AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/01/2022

Who Wrote the ALPHV/BlackCat Ransomware Strain?

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat“), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant. According to an analysis released this week by Varonis, ALPHV is actively recruiting operators from several ransomware organizations — including REvil, BlackMatter and DarkSide — and is offering affiliates up to 90 percent of any ransom paid by a victim organization. “The group’s leak site, active since early December 2021, has named over twenty victim organizations as of late January 2022, though the total number of victims, including those that have paid a ransom to avoid exposure, is likely greater,” Varonis’s Jason Hill wrote.


Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

A Naked Security reader in the UK alerted us to a scam they received this afternoon in a text message. The message claimed to come from the NHS, Britain’s National Health Service, which administers coronavirus vaccinations and provides free testing throughout the country. As you probably know, PCR tests, which currently require processing in a laboratory, are considered more accurate than self-administered lateral flow tests. Indeed, PCR tests are both advised and free in the UK if you already have coronavirus symptoms, or have been in contact with someone who’s infectious. You can have a one-off test set sent through the mail, and post the completed test out to the lab for processing, but that adds time until you get the result – and if the test is positive but you don’t yet have any symptoms, that in turn adds time to your mandatory isolation period.


German Court Rules Websites Embedding Google Fonts Violates GDPR

A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user’s personal data — i.e., IP address — to Google via the search giant’s Fonts library without the individual’s consent. The unauthorized disclosure of the plaintiff’s IP address by the unnamed website to Google constitutes a contravention of the user’s privacy rights, the court said, adding the website operator could theoretically combine the gathered information with other third-party data to identify the “persons behind the IP address.” The violation amounts to the “plaintiff’s loss of control over a personal data to Google,” the ruling read.


Cyberattacks increasingly hobble pandemic-weary US schools

For teachers at a middle school in New Mexico’s largest city, the first inkling of a widespread tech problem came during an early morning staff call. On the video, there were shout-outs for a new custodian for his hard work, and the typical announcements from administrators and the union rep. But in the chat, there were hints of a looming crisis. Nobody could open attendance records, and everyone was locked out of class rosters and grades. Albuquerque administrators later confirmed the outage that blocked access to the district’s student database—which also includes emergency contacts and lists of which adults are authorized to pick up which children—was due to a ransomware attack.


Internet Society condemns UK’s Online Safety Bill for demonising encryption using ‘think of the children’ tactic

Britain’s controversial Online Safety Bill will leave Britons more exposed to internet harms than ever before, the Internet Society has said, while data from other countries suggests surveillance mostly isn’t used to target child abusers online, despite this being a key cited rationale of linked measures. Government efforts to depict end-to-end encryption as a harm that needs to be designed out of the internet as it exists today will result in “fraud and online harm” increasing, the Internet Society said this week. Founded by Vint Cerf and Bob Kahn, the Internet Society is one of the oldest and most well-respected institutions guiding the path of the public internet today. Its cry against the draconian Online Safety Bill (aka Online Harms Bill) should cause policymakers to sit up and pay attention.


US Revokes China Unicom’s License

The US government has effectively stripped another Chinese telecoms player of its license to operate in the country on national security grounds. The new Federal Communications Commission (FCC) order ends the ability of China Unicom Americas to provide telecoms services within the US. It follows a March 2021 finding by the FCC in which it said the Chinese vendor had “failed to dispel serious concerns” about its continued operations. In its ruling late last week, the FCC claimed that, as a state-owned enterprise, China Unicom “is subject to exploitation, influence and control by the Chinese government and is highly likely to be forced to comply with Chinese government requests without sufficient legal procedures subject to independent judicial oversight.” It said this is more likely today than two decades ago when the firm’s license was first approved. The FCC is particularly concerned about Beijing’s ability to “access, store, disrupt and/or misroute US communications” and therefore conduct state-backed cyber-espionage via China Unicom.


Researchers use GPU fingerprinting to track users online

A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people’s GPUs to create unique fingerprints and use them for persistent web tracking. The results of their large-scale experiment involving 2,550 devices with 1,605 distinct CPU configurations show that their technique, named ‘DrawnApart,’ can boost the median tracking duration to 67% compared to current state-of-the-art methods. This is a severe problem for user privacy, which is currently protected by laws that focus on acquiring consent to activate website cookies. These laws have led unscrupulous websites to collect other potential fingerprinting elements such as the hardware configuration, OS, timezones, screen resolution, language, fonts, etc.


The FTC is reviewing Microsoft’s $68.7 billion acquisition of Activision Blizzard

In case you missed it, last month Microsoft announced that it is acquiring video game publisher Activision Blizzard for a whopping $68.7 Billion, all paid in cash. The deal had a negative impact on Sony who saw a 14% decline in their stock price as well as raised some eyebrows. Now, the FTC is looking into the acquisition from the competitive and antitrust standpoint. FTC Chair Lina Khan has been advocating for better scrutiny of mergers and acquisitions that may harm the competition. The FTC Chair has been particular about the deals in the technology space as she believes that tech companies “are able to leverage their dominance in one line of business to gain power in other markets”. Last year, FTC put Nvidia’s acquisition of ARM under a microscope which has reportedly pushed Nvidia to consider backing out of the acquisition altogether.

Related Posts