CDD Cyber-news:  [ contact:  Trianne de Spelle ]

RHYSIDA

Note to Friends.  On the case. 

Cross Hairs: The Rhysida .onion site and their 72 targets are in focus.   CHACHA20 progression.

 

IR35 Skims and  Scams to the loss for HMRC and/or the Client/Consultant

Authorities know about all these...and done nothing! 

1.  Unexplained and accrued fees charged directly to the consultant
2.  Pocketing holiday pay set aside and belonging to the consultant 
3.  Paying falsified mileage claims (thus avoiding NI)
4.  Inappropriately offering Gross Payment Model
5.  Incoherent payslip accounting, no explanation/breakdown offered
6.  Inappropriate Charging of Apprenticeship Levy
7.  Formation of  Mini Cartels between umbrella businesses.
8.  Improper charging of employer’s NI on pensions
9.  Claiming the employment allowance
10. Consultants forced/unwittingly opting out of AgCond. regulations
11. “Gap pay” charges
12. Employers NI allowance scam (involving mini umbrella companies)

International Summit on AI   

The BBC are reporting the materail underpinning the international Summit on Artificial Intelligence. 

A perfect venue for such a gathering....the only real abuse of AI to date is the misinformation that arises from the actions of the insidious. 

Nobody there will have even considered the impact of RADAR attacks on their AI systems, let alone how to counter them. (Clue: it's impossible to counter them without the training data being properly structured/controlled.)

Pause Forethought  

(A new contribution in the essay series from CDD's consultants.)

Artificial Intelligence. Complete Tosh! (2 pages)

Does artificial intelligence(AI) even exist and therefore does it necessitate regulation?  If it doesn't, what is it that does actually need proper controls in order to protect what might be serious adverse impact on human society from the actions of the insidious.

Free Cyber Security Assessment

Free to SMEs - Contact us to receive a free, confidential Cyber Security Essentials Assessment and Report of your business...absolutely no obligation.

Latest List of Known Exploited Vulnerabilities Across All Products & Manufacturers 

(Sept.23 - MSExcel format) 

Really important!  Known vulnerabilities that are also known to have been exploited by attackers.

Vital intelligence material for assessment of corporate threat landscape, necessary detection techniques, technical remediation and cyber risk reduction.

CDD - Comments on the NATS shutdown - Interim Incident Report

CDD would comment that it is staggering the a saftey critical element of the UK critical national infrastructure (having such immediate adverse and direct financial and operational impact) could calmly shut itself down and take it's toys away becasue of a bit of illogical data!    See here

CDD - Cyber Attack on Norwegian Government Installations

CDD is monitoring cyber attacks against the Norwegian critical infrastructure (alleged to follow Russian tactics and strategy of 2020).  This is a volatile situation involving complex vectors and co-ordinated combinations of vulnerabilities that were thought to be remedied.  

CDD - Clarification over CLOP capabilities

CDD recognises that there is some confusion over CLOP capabilities and IOC.  Therefore please see (curtesy of Mitre's data): - This is extremely professional, modular combinatorial malware....

Command and Scripting Interpreter: 
  Windows Command Shell
  Data Encrypted for Impact
  De-obfuscate/Decode Files or Information
  File and Directory Discovery

Impair Defenses: 
  Disable or Modify Tools
  Inhibit System Recovery 
  Modify Registry Native API
  Network Share Discovery

Obfuscated Files or Information: 
  Software Packing
  Process Discovery 
  Service Stop

Software Discovery: 
  Security Software Discovery

Subvert Trust Controls: 
  Code Signing

System Binary Proxy Execution: 
  Msiexec

System Location Discovery: 
  System Language Discovery

Virtualization/Sandbox Evasion: 
  Time Based Evasion 

CDD is launching a new Massively Parallel Processing Engine

CDD has been engineering a new Deep Neural Network processing environment for data enrichment and machine learining purposes.  This system is approaching readiness and will be in a position of process 45000 independent processes sumultaneously using 3.2GHz cores and served by a 40GB dedicated DevOps N/W.  This represents a breakthrough in massively parallel processing available to ordinary private users wishing to exploit AI/ML and DNN technology on a budget and without the security risks associated with cloud deployment of high technologies and sensitive or high governance data.  

MOVEit Cyber Attack

A range of adverse security impacting vulnerabilities are currently being investigated.  Patching is available and alternative mitigations being engineered for those already targeted by the ClOp group.

Further updates being prepared for correspondents on these issues. Please call 07917 663374 

________________In Summary__________________

The Russian group responsible for ClOp (A.K.A. TA505, FIN11, etc...) deploy a complex and evolving malware capability with the following sample of combinatorial capabilities:

1. Use of cmd.exe to facilitate command execution on the target system(s)

2. Detection Avoidance Techniques by:

   Code Signing

   Applied quiesence (to evade sandbox analytics)

3. Enumeration of all processes and N/W shares on target machines

4. Quiesence/Termination of processes and services for backup and related security operations

5. << Redacted >>

6. Deletion of shadow volumes (i.e. vssadmin Delete Shadows /all /quiet)

7. Deploys bcdedit to disable recovery options

8. Keyboard language checks (for Cyrillic alphabet) via: (thus avoiding Russian endpoints)

   GetKeyboardLayout()

   GetTextCharset function()

9. Deploys msiexec.exe to disable/uninstall or otherwise impair the function of security tools on the system and searches for processes with IDS, Anti-virus and Anti-malware products

10. Incorporation of built-in API functions:

   WNetOpenEnumW()

   WNetEnumResourceW()

   WNetCloseEnum()

   GetProcAddress()

   VirtualAlloc()

11. Capability to modifications Windows registry data

12. Deployed crypto ranging from basic recurrent XOR operations to decrypt strings, but currently uses AES, RSA, and RC4. (Helpfully adding ".clop" extension to encrypted files!)

[ Contact: Norrentz ]

Current AI Concerns 

All the current shrill and ill-informed discussion about AI is completely swept aside by a single consideration.  Has any computer, anywhere, ever decided to do something, purely based upon its own volition?  I am not aware of any, and therfore all planetary species can rest assured that there is no real danger arising from a device equipped with an off-switch!  Computers are not intelligent and merely provide the opportunity to augment human cognition that appears to emulate intelligence and only then, to the uninitiated.  The clever trick is to recognise when this is taking place.

US have disrupted the most advanced Russian espionage malware.

Dangerous malware, known as Snake, was initially designed decades ago and used in a number of campaigns including Uroboros, Venomous Bear, Waterbug and Turla.  It is used by threat actors (in Center 16 of the FSB) to steal sensitive documents from well protected devices in some 50 countries. FBI's 'Perseus' capability issued commands to disrupt Snake's critical operational components.

HM Government issues UK quantum strategy...not before time! 

The UK government has published the country's quantum strategy at last...but quality takes time...and this is great!  Australia has now followed suit...all good stuff!

Russian 'spy ships' threaten to sabotage UK energy supply

What is new? However, the recent cyber hostile activity from patriotic yourng russians (as reported in the Telegraph) and the physical breacehs of cybersecurity around Orkney are troublesome events. Indeed, the deployment and use of sea plough technology to sever communications cables needs to attract the attention of military decision makers.  The Telegraph have missed a few matters in their own reporting. [Link]

All rights reserved. CyberDefenceDynamics 

© 2013-2024

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details and accept the service to view the translations.