AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/22/2023

Food distributor Sysco says cyberattack potentially leaked 125,000 Social Security numbers 

A cyberattack on Sysco, one of the world’s largest food distributors, gave hackers access to the sensitive personal information of more than 125,000 current and former employees. In documents filed with state regulators in Maine, the company said an incident in January leaked troves of sensitive employee information. Sysco has more than 71,000 current employees, operates in over 90 countries and reported sales of more than $68 billion in 2022. Hackers spent nearly three months in the company’s systems before IT teams discovered the incident. According to breach notification letters sent to 126,243 people across the U.S., the hackers first broke into Sysco’s systems on January 14 but were only discovered on March 5. 

 

Experts Warn of Voice Cloning-as-a-Service 

Security experts are warning of surging threat actor interest in voice cloning-as-a-service (VCaaS) offerings on the dark web, designed to streamline deepfake-based fraud. Recorded Future’s latest report, I Have No Mouth and I Must Do Crime, is based on threat intelligence analysis of chatter on the cybercrime underground. Deepfake audio technology can mimic the voice of a target to bypass multi-factor authentication, spread mis- and disinformation and enhance the effectiveness of social engineering in business email compromise (BEC)-style attacks, among other things. 

 

Phishing attacks already using the .zip TLD 

On May 3rd, Google Registry launched eight new top-level domains (TLDs) “for dads, grads and techies”, including a .zip TLD. While these new TLDs come with benefits such as automatic inclusion on the HSTS preload list, the launch of new TLDs has always presented cyber criminals with the opportunity to register domains in bad faithParts of the security community, such as the SANS ISC, have already identified the potential for fraud via the potential conflation of a universally known file extension (.zip) with a TLD. TLDs overlapping with file extensions is not a new problem: .com is also an executable format, .pl represents both Poland and Perl scripts, and .sh represents Saint Helena and Unix shell scripts. 

 

Luxottica confirms 2021 data breach after info of 70M leaks online 

Luxottica has confirmed one of its partners suffered a data breach in 2021 that exposed the personal information of 70 million customers after a database was posted this month for free on hacking forums. Luxottica is the world’s largest eyewear company, glasses, and prescription frames maker, and the owner of popular brands like Ray-Ban, Oakley, Chanel, Prada, Versace, Dolce and Gabbana, Burberry, Giorgio Armani, Michael Kors, and many other. The company also operates Eyemed, a vision insurance company in the US. In November 2022, a member of the now-defunct “Breached” hacker forum attempted to sell what he claimed to be a 2021 database containing 300 million records of personal information related to Luxottica customers in the United States and Canada. 

 

The government can’t seize your data — but it can buy it 

When the Biden administration proposed new protections earlier this month to prevent law enforcement from demanding reproductive healthcare data from companies, they took a critical first step in protecting our personal data. But there remains a different, serious gap in data privacy that Congress needs to address. While the Constitution prevents the government from compelling companies to turn over your sensitive data without due process, there are no laws or regulations stopping them from just buying it. And the U.S. government has been buying private data for years. 

 

Ukraine’s cyber chief on the ever-changing digital war with Russia 

Russian hackers have been attacking Ukraine for over a decade, but until the war began, cyberattacks still seemed like something out of a science fiction movie for ordinary Ukrainians. Many had to learn how to safeguard their hardware and their data. The agency responsible for raising awareness for cybersecurity in society, private businesses, and the government is called Derzhspetszvyazok, or the State Service of Special Communications and Information Protection of Ukraine (SSSCIP). Its chief, Yurii Shchyhol, faced the difficult task of explaining Russia’s digital threat to Ukrainians and the rest of the world. 

 

FIN7 returns with new ransomware attacks 

Anotorious financially motived cybercrime group known for targeting the U.S. retail, restaurant and hospitality sectors emerged from a two-year hiatus to carry out opportunistic ransomware attacks last month, researchers with Microsoft said late Thursday. The group — tracked widely as FIN7 but by Microsoft as Sangria Tempest (formerly ELBRUS) — had not been linked to a ransomware campaign since late 2021, Microsoft’s Threat Intelligence Center said in a series of Thursday-night tweets. But in recent attacks the group deployed the Cl0p ransomware variant against multiple unnamed targets, following on the group’s track record of using multiple ransomware strains in its attacks. 

Related Posts