AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/13/2022

DEA Investigating Breach of Law Enforcement Data Portal

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. On May 8, KrebsOnSecurity received a tip that hackers obtained a username and password for an authorized user of esp.usdoj.gov, which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA.


The rise of double extortion ransomware

Back in November 2019, the Maze ransomware strain emerged as the first high-profile case of double extortion ransomware. The gang – famed for its attacks on Cognizant, Canon, and Xerox in recent years – hit Allied Universal, a California-based security services firm, which refused to pay the group’s ransom demand of 300 Bitcoins (approximately $2.3 million at the time). This saw the Maze hackers increase the ransom request by 50%, publish 10% of the information they exfiltrated, and threaten to use data stolen from Allied Universal in a spam operation. The now-defunct ransomware group gave Allied Universal two weeks to pay up or have the remaining 90% of their stolen data exposed online. 


To predict the targets of Chinese malware, look at the target of Chinese laws

Keep an eye on new Chinese government policies, if you want to anticipate malware attacks, a threat intelligence analyst suggested at the Black Hat Asia conference on Thursday. In a presentation about an emerging China-nexus modular trojan named “Pangolin8RAT”, Taiwan-based cybersecurity firm TeamT5’s Silvia Yeh noted that attacks on online gambling operators occurred around the same time that China announced action against such outfits. While Yeh said the timing could be coincidental – attacks on gambling and online gaming companies are not exactly new – Pangolin8RAT appears to be a weapon of choice for Chinese state-sponsored cyber operations.


Massive WordPress JavaScript Injection Campaign Redirects to Ads

Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with the intention of generating illegitimate traffic. As outlined in our latest hacked website report, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into compromised WordPress websites. This campaign leverages known vulnerabilities in WordPress themes and plugins and has impacted an enormous number of websites over the year — for example, according to PublicWWW, the April wave for this campaign was responsible for nearly 6,000 infected websites alone. Since these PublicWWW results only show detections for simple script injections, we can assume that the scope is significantly larger.


10 reasons why we fall for scams

Sometimes you need to say things that go without saying: The internet has revolutionized our lives, changing the way we work, learn, entertain ourselves and interact with each other. The benefits of our wired world are manifold, but so are the risks – including the risk of falling victim to a scam. Fraud has, of course, existed in various shapes and sizes for many, many years. However, the internet has given new life even to age-old schemes, vastly expanding the opportunities, and especially the number of potential targets, for scammers. What’s more, scams are growing in sophistication and none of us is immune to any of the various flavors of online schemes that have proven their staying power. The more venues we use to enjoy the advantages of the internet, the more opportunities for fraudsters to explore and exploit, be it for inheritance scams, various types of shopping cons, bogus job offers, fake sweepstakes and lotteries, and even dating fraud, to name just some of the most common scams doing the rounds.


Eye Care Leaders Hack Impacts Tens of Thousands of Patients

Unauthorized individuals have gained access to the systems of Eye Care Leaders, a provider of electronic health records and patient management software solutions for eye care practices. On or around December 4, 2021, hackers gained access to its myCare Identity solution and deleted databases, systems configuration files, and data. Eye Care Leaders said its incident response team immediately stopped the unauthorized activity when the breach was detected and launched an investigation into the security breach. The investigation is ongoing, but notifications have now been sent to affected ophthalmology and optometry practices. While the investigation has not uncovered evidence to suggest the attackers viewed or exfiltrated sensitive data, the possibility of unauthorized data access and theft could not be ruled out.


As U.S. blames Russia for KA-SAT hack, Starlink sees growing threat

Elon Musk says Russian hackers are increasing efforts to take down SpaceX’s Starlink broadband service amid the war in Ukraine. “Starlink has resisted Russian cyberwar jamming and hacking attempts so far, but they’re ramping up their efforts,” Musk tweeted May 10.  Earlier that day, the United States formally blamed Russia for a late February cyberattack on Viasat’s KA-SAT satellite internet network. “Today, in support of the European Union and other partners, the United States is sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries,” U.S. Secretary of State Antony J. Blinken said in a May 10 press statement.

Related Posts