AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/21/2021

1 – Toyota rear-ended by twin cyber attacks that left ransomware-shaped dents

Toyota has admitted to a pair of cyber-attacks. The first hit the European operations of its subsidiary Daihatsu Diesel Company, a Toyota-owned company entity that designs engines. In a statement [PDF] dated May 16th, Daihatsu said it “experienced a problem in accessing its file server in the internal system on 14 May 2021.” “After a brief investigation, a cyber-attack by an unauthorized access from a third party was confirmed as a cause of this issue,” the statement adds. Daihatsu stopped whatever it was spreading to other offices, kicked off an investigation and promised an update. None has been forthcoming at the time of writing. Numerous Japanese outlets, meanwhile, are reporting that Toyota subsidiary Auto Parts Manufacturing Mississippi has revealed a ransomware attack. The reports say that some financial and customer data was exfiltrated and exposed, a tactic that ransomware purveyors use to gain leverage for their financial demands. Auto Parts Manufacturing Mississippi has not paid and was not disrupted, the reports say.


2 – What is iCloud Keychain? Apple’s password manager for iPhone and Mac explained

iCloud Keychain is Apple’s native password manager that is supported across iPhone, iPad, iPod and Mac devices.  It allows you to keep your website and app passwords, along with credit card information, Wi-Fi network information and other account information up to date across all Apple devices approved and associated with your Apple ID. It can also keep the accounts you use in Mail, Contacts, Calendar and Messages up to date. To use Apple iCloud Keychain, an Apple device needs to be running iOS 8.4.1 or later, iPadOS 13 or later and MacOS X 10.10.5 or later.


3 – Apple CEO Tim Cook to testify in court Friday, Epic Games trial almost over

Cook will likely face questions from Epic Games’ lawyers regarding the iPhone, iOS, Apple’s 30% commission, privacy, security, cloud gaming, and more. Earlier this week it emerged that Cook had been practicing for his appearance, spending hours with former prosecutors to simulate the courtroom. From that report: Apple’s Tim Cook will take the stand in the Epic Games trial later this week or early next, with the notoriously well-prepared CEO said to be undergoing hours of practice so he’s ready. According to The Wall Street Journal, Cook has former prosecutors grilling him as part of the practice rounds, all with the aim of trying to simulate what Cook will have to deal with when he takes the stand. Apple’s Craig Federighi and Phil Schiller have already testified this week. Phil Schiller revealed Apple’s Small Business Program dated back to 2016, and that Apple spends $50 million hosting WWDC.


4 – SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern

SolarWinds saw signs of hackers invading their networks as early as January of 2019, about eight months earlier than the previously publicly disclosed timeline for the sweeping cyber-espionage campaign, and nearly two years before anyone discovered the breach. SolarWinds CEO Sudhakar Ramakrishna said in an appearance at the 2021 RSA Conference that while the federal contractor had once estimated the hackers’ first suspicious activity at around September or October of 2019, the company has “recently” learned that the attackers may have in fact “been in our environment” much earlier. “As we look back, they were doing very early [reconnaissance] activities in January of 2019,” he said.


5 – E-commerce giant suffers major data breach in Codecov incident

E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack. Mercari is a Japanese public company and an online marketplace that has recently expanded its operations to the United States and United Kingdom. The Mercari app has scored over 100 million downloads worldwide as of 2017, and the company is the first in Japan to reach unicorn status. As earlier reported by BleepingComputer last month, popular code coverage tool Codecov had been a victim of a supply-chain attack that lasted for two months. During this two-month period, threat actors had modified the legitimate Codecov Bash Uploader tool to exfiltrate environment variables (containing sensitive information such as keys, tokens, and credentials) from Codecov customers’ CI/CD environments.


6 – DarkSide affiliates claim gang’s bitcoins in deposit on hacker forum

Since the DarkSide ransomware operation shut down a week ago, multiple affiliates have complained about not getting paid for past services and issued a claim for bitcoins in escrow at a hacker forum. Russian-language cybercriminal communities typically have an escrow system to avoid scams between sellers and buyers. For ransomware operations, the deposit is a clear statement that they mean big business. To gain the trust of potential partners and expand the operation, DarkSide deposited 22 bitcoins on the popular hacker forum XSS. The wallet is managed by the site’s administrator, which in this case acts as a guarantor for the gang and an arbitrator if a dispute occurs. DarkSide’s dissolving of the ransomware-as-a-service (RaaS) operation was abrupt and clearly left some unfinished business. Five partners have complained that the operators owed them money from paid ransoms or from hacking services.

Related Posts