AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/25/2022

Russian hackers are seeking alternative money-laundering options

The Russian cybercrime community, one of the most active and prolific in the world, is turning to alternative money-laundering methods due to sanctions on Russia and law enforcement actions against dark web markets. Although the options are few, cybecriminals are discussing viable solutions to cash out or safe keep stolen funds and cryptocurrency, analysts at Flashpoint observed in conversations from threat actors. First came the bank sanctions and the blocking of SWIFT payments, a result of the Russian invasion of Ukraine. This crippled the regular channels for cash flows used by cybercriminals.

 

Ransomware attacks are hitting universities hard, and they are feeling the pressure

Schools and universities are facing an unprecedented level of ransomware attacks as incidents continue to severely impact the education sector. The warning comes from Jisc, a not-for-profit organisation that provides network and IT services to higher education and research institutions. Jisc’s ‘Cyber Impact 2022’ report suggests there’s an increased threat of ransomware attacks against education. According to the report, dozens of UK universities, colleges and schools have been hit with ransomware attacks since 2020, causing disruptions for staff and students, and costing institutions substantial amounts of money. In some incidents, Jisc says impact costs have exceeded £2 million. 

 

Cyberattack Causes Chaos in Costa Rica Government Systems

Nearly a week into a ransomware attack that has crippled Costa Rican government computer systems, the country refused to pay a ransom as it struggled to implement workarounds and braced itself as hackers began publishing stolen information. The Russian-speaking Conti gang claimed responsibility for the attack, but the Costa Rican government had not confirmed its origin. The Finance Ministry was the first to report problems Monday. A number of its systems have been affected from tax collection to importation and exportation processes through the customs agency. Attacks on the social security agency’s human resources system and on the Labor Ministry, as well as others followed. The initial attack forced the Finance Ministry to shut down for several hours the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.

 

FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide

The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language that’s known to be memory safe and offer improved performance. “Many of the developers and money launderers for BlackCat/ALPHV are linked to DarkSide/BlackMatter, indicating they have extensive networks and experience with ransomware operations,” the FBI said in an advisory published last week.

 

Serious Java vulnerability lets hackers masquerade as anyone they please

Oracle has patched a nasty vulnerability in the Java framework, the severity of which cannot be overstated, security experts say. Tracked as CVE-2022-21449, the flaw was found in the company’s Elliptic Curve Digital Signature Algorithm (ECDSA) for Java 15 and newer. It allows threat actors to fake TSL certificates and signatures, two-factor authentication codes, authorization credentials and the like.  As explained by ArsTechnica, ECDSA is an algorithm that digitally authenticates messages. As it generates keys, it’s often used in standards such as FIDO’s two-factor authentication, the Security Assertion Markup Language, OpenID, and JSON. 

 

The FTC is going after dark patterns. That’s bad news for Amazon Prime

Companies’ favorite tactics for locking in subscribers are under scrutiny by government enforcers, and it could spell trouble for tech giants like Amazon that have huge numbers of customers paying up every month. Dark patterns are design decisions or settings that nudge — or, sometimes, shove — consumers toward actions that companies want, even if customers don’t. These can include pre-checked permission boxes, autoplay, hidden fees, unexpected shifts in pricing and time-consuming processes for canceling recurring payments. Subscriptions are a fertile ground for dark patterns, and as tech goes all in on recurring payments, the nudges are popping up everywhere, from video games, streaming and travel sites to ecommerce and even financial products.

Related Posts