AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/02/2022

How to detect phishing images in emails

Phishing has long been a common way to induce a receiver to unveil personal data. Primarily, it works this way: You receive an email from a purportedly reputable source–say, your employer–asking you to click the link and get familiar with new regulations effective in the following week. You are curious about the contents, so you click the link, which asks you to log in to the company’s systems (looks logical, doesn’t it?). Once you fill out the fields, press enter, and nothing happens, you’ve been phished. A bit late for understanding that you’ve made a mistake. But to tell you more, it’s one of the most mundane phishing strategies; these days, much more creative phishing methods exist, with images being among the most effective ones. 


Trello From the Other Side: Tracking APT29 Phishing Campaigns

Since early 2021, Mandiant has been tracking extensive APT29 phishing campaigns targeting diplomatic organizations in Europe, the Americas, and Asia. This blog post discusses our recent observations related to the identification of two new malware families in 2022, BEATDROP and BOOMMIC, as well as APT29’s efforts to evade detection through retooling and abuse of Atlassian’s Trello service. APT29 is a Russian espionage group that Mandiant has been tracking since at least 2014 and is likely sponsored by the Foreign Intelligence Service (SVR). The diplomatic-centric targeting of this recent activity is consistent with Russian strategic priorities as well as historic APT29 targeting. Mandiant previously tracked this intrusion activity under multiple clusters, UNC2652 and UNC2542, which were recently merged into APT29 in April 2022. Some APT29 activity is also publicly referred to as Nobelium by Microsoft.


How to Get Google to Remove Your Personal Information From Search Results

Google is the world’s largest search engine, processing more than 8.5 billion searches per day. Most of those results are used in benign ways, but sometimes they can lead to identity theft, fraud or even doxxing — using personally identifying information to harass, intimidate or stalk someone. As a result, Google has a process that allows individuals to request certain search results be removed. In April 2022, it added new categories of information it would take down, including phone numbers and physical addresses. “The availability of personal contact information online can be jarring — and it can be used in harmful ways, including for unwanted direct contact or even physical harm,” Google’s global policy lead for search, Michelle Chang, wrote in an April 27 blog post.  


Crypto companies are offering former British police triple pay to leave their jobs

Some of the biggest crypto firms, including Coinbase, Chainalysis and Binance, are among those actively hiring former law enforcement employees, and offering them more than double and triple their current pay, according to Bloomberg News. In 2018, the U.K. government set aside funding to train 250 officers to become experts in the emerging digital currencies. Known as crypto tactical advisers, the officers were taught to investigate, seize and realize the value of digital currencies. Now, many of them are leaving law enforcement and joining the private sector to do the same work for more money.  The officers fill a need for growing crypto companies that face a constant threat from hackers, and are preparing for countries like the U.S. to institute heavy regulations. 


Attackers enlist cloud providers in large HTTPS DDoS hit

A massive HTTPS distributed denial of service (DDoS) attack against an undisclosed organisation has highlighted a new trend among attackers of exploiting large-scale cloud computing services to build their botnets, rather than compromising consumer endpoints and devices. The attack against an unnamed Cloudflare customer, a cryptocurrency launchpad operator specialising in surfacing decentralised finance projects to potential investors, was thwarted earlier in April 2022, and although it lasted less than 15 seconds, made approximately 15.3 million requests-per-second (rps), making it one of the largest HTTPS DDoS attacks ever seen.


Russia cyber case prompted big portion of FBI’s surveillance database searches in 2021

A Russian cyberthreat against U.S. critical infrastructure in the first half of 2021 prompted the FBI to query the database of a warrantless surveillance program nearly 2 million times as the bureau cast a wide net for useful information, officials said Friday. That single national security threat alone accounted for more than half of the total number of the roughly 3.4 million searches the FBI made in 2021 using terms likely to identify an American citizen, the officials said. The repository captures information from electronic surveillance tools authorized under Section 702 of the Foreign Intelligence Surveillance Act. The FBI did not specify whether the danger was posed by the Russian government or a criminal group. The database queries were aimed at protecting Americans, a senior FBI official told reporters during the presentation of an annual transparency report on U.S. spying authorities.

Related Posts