AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/17/2022

Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology

From at least January 2020, through February 2022, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources. Historically, Russian state-sponsored cyber actors have used common but effective tactics to gain access to target networks, including spearphishing, credential harvesting, brute force/password spray techniques, and known vulnerability exploitation against accounts and networks with weak security. These actors take advantage of simple passwords, unpatched systems, and unsuspecting employees to gain initial access before moving laterally through the network to establish persistence and exfiltrate data. 


Journalist won’t be indicted for hacking for viewing a state website’s HTML

A journalist incorrectly branded as a “hacker” by the governor of Missouri won’t be prosecuted “for hacking”. This was a quick and foreseen win for St. Louis Post-Dispatch reporter Josh Renaud after a prosecutor from Cole County dismissed Missouri Governor Mike Parson’s criminal charges against him for allegedly hacking a government website by viewing its public HTML code— something anyone can do by simply pressing the F12 button. Perhaps due to the absurd allegation, Internet users following the cause couldn’t help but rename this as “the F12 case”. Locke Thompson, a Cole County Prosecutor, released a statement on Friday last week, which includes: “There is an argument to be made that there was a violation of law. However, upon a review of the case file, the issues at the heart of the investigation have been resolved through non-legal means, As such, it is not in the best interest of Cole County citizens to utilize the significant resources and taxpayer dollars that would be necessary to pursue misdemeanor criminal charges in this case. The investigation is now closed, and the Cole County Prosecutor’s Office will have no further comment on the matter.”


Lithuania warns banks of cyber attacks, power cuts amid fears of war in Ukraine

Lithuania’s central bank has told the country’s banks to prepare for power cuts and cyberattacks as Russia’s standoff with Ukraine risks spilling over into a military conflict, according to a document and two sources familiar with the matter. Russia has amassed over 100,000 troops near Ukraine’s borders, prompting fears of an invasion. Losing electricity and internet access are among “extreme but possible” scenarios that Lithuania’s central bank told finance companies to be ready for in a letter sent to them last week and seen by Reuters. Lithuania, as well as Baltic neighbours Latvia and Estonia, shares a common power grid with Russia run from Moscow.


Canada’s major banks go offline in mysterious hours-long outage

Five major Canadian banks went offline for hours blocking access to online and mobile banking as well as e-transfers for customers. The banks hit by the outage include Royal Bank of Canada (RBC), BMO (Bank of Montreal), Scotiabank, TD Bank Canada, and the Canadian Imperial Bank of Commerce (CIBC). Canada’s five major banks went offline yesterday impeding access to e-Transfers, online and mobile banking services for many. Reports of users having trouble getting to their online banking peaked between 5 p.m. and 6 p.m. Eastern time on Wednesday, although BleepingComputer is continuing to see an influx of these reports into today. “We are currently experiencing technical issues with our online and mobile banking, as well as our phone systems,” an RBC representative confirmed.


Healthcare Data Breaches Impact 147k Illinoisans

The protected health information (PHI) of nearly 150,000 residents of Illinois may have been exposed in data breaches at two separate healthcare organizations. South Shore Hospital (SSH) in Chicago and the Family Christian Health Center (FCHC) in Harvey, Illinois, have begun notifying Illinoisans that the security of their data may have been compromised. SSH became aware of suspicious activity on its network on December 10 2021. The hospital hired a third-party digital forensics firm to investigate the activity and activated its emergency cybersecurity protocols. The investigation determined that data belonging to some current and former hospital patients and employees may have been accessed by an unauthorized third-party. Data that may have been exposed in the attack included names, addresses, birth dates, Social Security numbers, health insurance information, diagnoses, Medicare and Medicaid information and financial information. SSH has not revealed the exact nature of the incident or stated whether any files had been exfiltrated during the attack. 


Microsoft warns of emerging ‘ice phishing’ threat on blockchain, DeFi networks

Microsoft has warned of new threats impacting blockchain technologies and web3 including “ice phishing” campaigns. The blockchain, decentralized technologies, DeFi, smart contracts, exploration into the concept of a ‘metaverse’ and web3 — the decentralized foundation built on top of cryptographic systems that underlay blockchain projects — are all being pursued in what could be radical changes in how we understand and experience connectivity today. However, with every technological innovation, there may also be new avenues created for cyberattackers and web3 is no exception. Today’s most common threats include mass spam and phishing conducted over email and social media platforms, social engineering, and vulnerability exploitation. 

Related Posts