Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Aleksey Funtap via Alamy Stock Photo Researchers have spotted a recent surge in activity involving a Mirai distributed denial-of-service (DDoS) botnet variant called CatDDoS. The attacks have targeted organizations across multiple sectors and include cloud vendors, communication providers, construction companies, scientific and research entities, and educational […]

La entrada CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

A U.S. Cyber Force moved a step closer to reality this week after the House Armed Services Committee approved language authorizing a National Academy of Sciences (NAS) study of the issue. The amendment, proposed by Rep. Morgan Luttrell (R-TX), was included in the committee’s markup of the fiscal 2025 defense bill, which now goes to the full House for a vote. The amendment – which can be found as log 4401 in the Chairman’s En Bloc – gives the Defense Department 60 days after enactment to engage the Academy, which then has 270 days to submit the report to Congress, so the U.S. is unlikely to get the new armed services branch before fiscal 2027 at the earliest, if it happens at all. But as Sen. Kirsten Gillibrand (D-NY) unsuccessfully pushed a similar measure last year, the study appears to have a better chance of approval this year.

CYBERCOM Under Siege

Cyber defense has been under the U.S. Cyber Command, or CYBERCOM, since 2010. CYBERCOM brings together personnel from the separate service branches, but that arrangement has come under increasing scrutiny as an inadequate solution to a growing global threat. A 2022 GAO study noted problems with cyber training, staffing and retention across the service branches, and a Foundation for Defense of Democracies (FDD) study in March of this year detailed problems with the lack of a singular approach to cyber defense.   “The inefficient division of labor between the Army, Navy, Air Force, and Marine Corps prevents the generation of a cyber force ready to carry out its mission,” the FDD report said.

“Recruitment suffers because cyber operations are not a top priority for any of the services, and incentives for new recruits vary wildly. The services do not coordinate to ensure that trainees acquire a consistent set of skills or that their skills correspond to the roles they will ultimately fulfill at CYBERCOM.”

Promotion systems often hold back skilled cyber personnel because the systems were designed to evaluate service members who operate on land, at sea, or in the air, not in cyberspace. Retention rates for qualified personnel are low because of inconsistent policies, institutional cultures that do not value cyber expertise, and insufficient opportunities for advanced training. “Resolving these issues requires the creation of a new independent armed service – a U.S. Cyber Force – alongside the Army, Navy, Air Force, Marine Corps, and Space Force.” The FDD report concluded, “America’s cyber force generation system is clearly broken. Fixing it demands nothing less than the establishment of an independent cyber service.”

CYBERCOM Retools for the Future

CYBERCOM, which was elevated to a unified command in 2018, is taking its own steps to address the growing cyber warfare threat. In testimony last month before the Senate Armed Services Committee, Air Force General Timothy D. Haugh, who serves as CYBERCOM’s commander and director of the NSA, noted some of the ways CYBERCOM is addressing those challenges. “CYBERCOM 2.0” is an initiative under way “to develop a bold set of options to present to the Secretary of Defense on the future of USCYBERCOM and DoD cyber forces,” Haugh told the committee. “To maximize capacity, capability, and agility, we are addressing readiness and future force generation.” Enhanced Budgetary Control (EBC) authority granted by Congress gave more than $2 billion in DoD budget authority to CYBERCOM for the current fiscal year, and “streamlines how we engage the Department’s processes,” Haugh said. “EBC is already paying dividends in the form of tighter alignments between authorities, responsibility, and accountability in cyberspace operations. Greater accountability, in turn, facilitates faster development and fielding of capabilities.” It remains to be seen whether the U.S. will get a seventh military service branch – after the Army, Navy, Marine Corps, Air Force, Coast Guard, and Space Force – or if current initiatives will be enough to address cyber defense challenges. But it seems likely that the issue will get a lot more scrutiny before it’s settled. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Cyble Research and Intelligence Labs (CRIL) has discovered a sophisticated cyber campaign employing malicious LNK files, potentially distributed through spam emails. This intricate operation, possibly orchestrated by the notorious Turla Advanced Persistent Threat (APT) group, employs human rights seminar invitations and public advisories as bait to infiltrate users' systems with a nefarious payload. The threat actors (TAs) showcase a high level of sophistication by embedding lure PDFs and MSBuild project files within the .LNK files, ensuring a seamless execution process. Leveraging the Microsoft Build Engine (MSBuild), the TA executes these project files to deploy a stealthy, fileless final payload, acting as a backdoor to facilitate remote control over the compromised system.

Turla APT Group Infection Chain

[caption id="attachment_69293" align="alignnone" width="1024"] Source: Cyble[/caption] The attack unfolds with a malicious .LNK file concealed within a ZIP archive, potentially delivered via phishing emails. Upon execution, the .LNK file triggers a PowerShell script, initiating a sequence of operations. These operations include extracting content from the .LNK file and creating three distinct files in the %temp% location: a lure PDF, encrypted data, and a custom MSBuild project. [caption id="attachment_69295" align="alignnone" width="1024"] Source: Cyble[/caption] The disguised .LNK file triggers a PowerShell script, which then opens the lure PDF while silently executing the embedded MSBuild project. [caption id="attachment_69299" align="alignnone" width="783"] Source: Cyble[/caption] This project file, containing encrypted content, employs the Rijndael algorithm to decrypt data, subsequently executing a final backdoor payload. [caption id="attachment_69296" align="alignnone" width="1119"] Source: Cyble[/caption] The decrypted MSBuild project file, when executed using MSBuild.exe, runs an inline task directly in memory. This task enables the backdoor to initiate various operations, including monitoring processes, executing commands, and communicating with a Command and Control (C&C) server for further instructions.

Threat Actor Attribution to Turla APT Group

According to CRIL, the threat actor behind this campaign is the Turla APT group due to Russian-language comments in the code and behavioral similarities with previous Turla campaigns. The group's focus on targeting NGOs aligns with the lure documents referencing human rights seminars. The utilization of MSBuild and other legitimate applications highlights the persistent nature of the threat actor. By exploiting inherent functionalities, the Turla APT group can evade conventional security measures. Organizations must adopt a multi-layered security approach to mitigate risks effectively. To fortify defenses against sophisticated threats like the Turla APT group, organizations should adopt key cybersecurity measures. This includes implementing robust email filtering to block malicious attachments and exercising caution when handling email attachments from unknown sources.  Limiting access to development tools such as MSBuild to authorized personnel helps prevent misuse while disabling unnecessary scripting languages like PowerShell reduces the risk of exploitation. Establishing network-level monitoring is crucial for detecting and responding to anomalous activities swiftly. These practices collectively enhance security posture, safeguarding sensitive data and systems from cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Bad actors are always ready to exploit political strife to their own ends. Right now, they’re doing so with the conflict in the Middle East. A holistic defense against influence networks requires collaboration between government, technology companies and security research organizations.

The post Emerald Divide Uses GenAI to Exploit Social, Political Divisions in Israel Using Disinformation appeared first on Security Boulevard.