AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/24/2022

EU Deploys Cyber Response Unit to Ukraine

The EU is deploying a newly formed Cyber Rapid-Response Team (CRRT) to Ukraine to help the country combat Russian threat actors as troops start pouring over the border. The Lithuanian Ministry of National Defence tweeted the news yesterday, revealing that the move came at the request of the Ukrainian government. Lithuania will be leading the coalition of six EU countries – which also includes Croatia, Poland, Estonia, Romania and the Netherlands – in order “to help Ukrainian institutions to cope with growing cyber-threats.” A CRRT official told the BBC that the team of eight to 12 experts would be “composed of different cyber-expertise, such as incident response, forensics, vulnerability assessment, to be able to react to a variety of scenarios.”


Increasing Number of Threat Groups Targeting OT Systems in North America

Dragos last year identified three new groups that appear to be interested in ICS/OT, which brings the total number of such groups tracked by the company to 18. The new groups discovered in 2021 are tracked as KOSTOVITE, ERYTHRITE and PETROVITE, and the first two actually managed to gain direct access into ICS/OT networks. PETROVITE, which has targeted mining and energy operations in Kazakhstan, has shown an interest in collecting data on ICS/OT systems and networks, but, based on what Dragos has seen, it has yet to actually gain access to these types of systems. The company is aware of PETROVITE attacks conducted since the third quarter of 2019. There appear to be some overlaps between PETROVITE activity and KAMACITE and Fancy Bear, which have been linked to Russia. KAMACITE has targeted energy companies in the United States.


Chinese researchers accuse NSA of being behind a powerful exploit

A Chinese cybersecurity firm released a report Wednesday that revealed a decade-old exploit allegedly created by a covert hacking group associated with the U.S. National Security Agency. The report is the first time that a Chinese cybersecurity firm has both attributed a cyberattack to a U.S. hacking group and included technical indicators of compromise. “It’s a completely different type of report here that that seems to mimic Western name-and-shame,” said Winnona DeSombre, fellow at the Atlantic Council and Harvard’s Belfer Center. Pangu Lab researchers said they first discovered the backdoor in 2013 during an “in-depth forensic investigation of a host in a key domestic department.” The researchers were later able to tie it to the “The Equation Group,” a group of hackers said to be affiliated with the NSA, after NSA documents leaked by a group known as the “The Shadow Brokers” published hacking files that allegedly belonged to the NSA’s operation.


Samsung Shattered Encryption on 100M Phones

Samsung shipped an estimated 100 million smartphones with botched encryption, including models ranging from the 2017 Galaxy S8 on up to last year’s Galaxy S21. Researchers at Tel Aviv University found what they called “severe” cryptographic design flaws that could have let attackers siphon the devices’ hardware-based cryptographic keys: keys that unlock the treasure trove of security-critical data that’s found in smartphones. What’s more, cyber attackers could even exploit Samsung’s cryptographic missteps – since addressed in multiple CVEs – to downgrade a device’s security protocols. That would set up a phone to be vulnerable to future attacks: a practice known as IV (initialization vector) reuse attacks. IV reuse attacks screw with the encryption randomization that ensures that even if multiple messages with identical plaintext are encrypted, the generated corresponding ciphertexts will each be distinct.


Ring, SimpliSafe, and Three Other DIY Home Security Systems Vulnerable to Hacking

If you’ve seen the latest Scream movie, you might be haunted by the scene of the killer disabling a home security system to get inside a victim’s house. (Warning: the trailer is chilling.) The portrayed attack method is highly unlikely to happen in real life, but the scary scene might make you wonder just how tamper-resistant your own home security system is. And that’s a legitimate concern. In a series of new tests, Consumer Reports found that five popular DIY home security systems are relatively easy to jam. That means a burglar can use a laptop and a portable radio frequency (RF) transceiver to block the signals from door/window or motion sensors and enter a home without triggering the alarm. It’s worth noting that any wireless device can be jammed, but there are methods and technologies that make it harder to pull off.

Related Posts