AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/07/2022

FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks

The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. “Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various ransomware operations over time,” incident response firm Mandiant said in a Monday analysis. The cybercriminal group, since its emergence in the mid-2010s, has gained notoriety for large-scale malware campaigns targeting the point-of-sale (POS) systems aimed at restaurant, gambling, and hospitality industries with credit card-stealing malware.

 

Ukraine warns of attacks aimed at taking over Telegram accounts

State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts. The Ukrainian CERT attributes the hacking campaign to threat actors tracked as UAC-0094. Threat actors are targeting Telegram users by sending Telegram messages with malicious links to the Telegram website in order to gain unauthorized access to the records and transfer a one-time code from SMS. “The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS,” reads the alert published by the SSSCIP of Ukraine. “As a result of such attacks, cybercriminals get session data, a list of contacts, and the history of your Telegram session.”

 

US disrupts Russian Cyclops Blink botnet before being used in attacks

US government officials announced today the disruption of the Cyclops Blink botnet controlled by the Russian-backed Sandworm hacking group before being used in attacks. The malware, used by Sandworm to create this botnet since at least June 2019, is targeting WatchGuard Firebox firewall appliances and multiple ASUS router models. Cyclops Blink enables the attackers to establish persistence on the device through firmware updates, providing remote access to compromised networks. This malware is modular, making it easy to upgrade to target new devices and tap into new pools of exploitable hardware. “We are announcing today [..] the disruption of a global botnet controlled by the Russian military intelligence agency, commonly known as the GRU,” US Attorney General Merrick Garland said.

 

Java Spring4Shell flaw exploit attempts: These are the industries most affected

The sector most heavily impacted by the Spring4Shell Java flaw is technology, according to security firm Check Point. Spring4Shell is a bug worth paying attention to and could be a software supply chain threat: Microsoft this week urged customers to patch the critical flaw in a widely-used framework for Java applications. The flaws include CVE-2022-22947, which affected VMware’s Tanzu products, as well as CVE-2022-22963 and CVE-2022-22965, affecting Java applications. Check Point said it continues to see exploit attempts against these vulnerabilities, and has data which suggests 16% organisations worldwide have seen attempts to exploits the flaws. Most of the targeted customers were based in Europe. In the first weekend of since the vulnerability was found, Check Point said it had seen around 37,000 attempts to allocate the Spring4Shell vulnerability.

 

Fox News leaks 13 million internal records

Researchers have claimed that a misconfiguration has exposed millions of internal records, including employees’ personally identifiable information, belonging to Fox News. The exposure was discovered by a team at Website Planet led by Jeremiah Fowler, who claimed that theoretically, anyone with an internet connection could have found the 58GB of internal records, which was left open with no password protection. The data trove contained almost 13 million records of content management data, including an unspecified number of employee details. “Upon further research nearly all records contained information indicating Fox News content, storage information, internal Fox emails, usernames, employee ID numbers, affiliate station information and more,” wrote Fowler.

 

Identity fraud skyrockets as hackers stick to pre-pandemic techniques

The more things change, the more they stay the same. That’s often true for financial cyberattacks, which have seen a steep rise in the impact of identity fraud, with criminals often sticking with or just reverting to “pre-pandemic” scams and techniques to steal sensitive data from financial firms and their customers, according to a recent report from Javelin Strategy & Research. Identity fraud losses tallied $52 billion last year, affecting at least 42 million American adults, as hackers moved more aggressively into “hijacking victims’ online lives,” per Javelin Strategy and Research’s 2022 “Identity Fraud Study: The Virtual Battleground.”

Related Posts