Cyber Intelligence Weekly: The 3 New Ideas You Need to Know this Week (Issue 161 – October 6, 2024)

Dear Friends and Colleagues,

Welcome to our weekly newsletter, where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight a recent article from two of our offensive security experts, Devin Jones and Ben D'Attilio , entitled, “From Vulnerability Assessments to Red Teaming: Choosing the Right Cybersecurity Assessment.”

In this article, Devin and Ben break down the importance of selecting the right assessment to strengthen your security posture.

Whether it's vulnerability assessments or red teaming, each service plays a crucial role in protecting your organization. Explore their expert insights and find the best approach for your unique needs! Read more: https://lnkd.in/ezx6nk6w

?Away we go!

?

1.??Chinese Hackers Breach US Wiretap Systems, Access Telecom Networks

Chinese hackers have breached the networks of several major U.S. broadband providers, gaining access to systems used by the federal government for court-authorized wiretapping, according to a Wall Street Journal report . The attack, attributed to a Chinese hacking group called "Salt Typhoon," targeted the infrastructure of companies like Verizon, AT&T, and Lumen Technologies. The hackers allegedly held access for several months, potentially gathering sensitive data related to communications surveillance and other internet traffic.

The breach is the latest in a series of Chinese cyber espionage activities aimed at intelligence gathering. Earlier this year, U.S. law enforcement confronted a different Chinese hacking group, "Flax Typhoon," while "Volt Typhoon" was another group accused of cyber operations by the U.S. government. China’s foreign ministry denied knowledge of the recent breach, dismissing the report as a false narrative aimed at framing Beijing. They also reiterated past claims that accusations against China regarding cyber attacks were part of international misinformation campaigns.

The attack on these telecom networks is particularly concerning, given the sensitive nature of the wiretap systems they support. These systems are crucial for executing court-approved surveillance requests and hold significant value for intelligence collection. The breach highlights vulnerabilities in critical communications infrastructure and the challenges faced by cybersecurity teams in countering sophisticated, state-backed threat actors.

The incident underscores the ongoing tension between the U.S. and China in cyberspace, with repeated allegations and counterclaims regarding cyber activities and the targeting of government and commercial networks.

?

2.??Evil Corp Members Sanctioned, Links to LockBit Revealed

Sixteen members of Evil Corp, once considered one of the most significant cybercrime groups globally, have been sanctioned by the UK, Australia, and the US for their involvement in major ransomware attacks. Evil Corp, known for its links to the Russian state and affiliations with other ransomware groups, has extorted over $300 million from various sectors, including healthcare, critical infrastructure, and government. The latest sanctions expose previously unknown members, including Aleksandr Ryzhenkov, who has been identified as a LockBit affiliate.

The international investigation, led by the UK's National Crime Agency (NCA) under Operation Cronos, revealed that Evil Corp’s criminal network evolved from a financial crime family in Moscow into a notorious cybercrime syndicate responsible for malware like Dridex and ransomware such as BitPaymer. Maksim Yakubets, the leader of Evil Corp, and his deputy, Igor Turashev, were first sanctioned by the US in 2019, and recent actions target additional members of the group, including Yakubets' father and father-in-law.

Ryzhenkov, who played a major role in developing Evil Corp's ransomware strains, was charged in the US for using BitPaymer to target victims across America. He was also involved in LockBit attacks, highlighting the connections between these cybercriminal groups. Evil Corp’s ability to operate has significantly diminished since the initial sanctions in 2019, pushing the group to change tactics, develop new malware, and collaborate with other cybercrime organizations like LockBit.

The sanctions have had a lasting impact, forcing Evil Corp to adapt its methods and restricting its ability to operate. Nonetheless, the NCA and international partners remain vigilant, tracking the ongoing illicit activities of the group’s members, many of whom have shifted their focus to new ransomware operations. The crackdown against Evil Corp is part of a broader effort to dismantle dangerous cybercrime networks and prevent future attacks on critical systems worldwide.

?

3.??Meta Smart Glasses Can Be Used to Dox Strangers in Seconds, Researchers Find

Two Harvard students recently demonstrated how Meta's second-generation smart glasses can be used to identify strangers in seconds by linking the device to a facial recognition search engine. Using Meta's Ray-Ban smart glasses in conjunction with PimEyes, a face search engine, the students were able to extract personal details like names, addresses, and phone numbers with a single glance. By integrating a large language model (LLM) into the process, they could also quickly combine data for more invasive purposes, such as doxxing or tracking someone's location.

The researchers modified Meta’s Ray-Ban smart glasses to create a project they named "I-XRAY." They tested their invention in public spaces, including subway stations, and found that the glasses, along with the facial search engine, could identify dozens of unsuspecting people in a matter of seconds. Their experiment highlighted the potential for this technology to be used for nefarious purposes, such as stalking or impersonation. For demonstration purposes, they covered the glasses' recording light to avoid drawing attention to themselves.

The point of their project was to raise awareness about privacy vulnerabilities in an age of rapidly advancing technology. They encouraged people to opt out of invasive facial recognition tools like PimEyes to protect themselves from being easily identified. While they chose not to release the code for their project, they have outlined ways to remove personal information from popular reverse image and people search databases. Meta and PimEyes, when contacted, downplayed the privacy risks, suggesting that similar risks already exist through images shared online.

The researchers emphasized that technology like I-XRAY could have serious consequences if adopted by bad actors, especially in regions like the US, where facial recognition regulations are more lenient. They hoped that their work would promote awareness of the risks and encourage people to take steps to protect their data. Meanwhile, other companies like Clearview AI have also explored similar technologies, raising concerns about privacy and the potential misuse of facial recognition in wearable tech.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about