AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/19/2022

Europol takes down VPNLab, a service used by ransomware gangs

An international law enforcement operation has seized the servers of VPNLab.net, a virtual private network provider that advertised its services on the criminal underground and catered to various cybercrime groups, including ransomware gangs. Europol said it seized 15 servers operated by the VPNLab team in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US, and the UK. No arrests were announced, but the company’s services were rendered inoperable, and its main website now shows a Europol seizure banner. “The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online,” Edvardas Šileris, Head of Europol’s European Cybercrime Centre, said today. Prior to its shutdown today, VPNLab had been around since 2008. The service had been built around the OpenVPN technology, used 2048-bit encryption, and a network of services to encrypt and anonymize connections for its clients, all for only $60/year.

 

Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem

Ransomware is fundamentally about reaping massive profits from victims — payments were on pace to cross the billion-dollar threshold in 2021, according to the U.S. government — but there are signs foreign government-connected groups are increasingly moving into a territory dominated by criminal gangs, and for an entirely different motive: namely, causing chaos. Research that Microsoft and cybersecurity company CrowdStrike recently publicized separately concluded that Iranian hackers tied to Tehran had been conducting ransomware attacks that weren’t about making money, but instead disrupting their enemies. It echoed research from last spring and summer by FlashPoint and SentinelOne, respectively.

 

Safari and iOS users: Your browsing activity is being leaked in real time

For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time. The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say, badguy.example.com—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab.

 

AT&T and Verizon delay 5G rollout at some airports after airlines warn of disruptions

AT&T and Verizon say they will voluntarily delay the deployment of their new C-Band 5G services near some US airports after several carriers, including Delta, United and Southwest Airlines, wrote to the federal government to warn of potential flight delays due to the rollout. An AT&T spokesperson told CNBC the carrier was “frustrated” by the Federal Aviation Administration’s inability to safely deploy the networking standard without disrupting aviation services, a feat the company said 40 other countries have done without issue. Verizon shared AT&T’s sentiment. “We have voluntarily decided to limit our 5G network around airports,” the company said. “The Federal Aviation Administration and our nation’s airlines have not been able to fully resolve navigating 5G around airports, despite it being safe and fully operational in more than 40 other countries.”

 

FBI warning: Crooks are using fake QR codes to steal your passwords and money

QR codes are useful shortcuts to online resources via a phone’s camera, but scammers are now tampering with them to direct victims to phishing pages and cryptocurrency scams. QR or ‘Quick Response’ codes have been connecting scanners to real-world objects since the 1990s, but got widely adopted during the pandemic as businesses moved to contactless communication and payments via QR codes on restaurant menus, parking meters and other public spaces. But scammers are now targeting the QR code’s increased familiarity by tampering with the pixelated barcodes and redirecting victims to sites that steal logins and financial information, according to an FBI alert.

 

University of Wisconsin testing body scanners that use AI to check for threats

The University of Wisconsin Police Department is testing whether body scanners that use radar imaging and artificial intelligence are a good fit for security outside campus events, like Big Ten football games that draw tens of thousands of fans. The university signed an agreement this week with Liberty Defense for a beta test on its Madison campus, with an expected start date in the second quarter of 2022. Liberty Defense claims its “Hexwave” scanners can find threats like pipe bombs, flares and plastic guns that go undetected with traditional metal detectors. UW-Madison Police Capt. Jason Whitney told EdScoop the department is interested in the company’s claim that its AI software can analyze body scans to differentiate between threats and everyday objects like belts, wallets or keys, speeding up the screening process.

Related Posts