AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/11/2022

US immigration agency operates vast surveillance dragnet, study finds

US Immigration and Customs Enforcement (Ice) has built a vast digital surveillance system that gives it access to the personal details of almost every person in America, a two-year investigation by Georgetown University law center has found. Researchers from the Center on Privacy & Technology on Tuesday released one of the most comprehensive reviews of Ice activities, concluding that the federal organisation has strayed well beyond its duties as an immigration body to become what is in effect a domestic surveillance agency. Operating largely in secret and with minimal public oversight, Ice has amassed a formidable armory of digital capabilities that allows its agents to “pull detailed dossiers on nearly anyone, seemingly at any time”.


Anonymous NB65 Claims Hack on Russian Payment Processor Qiwi

On May 1st, 2022, NB65, one of the Anonymous affiliate hacktivist groups published a tweet in which it claimed to have gained access to Qiwi’s databases for operation OpRussia. For your information, QIWI plc is a Russian giant that provides payment and financial services in Russia and Commonwealth of Independent States (CIS) countries. It is worth noting that NB65 is the same group that had hacked Russian state-run television and radio broadcaster VGTRK aka All-Russia State Television and Radio Broadcasting Company in April 2022 and leaked 786GB worth of data online. As for the attack on Qiwi, NB65 also tweeted that it managed to extract 10.5TB of data comprising 30 million payment records and filtered 12.5 million credit cards of Qiwi customers. The group also posted a statement revealing that the attack was aimed at disrupting the Russian financial system.


Ransomware plows through farm machinery giant AGCO

US agricultural machinery maker AGCO is the latest high-profile organization to fall victim to ransomware, which it says affects operations at some of its worldwide production facilities. The move may impede the delivery of machinery such as tractors, which is unfortunate timing as the planting season for summer crops is underway. AGCO put out a short statement on its website disclosing the ransomware attack, and confirmed it continues to impact some of production facilities. The company is currently investigating the extent of the attack, but expects business operations would be adversely affected for at least several days. Resuming full operations across all services might take longer depending upon how quickly AGCO is able to repair system, hinting at the seriousness of the attack and potential measures to control the spread. AGCO said it would provide updates as the situation progresses.


AT&T Now Using Device GPS Location for 911 Call Routing

AT&T today announced the launch of a new location-based routing system for emergency calls in the United States, with the system designed to transmit wireless 911 calls to the appropriate 911 call centers based on a device’s GPS location. According to AT&T, this is the first-ever nationwide location-based routing initiative, which it is launching in partnership with Intrado. AT&T says that the “Locate Before Route” feature will allow AT&T to identify where a 911 call is coming from within 50 meters of a device’s location. The GPS-based routing is an improvement over prior 911 call routing that relied on the location of cell towers, which can cover up to a 10-mile radius, resulting in slower emergency response times. With calls directed to the appropriate 911 call centers, first responders can get to the correct location more quickly.


Google Drive emerges as top app for malware downloads

Netskope published a research which found that phishing downloads saw a sharp increase of 450% over the past 12 months, fueled by attackers using search engine optimization (SEO) techniques to improve the ranking of malicious PDF files on popular search engines, including Google and Bing. The top web referrer categories contained some categories traditionally associated with malware, particularly shareware/freeware, but were dominated by more unconventional categories. The ascension of the use of search engines to deliver malware over the past 12 months provides insight into how adept some attackers have become at SEO. Malware downloads referred by search engines were predominantly malicious PDF files, including many malicious fake CAPTCHAs that redirected users to phishing, spam, scam, and malware websites.


Yahoo Japan strives for universal passwordless authentication

Yahoo Japan has revealed that it plans to go passwordless, and that 30 million of its 50 million monthly active users have already stopped using passwords in favor of a combination of FIDO and TXT messages. A case study penned by staff from Yahoo Japan and Google’s developer team, explains that the company started work on passwordless initiatives in 2015 but now plans to go all-in because half of its users employ the same password on six or more sites. The web giant also sees phishing as a significant threat, and has found that a third of customer inquiries relate to lost credentials. “From a security perspective, eliminating passwords from the user authentication process reduces the damage from list-based attacks, and from a usability perspective, providing an authentication method that does not rely on remembering passwords prevents situations where a user is unable to login because they forgot their password,” the case study states.

Related Posts