facebook - X-Industry - Red Sky Alliance2024-03-29T06:37:34Zhttps://redskyalliance.org/xindustry/feed/tag/facebookMeta Says It Will Label AI-Generated Imageshttps://redskyalliance.org/xindustry/meta-says-it-will-label-ai-generated-images2024-02-21T17:00:00.000Z2024-02-21T17:00:00.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}12385560484,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12385560484,RESIZE_400x{{/staticFileLink}}" width="250" alt="12385560484?profile=RESIZE_400x" /></a>Facebook and Instagram users will start seeing labels on AI-generated images on their social media feeds, part of a broader tech industry initiative to sort between what is real and what is not. A Meta spokesman said on 06 February 2024 that it is working with industry partners on technical standards to make it easier to identify images and, eventually, video and audio generated by artificial intelligence tools.<a href="#_ftn1">[1]</a></p>
<p>See: <a href="https://redskyalliance.org/xindustry/why-do-some-ai-images-look-like-me">https://redskyalliance.org/xindustry/why-do-some-ai-images-look-like-me</a></p>
<p>Just how well it will work at a time when it is easier than ever to make and distribute AI-generated imagery that can cause harm, from election misinformation to nonconsensual fake nudes of celebrities. “It’s kind of a signal that they’re taking seriously the fact that generation of fake content online is an issue for their platforms,” said Gili Vidan, an assistant professor of information science at Cornell University. She stated it could be “quite effective” in flagging a large portion of AI-generated content made with commercial tools, but it won’t likely catch everything.</p>
<p>Meta’s president of global affairs, Nick Clegg, did not specify when the labels would appear but said it would be “in the coming months” and in different languages, noting that a “number of important elections are taking place around the world. As the difference between human and synthetic content gets blurred, people want to know where the boundary lies,” he said.</p>
<p>Meta already puts an “Imagined with AI” label on photorealistic images made by its tool. Still, most AI-generated content flooding its social media services comes from elsewhere. Several tech industry collaborations, including the Adobe-led Content Authenticity Initiative, have been working to set standards. A push for digital watermarking and labeling AI-generated content was also part of an executive order that US President Joe Biden signed in October.</p>
<p>Clegg said that Meta will work to label “images from Google, OpenAI, Microsoft, Adobe, Midjourney, and Shutterstock as they implement their plans for adding metadata to images created by their tools.”</p>
<p>Google said AI labels were coming to YouTube and its other platforms last year. “In the coming months, we’ll introduce labels that inform viewers when the realistic content they’re seeing is synthetic,” YouTube CEO Neal Mohan reiterated in a year-ahead blog post last week.</p>
<p>One potential concern for consumers is if tech platforms get more effective at identifying AI-generated content from a set of major commercial providers but miss what is made with other tools, creating a false sense of security. “There’s a lot that would hinge on how platforms communicate this to users,” said Cornell’s Vidan. “What does this mark mean? With how much confidence should I take it? What is its absence supposed to tell me?”</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p> </p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></p>
<p>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p><strong>Weekly Cyber Intelligence Briefings:</strong></p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.securityweek.com/meta-says-it-will-label-ai-generated-images-on-facebook-and-instagram/">https://www.securityweek.com/meta-says-it-will-label-ai-generated-images-on-facebook-and-instagram/</a></p></div>Twitter & Meta Woeshttps://redskyalliance.org/xindustry/twitter-meta-woes2022-11-09T14:50:58.000Z2022-11-09T14:50:58.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10878390288,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10878390288,RESIZE_400x{{/staticFileLink}}" width="250" alt="10878390288?profile=RESIZE_400x" /></a>Impending doom looked foreseeable with Elon Musk’s $44 billion acquisition of Twitter and began to show early on even before the billionaire completed his purchase. From the daily tit-for-tat on his Twitter acquisition stance, it became apparent to some that that Musk’s indecisive nature foretold an ominous future for Twitter. However, the actual chaos ensued just hours after Musk became the largest stakeholder in the bird app. From his plan to grant a “blue tick” verification symbol to anyone paying $8 a month, to threats of 3,700 layoffs at Twitter (almost half of its employees), Elon Musk seems to be determinedly speed-running the app’s change and some believe its demise.</p>
<p>Below is an editorial piece from HackRead on Twitter. HackRead looks at all the current controversies surrounding Elon Musk’s ownership of Twitter. </p>
<p>Immediately after completing his purchase, Elon Musk fired Twitter’s chief executive and top managers including CEO Parag Agrawal, CFO Ned Segal, and legal affairs and policy chief Vijaya Gadde. Since then, more executives chose to resign or were let go and this was only the beginning of half of Twitter employees being laid off without a requisite notice. The company dismissed people across multiple departments including human rights, machine learning ethics, transparency and accountability, advertising, marketing, communications, engineering, and curation.<a href="#_ftn1">[1]</a></p>
<p>Now, however, certain employees have been asked to return as they were laid off “by mistake.” Clearly, the company realized that a lot of the people laid off possessed the talents needed to keep the platform running smoothly and to work on features envisioned by Musk.</p>
<p>According to tweets from a former employee, numerous people already working on features such as attaching long-form texts to tweets and a new version of TweetDeck were fired in what can be seen as a classic Musk move. By setting tight deadlines on the feature rollouts, he made it very difficult for the remaining employees to get the work done on time, hence necessitating the return of previously fired employees. The laid-off employees took their justified anger to Blind, an anonymous community app for the workplace, where they shared their opinions on Twitter’s future, flooding the app with bad reviews. One poster who described themself as an engineering manager said on Wednesday: “Brutalist decision-maker at the helm. Emergency-driven work is exciting for those who like thrills. Pay is no longer tied to the stock market fluctuations.” The anonymous poster, who gave Twitter a two-star rating, added: “The absolute and swift destruction of a compassionate, human-first corporate culture is leaving Tweeps feeling like we’ve lost our family.”</p>
<p>While some resorted to typing out their resentment, others demanded justice through a different medium. Last week, several former Twitter employees filed a class action lawsuit against the company for not providing adequate notice before dismissing them from their jobs. Worker protection laws such as the Federal Worker Adjustment and Retraining Notification Act as well as the California WARN Act require 60 days of advance notice before a mass layoff. Moreover, another media source reported stated that according to an internal benefits summary, Twitter workers are typically paid at least two months’ salary and the cash value of the equity they were scheduled to receive within three months of a layoff.</p>
<p>Facebook parent Meta is slated to lay off 11,000 people, which is about 13% of its workforce, as it contends with falling revenue and wider tech industry woes, said CEO Mark Zuckerberg said in a letter to employees on 8 November. The move comes just a week after widespread layoffs at Twitter under its new owner. Meta, like other social media companies, enjoyed a financial boost during the pandemic lockdown era because more people stayed home and scrolled on their phones and computers. But as the lockdowns ended and people started going outside again, revenue growth began to fade.<a href="#_ftn2">[2]</a></p>
<p>An economic slowdown and a grim outlook for online advertising, by far Meta's biggest revenue source, have contributed to Meta's woes. This summer, Meta posted its first quarterly revenue decline in its history, followed by another, bigger decline in the fall. Some of the pain is company-specific, while some is tied to broader economic and technological forces.</p>
<p>Meta has worried investors by pouring over $10 billion a year into the "metaverse" as it shifts its focus away from social media. Zuckerberg predicts the metaverse, an immersive digital universe, will eventually replace smartphones as the primary way people use technology. Meta and its advertisers are bracing for a potential recession. There's also the challenge of Apple's privacy tools, which make it more difficult for social media platforms like Facebook, Instagram and Snap to track people without their consent and target ads to them.</p>
<p>Competition from TikTok is also a growing threat as younger people flock to the video-sharing app over Instagram, which Meta also owns. In a cautionary note: the Communist China Party (CCP) oversees all businesses in China, to include TikTok. </p>
<p>Red Sky Alliance offer Dark Web investigation services that can be found at: </p>
<p><a href="https://www.wapacklabs.com/redpane">https://www.wapacklabs.com/redpane</a> </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.hackread.com/twitter-unpredictable-path-elon-musk/">https://www.hackread.com/twitter-unpredictable-path-elon-musk/</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://6abc.com/meta-layoffs-layoff-2022-facebook/12432958/">https://6abc.com/meta-layoffs-layoff-2022-facebook/12432958/</a></p></div>Ducktail: Race Cars, Lasers, and new Malware Variantshttps://redskyalliance.org/xindustry/ducktail-race-cars-lasers-and-new-malware-variants2022-10-24T20:11:30.000Z2022-10-24T20:11:30.000ZJD Thomasonhttps://redskyalliance.org/members/JDThomason<div><p><a href="{{#staticFileLink}}10853901881,original{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10853901881,RESIZE_400x{{/staticFileLink}}" width="250" alt="10853901881?profile=RESIZE_400x" /></a>There have been some developments in the Ducktail phishing campaign. To begin our report, it seems reasonable to go over a little bit of history on Ducktail for those who might be unfamiliar. The Ducktail phishing campaign was first discovered and reported on in late July of 2022. Researchers at the firm WithSecure are credited with the discovery of the campaign. In terms of who is responsible, WithSecure’s report on this campaign indicated a high level of confidence in their belief that the threat actors responsible for this campaign were in Vietnam. Further, WithSecure’s evidence suggests that malware linked to the Ducktail operation has been distributed since the second half of 2021. They had also suggested that the threat actor could have been active since 2018.</p>
<p>Then, as one might expect of a campaign of this nature, the motives behind the threat actor’s actions appear to be financially driven. This campaign was also noted for appearing to select targets in a more curated manner and in smaller numbers. The theory behind their target selection is that it might increase the chances of success and help to remain unnoticed. Of course, one of the recent changes to this campaign that we’ll be discussing shortly relates is targeting.</p>
<p>Getting into who exactly this campaign has been targeting, it is clear that the main focus was on Facebook business accounts. Specifically, Ducktail attempted to target individuals who may have high-level access to Facebook Business accounts, such as those in management roles, marketing and/or digital media roles, or people in human resources roles. Targets appear to have been primarily found on LinkedIn. Threat actors could simply reach out to people who meet the specific requirements and attempt to use social engineering techniques to deliver a malware payload from a service like iCloud or Dropbox. Even though the campaign appeared to be more targeted on an individual basis, there is no indication that specific regions or countries were targeted. Telemetry data from WithSecure shows Ducktail activity in North America, Europe, and Asia.</p>
<p>The overall flow of the process can be seen in this image from WithSecure below. Once the package is downloaded, the malware, if executed, can proceed with an info stealing procedure and exfiltrate the victim’s data. If Facebook session information is found, the malware will also attempt to access the account and add an additional email for administrative purposes. With all of that said, it is worth noting here that reports indicate that newer instances of Ducktail appear to be targeting the public at large rather than specifically targeting people that might have access to a Facebook Business account.</p>
<p> </p>
<p><a href="{{#staticFileLink}}10853901294,RESIZE_584x{{/staticFileLink}}"><img class="align-center" src="{{#staticFileLink}}10853901294,RESIZE_584x{{/staticFileLink}}" width="443" alt="10853901294?profile=RESIZE_584x" /></a></p>
<p style="text-align:center;">Figure 1. Original flow of Ducktail (source: WithSecure)</p>
<p>The large change to Ducktail’s process is that it is now spreading malware written in PHP. Previously, the malware associated with Ducktail was written in .NET Core, which itself was a change from the malware being written in the traditional .NET framework. As one might expect, the change from the .NET framework to .NET Core provided several advantages. Most notably, .NET Core would allow for a self-contained binary that is not reliant on the .NET framework being installed on the target machine. Further, it allowed for the malware to be distributed as a single file and potentially take advantage of a lower detection rate over the .NET framework.</p>
<p>If a user downloads and installs the lure package sent to them, the malware will be installed to a directory in the user’s AppData folder. The collective malware package will include a local PHP interpreter, scripts for stealing formation, and a collection of support libraries. In terms of persistence, the malware will be set via Scheduled Tasks to run daily.</p>
<p>The code of the info stealer exists on disk as a Base64 encoded PHP file. The script is executed from a batch file and decoded completely in memory so none of the actual code is on disk to avoid detection. Upon installation, a parallel process is executed, at which point, several things are occurring. A script makes a call to the Task Scheduler, ensuring that the collection process can be re-run, and another script will begin the collections process. The updated flow for Ducktail’s process can be seen below graphic from Zscaler. </p>
<p> </p>
<p><a href="{{#staticFileLink}}10853901267,RESIZE_710x{{/staticFileLink}}"><img class="align-center" src="{{#staticFileLink}}10853901267,RESIZE_584x{{/staticFileLink}}" width="500" alt="10853901267?profile=RESIZE_584x" /></a></p>
<p style="text-align:center;">Figure 2. Update flow of the Ducktail process (source: Zscaler)</p>
<p> </p>
<p>First, the script will attempt to determine information about the browsers on the machine. Then, it will seek to collect information from the cookies on the machine and focus on finding Facebook and crypto accounts. If a Facebook account is found and is determined to be business related, much like with the previous campaign, the script will attempt to infer additional information about the account, such as payment methods, cycles, amounts spent, owner details, verification, PayPal information, etc. Once data is examined and collected, it is then sent to a command-and-control server.</p>
<p>In summary, Ducktail was a phishing scam that was first reported on in July 2022. The threat actors behind the campaign, who may have been active in the cybercriminal space since 2018, are said to be in Vietnam. In terms of targeting, the initial campaign sought to exploit Facebook Business accounts by manipulating LinkedIn users with appropriate profile requirements into downloading specific malware. Recently, Ducktail’s requirements seem to have changed in the sense that instead of only targeting users with Facebook Business accounts, they are happy to exfiltrate data from a wider scope of Facebook users. In addition to the apparent change in targeting scope, there have also been changes to the underlying malware distributed by the campaign. Instead of an executable written in .NET core, we now see that Ducktail is now distributing malware written in PHP. The scripts involved are stored on disk in encoded form and are decrypted completely in memory to avoid detection. The overall flow for this malware is determining browser information on the machine, pulling stored cookies to look for Facebook or crypto accounts, and send collected data to remote command-and-control servers.</p>
<p> </p>
<p><strong>[1]: <a href="https://www.bleepingcomputer.com/news/security/linkedin-phishing-target-employees-managing-facebook-ad-accounts/">https://www.bleepingcomputer.com/news/security/linkedin-phishing-target-employees-managing-facebook-ad-accounts/</a></strong></p>
<p><strong>[2]: <a href="https://www.withsecure.com/en/whats-new/pressroom/withsecure-detects-new-infostealer-malware-ducktail">https://www.withsecure.com/en/whats-new/pressroom/withsecure-detects-new-infostealer-malware-ducktail</a></strong></p>
<p><strong>[3]: <a href="https://www.f-secure.com/content/dam/labs/docs/WithSecure_Research_DUCKTAIL.pdf">https://www.f-secure.com/content/dam/labs/docs/WithSecure_Research_DUCKTAIL.pdf</a></strong></p>
<p><strong>[4]: <a href="https://www.zscaler.com/blogs/security-research/new-php-variant-ducktail-infostealer-targeting-facebook-business-accounts">https://www.zscaler.com/blogs/security-research/new-php-variant-ducktail-infostealer-targeting-facebook-business-accounts</a></strong></p>
<p><strong>[5]: <a href="https://www.bleepingcomputer.com/news/security/new-php-information-stealing-malware-targets-facebook-accounts/">https://www.bleepingcomputer.com/news/security/new-php-information-stealing-malware-targets-facebook-accounts/</a></strong></p>
<p> </p>
<p><span style="text-decoration:underline;"><strong>About Red Sky Alliance</strong></span></p>
<p><a href="{{#staticFileLink}}10853900867,RESIZE_930x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}10853900867,RESIZE_400x{{/staticFileLink}}" width="350" alt="10853900867?profile=RESIZE_400x" /></a></p>
<p>Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice. However, external threats are often overlooked and can represent an early warning of impending cyber-attacks. Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.</p>
<p>Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/"><strong>https://www.redskyalliance.org/</strong></a></li>
<li>Website: <a href="https://www.wapacklabs.com/"><strong>https://www.wapacklabs.com/</strong></a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941"><strong>https://www.linkedin.com/company/64265941</strong></a></li>
</ul>
<p> </p>
<p><span style="text-decoration:underline;"><strong>Weekly Cyber Intelligence Briefings:</strong></span></p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989"><strong>https://attendee.gotowebinar.com/register/5504229295967742989</strong></a></p></div>Thomas More University Hithttps://redskyalliance.org/xindustry/thomas-more-university-hit2022-08-17T15:59:29.000Z2022-08-17T15:59:29.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10776663468,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10776663468,RESIZE_400x{{/staticFileLink}}" width="210" alt="10776663468?profile=RESIZE_400x" /></a>Attacks on educational facilities continue to plague the .edu world. A local US, Kentucky university was hit with a cyberattack that has left it with embarrassing and inappropriate pictures on their social media account that they cannot take down. Thomas More University’s Facebook account was hacked, and all of their account managers are locked out. “About three weeks ago we got a notice that told us all of the university administrators, who are admins on the page, have been removed,” said vice president of institutional advancement at Thomas More. </p>
<p>The first posting out of the university’s control was a live video game. Most recently, the posts have been of a woman in suggestive poses with accompanying text. One reads, “I just rented a room that can accommodate two people.”</p>
<p>“Our students, our prospective students, our community members, of course, they’re frustrated. They’re annoyed. The content is obviously against everything as a catholic university that we stand for. It’s uncomfortable,” the university reported.<a href="#_ftn1">[1]</a></p>
<p>The university VP said they have a security team looking into the incident that told them the university appeared to be using the safest cyber security practices.</p>
<p>Even more frustrating, the university has had no help from Facebook with the problem. “We’ve tagged Facebook in many different posts to try to get their attention. We’ve threatened legal action. We can’t get a response,” they said.</p>
<p>Finding who is responsible is also a problem. “So much of this happens off-shore, where there’s no way to get to these people,” said an Intrust IT cyber security expert. Intrust said even the woman in the pictures could be a victim. “If she was behind the hack, she could potentially be prosecuted for this. My guess is they got these photos from somewhere else, or she’s outside the United States if she’s involved in it somehow," the researchers said.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs. com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www. redskyalliance. org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www. wapacklabs. com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www. linkedin. com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.wlwt.com/article/thomas-more-university-hacked-facebook-account/40901253#">https://www.wlwt.com/article/thomas-more-university-hacked-facebook-account/40901253#</a></p></div>Russia Takes on Walkie Talkieshttps://redskyalliance.org/xindustry/russia-takes-on-walkie-talkies2022-03-10T14:03:11.000Z2022-03-10T14:03:11.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10199981459,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10199981459,RESIZE_400x{{/staticFileLink}}" width="250" alt="10199981459?profile=RESIZE_400x" /></a>Our readers who are old enough to remember using walkie-talkies to talk with their friends or used them in the military will find this of interest. A walkie-talkie, more formally known as a handheld transceiver, is a hand-held, portable, two-way radio transceiver. It was developed during WW II to eliminate the need for wire connected combat (field) telephones. Interesting enough that they are still being used on the precipice of WW III. </p>
<p>Walkie-talkie communication app Zello <a href="https://zello.com">https://zello.com</a> has become the latest app banned by Russian officials. Zello is the highest rated push-to-talk app, connecting 150 million users globally, empowering frontline workers, teams, and communities through instant and crystal-clear voice messaging. Zello is a tech software company located in Austin, Texas US, which emulates push-to-talk walkie-talkies over cell phone networks.<a href="#_ftn1">[1]</a> On 04 March 2022, Russia's Federal Service for Supervision in the Sphere of Telecom, Information Technologies, and Mass Communications, also known in Russian as Roskomnadzor, announced that it is banning Zello for spreading "false information" about the invasion of Ukraine.</p>
<p>"On March 4, Roskomnadzor, based on the decision, sent the administration of the American Internet resource Zello a request to stop sending messages to users that contain false information about the course of a special operation of the Armed Forces of the Russian Federation on the territory of Ukraine," Roskomnadzor said in a translated statement. "The administration of the Zello Internet resource did not comply with the requirement of Roskomnadzor within the period established by law. Due to the failure of the administration of Zello to comply with the requirements of Roskomnadzor, access to this application on the territory of the Russian Federation will be limited within 24 hours."</p>
<p>In addition, on 04 March 2022, Roskomnadzor announced that it will block access to Facebook, alleging the US social media giant has discriminated against Russian media and information resources. Early last week, Facebook said it would be "demoting" content from Russian state-backed media outlets on Facebook and Instagram as part of a wide range of efforts taken in light of the recent invasion of Ukraine.<a href="#_ftn2">[2]</a></p>
<p>Facebook’s president of global affairs and the former UK deputy prime minister said the Russian government was already throttling Facebook and Instagram to make it more difficult for Russian citizens to see certain content. Since Russia began the invasion in February, several tech companies, Google Microsoft and Apple have taken punitive actions against Russia, banning services or ending business in the country.</p>
<p>A recent cyber analysis noted that Russia has already blocked the BBC and multiple other international media outlets, "Blocking Zello is not a surprise," it said. "The Russian government will likely continue to try to limit access to any sources of non-favorable information about the invasion, so more blocks are highly probable." Zello did not respond to requests for comment about the situation. The app has become massively popular in Ukraine since the invasion began.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.zello.com/">https://www.zello.com/</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.zdnet.com/article/russia-bans-walkie-talkie-app-zello/">https://www.zdnet.com/article/russia-bans-walkie-talkie-app-zello/</a></p></div>Metaverse, High-Tech and More (Though not Good)https://redskyalliance.org/xindustry/metaverse-high-tech-and-more-though-not-good2022-02-09T14:45:20.000Z2022-02-09T14:45:20.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10083780872,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10083780872,RESIZE_400x{{/staticFileLink}}" width="250" alt="10083780872?profile=RESIZE_400x" /></a>In separate reporting, the “metaverse” could be a serious problem for children worldwide. If there is only one thing that technology companies, retailers, content creators and investors can agree upon, is that there is money to be made from the metaverse. The metaverse is planned as a virtual-reality space in which users can interact with a computer generated environment and other users.<a href="#_ftn1">[1]</a> As technology CEOs try to win a market position in the still developing digital space, some psychologists and mental health experts say the race to turn a profit is taking attention away from a crucial question, will the metaverse be a safe place, especially for kids and teens? Will this new “world” keep them away from “real life” activities such as sports, fresh air, playing with pets and making friends in person?</p>
<p>See: <a href="https://redskyalliance.org/xindustry/so-what-s-metaverse"><strong>https://redskyalliance.org/xindustry/so-what-s-metaverse</strong></a></p>
<p>The answer is not encouraging. Recent research has shown myriad negative effects of social media on the psyches of children and adolescents, from the prevalence of bullying and harassment to self-esteem and body image issues. Those same pitfalls could be just as prevalent if not worse in the wide-open metaverse, with its series of vast virtual worlds intended for both work and play. If tech companies take those concerns seriously from the beginning, and build solutions into their metaverse products, they could actually benefit children’s mental health, some experts say. “All of these new tools, and all of these new possibilities, could be used for good or for evil,” says a clinical psychologist who serves as chief science officer for the American Psychological Association.</p>
<p>Today’s social media platforms are already dangerous for some kids and teens. Virtual reality’s level of immersion could make those problems even worse, says another psychologist who serves as the director for medical virtual reality at USC’s Institute for Creative Technologies. “There’s a potency about being immersed in a world that is different than observing and interacting…through a flat screen monitor,” he says. “Once you’re actually embodied in a space, even though you can’t be physically touched, we can be exposed to things that take on a level of realism that could be psychologically assaulting.”</p>
<p>The use of 3D digital avatars in the metaverse carries another problem, too. Being able to modify your likeness to project a version of yourself that differs from real life can be “pretty dangerous for adolescents. You are what other people think about you in adolescence,” he says. “And the idea of being able to fictionalize your identity and receive very different feedback can really mess with a teenager’s identity.”</p>
<p>There is a serious concern tech companies are targeting their social media and metaverse platforms at this highly suggestible demographic during an important stretch of their brains’ mental and emotional development with potentially dire consequences. “This is just an exacerbation of the problems that we’ve already started to see with the effects of social media,” he says. “This is creating more loneliness. This is creating far more body image concerns [and] exposure to dangerous content that’s related to suicidality.”</p>
<p>In December 2021, Meta launched a virtual reality social platform, Horizon Worlds. In March 2021, Microsoft launched a cloud collaboration service for virtual 3D business meetings. Other companies, like Roblox and Epic Games, are grabbing toeholds in the metaverse through popular online games.</p>
<p>One such game publisher, VRChat, already shows evidence of dangers for young users. In December 2021, research from the nonprofit Center for Countering Digital Hate (CCDH) found that minors were regularly exposed to graphic sexual content, racist and violent language, bullying and other forms of harassment on VRChat’s platform, which is typically accessed through Meta’s Oculus headsets.</p>
<p>Meta and Oculus have policies prohibiting these sorts of negative behaviors on their VR platforms. When reached for comment, a Meta spokesperson referred to the company’s previous statements on trying to build a metaverse “Responsibly,” and the Oculus platform’s tools for reporting abuse and blocking other users.</p>
<p>That is part of the problem, says the CEO of CCDH, “Safety policies, however well-intentioned, can be difficult to monitor and enforce in virtual spaces. Virtual reality really does need a lot of safety built in from the start, because you can’t search [the metaverse] for hate or sexual abuse,” he says. “You can’t. It happens in an instant [and] there’s nothing you can do.”</p>
<p>A prediction is that parents will need to be wary about their kids’ access to the metaverse. “I think parents will be asking themselves: Do I feel safe knowing that Mark Zuckerberg is the guy in charge of deciding who influences my children, who might be able to bully them, and whether or not they’re safe in cyberspace?” he says.</p>
<p>The irony is that virtual reality and the metaverse have massive promise for improving users’ mental health. USC research indicates potential for virtual reality treatments to promote empathy in patients and help with issues like psychological trauma and PTSD. USC and other experts agree the responsibility is on tech companies to prioritize the safety of their users over their own incentive to turn a profit. Tech companies could employ tools to ensure the metaverse’s safety for young users, including strict age verification tools to prevent predators from posing as younger users, plentiful content moderators and “rapid response” when users report violations of inappropriate behavior. “There’s no reason why there couldn’t be the presence of moderators in spaces in which children are present [or] virtual chaperones,” it is said. “But, of course, that would require money.” </p>
<p>Many experts believe it is too much to ask parents, most of whom have “relatively little personal experience with understanding these platforms” to monitor what their children are exposed to in the metaverse. Suggestions are being offered to find ways “to incentivize these companies to use these brilliant tools to actually improve society...Right now, they’re incentivized to make a profit.” Unfortunately, money and profits outweigh safety.</p>
<p>Stock shares in Facebook, who in a recent marketing move changed their name to Meta, fell 20% last week in US. This in premarket trades after the social media company issued a bleak forecast, blaming Apple's privacy changes and increased competition.</p>
<p>In other tech stock news, a flaw in Apple's software and exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was concurrently exploited by a competing company. Google’s parent company Alphabet advanced nearer to joining peers Apple and Microsoft in the elite $2 trillion market valuation club as the search giant's shares surged more than 8% following a blowout quarterly report. Spotify forecast current-quarter subscribers lower than Wall Street expectations, but its executives sought to reassure investors that growth had not cratered even as it deals with the fallout from the controversy around The Joe Rogan Experience podcast. Last week, the company's shares fell as much as 18% in late trading.</p>
<p>Some financial analysts predict that “the party is over” for technology start-ups rushing to go public at ever-higher valuations. This as current volatile US stock markets have stifled investor desire for high-growth stocks.<a href="#_ftn2">[2]</a></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization who has long collected and analyzed cyber indicators. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p> </p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p> </p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p> </p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.cnbc.com/2022/01/31/psychologists-metaverse-could-be-a-problem-for-kids-mental-health.html">https://www.cnbc.com/2022/01/31/psychologists-metaverse-could-be-a-problem-for-kids-mental-health.html</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.reuters.com/technology/meta-platforms-frankfurt-listed-shares-drop-tepid-forecast-2022-02-03/">https://www.reuters.com/technology/meta-platforms-frankfurt-listed-shares-drop-tepid-forecast-2022-02-03/</a></p></div>Meta / Instagram and Kidshttps://redskyalliance.org/xindustry/meta-instagram-and-kids2021-11-19T19:50:02.000Z2021-11-19T19:50:02.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}9825168682,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9825168682,RESIZE_400x{{/staticFileLink}}" width="250" alt="9825168682?profile=RESIZE_400x" /></a>A bipartisan group of state attorneys general said on Thursday they had opened an investigation into Meta, the company formerly known as Facebook, for promoting its social media app Instagram while knowing of mental and emotional harms caused by Instagram. </p>
<p>As of now, 11 US states are involved in the investigation, including California, Florida, Kentucky, Massachusetts, Minnesota, Nebraska, New Jersey, New York, Oregon, Tennessee and Vermont, as well as the District of Columbia. The Massachusetts attorney general and one of the leaders of the investigation, said the states were examining whether the company’s actions violated state consumer protection laws and put the public at risk. “Facebook, now Meta, has failed to protect young people on its platforms and instead chose to ignore or, in some cases, double down on known manipulations that pose a real threat to physical and mental health, exploiting children in the interest of profit,” she said.</p>
<p>The move comes after a mountain of documents from a former employee detailed research inside of the social media company that suggested teenagers suffered body image issues when using Instagram. The documents, called <u>The Facebook Papers</u>, were shared with journalists last month. The Wall Street Journal (WJS) first reported on the documents and the issues at Instagram with the help of the whistle-blower.<a href="#_ftn1">[1]</a> </p>
<p>The Nebraska attorney general and another leader of the investigation, said the states would examine, “the techniques utilized by Meta to increase the frequency and duration of engagement by young users and the resulting harms caused by such extended engagement. When social media platforms treat our kids as mere commodities to manipulate for longer screen time engagement and data extraction, it becomes imperative for state attorneys general to engage our investigative authority under our consumer protection laws,” he said in a tweet.</p>
<p>The states’ investigation adds to building regulatory pressure on Meta and other majors of Silicon Valley. The whistle blower and public interest groups have filed at least nine complaints to the US Securities and Exchange Commission (SEC) claiming Meta mislead investors about its efforts to protect users from disinformation and hate. The Federal Trade Commission (FTC) and dozens of states have filed antitrust lawsuits to break up Meta, and members of Congress have also vowed to create privacy, speech and antitrust legislation aimed at reining in the power of Amazon, Apple, Facebook and Google. </p>
<p>Spanning tens of thousands of pages and gigabytes of data, the Facebook Papers show a company struggling to deal with many issues that come as a byproduct of its enormous scale and billions of users, spanning topics like misinformation, addiction and manipulation of users around the world. Much of the information came in the form of detailed reports investigating the issues, laid out by the company’s research division. Meta has said the research efforts are intended to address the issues they pinpoint, with the aim of improving the company’s products and services.</p>
<p>How did this all begin? In September, WJS published The Facebook Files, a series of reports based on leaked documents. The series exposed evidence that Facebook, which on 28 October changed their name from Facebook to Meta, and one of its products – Instagram - was aggravating body-image issues among teenagers. </p>
<p>The whistle-blower a Facebook product manager who left the company in May said during an interview with “60 Minutes” that she was responsible for the leak of those internal documents. Her testimony in Congress on 5 October 2021cbefore a Senate subcommittee, provided that Facebook was willing to use hateful and harmful content on its site to keep users coming back. Facebook executives, including Mark Zuckerberg, called her accusations untrue.</p>
<p>The Whistle blower also filed a complaint with the SEC and provided the documents to Congress in redacted form. A congressional staff member then supplied the documents, known as the Facebook Papers, to several news organizations, including The New York Times. </p>
<p>Documents derived from the Facebook Papers show the degree to which Facebook knew of extremist groups on its site trying to polarize American voters before the election. They also reveal that internal researchers had repeatedly determined how Facebook’s key features amplified toxic content on the platform. The documents detail that roughly a third of teenage girls in a survey who already felt bad about their bodies said Instagram made them feel worse. “Comparisons on Instagram can change how young women view and describe themselves,” the documents said.</p>
<p>Meta has disputed the characterization of the initial reporting on Instagram’s issues, saying that the story lacked context, left out vital information and was a poor interpretation of the data obtained by WJS. The company argued that on 11 of 12 well-being issues, the surveyed teenage girls said that Instagram made them feel “better and not worse.” “It is simply not accurate that this research demonstrates Instagram is ‘toxic’ for teen girls,” said a vice president and head of research at Facebook. </p>
<p>In a statement this past week, a representative for Meta strongly disputed the claims made by the state attorneys general against Instagram. “These accusations are false and demonstrate a deep misunderstanding of the facts,” said a spokeswoman for the company. “While challenges in protecting young people online impact the entire industry, we’ve led the industry in combating bullying and supporting people struggling with suicidal thoughts, self-injury, and eating disorders.”</p>
<p>And the Beat Goes On. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.nytimes.com/2021/11/18/technology/meta-instagram-investigation-teens.html">https://www.nytimes.com/2021/11/18/technology/meta-instagram-investigation-teens.html</a></p></div>Facebook Woeshttps://redskyalliance.org/xindustry/facebook-woes2021-10-06T14:20:01.000Z2021-10-06T14:20:01.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}9651443878,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9651443878,RESIZE_400x{{/staticFileLink}}" alt="9651443878?profile=RESIZE_400x" width="250" /></a>Facebook has been having its share of problems. From a global outage to a Whistleblower gone public with claims that Instagram causes youth-based psychological issues, the social media giant is now on the defensive. US Congress is currently taking another, yet closer, look at oversight of social media platforms. </p>
<p>Facebook and its Instagram and WhatsApp platforms are finally back in operation after a worldwide outage hit the services and the businesses and people who rely on its platforms. Facebook reported late on 4 October that, “the root cause of this outage was a faulty configuration change” and that there is, “no evidence that user data was compromised as a result” of the outage. The company apologized and said it is working to understand more about the cause, which began around 11:40 am EST.<a href="#_ftn1">[1]</a> </p>
<p>To compound Facebook’s woes, a Facebook whistleblower who was a past product manager, provided The Wall Street Journal (WSJ) with internal documents that exposed the company’s awareness of harms caused by its products and decisions. This lead to the Whistleblower going public on CBS’s “60 Minutes.” This a day prior on 3 October and then testified with a US Senate subcommittee on 5 October. A coincidence? </p>
<p>The worldwide outage did not exactly bolster Facebook’s argument that its size and influence provide important benefits for the World. London-based internet monitoring firm Netblocks noted that the company’s 2019 plans to integrate the technology behind its platforms raised concerns about the risks of such a move. While such centralization, “gives the company a unified view of users’ internet usage habits,” Netblocks said, it also makes the services vulnerable to single points of failure.</p>
<p>“This is epic,” said the director of internet analysis for Kentik Inc, a network monitoring and intelligence company. The last major internet outage, which knocked many of the world’s top websites offline in June, lasted less than an hour. The stricken content-delivery company in that case, Fastly, blamed a software bug triggered by a customer who changed a setting. For hours, Facebook’s only public comment was a tweet in which it acknowledged that “some people are having trouble accessing (the) Facebook app” and said it was working on restoring access. Regarding the internal failures, Instagram head Adam Mosseri tweeted that it feels like a “snow day.” Facebook’s outgoing chief technology officer, later tweeted “sincere apologies.”</p>
<p>In the 4 October statement, Facebook blamed changes on routers that coordinate network traffic between data centers. The company said the changes interrupted the communication, which had “a cascading effect on the way our data centers communicate, bringing our services to a halt.” There was no evidence as of 4 October that malicious activity was involved. Cloudflare, tweeted that “nothing we’re seeing related to the Facebook services outage suggests it was an attack.” Facebook did not respond to messages for comment about the attack or the possibility of malicious activity.</p>
<p>The outage impact was far worse for multitudes of Facebook’s nearly 3 billion users, showing just how much the world has come to rely on it and its properties, to run businesses, connect with online communities, log on to multiple other websites and even order food. It also showed that despite the presence of Twitter, Telegram, Signal, TikTok, Snapchat and a bevy of other platforms, nothing can easily replace the social network that over the past 17 years has effectively evolved into critical infrastructure. The outage came the same day Facebook asked a federal judge that a revised antitrust complaint against it by the Federal Trade Commission (FTC) be dismissed because it faces vigorous competition from other services.</p>
<p>Now back to the Whistleblower and that Facebook and other social media platforms create a hazard to cultures, especially children. For the past three years Facebook has been conducting internal research into how Instagram, which the company bought in 2012, affects its users. The results repeatedly show that Instagram is harmful to a sizable percentage of its users, with teenage girls being particularly negatively impacted by the app. A line in the company’s own reports reads: “We make body image issues worse for one in three teen girls.” In the wake of that research’s publication as part of the WSJ’s recent series the Facebook Files, an executive from the social network was hauled in front of Congress. The company has also started to backtrack, releasing documents, putting Instagram Kids on pause, and trying to get ahead of congressional anger. CEO Mark Zuckerberg has testified numerous times to the US Congress and Senate, along with other social media platform chiefs. But while the findings are clear, Instagram negatively affects teens’ (especially teen girls’) mental health, Facebook’s current public response to the reporting has been less than convincing, with Zuckerberg calling the research “inconclusive.”<a href="#_ftn2">[2]</a></p>
<p>"At the heart of these accusations is this idea that we prioritize profit over safety and well-being. That's just not true," Zuckerberg wrote on Facebook, adding that the platform cares "deeply about issues like safety, well-being and mental health." After all this time, does anyone believe Zuckerberg? The Whistleblower testified that, "The company's leadership knows how to make Facebook and Instagram safer but won't make the necessary changes because they have put their astronomical profits before people. Congressional action is needed. They won't solve this crisis without your help.”<a href="#_ftn3">[3]</a></p>
<p>So where is this all headed to? Social media is now considered by many as critical infrastructure. Facebook has over 3 billion international users. Their platform can influence a multitude of individuals throughout the entire globe. Governments must seriously consider regulation on the power of social media, when morals and ethics are allegedly disregarded. Is this a slippery slope? Time will tell. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization that offers cyber threat services that include RedXray and Cyber Threat Analysis Center (CTAC) to aid organizations for cyber threat hunting, notifications, and analysis. Service descriptions can be found at <a>https://www.wapacklabs.com. </a> For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://apnews.com/article/facebook-whatsapp-instagram-outage-8b9d3862ed957029e545182a595fdce1">https://apnews.com/article/facebook-whatsapp-instagram-outage-8b9d3862ed957029e545182a595fdce1</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.nytimes.com/2021/10/05/technology/teenage-girls-instagram.html">https://www.nytimes.com/2021/10/05/technology/teenage-girls-instagram.html</a></p>
<p><a href="#_ftnref3">[3]</a> <a href="https://www.business-standard.com/article/companies/zuckerberg-denies-facebook-puts-profit-over-users-safety-121100600604_1.html">https://www.business-standard.com/article/companies/zuckerberg-denies-facebook-puts-profit-over-users-safety-121100600604_1.html</a></p></div>Don’t “Friend” Ragnar Locker Ransomware Gang on Facebookhttps://redskyalliance.org/xindustry/don-t-friend-ragnar-locker-ransomware-gang-on-facebook2020-11-12T22:14:40.000Z2020-11-12T22:14:40.000ZMac McKeehttps://redskyalliance.org/members/MacMcKee<div><p><a href="{{#staticFileLink}}8155549678,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8155549678,RESIZE_400x{{/staticFileLink}}" width="250" alt="8155549678?profile=RESIZE_400x" /></a>The Ragnar Locker ransomware group has decided to ratchet up the pressure on its latest high-profile victim, Italian liquor conglomerate Campari, by taking out Facebook ads threatening to release the 2TB of sensitive data it downloaded in a November 3, 2020 attack unless a US$15 million ransom is paid in Bitcoin. Attacks that are carried out by the gang behind Ragnar Locker, break into company networks, make themselves admins, conduct reconnaissance, delete backups and deploy ransomware manually, before demanding multi-million dollar ransoms.</p>
<p>Cyber threat actors, who conduct similar “targeted” or “big game” ransomware attacks, the Ragnar Locker gang try to avoid detection as they operate inside a victim’s network with a tactic dubbed “living off the land”. Living off the land entails using legitimate software administration tools that either already exist on the network the crooks have broken into, or that don’t look suspicious or out of place. <a href="https://nakedsecurity.sophos.com/2019/02/14/inside-a-gandcrab-targeted-ransomware-attack-on-a-hospital/">PowerShell</a> framework has been used in this manner for attacks.</p>
<p>PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and the associated scripting language. Initially a Windows component only, known as Windows PowerShell, it was made open-source and cross-platform on 18 August 2016 with the introduction of PowerShell Core. The former is built on the.NET Framework, the latter on.NET Core.</p>
<p><a href="https://threatpost.com/campari-site-ransomware-hangover/161029/">Campari Group</a>, which owns a number of popular global brands including SKYY, Grand Marnier and Wild Turkey, has acknowledged the ransomware attack. This is a new spin on the <a href="https://threatpost.com/double-extortion-ransomware-attacks-spike/154818/">double-extortion ransomware tactic</a>, where criminals not only lock organizations out of their systems, but also threaten to release sensitive stolen data to the public if their demands are not met. The Facebook ads an entirely new layer of extortion pressure, letting the public know that Campari data is compromised and that the liquor giant is refusing to pay to keep it secure.</p>
<p>The ads, first spotted by researcher Brian Krebs on Nov. 9, 2020 were to-the-point and entitled, “Security Breach of Campari Group Network.” <a href="https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/">Ragnar Locker bought the ads</a> using a hacked Facebook account, which Krebs said were subsequently shown to more than 7,000 users before Facebook caught on and pulled them down.</p>
<p>“Cybercrime groups have no shame in their extortion attempts,” Chris Clements, vice president of solutions architecture with Cerberus Sentinel said. “They will use any and all options available to them to extract whatever money they can from their victims. The use of compromised Facebook user accounts to buy ad campaigns to further harass their victims is novel, but not at all out-of-character.”</p>
<p>First observed in 2019, the Ragnar Locker group started using the threat of making stolen data public in April 2020, when it launched a Wall of Shame site, security researcher who uses the handle Pancak3.</p>
<p>He added that the executables for both the <a href="https://threatpost.com/campari-site-ransomware-hangover/161029/">Campari ransomware attack</a> and a recent high-profile breach of <a href="https://threatpost.com/gaming-giant-capcom-ragnar-locker-ransomware/160996/">gaming giant Capcom</a> were signed by the same cert, linking both to the Ragnar Locker group. Pancak3 added that he thinks it shows that the Ragnar Locker ransomware operators are getting “more confident in their intrusion methods.” With the development of public advertising to increase pressure for victims to pay, it would appear the group is not even trying to hide their malicious activities any longer. In fact, they are publicizing them. An added concern is that everyday Facebook advertisers are now vulnerable to Ragnar Locker attacks.</p>
<p>“What this does show is that every online user is vulnerable to compromise and false financial charges should their social-media accounts be compromised and used to purchase ad campaigns on the corresponding platforms,” Clements said. “Users should ensure that two-factor authentication is enabled on all of their online accounts and that they do not reuse the same password across different websites or mobile applications.”</p>
<p>Backing up bad actions with public advertising is likely to be copied by other hacker gangs. Ragnar Locker appears to be somewhat of an influential group within the ransomware community. In September 2020, researchers observed the Maze group picking up the <a href="https://threatpost.com/maze-ransomware-ragnar-locker-virtual-machine/159350/">Ragnar Locker trick</a> of distributing ransomware with virtual machines, an approach experts at Sophos Managed Threat Response called “radical.”</p>
<p>The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to success. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.</p>
<p>Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports. There are extensive reports on many of the threats mentioned in this article that can be found at <a href="https://redskyalliance.org/">https://redskyalliance.org</a>. There is no charge for these reports and articles posted.</p>
<p>What can you do to better protect your organization today?</p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Implement 2-Factor authentication company wide.</li>
<li>Join and become active in your local Infragard chapter, there is no charge for membership. <a href="http://www.infragard.org/">infragard.org</a></li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network. Ransomware protection is included at no charge for RedXray customers.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p> </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a>.</p>
<p><strong> </strong></p>
<p><strong>Reporting: </strong><a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p><strong>Website: </strong><a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></p>
<p><strong>LinkedIn: </strong><a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a></p>
<p><strong>Twitter: </strong><a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></p>
<p><strong>Weekly Cyber Intelligence Briefings: </strong></p>
<p><a href="https://attendee.gotowebinar.com/register/8782169210544615949">https://attendee.gotowebinar.com/register/8782169210544615949</a></p>
<p> </p>
<p><a href="{{#staticFileLink}}8155550695,original{{/staticFileLink}}">TR-20-317-001.pdf</a></p>
<p> </p>
<p><a href="https://threatpost.com/ragnar-locker-ransomware-facebook-ads/161133/">https://threatpost.com/ragnar-locker-ransomware-facebook-ads/161133/</a></p>
<p> </p></div>Russian Internet Isolation Legislationhttps://redskyalliance.org/xindustry/russian-internet-isolation-legislation2019-05-10T16:56:16.000Z2019-05-10T16:56:16.000ZYury Polozovhttps://redskyalliance.org/members/YuryPolozov<div><p> </p><p>On 1 May 2019, Russian President Vladimir Putin signed “Internet sovereignty” bill. New requirements to use ISPs to track traffic origin will likely force traffic decryption and support of internal censorship efforts. In the future, Russia will develop its own DNS system to conduct special Internet controls. Currently, LinkedIn is banned in Russia. Russian national payment system, Mir, was developed after several Russian banks were denied services by US-based Visa and MasterCard. Future steps for the Russian Internet isolation pose risks to Russian versions of Twitter and Facebook.</p><p><strong>Details</strong></p><p>The new legislation was adopted on 1 May 2019<a rel="nofollow" name="_ftnref1" id="_ftnref1">[1]</a>and states its aim is to enable the Russian Internet to operate independently from the World Wide Web, in the event of an emergency or foreign threat.<a rel="nofollow" name="_ftnref2" id="_ftnref2">[2]</a> The legislative amendments explain that Internet Exchange Points, or IXPs must comply with orders from and share information with the Federal Service for the Supervision of Communications, Information Technology, and Mass Media; better known as Roskomnadzor.<a rel="nofollow" name="_ftnref3" id="_ftnref3">[3]</a> The Russian national domain name system (DNS) will be developed by 2021.</p><p>The new authority and accompanying technology could allow Roskomnadzor to institute a national firewall similar to the Golden Shield in China. Currently, Roskomnadzor issues orders to telecoms to block undesirable information. These orders vary between blocking IP addresses or URLs, yet often do not work well. Internet messenger Telegram, despite multiple Russian government attempts to block it, is still currently available to many inside the country.</p><p>In March 2019,about 15,000 people demonstrated to protest this bill in Moscow. At least 28 people were detained in relation to the event organized by Russia’s Libertarian Party.<a rel="nofollow" name="_ftnref4" id="_ftnref4">[4]</a> Regardless, the bill moved on and was passed.</p><p>Social media giants, Twitter and Facebook, are in a legal struggle over previous Russian legislation which requires these companies to store Russian personal data in Russia. In April 2019, Twitter and Facebook were ordered unusually small fine of $47 for not complying. But in 2016, LinkedIn was banned in Russia for failure to comply with the same law, without being given an opportunity to negotiate. In February 2019, Apple began storing their data in Russia after they were threatened with similar fines. A total Twitter ban is still an option by Russia.<a rel="nofollow" name="_ftnref5" id="_ftnref5">[5]</a></p><p><strong>Conclusions</strong></p><p>Russia is working to monitor and isolate its sovereign sector of the Internet. These measures are reporting to prevent crime, terrorism and foreign sanctions, and in reality, will help the Russian government with internal surveillance and censorship. Wapack Labs will continue to monitor this matter.</p><p> </p><p>Prepared by: Yury Polozov<br/> Serial: TR-19-129-001<br/> Report Date: 05092019<br/>Country: RU, US<br/>Industries: IT, Media</p><p><a rel="nofollow" name="_ftn1" id="_ftn1">[1]</a>publication.pravo.gov.ru/Document/View/0001201905010025 [in Russian]</p><p><a rel="nofollow" name="_ftn2" id="_ftn2">[2]</a><a rel="nofollow" href="http://www.hrw.org/news/2019/04/24/joint-statement-russias-sovereign-internet-bill">www.hrw.org/news/2019/04/24/joint-statement-russias-sovereign-internet-bill</a></p><p><a rel="nofollow" name="_ftn3" id="_ftn3">[3]</a>arstechnica.com/tech-policy/2019/05/putin-signs-bill-tightening-government-grip-on-the-russian-internet/</p><p><a rel="nofollow" name="_ftn4" id="_ftn4">[4]</a><a rel="nofollow" href="http://www.bloomberg.com/news/articles/2019-03-10/thousands-rally-for-internet-freedom-in-moscow-monitoring-group">www.bloomberg.com/news/articles/2019-03-10/thousands-rally-for-internet-freedom-in-moscow-monitoring-group</a></p><p><a rel="nofollow" name="_ftn5" id="_ftn5">[5]</a>techspot.com/news/79642-russia-fines-facebook-twitter-50-refusing-store-user.html</p></div>