AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/06/2021

One Million Compromised Accounts Found at Top Gaming Firms

Tel Aviv-based threat intelligence firm Kela decided to investigate the top 25 publicly listed companies in the sector based on revenue. After scouring dark web marketplaces, it discovered a thriving market in network access on both the supply and demand side. This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year. Compromised accounts linked to internal resources like admin panels, VPNs, Jira instances, FTPs, SSOs, developer-related environments and more were found in virtually all of the top 25 gaming companies studied. This could put these firms at risk of customer data theft, corporate espionage, ransomware and more. Kela said it had tracked ransomware attacks on four gaming companies in recent months.


High-Tech Roads Are Powering Electric Cars, Sensors and More

These days, road and sidewalk surfaces can accommodate much more than driving or walking. New technologies are using these surfaces to embed power generation, communication and other capabilities. The Curiosity Lab in Peachtree Corners, Ga., a site for testing next-gen transportation technologies, is placing solar power panels into a roadway. The panels will generate the electricity to power an electric car charging port. And in Poughkeepsie, N.Y., Uncharted Power is installing its “smart” pavers in a small section of sidewalks and streets. The pavers are embedded with electricity and computing technology to serve as sensors or communication capabilities to create “uniform, modular bridging,” said Jessica O. Matthews, CEO of Uncharted Power.


FBI warns of cyberattacks to distance learning

As students head back to the classroom after the holidays, the FBI is warning students, teachers and parents that cyber criminals and bad actors are looking to exploit online classrooms. FBI Cyber Section Chief Dave Ring told ABC News the agency has seen an uptick in ransomware attacks. “It’s of greater concern now when it comes to K-12 education, because so many more people are plugged into the technology with schooling because of the distance learning situation,” he said. “So things like distributed denial of service attacks, even ransomware and of course, domain spoofing, because parents are interacting so much more with the schools online.” In early December, the FBI and the Cybersecurity and Infrastructure Security Agency issued a warning that showed a nearly 30% increase in ransomware attacks against schools.



On behalf of President Trump, the National Security Council staff has stood up a task force construct known as the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA, to coordinate the investigation and remediation of this significant cyber incident involving federal government networks. The UCG is still working to understand the scope of the incident but has the following updates on its investigative and mitigation efforts. This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly. The UCG believes that, of the approximately 18,000 affected public and private sector customers of Solar Winds’ Orion product, a much smaller number have been compromised by follow-on activity on their systems. 


FBI Investigating Threat On US Capitol Building Made Through Air Traffic Control System

A threat to fly a plane into the US Capitol building made through an air traffic control system on Tuesday doesn’t appear to be credible, but the FBI is still planning to investigate how the aviation frequency was hacked. According to CBS News, the threatening broadcast picked up by air traffic controllers in New York claimed: “We are flying a plane into the Capitol on Wednesday. Soleimani will be avenged.” Soleimani appears to refer to Qasem Soleimani, the Iranian general assassinated by a U.S. drone strike on January 3, 2020. Although the U.S. government justified the attack at the time by saying that it had been carried out as a preventative measure to “end Iran’s strategic escalation of attacks,” the move sharply escalated tensions between the two countries, stoking fears of a large-scale retaliation.


Related Posts