AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/25/2022

Russian Authorities Arrest Head of International Cybercrime Group

Four individuals believed to be members of the international cyber theft ring known as the “Infraud Organization” were arrested in Russia, news agency TASS reports. Allegedly created in 2010 by Svyatoslav Bondarenko, of Ukraine, the cybercrime group was involved in the theft, sale, and dissemination of personally identifiable information (PII), credit card data, and malware, among others. In 2018, the United States Department of Justice (DoJ) announced charges against 36 individuals believed to be members of the crime ring, as well as the arrest of 13 individuals in Australia, France, Italy, Kosovo, Serbia, and the United Kingdom. In 2020, Sergey Medvedev, of Russia, co-founder of Infraud Organization, pleaded guilty in a US court. He was sentenced in March last year, alongside Marko Leopard, of North Macedonia, also a member of the cybercrime ring.


Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’

The recent decision by the Austrian Data Protection Authority that the use of Google Analytics violates the EU General Data Protection Regulation could have “far-reaching implications.” The decision, published Jan. 13, is the first of 101 complaints filed across EU countries by advocacy group NOYB alleging companies using Google Analytics were not complying with the July 2020 Court of Justice of the European Union’s “Schrems II” decision on data transfers. The “Schrems II” decision invalidated the EU-U.S. Privacy Shield agreement. Goodwin Procter Partner and IAPP Senior Fellow Omer Tene said the Austrian DPA ruled that in providing the Google Analytics service, the company collects and transfers personal data to the U.S. while failing to protect it from U.S. government surveillance.


Ransomware gangs increase efforts to enlist insiders for attacks

A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks. The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer. Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access. In most cases, the threat actors used email and social media to contact employees, but 27% of their approach efforts were conducted via phone calls, a direct and brazen means of contact.


MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

Malicious files doctored up to look like legitimate content related to the Israeli-Palestine conflict are being used to target prominent Palestinians, as well as activists and journalists in Turkey, with spyware. That’s according to a disclosure from Zscaler, which attributes the cyberattacks to the MoleRats advanced persistent threat (APT). Zscaler’s research team was able to tie MoleRats, an Arabic-speaking group with a history of targeting Palestinian interests, to this campaign because of overlap in the .NET payload and command-and-control (C2) servers with previous MoleRats APT attacks. This campaign started last July, Zscaler reported.


53% of medical devices have a known critical vulnerability

After a year of unprecedented ransomware attacks on hospitals and healthcare systems – and with healthcare now the #1 target for cybercriminals – critical medical device risks in hospital environments continue to leave hospitals and their patients vulnerable to cyber attacks and data security issues. Cynerio found that security threats related to IoT and related devices within healthcare environments have remained sorely under-addressed, despite increased investments in healthcare cybersecurity. Data shows that 53% of connected medical devices and other IoT devices in hospitals have a known critical vulnerability.


Meta unveils metaverse AI supercomputer, claims it will be world’s fastest

Facebook’s parent company, Meta, said that its newly created artificial intelligence (AI) “Research SuperCluster” (RSC) will “pave the way” toward building the metaverse. The social media giant said that it believes RSC is already one of the fastest supercomputers in the world and will snag the top spot when it’s fully operational in mid-2022, according to a Monday blog post unveiling the hardware. “Developing the next generation of advanced AI will require powerful new computers capable of quintillions of operations per second,” wrote the company. The machine will be able to work across hundreds of different languages to develop “advanced AI” for computer vision, natural language processing and speech recognition.



Related Posts