AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/11/2021

1 – Thousands of Tor exit nodes attacked cryptocurrency users over the past year

For more than 16 months, a threat actor has been seen adding malicious servers to the Tor network in order to intercept traffic and perform SSL stripping attacks on users accessing cryptocurrency-related sites. The attacks, which began in January 2020, consisted of adding servers to the Tor network and marking them as “exit relays,” which are the servers through which traffic leaves the Tor network to re-enter the public internet after being anonymized. But since January 2020, a threat actor has been inserting thousands of malicious servers into the Tor network to identify traffic heading to cryptocurrency mixing websites and perform an SSL stripping attack, which is when traffic is downgraded from an encrypted HTTPS connection to plaintext HTTP. The belief is that the attacker has been downgrading traffic to HTTP in order to replace cryptocurrency addresses with their own and hijack transactions for their own profit.


2 – 96% of US users opt out of app tracking in iOS 14.5, analytics find

It seems that in the United States, at least, app developers and advertisers who rely on targeted mobile advertising for revenue are seeing their worst fears realized: Analytics data published this week suggests that US users choose to opt out of tracking 96 percent of the time in the wake of iOS 14.5. The data from Flurry Analytics shows users rejecting tracking at much higher rates than were predicted by surveys that were conducted before iOS 14.5 went live. One of those surveys found that just shy of 40 percent, not 4 percent, would opt in to tracking when prompted. Flurry Analytics’ data doesn’t break things down by app, though, so it’s impossible to know from this data whether the numbers are skewed against app tracking opt-in by, say, users’ distrust of Facebook. It’s possible users are being more trusting of some types of apps than others, but that data is not available.


3 – Artificial intelligence could accelerate breach notification time, expert says

Faster data breach notification time is emerging as a reliable application of artificial intelligence in the cybersecurity sector, a development that could help other industries better understand their own use of smarter technologies, a leading subject matter expert said on Monday.  Dr. Frederic Lemieux, faculty director and professor of the practice for applied intelligence at Georgetown University, suggested that more efficient pattern recognition already is helping global companies spot anomalies in wide swaths of data. Unusual behaviors — such as an employee logging on to sensitive networks at odd hours, or an email attachment including nefarious data — are more likely to raise a red flag, pointing human analysts to possible security issues.  “It’s simple,” Lemieux said during A.I. Week, an event produced by Scoop News Group. “The costs of cybersecurity are prohibitive and companies are facing situations where the average cost of a data breach in the United States is about $8 million. The time to discover a data breach can go up to 28 days, and if you add to that 80 days of containment….there is really an appeal for A.I. solutions in the cybersecurity realm.” 


4 – Your Detailed Out-of-Office Autoresponder Could be Putting Your Organization’s Email Security at Risk

The spirit of the out-of-office autoresponder has never been about email security. Instead, it has traditionally been about providing helpful contact information in the event that a coworker or a customer in need of assistance emails you while you’re away. Simple. But it’s 2021, and for years attackers have been growing more sophisticated and finding narrower and more surreptitious ways of gaining access to corporate networks. Email phishing is one of those ways. It’s a highly common attack vector that relies largely on an individual within a company clicking on a bad link or unwittingly providing personal information to a malicious entity. However, to gain network access through phishing, attackers can also take advantage of employees who aren’t even using their email. 


5 – Facebook insists a kids version of Instagram will be safe. But state attorneys general aren’t buying it

More than 40 state attorneys general are pressuring Facebook to drop its controversial plans to launch a version of Instagram for children under the age of 13. But Facebook is plowing ahead anyway, confident in its assertion that a separate service will actually make social media safer for preteens. In a letter to CEO Mark Zuckerberg released Monday, the attorneys general argued that social media can be detrimental to children’s physical and mental health. Facebook has a checkered history of privacy incidents, and they raised concerns that the platform would not be able to protect young children online or adequately comply with existing federal children’s privacy law. “It appears that Facebook is not responding to a need, but instead creating one, as this platform appeals primarily to children who otherwise do not or would not have an Instagram account,” they wrote. “In short, an Instagram platform for young children is harmful for myriad reasons.”


6 – DarkSide ransomware will now vet targets after pipeline cyberattack

Last week, the ransomware gang encrypted the network for the Colonial Pipeline, the largest fuel pipeline in the United States. Due to the attack, Colonial shut down its network and the fuel pipeline while recovering from the cyberattack. As this pipeline transports 2.5 million barrels of refine fuel per day and provides 45% of all fuel consumed on the East Coast, the US government issued a state of emergency for 18 states affected by the ransomware incident. Today, the DarkSide ransomware gang issued a press statement stating that their organization is ‘apolitical’ and is not associated with any government. “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment and look for other our motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” – DarkSide gang.

Related Posts