AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/21/2022

U.S., allies provide ‘comprehensive’ look at Russia cyber threats to critical infrastructure

U.S and international authorities on Wednesday issued a joint alert warning state-backed Russian hackers and criminal groups remain a top threat to critical infrastructure worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) described the public alert as the “most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine in February.” It comes just a week after a similar warning that unnamed hackers had developed tools designed to “gain full system access” to industrial control networks. That malware was discovered before it was used. “We know that malicious cyber activity is part of the Russian playbook. We also know that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure,” CISA Director Jen Easterly said in a statement.


Social Networks Most Likely to be Imitated by Criminal Groups, with LinkedIn Now Accounting for Half of all Phishing Attempts Worldwide

Our latest Brand Phishing Report for Q1 2022 highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during January, February and March 2022. Social media networks have now overtaken shipping, retail and technology as the category most likely to be targeted by criminal groups. So far this year, LinkedIn has been related to more than half (52%) of all phishing-related attacks globally, marking the first time the social media network has reached the top of rankings. It represents a dramatic 44% uplift from the previous quarter, when LinkedIn was in fifth position and related to only 8% of phishing attempts. LinkedIn has now overtaken DHL as the most targeted brand, which has now fallen to second position and accounted for 14% of all phishing attempts during the quarter.


North Korea aims ‘TraderTraitor’ malware at cryptocurrency workers

North Korean state-backed hackers are phishing cryptocurrency company employees in order to gain access to systems that allow them to make fraudulent trades, according to an advisory Monday from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The technique begins with a large number of email messages to that offer a better job to the employees — a common technique for the North Korean hackers, who are commonly known as the Lazarus Group. The emails urge recipients to click on applications posing as cryptocurrency trading and price prediction tools. They’re actually malware that CISA, which issued the alert with the FBI and Treasury Department, calls “TraderTraitor.”


FBI: BlackCat ransomware breached at least 60 entities worldwide

The Federal Bureau of Investigation (FBI) says the Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide between November 2021 and March 2022. The FBI’s Cyber Division revealed this in a TLP:WHITE flash alert released on Wednesday in coordination with the Cybersecurity and Infrastructure Security Agency (DHS/CISA). The flash alert is part of a series of similar reports highlighting the tactics, techniques, and procedures (TTPs) used by and indicators of compromise (IOCs) linked to ransomware variants identified during FBI investigations.


Cisco Umbrella default SSH key allows theft of admin credentials

Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely. Fraser Hess of Pinnacol Assurance found the flaw (tracked as CVE-2022-20773) in the key-based SSH authentication mechanism of Cisco Umbrella VA. Cisco Umbrella, a cloud-delivered security service used by over 24,000 organizations as DNSlayer security against phishing, malware, and ransomware attacks, uses these on-premise virtual machines as conditional DNS forwarders that record, encrypt, and authenticate DNS data.


Machine-learning models vulnerable to undetectable backdoors: new claim

Boffins from UC Berkeley, MIT, and the Institute for Advanced Study in the United States have devised techniques to implant undetectable backdoors in machine learning (ML) models. Their work suggests ML models developed by third parties fundamentally cannot be trusted. In a paper that’s currently being reviewed – “Planting Undetectable Backdoors in Machine Learning Models” – Shafi Goldwasser, Michael Kim, Vinod Vaikuntanathan, and Or Zamir explain how a malicious individual creating a machine learning classifier – an algorithm that classifies data into categories (eg “spam” or “not spam”) – can subvert the classifier in a way that’s not evident.

Related Posts