AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/30/2021

Ransomware gang leaks data from US military contractor the PDI Group

A major supplier of military equipment to the US Air Force and militaries across the globe appears to have fallen victim to a ransomware attack. The victim is the PDI Group, an Ohio-based company that manufactures a wide range of ground support equipment for military needs, such as dollies, trollies, and platforms for transporting weapons, engines, and airplane parts during servicing operations. On Tuesday, the criminal group behind the Babuk Locker ransomware created a page on their “leak site” under the company’s name threatening to leak more than 700 GB of data they claim to have stolen from PDI’s internal network unless the company gave in to its ransom demands. To prove their claims, the Babuk Locker operators posted a series of screenshots of several internal documents they claim to have stolen from PDI’s internal network, including schematics, one of which appears to describe one of PDI’s aircraft engine trailers.


T-Mobile, Verizon, AT&T Stop SMS Hijacks After Motherboard Investigation

All of the major carriers made a significant change to how SMS messages are routed to prevent hackers being able to easily reroute a target’s texts, according to an announcement from Aerialink, a communications company that helps route text messages. The move comes after a Motherboard investigation in which a hacker, with minimal effort, paid $16 to reroute our text messages and then used that ability to break into a number of online accounts, including Postmates, WhatsApp, and Bumble, exposing a gaping hole in the country’s telecommunications infrastructure. “The Number Registry has announced that wireless carriers will no longer be supporting SMS or MMS text enabling on their respective wireless numbers,” the March 25 announcement from Aerialink, reads. The announcement adds that the change is “industry-wide” and “affects all SMS providers in the mobile ecosystem.”


PHP repository moved to GitHub after malicious code inserted under creator Rasmus Lerdorf’s name

The main code repository for PHP, which powers nearly 80 per cent of the internet, was breached to add malicious code and is now being moved to GitHub as a precaution. “Yesterday (2021-03-28) two malicious commits were pushed to the php-src repo from the names of Rasmus Lerdorf and myself. We don’t yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account),” said PHP maintainer Nikita Popov, who works with the PHP team at JetBrains. The malicious code is a backdoor into servers running the modified version.


SolarWinds hack obtained emails of top U.S. Department of Homeland Security officials

Hackers suspected of working for Russia got access to an email account belonging to the former head of the U.S. Department of Homeland Security, which is responsible for cybersecurity, in the SolarWinds hack, the Associated Press reported here on Monday. The AP report said the intelligence value of the hacking of Chad Wolf, the former acting secretary of the DHS, and of email accounts belonging to officials in the department’s cybersecurity staff, was not publicly known. The DHS did not immediately respond to a request for comment. In the security breach at SolarWinds Corp which came to light in December, hackers infiltrated the U.S. tech company’s network management software and added code that allowed them to spy on end users. The hackers penetrated nine federal agencies and 100 companies. Last week, Reuters reported that a planned Biden administration executive order would require many software vendors to notify their federal government customers when the companies have a cybersecurity breach.


Ransomware admin is refunding victims their ransom payments

After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back. It appears that this is a planned move since the admin shared the “good news” a little over a week ago, but gave no details. Ziggy ransomware shut down in early February. In a short announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all decryption keys.” They followed through the next day, on February 7, offering an SQL file with 922 decryption keys that victims could use to unlock their files. The admin also made available a decryption tool to make the process easier, along with the source code for a decryptor that does not need an internet connection to work. On March 19, the Ziggy ransomware administrator said that they also wanted to return the money to the victims that paid the ransom. Today, after a week of silence, the admin said that they were ready to revert payments.


Facebook, Google unveil Asia-Pacific data cable plans

Google and Facebook have unveiled plans for two new undersea data cables linking North America and the Asia-Pacific region, weeks after halting one destined for Hong Kong. Facebook said on Sunday it would be investing with partners on the subsea cables known as Echo and Bifrost to connect Singapore, Indonesia and North America, which would increase overall transpacific capacity by 70 percent. “Around the world, the Covid-19 pandemic has increased the need for reliable internet access,” Facebook said on its engineering blog on Sunday. “Echo and Bifrost will support further growth for hundreds of millions of people and millions of businesses.” Google indicated Monday it would participate in the Echo cable which would run from Eureka, California to Singapore, “with a stop-over in Guam” and a future connection to Indonesia.


Apple-funded Stanford study concludes Apple Watch can be used to measure frailty

A new study on the effectiveness of the Apple Watch and iPhone as tools for measuring functional capacity in patients with cardiovascular disease (CVD) has been published by researchers at Stanford University. The study, which involved 110 participants, found that the health-monitoring capabilities in these products could supplement or replace in-clinic tests for “frailty” in patients with CVD. Frailty in this case is measured in terms of the distance a patient can travel in a six-minute walk. This is normally tested with a six-minute walk test (6MWT), and frailty was defined in the study “as walking <300m on an in-clinic 6MWT.” The study found that an Apple Watch was able to accurately assess frailty with a specificity of 85 percent and sensitivity of 90 percent in a supervised, in-clinic test. But the potentially significant finding is that it was able to do the same accurately with a specificity of 60 percent and sensitivity of 83 percent in unsupervised, at-home tests.

Related Posts