AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/22/2023

Ransomware Gang Seeks to Exploit Victims’ Insurance Coverage 

A ransomware group is asking insured victims for details about their policy, claiming it will ultimately lower their risk exposure. Introduced in November 2022, HardBit 2.0 claims to steal data before encrypting the victim organization’s data, but unusually for such a group it has no leak site and does not use “double extortion” as a tactic, according to Varonis. Instead, the group apparently threatens further attacks if its demands aren’t met. “Rather than specifying an amount of bitcoin requested within this ransom note, the group seeks to negotiate with victims to reach a settlement,” Varonis explained in a blog post. “Notably, as part of these negotiations, victims with cyber-insurance policies are also encouraged to share details with HardBit so that their demands can be adjusted to fall within the policy.” 


AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm 

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST in July 2022 for post-quantum cryptography has been broken. Researchers from the KTH Royal Institute of Technology, Stockholm, Sweden, used recursive training AI combined with side channel attacks. A side-channel attack exploits measurable information obtained from a device running the target implementation via channels such as timing or power consumption. The revolutionary aspect of the research (PDF) was to apply deep learning analysis to side-channel differential analysis. “Deep learning-based side-channel attacks,” say the researchers, “can overcome conventional countermeasures such as masking, shuffling, random delays insertion, constant-weight encoding, code polymorphism, and randomized clock.”  


Sensitive US military emails spill online 

The U.S. Department of Defense secured an exposed server on Monday that was spilling internal U.S. military emails to the open internet for the past two weeks. The exposed server was hosted on Microsoft’s Azure government cloud for Department of Defense customers, which uses servers that are physically separated from other commercial customers and as such can be used to share sensitive but unclassified government data. The exposed server was part of an internal mailbox system storing about three terabytes of internal military emails, many pertaining to U.S. Special Operations Command, or USSOCOM, the U.S. military unit tasked with conducting special military operations. 


Crypto exchange Coinbase hacked, sensitive data stolen 

An unknown threat actor went to great lengths to try and compromise the internal systems belonging to one of the world’s most popular cryptocurrency exchange platforms using a phishing attack. While the attackers ultimately succeeded in breaching the system, they were ousted before being allowed to cause any serious harm. According to Coinbase, customer funds, as well as customer data, are all safe and sound. The hacker initially sent out five phishing SMS messages to Coinbase employees, asking them to urgently log into their company accounts and read an important message. The messages contained a link that impersonated(opens in new tab) the Coinbase corporate login page, but was in fact nothing more than a malicious landing page designed to steal sensitive data. 


Mideast governments accused of using fake dating profiles in arrests of LGBT people 

The governments of several Middle Eastern and North African countries have used fake social media or dating app profiles to lure and arrest lesbian, gay, bisexual and transgender people, according to a new report from Human Rights Watch (HRW). Rasha Younes, senior LGBT rights researcher at Human Rights Watch, spoke with 90 people directly affected by the digital targeting as well as 30 experts on the issue. HRW found that authorities in Egypt, Iraq, Jordan, Lebanon and Tunisia entrapped, detained and tortured people over their identity. In total, HRW says it found documented evidence of at least 45 cases where LGBT people were targeted and arbitrarily arrested in Egypt, Jordan, Lebanon, and Tunisia.  


Putin Speech Interrupted by DDoS Attack 

A suspected distributed denial of service (DDoS) attack downed several websites broadcasting President Putin’s state of the nation address on Tuesday, according to reports. Reuters said journalists based in multiple locations were unable to access the All-Russia State Television and Radio Broadcasting Company (VGTRK) website or the Smotrim live-streaming platform for periods during the speech. It said the Smotrim site simply didn’t load, while VGTRK displayed an error message saying “technical works were being carried out.” Although Reuters was unable to verify a DDoS as the cause, other sources did. The RIA Novosti news agency reportedly claimed malicious online actors were to blame, while a Twitter account linked to the IT Army of Ukraine confirmed the same. 

Related Posts