AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/24/2022

Why it’s hard to sanction ransomware groups

On February 25, the day after Russia invaded Ukraine, a prolific ransomware gang called Conti made a proclamation on its dark website. It was an unusually political statement for a cybercrime organization: Conti pledged its “full support of Russian government” and said it would use “all possible resources to strike back at the critical infrastructures” of Russia’s opponents. Perhaps sensing that such a public alliance with the regime of Russian President Vladimir Putin could cause problems, Conti tempered its declaration later that day. “We do not ally with any government and we condemn the ongoing war,” it wrote in a follow-up statement that nonetheless vowed retaliation against the United States if it used cyberwarfare to target “any Russian-speaking region of the world.”


Multiple Governments Buying Android Zero-Days for Spying: Google

At least eight governments around the world have purchased a package of Android zero-day exploits from a company called Cytrox and are using them to install spyware on targets’ mobile phones. The development highlights the sophistication of off-the-shelf surveillance offerings, according to a recent report. Google’s Threat Analysis Group (TAG) said that by taking advantage of the time difference that keep some systems from being updated for hours after patches were released, the Cytrox exploits allowed governments to target Android users with malware to record audio, add CA certificates, and hide apps, Google’s TAG said.


ICO Fines Clearview AI £7.5m for Collecting UK Citizens’ Data

The UK’s Information Commissioner’s Office (ICO) has fined facial recognition database firm Clearview AI £7.5m for breaching UK data protection rules. This represents a huge reduction on the £17m fine the ICO initially said it planned to issue US-based Clearview AI in November 2021. This followed a joint investigation conducted in accordance with the Australian Privacy Act and the UK Data Protection Act 2018. The company has been penalized for creating an online database by collecting over 20 billion images of people’s faces and data from publicly available information sources on the internet and social media. It failed to inform any of these individuals that their images were being collected or used in this way. In addition to the fine, the ICO has issued an enforcement notice ordering Clearview AI to stop obtaining and using the personal data of UK residents that is publicly available on the internet. It must also delete existing data of UK residents from its systems.


DC Sues Zuckerberg Over Cambridge Analytica Privacy Breach

The District of Columbia on Monday sued Meta chief Mark Zuckerberg, seeking to hold him personally liable for the Cambridge Analytica scandal, a privacy breach of millions of Facebook users’ personal data that became a major corporate and political scandal. D.C. Attorney General Karl Racine filed the civil lawsuit against Zuckerberg in D.C. Superior Court. The lawsuit maintains that Zuckerberg directly participated in important company decisions and was aware of the potential dangers of sharing users’ data, such as occurred in the case involving data-mining firm Cambridge Analytica. Cambridge Analytica gathered details on as many as 87 million Facebook users without their permission. Their data is alleged to have been used to manipulate the 2016 presidential election.


Blockchain Tech Could Literally Go to the Moon With Lockheed Martin

Crypto boosters have long claimed to be going to the moon, but it appears the blockchain technology will soon actually reach space. Lockheed Martin on Monday announced plans to host a decentralized storage network in space, as it hopes to build infrastructure that can sustain life in space. To work towards that lofty goal, the aerospace and defence giant will harness what’s aptly called the InterPlanetary File System (IPFS), which was created in 2015. It’s “decentralized” storage because instead of serverfarms, like those run by Amazon or Google, files are stored by users around the world. It’s developed by Protocol Labs, which also created the Filecoin cryptocurrency that’s rewarded to those who create IPFS “nodes” and host files there.


Nation-state malware could become a commodity on dark web soon, Interpol warns

In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non state actors represents a serious risk for critical infrastructure and organizations worldwide. Threat actors could perform reverse engineering of military-made malicious code and use their own versions in attacks in the wild. The scenario also opens the doors to false flag operations, nation-state actors could have access to cyber weapons used in the conflict and use them in attacks in the wild making the attribution impossible. “That is a major concern in the physical world — weapons that are used on the battlefield and tomorrow will be used by organized crime groups,” said Jurgen Stock, the Interpol secretary general during a CNBC-moderated panel at the World Economic Forum in Davos, Switzerland, Monday.

Related Posts