AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/01/2022

Beware: new IRS rules will lead to a wave of phishing frauds

Thanks to new legislation that went into place at the beginning of this year, I predict that a lot of unsuspecting small business owners are about to fall victim to a fresh scam. The scam will relate to legislation around new tax reporting rules that will affect millions of freelancers and small businesses. As I explained in an earlier column, beginning for the 2022 tax year, if you receive more than $600 in total payments during the course of the year from a payment service like PayPal, Venmo (which is owned by PayPal), Square, Stripe or online sales of your products made through Amazon, Etsy and other marketplaces – regardless of how many customers are paying – that payment service is required to report that amount to the IRS and to you by sending a Form 1099-K – used for reporting payments via these third parties – in early 2023.


Elon Musk activates Starlink to help keep Ukraine’s internet up and running

With Russia’s invasion of Ukraine, Ukraine’s internet was sent staggering. Georgia Tech’s Internet Outage Detection and Analysis (IODA) project, which monitors the internet, reported serious outages in Ukraine starting late on February 23. In response to this and other internet attacks, Ukraine’s Vice Prime Minister and Minister of Digital Transformation Mykhailo Fedorov requested help from SpaceX and Tesla billionaire Elon Musk.  Musk responded on Twitter, where he wrote, “Starlink service is now active in Ukraine. More terminals en route.” Starlink, SpaceX’s low-earth orbit (LEO) high-speed, low-latency internet service, is considered far more reliable than conventional broadband. One person on Twitter summed it up nicely: “The people of Ukraine now have access to the fastest, most robust satellite internet system ever created. This makes it impossible for Russia to disable the Ukrainian internet access fully without cyber attacking foreign data centers.” 


Toyota halts Japan plants after reported cyber attack

Japanese automaker Toyota said Monday it was halting operations at all its domestic plants for a day after a reported cyberattack on a parts supplier. “Due to a system failure at a supplier in Japan, we have decided to suspend the operation of 28 lines at all 14 domestic plants on March 1 (for both 1st and 2nd shift),” the world’s top-selling automaker said in a statement. The Nikkei newspaper reported that the decision came after a suspected cyberattack hit a parts manufacturer supplying Toyota, but a spokeswoman declined to comment on the report. The Nikkei said the suspected attack hit major Toyota supplier Kojima Industries, which manufactures plastic parts. It cited a source close to the firm as confirming a cyberattack and saying an assessment of the damage done was being undertaken.


Insurance giant AON hit by a cyberattack over the weekend

Professional services and insurance giant AON has suffered a cyberattack that impacted a “limited” number of systems. AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cybersecurity consulting, risk solutions, healthcare insurance, and wealth management products. AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries. In an 8-K form filed with the Securities and Exchange Commission, AON has disclosed that they suffered a cyberattack on February 25th, 2022.


Hackers to NVIDIA: Remove mining cap or we leak hardware data

The Lapsus$ data extortion group has released what they claim to be data stolen from the Nvidia GPU designer. The cache is an archive that is almost 20GB large. While the U.S. chipmaker giant has yet to confirm a breach on its network, the threat actor has been active with messages about the alleged hack since February 24. Replying to a request for comments from BleepingComputer on Friday about an incident that reportedly took down some of its systems for two days, Nvidia said that it was investigating what looked like a cyberattack. In a reply to BleepingComputer, a company spokesperson said that Nvidia will issue an updated statement on Sunday but it never came. Several subsequent requests from us remained unanswered.


Microsoft: Ukraine hit with new FoxBlade malware hours before invasion

Microsoft said that Ukrainian networks were targeted with newly found malware several hours before Russia’s invasion of Ukraine on February 24th. Researchers with the Microsoft Threat Intelligence Center (MSTIC) observed destructive attacks targeting Ukraine and spotted a new malware strain they dubbed FoxBlade. “Several hours before the launch of missiles or movement of tanks on February 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure,” Microsoft President and Vice-Chair Brad Smith said. “We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success.”

Related Posts