Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/24/2021

Cybersecurity and online gaming: Don’t be a victim

The proliferation of technology and internet connectivity has made it possible for people to seek out most things online, and gaming and gambling are not exceptions. In addition to online video games, social media, music, and video streaming, there are also online casinos and gambling for real money. Well, for gambling in the USA there are state laws to mind, but in some states online gambling is permitted. Many players have registered on online gaming and gambling sites to enjoy the action right in their homes or wherever they may be (although with COVID-19, people may be stuck at home more than they want.) The demand for VIP membership to online casinos is rising. With online gambling in particular, on top of cybersecurity awareness and safe practices, there is the additional need to review and find the  online casinos with a good reputation, and robust online security. Check for scams related to a new site.  Anything involving money gets the attention of cyber criminals. The popularity of online games on marketplaces is growing. You can play for free, but many fun features are offered “for fee”. 

 

The bitcoin blockchain is helping keep a botnet from being taken down

When hackers corral infected computers into a botnet, they take special care to ensure they don’t lose control of the server that sends commands and updates to the compromised devices. The precautions are designed to thwart security defenders who routinely dismantle botnets by taking over the command-and-control server that administers them in a process known as sinkholing. Recently, a botnet that researchers have been following for about two years began using a new way to prevent command-and-control server takedowns: by camouflaging one of its IP addresses in the bitcoin blockchain.  When things are working normally, infected machines will report to the hardwired control server to receive instructions and malware updates. In the event that server gets sinkholed, however, the botnet will find the IP address for the backup server encoded in the bitcoin blockchain, a decentralized ledger that tracks all transactions made using the digital currency. By having a server the botnet can fall back on, the operators prevent the infected systems from being orphaned. 

 

Apple says it has already beaten new M1 Mac malware

Apple has moved to squash the threat of another new malware strain threatening its own-brand M1 Mac silicon devices. The malware, dubbed “Silver Sparrow” by researchers at security firm Red Canary, was thought to have already infected around 30,000 Apple M1 Macs, as well as targeting some earlier Intel-powered Macs too. However Apple has now stepped in and revoked certificates for developer accounts used by the malware’s creator to help deliver the malware packages onto victim devices – effectively stopping any new devices from being infected. The company told AppleInsider that it had acted to reduce any further spread of the malware by revoking these certificates, and that it looks to issue regular software updates to stop its devices being infected.

 

These hackers sell network logins to the highest bidder. And ransomware gangs are buying

A growing class of cyber criminal is playing an important role on underground marketplaces by breaching corporate networks and selling access to the highest bidder to exploit however they please. The buying and selling of stolen login credentials and other forms of remote access to networks has long been a part of the dark web ecosystem, but according to analysis by cybersecurity researchers at Digital Shadows, there’s been a notable increase in listings by ‘Initial Access Brokers’ over the course of the last year. These brokers work to hack into networks but rather than making profit by conducting their own cyber campaigns, they’ll act as a middleman, selling entry to networks on to other criminals, making money from the sales. Access via Remote Desktop Protocol (RDP) is the most sought after listings by cyber criminals. This can provide stealthy remote access to an entire corporate network because by allowing attackers to start from legitimate login credentials to remotely control a computer, so are much less likely to arise suspicion of nefarious activity.

 

SolarWinds not the only company used to hack targets, tech execs say at hearing

A sophisticated malware campaign attributed to Russian intelligence goes beyond a tainted software update from IT monitoring company SolarWinds, according to lawmakers and the heads of tech companies caught up in the hack. The hackers used a variety of legitimate software and cloud hosting services to access the systems of nine federal agencies and 100 private companies. The hackers used Amazon Web Services cloud hosting to disguise their intrusions as benign network traffic, lawmakers said Tuesday at a Senate Intelligence Committee hearing. Additionally, the hackers didn’t use the malware planted in SolarWinds’ Orion products to breach nearly a third of the victims. Instead they had access to other hacking techniques, all of which investigators are still unraveling, according to the lawmakers and Microsoft President Brad Smith, SolarWinds CEO Sudhakar Ramakrishna, CrowdStrike CEO George Kurtz and FireEye CEO Kevin Mandia.

 

Microsoft president asks Congress to force private-sector orgs to publicly admit when they’ve been hacked

The private sector should be legally obliged to disclose any major hacks of their systems, says Microsoft’s president and top lawyer Brad Smith. Speaking at a Senate Intelligence Committee hearing on Tuesday regarding the SolarWinds backdoor, through which suspected Russian agents infiltrated the computers of US government departments and Fortune 500 companies, Smith argued it was “time not only to talk about but to find a way to take action to impose in an appropriate manner some kind of notification obligation on entities in the private sector.” He noted it was “not a typical step” for a company to ask the United States Congress to “place a new law on ourselves and on our customers, but I think it’s the only way we’re going to protect our country and I think it’s the only way we’re going to protect the world.”

Related Posts