AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/12/2021

1 – Amazon Fake Reviews Scam Exposed in Data Breach

The SafetyDetectives cybersecurity team uncovered an open ElasticSearch database exposing an organized fake reviews scam affecting Amazon. The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free products. In total, 13,124,962 of these records (or 7 GB of data) have been exposed in the breach, potentially implicating more than 200,000 people in unethical activities. While it is unclear who owns the database, the breach demonstrates the inner workings of a prevalent issue affecting the online retail industry.  The information found on the open ElasticSearch server outlines a common procedure by which Amazon vendors procure ‘fake reviews’ for their products.


2 – WhatsApp will gradually stop working if you don’t agree to its new privacy policy

With its controversial privacy policy slated to go into effect this weekend, WhatsApp says it won’t delete or deactivate the accounts of individuals who don’t want to share their information with Facebook. “No one will have their accounts deleted or lose functionality of WhatsApp on May 15th because of this update,” the company says in a support article spotted by Bleeping Computer. Instead, WhatsApp plans to progressively limit the functionality holdouts can access until they accept the new privacy policy. If that applies to you, you’ll have the chance to continue using WhatsApp as usual for “several weeks.” Eventually, however, WhatsApp will start sending you persistent notifications to accept its updated privacy policy. “At that time, you’ll encounter limited functionality on WhatsApp until you accept the updates,” the company says.


3 – DHS launches warning system to find domestic terrorism threats on public social media

The Department of Homeland Security has begun implementing a strategy to gather and analyze intelligence about security threats from public social media posts, DHS officials said. The goal is to build a warning system to detect the sort of posts that appeared to predict an attack on the U.S. Capitol on Jan. 6 but were missed or ignored by law enforcement and intelligence agencies, the officials said. The focus is not on the identity of the posters but rather on gleaning insights about potential security threats based on emerging narratives and grievances. So far, DHS is using human beings, not computer algorithms, to make sense of the data, the officials said.


4 – Don’t Make Headlines Over an Insider Incident: Lessons From the Frontlines

On the path to becoming more cyber secure, organizations across the globe spend an estimated $60 billion per year to defend their assets, recruit talent and work to prevent and respond to cyberattacks. Moreover, security spending is expected to rise another 10% in 2021. But while much of an organization’s security focus and spending is dedicated to thwarting attacks that come from outside of the company, often overlooked are insider threats: threats that come from within the organization. Insider threats are generally defined as legitimate users who have some level of access to enterprise assets and who leverage that access, either maliciously or accidentally, in a way that can harm the organization. This threat can come from a current or former employee or from a third-party contractor or vendor who maintains access to serve a designated business function.


5 – NSA offers advice: connecting OT to the rest of the net can lead to “indefensible levels of risk”

The US Defense Department and third-party military contractors are being advised to strengthen the security of their operational technology (OT) in the wake of security breaches, such as the SolarWinds supply chain attack. The guidance comes from the NSA, which this week has issued a cybersecurity advisory entitled “Stop Malicious Cyber Activity Against Connected Operational Technology” In its advisory, the NSA describes how organizations should evaluate the risks against OT – such as Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) – and make changes to “realistically monitor and detect malicious activity.” According to the NSA, if the pros and cons of connecting OT networks and control systems to traditional IT networks and the public internet are not properly reassessed, there is a danger that organizations will be placing themselves in “indefensible levels of risk.”


6 – A Closer Look at the DarkSide Ransomware Gang

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Here’s a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. victim that earns $15 billion in annual revenue.  New York City-based cyber intelligence firm Flashpoint said its analysts assess with a moderate-strong degree of confidence that the attack was not intended to damage national infrastructure and was simply associated with a target which had the finances to support a large payment. “This would be consistent with DarkSide’s earlier activities, which included several ‘big game hunting’ attacks, whereby attackers target an organization that likely possesses the financial means to pay the ransom demanded by the attackers,” Flashpoint observed. In response to public attention to the Colonial Pipeline attack, the DarkSide group sought to play down fears about widespread infrastructure attacks going forward.


7 – This one change could protect your systems from attack. So why don’t more companies do it?

If there’s one thing an organization should do to protect its network from cyber attacks, it’s turn on automatic updates for security patches so cyber criminals and other malicious hackers can’t exploit vulnerabilities which have already been fixed. The advice comes from the UK’s National Cyber Security Centre – the cyber arm of GCHQ – which recommends applying security patches as soon as they’re available as one of the simplest things an organization can do to prevent intruders entering their networks. “Patching is now so much easier and so much less risky than it was when we first started doing this stuff. If there’s one thing that anyone out there wants to take away, turn on automatic updates, please – even if you’re an enterprise, turn on automatic updates.”

Related Posts