AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/19/2021

FBI: Cybercrime losses exceeded $4.2 billion in 2020

According to the 2020 Internet Crime Report [PDF], the FBI said it received 791,790 internet and cybercrime complaints in 2020, more than 69% than the 467,361 reports it received in 2019. Total losses were also up. The FBI said victims reported more than $4.2 billion in lost funds last year, 20% up from the $3.5 billion reported in 2019. Both figures —complaints and total losses— represent the fifth consecutive year when cybercrime activity broke the previous year’s numbers. Like in prior years, cybercrime groups engaging in BEC (business email compromise) and EAC (email account compromise) scams were the most successful, accounting for $1.8 billion in losses, which amounted to around 43% of all of last year’s total lost funds.

 

This Surveillance Company Claims It Can Track Nearly Any Car in Real-Time

A defense contractor that claims to have access to motor vehicle location data on a global scale says it wants to use that data to help U.S. federal agencies conduct more efficient spying and military operations. The Ulysses Group, which offers “cutting edge operational and intelligence services, support, and equipment” to government clients, says it can “access over 15 billion vehicle locations” worldwide every month. This data, which can be viewed “historically” or in real-time, should be used operationally by U.S. agencies, the company says. A document obtained by the office of Sen. Ron Wyden, which was first reported by Motherboard and shared with Gizmodo, shows Ulysses claims to be able to “remotely geolocate” cars in “nearly any country,” with the exceptions of Cuba and North Korea.

 

Facebook’s making a wearable that uses your nerve signals to control AR environments

Facebook is developing a new input device for AR glasses: a wristband that lets you interact with virtual reality by moving your fingers. The system uses electromyography (EMG) to convert nerve signals passing through the wrist into digital commands. Facebook says that these signals are so clear that EMG can understand finger motions of just a millimeter. That means input can be effortless. Ultimately, it may even be possible to sense just the intention to move a finger.  The devices also use contextualized AI to dynamically adapt to you and your environment. Facebook still hasn’t revealed a release date for the wristbands, but unveiled two prototype devices in a Thursday blog post. The company says it explored a range of other input sources before deciding the wrist has some unique benefits.

 

US charges Swiss ‘hacktivist’ for data theft and leaks

The Justice Department has charged a Swiss hacker with computer intrusion and identity theft, just over a week after the hacker took credit for helping to break into the online systems of a U.S. security-camera startup. An indictment against 21-year-old Till Kottmann was brought Thursday by a grand jury in the Seattle-based Western District of Washington. Federal prosecutors said Thursday that Kottmann, of Lucerne, Switzerland, was initially charged in September. The range of allegations date back to 2019 and involve stealing credentials and data and publishing source code and proprietary information from more than 100 entities, including companies and government agencies. Kottmann had described the most recent hack and leak of camera footage from customers of California security-camera provider Verkada as part of a “hacktivist” cause of exposing the dangers of mass surveillance.

 

Hackers used 7 zero-days, compromised websites to infiltrate iOS

In what is being called a highly sophisticated attack, a group of hackers leveraged a total of 11 zero-day vulnerabilities and a host of compromised websites to infect fully patched devices running iOS, Windows and Android. Detailed in a blog post by Google’s Project Zero team, the hacks began in February 2020 and continued for at least eight months, spanning a wide range of techniques, vulnerability types and attack vectors. As reported by ArsTechnica, the first four zero-days targeted Android and Windows machines running Chrome. The hacking team broadened its scope over the following eight months to include seven vulnerabilities that impacted iOS and Safari. Watering-hole sites were used to distribute different exploits tailored to the visiting device and web browser.

 

The benefits and challenges of passwordless authentication

More and more organizations are adopting passwordless authentication. Gartner predicts that, by 2022, 60% of large and global enterprises as well as 90% of midsize enterprises will implement passwordless methods in more than half of use cases. Passwordless authentication swaps traditional passwords for a system that identifies users by more secure methods such as “possession factor” or “inherent factor.” By switching to a passwordless approach, companies provide their employees with the same effortless and secure authentication methods that users experience on their smartphones (e.g., FaceID or fingerprint scanner). Sometimes this is confused with 2-factor authentication, because the second factor of 2FA is typically passwordless, but passwordless access is different.

Related Posts