AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/15/2023

Ransomware attacks surge against US manufacturing plants 

The manufacturing industry suffered at least 437 ransomware attacks in 2022, making up more than 70% of these types of costly and disruptive assaults that industrial companies faced last year, according to the cybersecurity firm Dragos. The number of attacks against manufacturing plants also jumped about 107% compared with the 211 recorded against the sector in 2021, according to data from Dragos, which specializes in cybersecurity for industrial systems. Overall, the firm recorded a total of 605 ransomware attacks affecting the industrial sector last year, a 92% increase over the 315 attacks the firm detected in 2021. 


Google lets a few Android devices into its Privacy Sandbox 

Google on Tuesday began rolling out a beta test of its Privacy Sandbox software for a small portion of Android 13 devices to learn how its purportedly privacy-protecting ad tech actually performs. Google began working on its Privacy Sandbox in 2019 and its Android iteration surfaced a year ago. The ad tech do-over represents an attempt to maintain current modes of online advertising, like targeting and remarketing, once invasive third-party cookies – used for cross-site tracking and profiling – get phased out. That was originally supposed to happen in 2022, but was pushed back to 2023, then to 2024, and may yet require longer still. 


New stealthy ‘Beep’ malware focuses heavily on evading detection 

A new stealthy malware named ‘Beep’ was discovered last week, featuring many features to evade analysis and detection by security software. The malware was discovered by analysts at Minerva after a flurry of samples were uploaded to VirusTotal, an online platform for file scanning and malicious content detection. Although Beep is still in development and missing several key features, it currently allows threat actors to download and execute further payloads on compromised devices remotely. 


Adsense abused: 11,000 sites hacked in a backdoor attack 

Sucuri researchers have reported a backdoor that has successfully infected around 11,000 websites in recent months. Here are the details shared by Sucuri in its technical report. It is a fact that, lately, several Google products have been exploited and abused to spread malware and other malicious components, including Google AdsGoogle Home, and Google DriveIn fact, a study revealed that Google Drive accounted for 50% of malicious Office document downloads in 2022. 


Chinese Hackers Infiltrate South American Diplomatic Networks 

The Chinese state-sponsored threat actor DEV-0147 has been spotted targeting diplomatic entities in South America with the ShadowPad remote access Trojan (RAT), also known as PoisonPlug. Microsoft shared the findings on Twitter on Monday, saying the threat actor’s new campaign represents a notable expansion of the group’s data exfiltration operations that previously targeted government agencies and think tanks in Asia and Europe. From a technical standpoint, the technology giant said it observed DEV-0147 deploy ShadowPad, a RAT associated with other China-based actors, to achieve persistence, and QuasarLoader, a webpack loader, to download and execute additional malware. “DEV-0147’s attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for recon and lateral movement and the use of Cobalt Strike for command and control and data exfiltration,” reads one of the Twitter posts. 


Cloudflare Stops Largest HTTP DDoS Attack on Record 

A DDoS-mitigation vendor said its customers were hit with a wave of volumetric attacks over the weekend designed to flood their websites with HTTP requests, including the largest such attack on record. Cloudflare explained in a blog post that it was forced to mitigate dozens of the “hyper-volumetric” DDoS attacks, which were launched from over 30,000 IP addresses. “The majority of attacks peaked in the ballpark of 50–70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 35% higher than the previous reported record of 46 million rps in June 2022,” it explained. “Some of the attacked websites included a popular gaming provider, cryptocurrency companies, hosting providers and cloud computing platforms. The attacks originated from numerous cloud providers, and we have been working with them to crack down on the botnet.” 

Related Posts