchers at Kaspersky, mobile malware developers were busy in 2022, flooding the cybercrime landscape with twice the number of banking trojans than the year before. The researchers stated that nearly 200,000 new mobile banking Trojans emerged in 2022, a 100% increase from the year before and the biggest acceleration of mobile malware development seen in the last six years. In total, the firm detected 1.6 million installers for mobile malware within its telemetry during the year. That's actually a decline in threat activity (down from 3.5 million in 2021 and 5.7 million in 2020), even as malware creation surges ahead. The researchers stated that this drastic increase in banking Trojan development signifies that cybercriminals are targeting mobile users and are increasingly more interested in stealing financial data and actively investing in the creation of new malware. Banking Trojans are built to steal mobile bank account credentials or e-payment details, but they can often be repurposed for other kinds of data theft or used to install additional malware. The researchers noted that while unofficial app stores pose the greatest potential for encountering a banking Trojan, Google Play has been repeatedly populated with "downloaders for banking trojan families, such as Sharkbot, Anatsa/Teaban, Octo/Coper, and Xenomorph, all disguised as utilities."

Dark Reading reports: "Mobile Banking Trojans Surge, Doubling in Volume"

Fully Homomorphic Encryption (FHE) enables algorithms to do direct computations on encrypted data. Usually, sensitive data is encrypted, and it must be decrypted before it can be used for any form of analysis or computing. The analysis or computation is conducted while the sensitive data is in an unencrypted state, and then the data is re-encrypted. Matthew French, Research Director at USC Viterbi's Information Sciences Institute (ISI), says that the problem with these schemes is that there is inevitably a breakdown in the process, and someone can snoop on the unencrypted processing, or someone can forget to re-encrypt the data. In the past decade, breakthrough advances in algorithms have enabled FHE, which eliminates the need to decrypt and re-encrypt data, resulting in a far more secure system, according to French. However, FHE requires substantially more computational power to accomplish tasks equivalent to those that are not encrypted. FHE requires around 100,000 times more processing than conventional techniques, so FHE must decrease the computation gap in order to be useful. French and his colleagues took on the challenge with their co-processor, TREBUCHET, which addresses this by developing custom computer hardware to accelerate FHE processing with the aim of achieving ten times the speed of traditional processing. TREBUCHET was created for the Data Protection in Virtual Environments (DPRIVE) Program of the Defense Advanced Research Projects Agency (DARPA). There are both private research facilities and academic institutions on the team. This article continues to dicuss the concept of FHE and the TREBUCHET solution.

USC Viterbi reports "TREBUCHET: A High-Powered Processor for Cutting-Edge Encryption"

According to security researchers at Menlo Security, an unknown threat actor is targeting APAC and North American governments with info-stealing malware and ransomware. The researchers noted that the group's attacks begin with a phishing email containing a malicious Discord link, which points to a password-protected zip file. That, in turn, contains a .NET malware downloader known as PureCrypter. The researchers stated that the loader will try to download a secondary payload from the group's command and control (C2) infrastructure, which is a compromised domain belonging to a non-profit. Among the malicious payloads observed by the researchers in this campaign are various info-stealers and ransomware variants: Redline Stealer, AgentTesla, Eternity, Blackmoon, and Philadelphia ransomware. In the sample analyzed by the researchers, PureCrypter attempts to download AgentTesla, an advanced backdoor designed to steal browser-based passwords, as well as take screen captures and log keystrokes. The researchers stated that in their investigation, they found that AgentTesla establishes a connection to an FTP server where it stores the stolen victim's credentials. The FTP server appears to have been taken over, and the leaked credentials for the domain were found online, thus suggesting that the threat actors used these credentials to gain access to the server. The researchers noted that the FTP server was also seen in a campaign using OneNote to deliver malware. Attackers have been sending phishing emails with links to malicious OneNote files that can download additional malware or steal information from the victim's device. Altogether, the researchers found 106 files using said FTP server.

Infosecurity reports: "Governments Targeted by Discord-Based Threat Campaign"

Researchers at a Quebec university are looking into how prepared power utilities are for cyberattacks, as well as the security of wireless industrial Internet-connected devices. Ottawa recently announced that it gave the University of Sherbrooke the second half of just under $2 million for the study. One project is evaluating the resiliency of Hydro Sherbrooke, a medium-sized power distributor, in the context of Industry 4.0, specifically its ability to detect new threats. Industry 4.0 refers to the incorporation of new technologies such as Internet of Things (IoT) devices, cloud computing, and Artificial Intelligence (AI) into a company's production centers and general operations. The second project analyzes the security of industrial IoT devices with 5G connectivity and edge computing. It involves exploring the applications of the devices in agriculture, water management, and building management. Bell Canada, VMware, Honeywell, and the cities of Sherbrooke and Magog, Quebec, are partners in this study. Lessons learned from both projects will be shared with the power, telecommunications, and Information Technology (IT) manufacturing industries. This article continues to discuss the new projects investigating the readiness of power utilities to face cyberattacks and the security of wireless industrial Internet-connected devices.

IT World Canada reports "Researchers Looking Into Cybersecurity of Canada's Power, IoT Sectors"

Researchers discovered a new payload delivered by the Wslink malware downloader and believe it is part of the toolset maintained and deployed by the Lazarus Group, which is associated with North Korea. ESET researchers found the Wslink loader in 2021, which has a few unique features, the most notable of which is its ability to run as a server rather than a client. Wslink, like other loaders, allows the actors who deploy it to download and install additional malware or tools onto a compromised machine. The researchers were unable to find the payload that Wslink delivered when ESET examined the loader, but they recently discovered one, which they dubbed WinorDLL64. The payload was discovered on a small number of victim machines in locations previously targeted by the Lazarus Group, including Europe and North America. There are also some code commonalities between WinorDLL and other samples used by the Lazarus Group, such as Bankshot and GhostSecret. The ESET researchers discovered several behavioral parallels with known Lazarus Group tools, but they were not certain that WinorDLL was used by the gang. This article continues to discuss the new payload delivered by the Wslink malware downloader, possibly part of the cache of tools maintained and deployed by the Lazarus Group.

Decipher reports "Possible New Lazarus Group Backdoor Found"

Intel has reported recently that it has paid out more than $4.1 million through its bug bounty program since its creation in 2017. Intel noted that, on average, between 2018 and 2021, they paid $800,000 through its bug bounty program each year for vulnerabilities discovered in the company's products. In 2022, it awarded $935,000. Intel says a total of 243 vulnerabilities were reported in 2022, roughly the same as in the previous three years. Intel noted that more than half of the 2022 vulnerabilities were found internally by them, and 90 security flaws, representing 37% of the total, were reported via its bug bounty program. The company engaged 151 researchers last year, more than double compared to the previous three years. Intel stated that most of the vulnerabilities were discovered in Intel software, processors, and network communications products. Only two issues were assigned a "critical" severity rating, but 79 were classified as having "high" severity. Intel has helped create a hardware common weakness enumeration (CWE) list, and 19 of the hardware vulnerabilities addressed last year were assigned to 13 hardware CWEs.

SecurityWeek reports: "Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017"

Many aircraft, spacecraft, and weapons systems contain an onboard computer network referred to as military standard 1553, sometimes known as MIL-STD-1553 or just 1553. The network is a tried-and-true protocol for enabling communications between systems such as radar, flight controls, and the heads-up display. According to Chris Jenkins, a Sandia cybersecurity scientist, securing these networks against a cyberattack is a national security issue. He said that if a hacker took control of 1553 mid-flight, the pilot would lose control of critical aircraft systems. Several researchers across the US are developing protections for systems that use the MIL-STD-1553 protocol. Chris and his Sandia team recently collaborated with Purdue University researchers in West Lafayette, Indiana, to test an idea that could protect these critical networks. Their findings, which were recently published in the scientific journal IEEE Transactions on Dependable and Secure Computing, show that when used correctly, a technique known in the cybersecurity realm as Moving Target Defense (MTD) can effectively secure MIL-STD-1553 networks against a Machine Learning (ML) algorithm. This article continues to discuss the collaborative work on a moving target defense that makes a computer network commonly used on many aircraft, spacecraft, and weapons systems less vulnerable to cyberattacks.

Sandia National Laboratories reports "Hackers Could Try to Take over a Military Aircraft; Can a Cyber Shuffle Stop Them?"

Radio stations in multiple Russian cities were recently hacked to broadcast fake air raid warnings. Air raid alerts were heard in Belgorod, Kazan, Novosibirsk, Penza, Magnitogorsk, Ufa, Voronezh, Nizhny Novgorod, Tyumen, Izhevsk, and other cities, according to the Russian state news agency RIA Novosti. Radio stations, including Relax FM, Funny FM, Business FM, Like FM, Comedy FM, Romantika, Avtoradio, Radio Energy, and Children's Radio, were hacked. According to RIA Novosti, many stations are owned by Gazprom Media. The Russian Ministry of Emergency Situations verified the hack in a Telegram post, but provided no other details or attribution. This is not the first time hackers have infiltrated Russian radio stations or breached other Russian systems. For example, a hacker took over Kommersant FM radio in June 2022, blasting the Ukrainian anthem and anti-war songs. As a result, the company briefly discontinued its air programming for a few hours. This article continues to discuss the recent hacking of Russian radio stations to broadcast fake air raid warnings.

Cybernews "Hacked Russian Radio Stations Broadcast Fake Air Raid Warnings"