AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/12/2022

FBI, CISA, and NSA warn of hackers increasingly targeting MSPs

Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they’re increasingly targeted by supply chain attacks. Multiple cybersecurity and law enforcement agencies from FVEY countries (NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, and the FBI) shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats. “The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships,” the joint advisory reads.

 

Ransomware has gone down because sanctions against Russia are making life harder for attackers

The number of ransomware attacks has gone down in recent months because sanctions against Russia are making it harder for cyber criminals to organise attacks and receive ransom payments, Rob Joyce, director of cybersecurity at the National Security Agency (NSA), has revealed. Ransomware attacks have long been a major cybersecurity issue for organisations around the world, affecting computer networks running critical infrastructure, hospitals, businesses and more. Some of the most significant ransomware events of the past year have hit targets in the United States, including the Colonial Pipeline ransomware attack, which restricted gas supplies for large parts of the country – and resulted in a ransom payment of millions of dollars being paid to cyber criminals.

 

Personal details of 21M SuperVPN, GeckoVPN users leaked on Telegram

On May 7th, 2022, a database containing the personal details and login credentials of 21 million users was leaked in a Telegram group, Hackread.com has learned. What’s noteworthy is that the dump also exposed the data of VPN users including popular VPNs like SuperVPN, GeckoVPN, and ChatVPN. The database was previously put up for sale on the Dark Web last year, but currently, it is available on Telegram for free. Further probe indicated that the leaked passwords were random, hashed, or salted without collision, therefore each was different and much more difficult to crack. A majority of the email IDs, about 99.5%, were Gmail accounts. But, researchers at vpnMentor believe that the dumped data is only a subset of the full dump.

 

One Year Later: A Hacker’s View on the Cybersecurity Executive Order

When the Colonial Pipeline ransomware attack took place last year, consumers were cut off from fuel, prices jumped, and some mild panic ensued. This was one of the first cyber-attacks that showed consumers—and the industry—that we’re more interconnected than we realized to the consequences of digital crimes. Timing is everything. The Colonial Pipeline attack helped pave the way for radical change in the federal government’s approach to cybersecurity. And that’s exactly what the U.S. government is doing with a full year of dynamic stakeholder engagement on various aspects of the Executive Order 14028 Improving the Nation’s Cybersecurity, that will change the status quo of how industry and government become more resilient. 

 

Russian cyber experts restore RuTube access after three-day outage

Access to Russian video-hosting site RuTube was restored on Wednesday after a three-day outage, following a cyberattack that had demanded the attention of expert cybersecurity teams and called the service’s durability into question. Moscow has long sought to improve its domestic internet infrastructure, even disconnecting itself from the global internet during tests last summer, but the need to strengthen its technology solutions has become more pressing since the West started imposing unprecedented sanctions against Russia over the conflict in Ukraine.

 

Trustpilot Forced to Delete Millions of Fake Reviews in 2021

A leading internet reviews site was forced to pull 2.7 million entries submitted to its platform in 2021 because of fraud, a 23% increase compared to 2020. The figures come from Trustpilot’s latest Transparency Report. It’s unclear what factors accounted for the surge in takedowns: more reviews being published last year, more fraud on the site or more accurate detection. The actual percentage of detected fake reviews increased only slightly, from 5.7% to 5.8% of the annual total since the firm first started publishing figures in 2020. However, the number of reviews left on the site surged 21% over the period to a record 46.7 million. Trustpilot said 1.8 million of these takedowns were due to detections from its own technology, a 19% increase from the previous year. It also issued 121,048 warnings in 2021, a threefold increase compared to 2020.

 

Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones

Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome. “When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number,” Google’s Jen Fitzpatrick said in a statement. The goal, the search giant, said to keep payment information safe and secure during online shopping and protect users from skimming attacks wherein threat actors inject malicious JavaScript code to plunder credit card numbers and sell them on the black market.

Related Posts