AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/25/2021

Amazon Delivery Drivers Forced to Sign ‘Biometric Consent’ Form or Lose Job

Amazon delivery drivers nationwide have to sign a “biometric consent” form this week that grants the tech behemoth permission to use AI-powered cameras to access drivers’ location, movement, and biometric data. If the company’s delivery drivers, who number around 75,000 in the United States, refuse to sign these forms, they lose their jobs. The form requires drivers to agree to facial recognition and other biometric data collection within the trucks they drive. “Amazon may… use certain Technology that processes Biometric Information, including on-board safety camera technology which collects your photograph for the purposes of confirming your identity and connecting you to your driver account,” the form reads. “Using your photograph, this Technology, may create Biometric Information, and collect, store, and use Biometric Information from such photographs.”

 

Cheap shots: Vaccine phishing scams target employees seeking a return to the office

As millions of people roll up their sleeves and receive their COVID-19 vaccines, company executives or HR departments will need to issue to employees communications related to inoculations and the prospects of returning to a physical office environment. This is opening up a new angle for phishing scammers, who are sending emails that appear to be company-issued information referencing vaccines and COVID-19 directives. Indeed, in a Monday blog post, researchers at INKY warned that in late winter, a “wide swath” of its business clients received phishing emails featuring COVID-related lures and content inspired by some of the pandemic’s latest developments. INKY told SC Media that employers and employees alike should stay wary, keeping an eye out for fake company instructions related to back-to-work policies as employees grow eager to receive their shots and possibly return to their old routines.

 

Walt Disney World begins testing facial recognition technology

Walt Disney World is now testing a new facial recognition technology at its Magic Kingdom theme park. The new technology captures an image of a guest’s face and converts it into a unique number, which is then associated with the form of admission being used for park entry. Disney said on its website that the test is completely optional, and limited, as guests with reservations make their way through the turnstiles at the park. “At Walt Disney World Resort, we’re always looking for innovative and convenient ways to improve our Guests’ experience – especially as we navigate the impact of COVID-19,” leaders said on its website. “With the future in mind and the shift in focus to more touchless experiences, we’re conducting a limited 30-day test using facial recognition technology.” Disney put out a series of steps on its website alerting guests of the test and what to expect.

 

Cybercriminals exchange tips on avoiding arrest, jail in underground forums

Lurking on underground forums has revealed insight into the methodology behind cyberattacker targets — as well as what criminals say to do if, or when, they are caught. Released on Monday, research conducted by the Digital Shadows cybersecurity team on dark web forums explored the discussions between black hat hackers and the exchanges made in how to avoid jail, what do to when they are on law enforcement radars, and the bullish nature of many when it even comes to the prospect of arrest. In February, in an interview between a lone LockBit ransomware operator and Cisco Talos, the cybercriminal said that the “best country” to be in for this occupation is Russia, but “underappreciation and low wages drove him to participate in unethical and criminal behavior.”

 

‘Like playing whack-a-mole’: Do cyber-crime crackdowns have any real impact?

Dark web takedowns and arrests are a crucial part of fighting cybercrime, but when one marketplace or malware operation gets disrupted by law enforcement, another is always likely to take its place. Emotet, one of the most prolific and most dangerous forms of malware – which served as a means for cyber criminals to deliver ransomware and other cyberattacks – was disrupted in a police operation earlier this year. And while the disruption of such a big player in the malware space inevitably has an impact on cybercrime, it doesn’t just disappear – cyber criminals find new means of engaging in malicious online activity.  “I’m a big geek for Jurassic Park, and there’s famous line that Jeff Goldblum says: ‘Life finds a way,'” Rick Holland, CISO at Digital Shadows, told ZDNet Security Update. “When I think about cyber-criminal takedowns – Emotet and others – there’s a long history of this as well; cybercrime finds a way. One set of operators gets arrested, goes to jail, but someone will fill their spot. It’s just like water flowing and it’s going to find a way”.

Related Posts