AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/11/2021

How to Protect Seniors Against Cybercrimes and Scams

Many of the crimes that occur in real life happen on the internet too. Credit card fraud, identity theft, embezzlement, and more, all can be and are being done online. Seniors and the elderly are often targeted for these cybercrimes. They tend to be more trusting than younger people and usually have better credit, and more wealth. This makes them more attractive to scammers. Seniors are considered easy targets by criminals because they might not know how to report cybercrimes against them. In some cases, seniors can experience shame and guilt over the scam. They may also fear that their families will lose trust in their ability to continue to manage their own finances.

 

The Business of Extortion: How Ransomware Makes Money

We can’t stop talking about it: Ransomware. It’s dominating a lot of security news for sure, which also means it’s definitely in the media cycle and on everyone’s mind. Ransomware groups have recently upped the ante with their attacks with adaptations of various tactics, techniques, and procedures (TTP) in the threat landscape. As if it weren’t enough to worry about the threat of having your data encrypted and held for ransom, groups these days are offering the additional threats of Distributed-Denials-of-Service (DDoS) and data disclosure to their arsenal. Several of these ideas have been around for a while, but with all of the recent upheavals in the ransomware market, many of these tactics have been adopted, dropped, and renewed by some fairly notorious groups to ensure that one way or another, payment will be made.  Many blogs, articles, and researchers keep talking about things like “double-extortion” or other terms you might’ve been afraid to ask about when we talk about ransomware in 2021. We want to shed light on what’s going on now as a “back-to-basics” on how attacks work and some of the history behind them.

 

Computer memory maker ADATA hit by Ragnar Locker ransomware

Taiwan-based leading memory and storage manufacturer ADATA says that a ransomware attack forced it to take systems offline after hitting its network in late May. ADATA manufactures high-performance DRAM memory modules, NAND Flash memory cards, and other products, including mobile accessories, gaming products, electric power trains, and industrial solutions. The company was ranked as the second-largest DRAM memory and solid-state drives (SSD) maker in 2018. The Taiwanese memory manufacturer took down all impacted systems after detecting the attack and notified all relevant international authorities of the incident to help track down the attackers.

 

Tech Companies Want to Make Holograms Part of Routine Office Life

Companies from Google to WeWork want to help employers cut down on Zoom fatigue with a new approach to communications: holograms for the workplace.

Alphabet Inc.’s Google in May revealed Project Starline, an effort to create a video-chat system with screens that give participants three-dimensional depth.

WeWork last month announced a partnership with ARHT Media Inc., a hologram technology company, to bring holograms to 100 WeWork buildings in 16 locations around the world. The effort begins this month with New York, Los Angeles and Miami. he companies say holograms and related technology will soon become common in conference rooms all over the world. Still, the costs involved mean holograms have yet to prove useful for everyday interactions.

 

ADT Technician Sentenced for Hacking Home Security Footage

A home security technician was sentenced today to 52 months in federal prison for repeatedly hacking into customers’ video feeds, announced Acting U.S. Attorney for the Northern District of Prerak Shah. Telesforo Aviles, a 35-year-old former ADT employee, pleaded guilty to computer fraud in January. He was sentenced today by U.S. District Judge Brantley Starr. “This deliberate and calculated invasion of privacy is arguably more harmful than if I had installed no security system and my house had been burglarized,” a female victim told the court in an impact statement. “This sick and corrupt individual’s actions will have a lasting emotional and mental toll on me.”  According to plea papers, Mr. Aviles admits that contrary to company policy, he routinely added his personal email address to customers’ “ADT Pulse” accounts, giving himself real-time access to the video feeds from their homes. In some instances, he claimed he needed to add himself temporarily in order to “test” the system; in other instances, he added himself without their knowledge.

 

Hackers Steal Wealth of Data from Game Giant EA

Hackers have broken into gaming giant Electronic Arts, the publisher of Battlefield, FIFA, and The Sims, and stole a wealth of game source code and related internal tools, Motherboard has learned. “You have full capability of exploiting on all EA services,” the hackers claimed in various posts on underground hacking forums viewed by Motherboard. A source with access to the forums, some of which are locked from public view, provided Motherboard with screenshots of the messages. In those forum posts the hackers said they have taken the source code for FIFA 21, as well as code for its matchmaking server. The hackers also said they have obtained source code and tools for the Frostbite engine, which powers a number of EA games including Battlefield. Other stolen information includes proprietary EA frameworks and software development kits (SDKs), bundles of code that can make game development more streamlined. In all, the hackers say they have 780gb of data, and are advertising it for sale in various underground hacking forum posts viewed by Motherboard.

 

Justice Department, international law enforcement disrupt major marketplace for cybercriminals

The Justice Department partnered with international law enforcement to take down an online marketplace offering stolen login credentials for various accounts including bank and online payment, DOJ said on Thursday. It’s unclear how much cybercriminals scored financially using the stolen logins, but the newly unsealed affidavit for a warrant notes victim reports topping $200 million in losses in the U.S. alone. The marketplace, Slilpp, reportedly sold login credentials for over 1,400 account providers at the time that law enforcement disrupted the marketplace’s servers and domains. “With today’s coordinated disruption of the Slilpp marketplace, the FBI and our international partners sent a clear message to those who, as alleged, would steal and traffic in stolen identities: we will not allow cyber threats to go unchecked,” acting U.S. Attorney Channing Phillips of the District of Columbia said in a statement. “We applaud the efforts of the FBI and our international partners who contributed to the effort to mitigate this global threat.”

Related Posts