AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/16/2022

Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

Researchers warn Bluetooth signals can be used to track device owners via a unique fingerprinting of the radio signal. The technique was presented via a paper presented at IEEE Security and Privacy conference last month by researchers at the University of California San Diego. The paper suggests that minor manufacturing imperfections in hardware are unique with each device, and cause measurable distortions which can be used as a “fingerprint to track a specific device”. “To perform a physical-layer fingerprinting attack, the attacker must be equipped with a Software Defined Radio sniffer: a radio receiver capable of recording raw IQ radio signals,” said researchers in a paper (PDF) titled “Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices.”


How much does access to corporate infrastructure cost?

Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for data obtained through an attack, but also for the data and services necessary to organize one (e.g., to perform specific steps of a multiphase attack). Complex attacks almost invariably feature several phases, such as reconnaissance, initial access to the infrastructure, gaining access to target systems and/or privileges, and the actual malicious acts (data theft, destruction or encryption, etc.). This is just one example of a phased attack where each step can be accomplished by a new contractor – if only because the different steps require different expertise.


Hundreds arrested and millions seized in global INTERPOL operation against social engineering scams

A worldwide crackdown on social engineering fraud has seen scammers identified globally, substantial criminal assets seized and new investigative leads triggered in every continent. The two-month (8 March – 8 May 2022) Operation, codenamed First Light 2022, saw 76 countries take part in an international clampdown on the organized crime groups behind telecommunications and social engineering scams. Police in participating countries raided national call centres suspected of telecommunications or scamming fraud, particularly telephone deception, romance scams, e-mail deception, and connected financial crime. Based on intelligence exchanged in the framework of the operation, the Singapore Police Force rescued a teenage scam victim who had been tricked into pretending to be kidnapped, sending videos of himself with fake wounds to his parents and seeking a EUR 1.5 million ransom. A Chinese national wanted in connection with a Ponzi scheme estimated to have defrauded nearly 24,000 victims out of EUR 34 million was arrested in Papua New Guinea and returned to China via Singapore.


WhatsApp Warning As Free Beer For Father’s Day Scam Goes Viral

With Father’s Day just around the corner, perhaps it should come as no surprise that cybercriminals are looking to exploit it while there’s still time. And time is fast running out with it falling on Sunday, June 19. With the cost of living crisis starting to bite, the opportunity to get something for free is tempting: especially when it’s one of “5,000 coolers full of Heineken for your Dad.” That’s the message that has gone viral, circulating via WhatsApp messages as recipients share the chance to win with friends. But there’s a catch: this is a scam and there is no free beer for Father’s Day.


Deep fake attacks expected to be next major threat to businesses

Deep fake-driven cyber attacks are set to become more popular in the near future as the artificial intelligence technology (AI) becomes more widely used, security experts at Cisco warned this week. Such attacks could involve fake videos of companies’ CEOs being sent to employees, telling them to conduct wire transfers, for example. Deep fake technology involves training an AI program with large amounts of data in order for it to learn how any given individual would look when saying certain words, and how they sound, including accurate intonation and speech pauses. “Well, your targets are those that have public personas, because you need lots of training footage to do this,” said Nick Biasini, head of outreach at Cisco Talos. “So it’d be much easier to pick your CEO, go after the CEO, because they’re on video constantly, and they’re talking constantly. You could use that to easily make a video of them that all of a sudden your CEO is calling you, it looks like your CEO sounds like your CEO, and they’re telling you to do a wire transfer.”


Cloudflare mitigates 26 million request per second DDoS attack

Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record. The attack targeted a customer website using Cloudflare’s Free plan. Similar to the previous 15M rps attack, this attack also originated mostly from Cloud Service Providers as opposed to Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things (IoT) devices. Over the past year, we’ve witnessed one record-breaking attack after the other. Back in August 2021, we disclosed a 17.2M rps HTTP DDoS attack, and more recently in April, a 15M rps HTTPS DDoS attack. All were automatically detected and mitigated by our HTTP DDoS Managed Ruleset which is powered by our autonomous edge DDoS protection system. The 26M rps DDoS attack originated from a small but powerful botnet of 5,067 devices. On average, each node generated approximately 5,200 rps at peak.

Related Posts