North Korean hackers target Russian-based companies

For the first time, the North Korean APT Lazarus group seems to be participating in coordinated attacks against Russian-based companies. According to CheckPoint Research, the attacks over the past several weeks were likely launched by the Lazarus subdivision “Bluenoroff, whose main focus is monetization and global espionage campaigns.”

The North Koreans choosing to cyber-attack Russia is an “unusual choice,” CheckPoint said, as “usually, these attacks reflect the geopolitical tensions between the DPRK and nations such as the U.S, Japan and South Korea. In this case, though, it is probably Russian organizations who are the targets.”

Other cybersecurity news

The Russians can pwn organizations in under 20 minutes, so get with the 1-10-60 rule

When it was Russia doing the attacking in 2018, organization defenders sadly had fewer than 20 minutes “to respond to and contain or remediate an intrusion before it spreads widely in their environment and leads to a major breach.” That’s the “breakout time” if Russia is coming for you as defined in the 2019 Crowdstrike Global Threat Report; the breakout time metric “measures the speed with which adversaries accomplish lateral movement in the victim environment after their initial compromise.”

Russian attackers are “almost eight times as fast as their speediest competitor – North Korea-based adversaries, who themselves are almost twice as fast as intrusion groups from China.” CrowdStrike rated the 2018 average breakout times for the following five groups:

• 18 minutes and 49 seconds for the “bears” – aka Russians
• 2 hours, 28 minutes and 14 seconds for “chollima” aka North Korea
• 4 hours and 26 seconds for “pandas” aka China
• 5 hours, 9 minutes and 4 seconds for “kittens” aka Iranians
• 9 hours, 42 minutes and 23 seconds for “spiders” aka cyber-criminals

If organizations want to effectively combat sophisticated cyber attacks, CrowdStrike recommends they get with the 1-10-60 rule: Detect intrusions within one minute, pull off a full investigation in fewer than 10 minutes, and eradicate the attacks from the environment in under 60 minutes.

WordPress and Drupal CMS flaws

Hopefully you trust the people you marked as “author” on any WordPress sites you might have, as Rips Technologies revealed a remote code execution vulnerability that can be exploited by an account with at least author privileges; the RCE flaw is in every WordPress version released “for over six years.”

If you are more of a Drupal person, then there’s a “highly critical” update you need that will be released on Wednesday; it’s rated 20 of 25 for severity.

Deeply creepy eye-in-sky: Cameras embedded in airplane in-flight entertainment systems

After being confronted by Twitter user Vitaly Kamluk, Singapore Airlines admitted that the “sensors” on in-flight entertainment screens were indeed cameras. The cameras, which are part of inflight entertainment systems, are allegedly “disabled” with no plan to start using them.

Just found this interesting sensor looking at me from the seat back on board of Singapore Airlines. Any expert opinion of whether this a camera? Perhaps @SingaporeAir could clarify how it is used? pic.twitter.com/vy0usqruZG

— Vitaly Kamluk (@vkamluk) February 17, 2019

Hi there, thank you for reaching out to us. We would like to share that some of our newer inflight entertainment systems provided by the original equipment manufacturers do have a camera embedded in the hardware. (1/2)

— Singapore Airlines (@SingaporeAir) February 17, 2019

These cameras have been disabled on our aircraft, and there are no plans to develop any features using the cameras. Thank you. (2/2)

— Singapore Airlines (@SingaporeAir) February 17, 2019

Put another way:

inching closer to Black mirror every day. free idea: you’re in a big metal tube for 12 hours and the screen demands you must pay attention or you won’t get food https://t.co/JkozbkSNOF

— Internet of Shit (@internetofshit) February 19, 2019

Channel NewsAsia reported that Singapore Airlines has 84 aircraft that have cameras embedded in in-flight entertainment systems. The embedded cameras are reportedly included in in-flight entertainment systems on “SIA’s A350-900s, A380s, Boeing 777-300ERS and 787-10s.”

Forced DNA collection for Arizona database – Those giving up DNA may even be charged $250

Speaking of creepy, proposed legislation in Arizona could require DNA from, well, almost everyone. Penn State University associate dean David Kayne told Arizona Republic that SB 1475 is “one step away from requiring DNA from anyone who wants a driver’s license.”

The article also claimed that DNA could be collected from the dead, as well as from anyone who has to be fingerprinted by the state for a job. In fact, the article said, “if the proposed legislation passes, many people – from parent school volunteers to teachers to real estate agents and foster parents – will have no choice but to give up their DNA.”

If that’s not bizarre enough for you, then consider that AZCentral added, “A $250 fee could be collected from a person who submits biological samples,” though “it’s not clear who would foot the cost for the dead.” It’s also not clear if the forced collection of DNA for a massive state database is even legal.