AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/14/2022


In early March, cybersecurity firm Webroot and its parent company OpenText launched a series of patent litigation containing some eye-opening claims. Filed March 4th in the famously patentholder-friendly Western District of Texas court, the four lawsuits claim that techniques fundamental to modern malware detection are based on patented technology — and that the company’s competitors are infringing on intellectual property rights with their implementation of network security software. The defendants named in the suits are a who’s who of security companies: CrowdStrike, Kaspersky, Sophos, and Trend Micro are all named. According to OpenText, the companies are using patented technology in their anti-malware applications, specifically in the endpoint security systems that protect specific devices on a network. It’s a sweeping lawsuit that puts much of the security industry in immediate danger. And, for critics, it’s a bitter reminder of how much damage a patent troll can still do.


T-Mobile Tried To Pay Hackers To Buy Leaked Customer Data Back

T-Mobile, one of the largest phone carriers in the U.S., tried to pay the hackers to get back its customer data leaked in a previous breach. The move backfired and they lost $200,000 in the process. Hackers continued to sell the data even after receiving the ransom from a third party allegedly representing T-Mobile. Department of Justice arrested Diogo Santos Coelho who seems to be the administrator of the website that sells stolen data. T-Mobile data leak happened back in 2021 when hackers stole the data of over 100 million customers. The hackers took to a data auction site called Raid Forums to sell the compromised information. They offered the data in exchange for 6 Bitcoins which translates to roughly $270,000. T-Mobile took cognizance of this matter after hearing about the reports of such data, which was available for purchase on underground forums.


Ransom DDoS attacks have dropped to record lows this year

Extortion denial-of-service activity, the so-called RDDoS (ransom distributed denial-of-service) attacks have taken a tumble in the first quarter of the year, according to recent statistics from Cloudflare. During a RDDoS attack, the threat actor hits a target company with large amounts of data to cause a service outage. The attacker then demands a ransom to stop the assault. Threat actors figured out that causing an outage could be a strong incentive for many companies to pay up to become operational again, especially organizations that risk a significant financial impact. It should be noted that RDDoS attacks are launched by a different type of threat actors than ransomware gangs, who use DDoS to add more pressure on the victim on top of file encryption and the threat to publish stolen data.


Double-Your-Crypto Scams Share Crypto Scam Host

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. Here’s a closer look at hundreds of phony crypto investment schemes that are all connected through a hosting provider which caters to people running crypto scams. A security researcher recently shared with KrebsOnSecurity an email he received from someone who said they foolishly invested an entire bitcoin (currently worth ~USD $43,000) at a website called ark-x2[.]org, which promised to double any cryptocurrency investment made with the site.


Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation

Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money,” Amy Hogan-Burney, general manager of Microsoft’s Digital Crimes Unit (DCU), said. The operation, Microsoft said, was undertaken in collaboration with ESET, Lumen’s Black Lotus Labs, Palo Alto Networks Unit 42, Avast, Financial Services Information Sharing and Analysis Center (FS-ISAC), and Health Information Sharing and Analysis Center (H-ISAC).


US federal alert warns of the discovery of malicious cyber tools

Multiple US government agencies issued a joint alert Wednesday warning of the discovery of malicious cyber tools created by unnamed advanced threat actors that they said were capable of gaining “full system access” to multiple industrial control systems. The public alert from the Energy and Homeland Security departments, the FBI and National Security Agency did not name the actors or offer details on the find. But their private sector cybersecurity partners said the evidence suggests Russia is behind the tools – and that they were configured to initially target North American energy concerns. One of the cybersecurity firms involved, Mandiant, said in a report that the tools’ functionality was “consistent with the malware used in Russia’s prior physical attacks” though it acknowledged that the evidence linking it to Moscow is “largely circumstantial”.

Related Posts