AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/07/2021

Colonial Pipeline Hackers Used Unprotected VPN to Access Network

The ransomware attack that took down the Colonial Pipeline and caused fuel shortages on the East Coast worked because of an unprotected Virtual Private Network (VPN). The criminal gang of hackers known as DarkSide who took responsibility for the attack gained access to the Pipeline’s system through an unprotected VPN account that had been set up to allow employees to access the company’s computer networks remotely, according to an interview Charles Carmakal, senior vice president at the security firm Mandiant gave to Bloomberg. He noted that the account was no longer in use by an employee, but was still active and accessible to the hackers. The password for the particular VPN account the hackers used, which has since been deactivated, has been found after the fact on the dark web in a batch of exposed passwords. So it could be that the Colonial employee had used the same password for multiple accounts and had been hacked before in another scenario, said Carmakal.


Breached companies facing higher interest rates and steeper collateral requirements

Companies are now being penalized financially by banks for data breaches, according to a new study from the American Accounting Association. In a new report, titled “Do Banks Price Firms’ Data Breaches?” the organization found that banks are punishing companies that lose customer financial account information or social security numbers through data breaches with substantially higher interest rates and steeper requirements for collateral and covenants. The researcher behind the report analyzed data on 1,081 bank loans to publicly traded companies from 2003 to 2016. Of the 1,081 bank loans, 587 went to companies that had dealt with a data breach and 494 went to companies that had not. 


U.S. to give ransomware hacks similar priority as terrorism

The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters. Internal guidance sent on Thursday to U.S. attorney’s offices across the country said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington. “It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, principle associate deputy attorney general at the Justice Department.


Ring will require video requests to be public in Neighbors app starting next week

Ring is adjusting how public agencies such as police and fire departments are able to request video clips from Ring camera owners in its Neighbors app. Starting next week, agencies will only be able to request clips be sent to them through public posts that are viewable in the app’s main feed; they will no longer be able to send individuals specific requests for clips. Ring says this new method provides greater transparency to what public agencies are requesting, as all requests will now be logged on the agency’s profile and reviewable by anyone using the app. Agencies will not be able to remove or delete the posts, according to Ring, though they can be marked as “resolved.” Ring says it limits video clips requests to “verified public safety agencies” and has a set of guidelines that agencies must abide by in order to be able to request footage.


Your guide to protecting your privacy online

The things we do throughout the course of our day give businesses access to information about our habits, tastes, and activities. Some might use it to deliver targeted ads to you, or to give you content based on your location, like stores nearby or the weather forecast. Others might sell or share that information. Whether you use a computer, tablet, or mobile phone to go online, there are things you can do to protect your privacy. Check out ftc.gov/yourprivacy, your guide to protecting your privacy online.


Live streams go down across Cox radio & TV stations in apparent ransomware attack

Live news programming on many Cox Media stations have been affected by an alleged ransomware attack, which saw TV and radio broadcasts disrupted.  A number of Cox Media-owned TV and radio stations were taken off air on Thursday, June 3, and many radio stations remain unavailable online. The Cox Media Group has not commented officially, but reports claim that the media conglomerate was targeted by ransomware.  According to media publication The Record, which regularly reports on ransomware attacks, the incident took out solely the Cox live streams. The company’s websites were otherwise unaffected.  “This morning we were told to shut down everything and log out our emails to ensure nothing spread,” an unnamed Cox employee told The Record. “According to my friends at affiliate stations, we shut things down in time to be safe and should be back up and running soon.”

Related Posts