AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/25/2022

Twitter admits it mistakenly removed Ukraine open source intelligence accounts

Twitter said it had mistakenly suspended the accounts of open source intelligence reporters posting about Russia’s military build-up around Ukraine, leading to many of them accusing the Russian state of launching a “bot” campaign against them. Based on publicly available satellite imagery, open source reporters have used social media to supply a steady commentary on the activities of Russian forces near the Ukrainian border, providing a valuable alternative source of information to Western intelligence reports. The people behind the suspended accounts said they believed they had been the target of an attack by Russian bots—computers that mimic the activity of human users—that had mass-reported their content as being suspicious. This led their content to be removed automatically by Twitter’s moderation technology. “It is an attack on journalism and people who rely on these accounts to post the facts over other news outlets,” Kyle Glen, co-founder of @Conflicts, which has 337,000 followers, said. “Twitter has… a responsibility to ensure its own reporting systems aren’t being misused by individuals or nations.”


Russia appears to deploy digital defenses after DDoS attacks

The conflict online is mirroring the conflict offline Thursday, with Russian government websites going dark to some parts of the world after being targeted with a flood of web traffic via a distributed denial-of-service (DDoS) attack attempting to knock them offline. It’s unclear who directed the attack or if it was successful in disrupting the sites. However, cybersecurity researchers say the Russian government appears to be deploying a defensive technical measure known as geofencing to block access to certain sites it controls, including its military website, from areas outside Russia’s sphere of influence—complete with a joking nod to internet infrastructure. Russian troops began invading Ukraine early on Wednesday local time, with Forbes and others reporting apparent attacks on civilian areas including hospitals and residential zones.


Data leaks and shadow assets greatly exposing organizations to cyberattacks

CybelAngel published a research revealing that data leaks and shadow assets are the greatest source of exposure to cyberattacks faced by large organizations across the globe. The report also highlights how the market pressures of 2021 led to an increase of such risks, with cloud storage leaks increasing by 150% compared to 2020. Based on data from a sample group of customers, the research report reveals that data leak incidents increased, overall, by 63% and vulnerable shadow assets exposure grew by 40% in 2021. This is evidence of organizations’ ever-increasing digital footprint and the expanding attack surface of today’s connected enterprises.


Ukraine asks for S.Korea cybersecurity aid amid Russia invasion

The top Ukraine official in South Korea said on Friday that his country wants to request Seoul’s assistance in boosting its cybersecurity capability to defend against Russian attacks. Missiles pounded the Ukrainian capital as Russian forces pressed their advance after launching attacks on Thursday, prompting Kyiv’s plea for more help from the international community. Dmytro Ponomarenko, Ukraine’s ambassador-designate to South Korea, said the websites of the country’s governmental institutions were suffering from Russian attacks. A global cybersecurity firm has also said that a newly discovered piece of destructive software was found circulating in Ukraine and has hit hundreds of computers, part of what was deemed an intensifying wave of hacks aimed at the country.


TrickBot gang shuts down botnet after months of inactivity

The operators of the TrickBot malware botnet have shut down their server infrastructure today after months of inactivity, bringing to an end one of the most dangerous and persistent malware operations seen in recent years. Prior to today’s voluntary shutdown, the TrickBot gang hadn’t set up new servers or tried to carry out email spam campaigns since mid-December 2021. But today’s shutdown comes as no surprise, Vitali Kremez, CEO of security firm AdvIntel, told The Record in a phone call earlier today. It comes after the group’s malware has become “highly detectable” by security products, which appears to have damaged the group’s ability to infect and then sell access to Windows systems to its criminal clientele, security firms AdvIntel and Intel471 wrote in separate reports analyzing the malware’s recent slump.

Related Posts