AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/01/2021

1 – Cryptocurrency scam attack on Twitter reminds users to check their app connections

Are you doing enough to prevent scammers from hijacking your social media accounts? Even if you have chosen a strong, unique password for your online presence and enabled two-factor authentication it’s possible that you’ve overlooked another way in which online criminals could commandeer your social media accounts and spam out a message to your followers. That’s a lesson that internet entrepreneur Carl Pei, the co-founder of smartphone firm OnePlus, has hopefully learned after cryptocurrency scammers used his Twitter account to send a fraudulent message to his 330,000 followers this week. As Pei describes, hackers were able to post the message having compromised his IFTTT account. IFTTT (If This Then That) is a handy online platform that allows internet users to automate processes between a wide variety of apps, devices, and services.

 

2 – Lessons Learned from Telemetry Analysis of DarkSide Affiliate Exfiltration Operations

Providing an estimated 45% of refined petroleum products for the US East Coast, Colonial Pipeline Company (ColPipe) halted operations for approximately six days, significantly affecting fuel distribution on the East Coast. ColPipe first reported the stoppage as a precaution on 07 May 2021 due to a cyber attack on the Information Technology (IT) side of ColPipe’s networks. An affiliate of DarkSide, a Ransomware as a Service (RaaS) affiliate threat, was responsible for the incident. Dragos investigated this incident for potential Operational Technology (OT) impacts, but we did not find any. This blog post shares some of our findings related to the pre-encryption exfiltration operations of a DarkSide ransomware campaign. Some of the information discussed here, such as victims, is already public. What is new is how telemetry reveals network defense gaps against exfiltration and Command and Control (C2), and how it links multiple intrusions to a single adversary.

 

3 – Amazon devices will soon automatically share your Internet with neighbors

If you use Alexa, Echo, or any other Amazon device, you have only 10 days to opt out of an experiment that leaves your personal privacy and security hanging in the balance. On June 8, the merchant, Web host, and entertainment behemoth will automatically enroll the devices in Amazon Sidewalk. The new wireless mesh service will share a small slice of your Internet bandwidth with nearby neighbors who don’t have connectivity and help you to their bandwidth when you don’t have a connection. By default, Amazon devices including Alexa, Echo, Ring, security cams, outdoor lights, motion sensors, and Tile trackers will enroll in the system. And since only a tiny fraction of people take the time to change default settings, that means millions of people will be co-opted into the program whether they know anything about it or not. The Amazon webpage linked above says Sidewalk “is currently only available in the US.”

 

4 – JBS USA cyber attack affecting North American and Australian systems

United States-based food processing company JBS USA has confirmed falling victim to a cyber attack, with the aftermath affecting its North American and Australian systems. “On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” it said in a statement.  “The company took immediate action, suspending all affected systems, notifying authorities, and activating the company’s global network of IT professionals and third-party experts to resolve the situation.” JBS said its backup servers were not affected, and that it was actively working with an incident response firm to restore its systems “as soon as possible”. It also said it is currently not aware of any evidence to suggest customer, supplier, or employee data has been compromised or misused as a result of the attack.

 

5 – Google says it won’t build backdoors into its Privacy Sandbox for gathering user data

Google plans to ditch third-party cookies on Chrome next year — just like Apple’s Safari and Mozilla’s Firefox browser has done. To replace the cookies system, the company introduced a new product called Privacy Sandbox that will let advertisers gather some amount of data without compromising users’ data integrity. Last week, the company has assured that it won’t build any backdoors to this sandbox for its own apps. Jerry Dischler, the company’s VP for Ads, said at a virtual marketing event that the company’s own app won’t take any shortcuts: We’ll be using these APIs for our own ads and measurement products just like everyone else, and we will not build any backdoors for ourselves.

Related Posts