AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/09/2022

Microsoft seizes 41 domains tied to ‘Iranian phishing ring’

Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs. “Bohrium actors create fake social media profiles, often posing as recruiters,” said Amy Hogan-Burney, GM of Microsoft’s Digital Crimes Unit. “Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target’s computers with malware.”


RSA – Spot the real fake

At the RSA Conference 2022, the techno-geekery center of the security universe, the halls once more pulse with herds of real aching-feet attendees slurping up whatever promises to be the Next Big Thing. In case anyone feels the economy softening, you couldn’t tell it here. Basically no one is planning on spending less on security. But the landscape is morphing to creepy new levels. Following a session on deepfakes (which we’ve written about a while back), it’s easy to wonder how long until deepfakes as a service (DFaaS, pronounced “deface” I guess?) hits the pseudo-legit market in the form of very-difficult-to-detect account hacks you can rent. Let’s say you want to get into a jilted partner’s insurance policy and file a fake claim. Just assemble a combination of voice and video of “them” to convincingly trick a company into issuing a hefty payout for a car that never wrecked. They have that here.


Emotet malware now steals credit cards from Google Chrome users

The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. After stealing the credit card info (i.e., name, expiration month and year, card numbers), the malware will send it to command-and-control (C2) servers different than the ones the Emotet card stealer module. “On June 6th, Proofpoint observed a new #Emotet module being dropped by the E4 botnet,” the Proofpoint Threat Insights team revealed. “To our surprise it was a credit card stealer that was solely targeting the Chrome browser. Once card details were collected they were exfiltrated to different C2 servers than the module loader.”


Massive Facebook Messenger phishing operation generates millions

Researchers have uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements. The campaign operators used these stolen accounts to send further phishing messages to their friends, generating significant revenue via online advertising commissions. According to PIXM, a New York-based AI-focused cybersecurity firm, the campaign peaked in April-May 2022 but has been active since at least September 2021. PIXM was able to trace the threat actor and map the campaign due to one of the identified phishing pages hosting a link to a traffic monitoring app (whos.amung.us) that was publicly accessible without authentication.


White House Developing National Strategy to Increase Data Collection as Privacy Tech Improves

The U.S. government wants to collect, analyze and share more of Americans’ data, especially as new technologies and procedures offer the potential to do so without compromising citizens’ privacy, and is developing a national strategy to align policies and regulations with that goal. The Biden administration is developing a national strategy on “privacy-preserving data sharing and analytics,” according to a request for information on advancing privacy-enhancing technologies set to publish Thursday in the Federal Register. The pending strategy comes as governments and private sector companies continue to collect more data through users’ connected devices—computers, smartphones, televisions, vehicles and more—with few regulations on how that data is harvested, stored and shared (or sold).


Your Car Is Tracking You Just as Much as Your Smartphone Is—and Your Data Is at Risk

Most modern cars know their locations better than their owners do. As suites of connected-car apps become mainstream for both emergency functionality (such as General Motors’ OnStar) or for owner conveniences such as remote start or parking guidance, new vehicles are overflowing with data needed to support always-on connectivity. While most owner concerns (and popular attention) have been fixed on unallowed hacks into such systems by bad actors, there are still massive troves of automatically generated data open to anyone with the knowledge to access it, and even the “proper” use of this data can be a risk to consumers who seek privacy. Your home, your work, every trip you’ve taken no matter how private: it all can be seen by companies, countries, and individuals you’ve never given permission to follow your travels, and completely legally.

Related Posts