AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/13/2021

1 – US Questions Whether Businesses Should Pay Cyberattack Ransom

In the wake of a situation last weekend in which a group of hackers shut down a U.S. oil pipeline, the White House is thinking about whether there’s merit to making ransom payments to cyberattackers, the Financial Times (FT) reported. The oil pipeline situation highlighted a serious threat to critical infrastructure, according to FT. The FBI has long been opposed to making ransom payments to attackers saying that doing so would only encourage more ransomware attacks, FT reported. Hackers could be inspired to commit more crimes and take control of data or computer servers in order to elicit ransom money if the government gives in. “Victims of cyberattacks often face a very difficult situation, and they have to just balance … the cost-benefit when they have no choice with regard to paying a ransom,” said Anne Neuberger, U.S. deputy national security advisor for Cyber and Emerging Technologies, per FT. “That is why, given the rise in ransomware and given, frankly, the troubling trend we see often targeting companies who have insurance and may be rich targets, that we need to look thoughtfully at this area.”


2 – Tech Audit of Colonial Pipeline Found ‘Glaring’ Problems

An outside audit three years ago of the major East Coast pipeline company hit by a cyberattack found “atrocious” information management practices and “a patchwork of poorly connected and secured systems,” its author told The Associated Press. “We found glaring deficiencies and big problems,” said Robert F. Smallwood, whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. “I mean an eighth-grader could have hacked into that system.” How far the company, Colonial Pipeline, went to address the vulnerabilities isn’t clear. Colonial said Wednesday that since 2017, it has hired four independent firms for cybersecurity risk assessments and increased its overall IT spending by more than 50%. While it did not specify an amount, it said it has spent tens of millions of dollars.


3 – A security researcher found Wi-Fi vulnerabilities that have existed since the beginning

The security researcher who discovered the Krack Wi-Fi vulnerability has discovered a slew of other flaws with the wireless protocol most of us use to power our online lives (via Gizmodo). The vulnerabilities relate to how Wi-Fi handles large chunks of data, with some being related to the Wi-Fi standard itself, and some being related to how it’s implemented by device manufacturers. The researcher, Mathy Vanhoef, calls the collection of vulnerabilities “FragAttacks,” with the name being a mashup of “fragmentation” and “aggregation.” He also says the vulnerabilities could be exploited by hackers, allowing them to intercept sensitive data, or show users fake websites, even if they’re using Wi-Fi networks secured with WPA2 or even WPA3. They could also theoretically exploit other devices on your home network.


4 – Fake Android, iOS apps promise lucrative investments while stealing your money

Researchers have discovered hundreds of malicious mobile apps that are exploiting interest in cryptocurrency and stocks to steal from victims. Sophos researchers said on Wednesday that a tip-off relating to a fake mobile trading app led to the discovery of a server containing “hundreds” of malicious trading, banking, foreign exchange, and cryptocurrency apps designed for the Android and iOS platforms. Mobility has meant that stock trading and investment opportunities are now widely available and far more accessible than before. Rather than having your money managed by a particular fund or agency in return for a fee, users can now select their own investments with a single swipe. Social media has become a hotbed of pump-and-dump or “meme” stock chat and trading tips, and cryptocurrency, too, has become a popular topic of discussion for eager investors. 


5 – Colonial pipeline hackers claim breach of 3 more companies

The hacking group blamed for crippling a major U.S. pipeline company has claimed responsibility for breaking into three more companies on Wednesday, saying it was publishing hundreds of gigabytes of data from a Brazilian battery firm, a Chicago-based tech company, and a British engineering firm. Reuters was not immediately able to verify the claims. Messages seeking comment from the hackers DarkSide – sent via their website – were not immediately returned. The three companies were also not immediately available for comment. The affected pipeline operator, Colonial Pipeline, plans not to pay the ransom demanded by the hackers who encrypted their data, sources familiar with the company’s response told Reuters on Wednesday. Instead, the company is working closely with law enforcement and U.S. cybersecurity firm FireEye to mitigate the damage and restore operations.

Related Posts