AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/18/2022

Ransomware gang threatens to overthrow Costa Rica government

A ransomware gang that infiltrated some Costa Rican government computer systems has upped its threat, saying its goal is now to overthrow the government. Perhaps seizing on the fact that President Rodrigo Chaves had only been in office for a week, the Russian-speaking Conti gang tried to increase the pressure to pay a ransom by raising its demand to $20 million. Chaves suggested Monday in a news conference that the attack was coming from inside as well as outside Costa Rica. “We are at war and that’s not an exaggeration,” Chaves said. He said officials were battling a national terrorist group that had collaborators inside Costa Rica.

 

U.S. Warns Against North Korean Hackers Posing as IT Freelancers

Highly skilled software and mobile app developers from the Democratic People’s Republic of Korea (DPRK) are posing as “non-DPRK nationals” in hopes of landing freelance employment in an attempt to enable the regime’s malicious cyber intrusions. That’s according to a joint advisory from the U.S. Department of State, the Department of the Treasury, and the Federal Bureau of Investigation (FBI) issued on Monday. Targets include financial, health, social media, sports, entertainment, and lifestyle-focused companies located in North America, Europe, and East Asia, with most of the dispatched workers situated in China, Russia, Africa, and Southeast Asia. The goal, the U.S. agencies warn, is to generate a constant stream of revenue that sidesteps international sanctions imposed on the nation and help serve its economic and security priorities, including the development of nuclear and ballistic missiles.

 

State of internet crime in Q1 2022: Bot traffic on the rise, and more

The fraud industry, in some respects, grew in the first quarter of the year, with crooks putting more human resources into some attacks while increasingly relying on bots to carry out things like credential stuffing and fake account creation. That’s according to Arkose Labs, which claimed in its latest State of Fraud and Account Security report that one in four online accounts created in Q1 2022 were fake and used for fraud, scams, and the like. The biz, which touts device and network defense software, said it came to this conclusion after analyzing “billions of sessions … across our global network” during the first three months of the year. These sessions apparently spanned account registrations, logins, and interactions with financial, ecommerce, travel, social media, gaming, and entertainment services. Take all these numbers with a grain of salt as ultimately Arkose wants you to buy its stuff to prevent all this kind of crime.

 

When Your Smart ID Card Reader Comes With Malware

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example. KrebsOnSecurity recently heard from a reader — we’ll call him “Mark” because he wasn’t authorized to speak to the press — who works in IT for a major government defense contractor and was issued a Personal Identity Verification (PIV) government smart card designed for civilian employees. Not having a smart card reader at home and lacking any obvious guidance from his co-workers on how to get one, Mark opted to purchase a $15 reader from Amazon that said it was made to handle U.S. government smart cards.

 

Singapore sets up cybersecurity assessment, certification centre

Singapore has set up a facility to assess and certify systems for their cybersecurity robustness. Manufacturers and developers will be able to have their products tested and certified at the new centre, through which the government hopes to drive the testing, inspection, and certification (TIC) sector for cybersecurity. The SG$19.5 million ($13.99 million) National Integrated Centre for Evaluation (NICE) will facilitate vulnerability assessment of software and hardware products, physical hardware attacks, and security measures, said Cyber Security Agency of Singapore (CSA) and Nanyang Technological University (NTU), which jointly launched the facility on Wednesday.  They noted that access to security evaluation facilities were difficult, due largely to high equipment cost and deep expertise typically required to carry out cybersecurity evaluation, at the highest assurance levels. 

 

Your social media account hasn’t been hacked, it’s been cloned!

A recent Facebook post from a family member made me realize that I needed to write about an overused term. A term, that when used, causes chaos and concern. I don’t blame the family member for using it, I’ve seen it used hundreds of times over the past few years and I’ve seen IT and cybersecurity professionals respond without correcting, even, on occasion, offering bad advice. So, what is the term? Hacked. We all know what it means when we hear that a website was hacked or a company was hacked. Depending on the context, synonyms could be defaced (although that seems less common these days) or breached. At the end of the day, however, the term “hacked” is completely valid and used correctly in those situations. So, when is it used incorrectly? When it is used to describe a fake social media profile. Here’s the situation, one that we’ve all seen dozens of times. “Don’t open messages from me, I’ve been hacked!” or “Don’t open messages from <insert person here>, they’ve been hacked!” 

Related Posts