AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/17/2021

Half of Americans Experienced Identity Theft During COVID-19 Pandemic, New Study Shows

A new report uncovers a striking pervasiveness of identity theft perpetrated against U.S. consumers where half of respondents surveyed experienced such an occurrence during the pandemic. Developed by Aite Group and underwritten by GIACT, the study found that 47% of U.S. consumers experienced identity theft between 2019 and 2020. And over the past two years, 37% of Americans experienced application fraud (i.e., the unauthorized use of one’s identity to apply for an account), and 38% experienced account takeover (i.e., unauthorized access to a consumer’s existing account). Victims were dissatisfied with the assistance provided following an identity theft attack. 42% of those who experienced identity theft related to a fraudulent finance application, and 56% of those who experienced consumer loan application fraud said they were reluctant to keep using the services of the at-fault financial institution.


Microsoft investigates potential ties between partner security firm, Exchange Server attack code leak

Microsoft is reportedly investigating a potential partner leak that could have exacerbated the current wave of attacks against Microsoft Exchange servers. The Redmond giant is examining whether potentially “sensitive information” required to conduct the attacks was obtained through “private disclosures it made with some of its security partners,” according to the Wall Street Journal. On March 2, Microsoft issued emergency patches to tackle four zero-day vulnerabilities in Microsoft Exchange Server which were being actively exploited in the wild.  The critical bugs were disclosed privately in January, and since then, exploit usage has gained traction to the point researchers estimate that tens of thousands of businesses worldwide have been impacted.


NTSB cites Tesla to make the case for stricter autonomous driving regulation

The National Transportation Safety Board (NTSB) is calling on its sister agency to implement stricter regulation related to automated vehicle technology. In a letter it sent to the National Highway Traffic Safety Administration (NHTSA) at the start of February (via CNBC), the NTSB says the regulator “must act” to “develop a strong safety foundation.” What’s notable about the document is that NTSB chair Robert Sumwalt frequently cites Tesla in a negative light to support his department’s suggestions. The automaker is referenced 16 times across the letter’s 15 pages. For instance, in one section, Sumwalt writes of NHTSA’s “continued failure” to implement regulations that would prevent driver-assist systems like Autopilot from operating beyond their intended use. “Because NHTSA has put in place no requirements, manufacturers can operate and test vehicles virtually anywhere, even if the location exceeds the AV control system’s limitations,” Sumwalt writes. “For example, Tesla recently released a beta version of its Level 2 Autopilot system, described as having full self-driving capability. By releasing the system, Tesla is testing on public roads a highly automated AV technology but with limited oversight or reporting requirements.”


WeLeakInfo Leaked Customer Payment Info

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card. For several years, WeLeakInfo was the largest of several services selling access to hacked passwords. Prosecutors said it had indexed, searchable information from more than 10,000 data breaches containing over 12 billion indexed records — including names, email addresses, usernames, phone numbers, and passwords for online accounts. For a small fee, you could enter an email address and see every password ever associated with that address in a previous breach. Or the reverse — show me all the email accounts that ever used a specific password (see screenshot above). It was a fantastic tool for launching targeted attacks against people, and that’s exactly how the service was viewed by many of its customers. Now, nearly 24,000 WeLeakInfo’s customers are finding that the personal and payment data they shared with WeLeakInfo over its five-year-run has been leaked online.


Woman allegedly made deepfakes to kick rivals off daughter’s cheerleading squad

As clear as the potential for deepfake abuse might be, there are still new, stranger examples popping up. The Philadelpha Inquirer and Harrisburg’s Patriot-News report that police arrested Chalfont, Pennsylvania resident Raffaela Spone for allegedly using deepfakes in a bid to kick rivals off her daughter’s cheerleading squad, the Victory Vipers. According to law enforcement, Spone sent coaches AI-altered photos and videos of the teens to portray them drinking, smoking, or naked. Police first received word in July, when one of the victims received messages from an anonymous number, but that led others to come forward with similar stories. Officers linked the messages to Spone by tracing the numbers to a telemarketer-oriented site, and then pinpointing them to an IP address used in Spone’s home. A search of the woman’s smartphone found evidence tying her to the numbers.


McAfee uncovers espionage campaign aimed at major telecommunication companies

The McAfee Advanced Threat Research Strategic Intelligence team has identified an espionage campaign that is specifically targeting telecommunication companies in an attack dubbed “Operation Diànxùn.” McAfee researchers Thomas Roccia, Thibault Seret and John Fokker said in a blog post that the malware is using tactics similar to those seen from groups like RedDelta and Mustang Panda.  Roccia, Seret and Fokker wrote that they believe the campaign’s goal is to steal or gain access to covert information related to 5G technology using malware masquerading as Flash applications. Cybersecurity companies Intsights and Positive Technologies both identified Mustang Panda last year as an advanced persistent threat group behind a number of COVID-19-themed attacks on people in Vietnam and Mongolia. The attacks involved COVID-19-related phishing emails loaded with malicious .rar files that, when unzipped, installed a backdoor trojan on the victim’s machine.

Related Posts