AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/31/2023

The Sobering Truth About Ransomware—For The 80% Who Paid Up 

Newly published research of 1,200 organizations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom. According to research from data resilience specialists Veeam, some 80% of the organizations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber attack and recover otherwise lost data. This despite 41% of those organizations having a “do not pay” policy in place. Which only goes to reinforce the cold hard fact that cybercrime isn’t an easy landscape to navigate, something that’s especially true when your business is facing the real-world impact of dealing with a ransomware attack. 


Worst cyberattack in Greece disrupts high school exams, causes political spat 

Greece’s Education Ministry says it has been targeted in a cyberattack described as the most extensive in the country’s history, aimed at disabling a centralized high school examination platform. It said the distributed denial of service, or DDoS, attacks aimed at overwhelming the platform occurred for a second consecutive day Tuesday. The attack involved computers from 114 countries, causing outages and delays in high school exams but failing to cripple the system, the ministry said. 


Predator malware might be worse than previously thought 

Predator, the commercial Android malware developed by a company called Intellexa, might be worse than previously thought, as new research argues the tool has a lot of previously unknown functionalities. Cybersecurity researchers from Cisco Talos recently published a thorough analysis of Predator and its loader Alien. As per the analysis, it was concluded that Alien is more than just a loader for Android and that by working in unison with Predator, allows for all kinds of intelligence gathering. “When used together, these components provide a variety of information stealing, surveillance and remote-access capabilities,” the researchers said.  


Section 702 data led to State Department warnings about North Korean IT scams, official says 

A controversial surveillance authority played a vital role in State Department’s ability to learn about and warn international partners and U.S. businesses about North Korea’s efforts to commit digital fraud to fund its nuclear program, a senior state department official said Tuesday. The revelation about the 2022 scheme comes as the State Department joins the intelligence community, the Justice Department, and the White House in pushing for Congress to renew Section 702 of the Foreign Intelligence Surveillance Act before its sunset at the end of this year. 


SimpleTire Database Leak: Over 2.8 Million Records Exposed 

On May 29th, 2023, security researcher Jeremiah Fowler made a concerning discovery: a non-password-protected database belonging to the e-commerce company SimpleTire, which could be accessed by anyone with an internet connection. Despite Fowler’s efforts to responsibly disclose the issue, he received no response from the company. Shockingly, the database remained accessible for over three weeks after its initial discovery, raising serious concerns about the company’s data security practices. It is worth noting that Fowler is the same cybersecurity researcher who recently reported on how SuperVPN, a free VPN service, leaked a whopping 360 million user records on the internet. 


Human-Assisted CAPTCHA-Cracking Services Supercharge Shopper Bots 

The cyber-underground menu of criminal services now includes on-demand, human-assisted CAPTCHA-breaking functionality, researchers are warning — meaning that website admins should look to implement additional anti-bot protections as a result. CAPTCHAs are familiar to most Internet users as challenges that are used to confirm that they’re human. The Turing test-adjacent puzzles usually involve typing in a word presented visually as blurred or distorted text, for instance, or clicking all photos in a grid that contain a certain object. The idea is to weed out bots on e-commerce and online account sites. 


Discord Admins Hacked by Malicious Bookmarks 

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. According to interviews with victims, several of the attacks began with an interview request from someone posing as a reporter for a crypto-focused news outlet online. Those who take the bait are sent a link to a Discord server that appears to be the official Discord of the crypto news site, where they are asked to complete a verification step to validate their identity. 

News Nuggets will be back on Monday, June 19th. 

Related Posts