AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/09/2021

Robocalls keep spamming Americans, in part because of their cyber tools

After a surprising lull at the onset of the COVID-19 pandemic, phone scammers are back, and showing signs of overlapping more and more with text messages and cyber elements. Scammers are combining phone calls with tricks to circumvent two-factor authentication, using information they obtain online to make more targeted calls and, in some cases, mimicking the attack methods of hackers, government and industry officials say. Phone scams that merge with other methods are growing more frequent and difficult to contend with, said Connecticut Attorney General William Tong. “I think it’s common and it’s dangerous, particularly the way that they’re able to cloak themselves or convince you that you need to respond to a particular call or email,” he said. Internet technology has helped fuel a record number of robocalls thanks to the advent of voice-over IP, a tool that made mass calling convenient and more affordable. Estimates vary, but most studies conclude that U.S. consumers lose billions of dollars annually to phone scams.


China’s 7,500-Mile Undersea Cable to Europe Fuels Internet Feud

An undersea cable will emerge later this year near a popular sunbathing spot in the French port of Marseille. The cable, known as Peace, will travel over land from China to Pakistan, where it heads underwater and snakes along for about 7,500 miles of ocean floor via the Horn of Africa before terminating in France. The Peace cable, which is being built by Chinese companies, will be able to transport enough data in one second for 90,000 hours of Netflix, and will largely serve to make service faster for Chinese companies doing business in Europe and Africa. “This is a plan to project power beyond China toward Europe and Africa,” says Jean-Luc Vuillemin, the head of international networks at Orange SA, the French phone company that will operate the cable’s landing station in Marseille.


A Formula 1 Team Was Hacked. Its Sponsor Is A Cybersecurity Firm

You may have already read that the Williams FW43B Formula 1 car leaked on Friday, which prefaced my chance to crown Williams the winner of this year’s F1 season as far as looks are concerned. You might not, however, have noted that the breach happened even as one of Williams’ sponsors happens to be none other than Acronis, a cybersecurity firm . Williams released a statement following the hack in which it detailed that the FW43B reveal was to have come from a virtual reality app. That app has since been pulled from app stores. The hack seems to amount to users extracting the renders from the VR app, whose cybersecurity was, shall we say, lacking. 


The Accellion Breach Keeps Getting Worse—and More Expensive

THE DRUMBEAT OF data breach disclosures is unrelenting, with new organizations chiming in all the time. But a series of breaches in December and January that have come to light in recent weeks has quietly provided an object lesson in how bad things can get when hackers find an inroad to dozens of potential targets—and they’re out for profit.  Firewall vendor Accellion quietly released a patch in late December, and then more fixes in January, to address a cluster of vulnerabilities in one of its network equipment offerings. Since then, dozens of companies and government organizations worldwide have acknowledged that they were breached as a result of the flaws—and many face extortion, as the ransomware group Clop has threatened to make the data public if they don’t pay up.  On March 1, security firm FireEye shared the results of its investigation into the incident, concluding that two separate, previously unknown hacking groups carried out the hacking spree and the extortion work, respectively. 


A Basic Timeline of the Exchange Mass-Hack

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program. Pressed for a date when it first became aware of the problem, Microsoft told KrebsOnSecurity it was initially notified “in early January.” So far the earliest known report came on Jan. 5, from a principal security researcher for security testing firm DEVCORE who goes by the handle “Orange Tsai.” DEVCORE is credited with reporting two of the four Exchange flaws that Microsoft patched on Mar. 2.


Ransomware gang plans to call victim’s business partners about attacks

The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim’s business partners to generate ransom payments. The REvil ransomware operation, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) where the ransomware operators develop the malware and payment site, and affiliates (adverts) compromise corporate networks to deploy the ransomware. As part of this deal, the REvil developers earn between 20-30% of ransom payments, and the affiliates make the remaining 70-80%. To pressure victims into paying a ransom, ransomware gangs have increasingly turned to a double-extortion tactic, where attackers steal unencrypted files that they threaten to release if a ransom is not paid.


Apple releases iOS 14.4.1 with security updates for iPhone users

Apple has released a bug fix update for iPhone users today. iOS 14.4.1 is rolling out now, and Apple says it includes important security fixes for iPhone users. You can update today by going to the Settings app on your iPhone.  The release notes for the update simply read: “This update provides important security updates and is recommended for all users.” Apple instructs users to visit the Apple security webpage for more details, which has now been updated to include information on iOS 14.41. Apple says that iOS 14.4.1 patches a vulnerability in WebKit, the browser engine that powers Safari and third-party browsers on iOS.

Related Posts