AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/09/2022

FBI says business email compromise is a $43 billion scam

The Federal Bureau of Investigation (FBI) said today that the amount of money lost to business email compromise (BEC) scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021. From June 2016 until July 2019, IC3 received victim complaints regarding 241,206 domestic and international incidents, with a total exposed dollar loss of $43,312,749,946. “Based on the financial data reported to the IC3 for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds,” the FBI said.


IKEA Canada confirms data breach involving personal information of approximately 95,000 customers

IKEA says that it has notified Canada’s privacy watchdog following a data breach involving the personal information of approximately 95,000 customers. In a statement provided to CP24, the furniture retailer said that some of its customers’ personal information appeared in the results of a “generic search” made by a co-worker at IKEA Canada between March 1 and March 3 using IKEA’s customer database. It said that no financial or banking information was involved in the breach. “At IKEA the security of our customers’ private information is of utmost importance and we have proactively notified the Office of the Privacy Commissioner of Canada about this incident, as well as any applicable customers. We have also reviewed and updated internal processes to prevent such incidents in the future,” the statement notes. “No action is required by our customers.”


Mustang Panda deploys a new wave of malware targeting Europe

In February 2022, corresponding roughly with the start of the Russian Invasion of Ukraine, Cisco Talos began observing the China-based threat actor Mustang Panda conducting phishing campaigns against European entities, including Russian organizations. Some phishing messages contain malicious lures masquerading as official European Union reports on the conflict in Ukraine and its effects on NATO countries. Other phishing emails deliver fake “official” Ukrainian government reports, both of which download malware onto compromised machines. Mustang Panda has been known to use themed lures relating to various current-day events and issues, including the COVID-19 pandemic, international summits and various political topics.


Russia hammered by pro-Ukrainian hackers following invasion

For years, Dmitriy Sergeyevich Badin sat atop the FBI’s most-wanted list. The Russian government-backed hacker has been suspected of cyberattacks on Germany’s Bundestag and the 2016 Olympics, held in Rio de Janeiro. A few weeks into Russia’s invasion of Ukraine, his own personal information—including his email and Facebook accounts and passwords, mobile phone number, and even passport details—was leaked online. Another target since the war broke out two months ago has been the All-Russia State Television and Radio Broadcasting Company, known as a voice of the Kremlin and home to Vladimir Solovyov, whose daily TV show amplifies some of the most extreme Russian government propaganda. On March 30, almost a million emails spanning 20 years of the broadcaster’s history were leaked onto the Internet. The unveiling of their secrets was part of a widespread assault taking place in cyberspace, as Russian companies and government bodies were swarmed by hordes of pro-Ukrainian hackers, many of them new and previously unknown players to cybersecurity experts.


Another database compromise reported in GitHub, Heroku, OAuth tokens case

In a Thursday update to the stolen GitHub integration OAuth tokens case reported last month, Salesforce owned Heroku said the company’s investigation found that the same compromised token that was used in April’s  attack was used to gain access to a database and exfiltrate the hashed and salted passwords of customer user accounts. Heroku said in a blog post that the original attack started on April 7 and by April 9, the attacker downloaded a subset of the Heroku private GitHub repositories from GitHub that contained some Heroku source code. The researchers said GitHub identified the activity on April 12 and notified Salesforce on April 13, when Heroku started its investigation. By April 16, Heroku revoked all GitHub integration OAuth tokens, which preventing customers from deploying apps on GitHub via the Heroku Dashboard.


Another top NFT company has been hit by a phishing attack

The official Discord channel of the NFT marketplace OpenSea was recently infiltrated by cybercriminals who used it to distribute a phishing link. According to The Verge, a bot in the channel made a fake announcement that the NFT marketplace was partnering with YouTube and that users should click on a “YouTube Genesis Mint Pass” in order to get one of 100 free NFTs before they’re gone forever. Just like cybercriminals often do in phishing emails, this message instilled a sense of urgency to get users to click on a link to a site that that blockchain security company PeckShield has now flagged as a phishing site.


U.S. offers $15 million reward for information on Conti ransomware group

The United States on Friday offered a reward of up to $15 million for information on the Russia-based Conti ransomware group, which has been blamed for cyber extortion attacks worldwide, State Department spokesman Ned Price said. The FBI estimates that more than 1,000 victims of the Conti group have paid a total in excess of $150 million in ransomware payments, Price said in a statement. “In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cyber criminals,” he said.


Related Posts