AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/28/2023

This Chatbot Gives Phone Call Scammers a Taste of Their Own Medicine 

A group of cybersecurity experts in Australia are developing a chatbot that can impersonate a human and sit on a scam phone call to waste a fraudster’s time. Researchers at Macquarie University in Sydney are creating the chatbot system to act as a “honeypot” that lures scammers into 40-minute-long conversations that amount to nothing. “Our model ties them up, wastes their time, and reduces the number of successful scams,” says(Opens in a new window) Macquarie University professor Dali Kaafar. “We can disrupt their business model and make it much harder for them to make money.” 


Gas Stations Impacted by Cyberattack on Canadian Energy Giant Suncor 

Some services at Petro-Canada gas stations have been disrupted following a cyberattack on parent company Suncor, one of the largest energy companies in North America. Suncor is a Canada-based company that produces oil and runs several refineries in North America. The organization owns a network of more than 1,800 Petro-Canada retail and wholesale locations. In a brief statement issued on June 25, Suncor said it had experienced a cybersecurity incident that may impact some transactions with suppliers and customers. The company said it brought in third-party experts to aid investigation and response efforts, and noted that authorities have been notified. 


What Are the Security Pros and Cons of Using Social Logins? 

You arrive at a website, but you can’t proceed unless you have an account. There’s the option of creating an account or logging in with any of your existing social network profiles. You’ll probably choose the latter because it’s faster and easier. Social logins are popular for their convenience. But beyond that lies their security implications. While some people believe they enhance security, others think otherwise. What exactly are the security pros and cons of social logins? 


Prominent cryptocurrency exchange infected with previously unseen Mac malware 

Researchers have discovered previously unknown Mac malware infecting a cryptocurrency exchange. It contains a full suite of capabilities, including the ability to steal private data and download and execute new malicious files. Dubbed JokerSpy, the malware is written in the Python programming language and makes use of an open source tool known as SwiftBelt, which is designed for legitimate security professionals to test their networks for vulnerabilities. JokerSpy first came to light earlier this month in this post from the security firm Bitdefender. Researchers for the company said they identified Windows and Linux components, suggesting that versions exist for those platforms as well. 


The Escalating Global Risk Environment for Submarine Cables 

Insikt Group research examines the complex and dynamic risk environment of submarine cables, the information superhighways that underpin the global economy and facilitate worldwide telecommunications. The rapid expansion of the submarine cable network in the 21st century, driven by data demands, cloud computing, and the needs of hyperscalers like Amazon, Google, Meta, and Microsoft, must contend with converging geopolitical, physical, and cyber threats. State actors pose the greatest threat in terms of sabotage and spying, followed by non-state actors like hacktivists and ransomware groups, who pose a less capable and lower likelihood threat to the networks and operating systems that submarine cables rely upon. Accidental damage from ships and fishing vessels is more frequent but less impactful. 


Trans-Rights Hacktivists Steal City of Ft. Worth’s Data 

In a security breach first discovered on June 23, Fort Worth, a north Texas city that has more than 935,000 residents, announced that hacktivist threat actors gained unauthorized access to its data. The group claiming responsibility for the cyberattack, SiegedSec, said it was carried out for political reasons. Specifically, what it deemed to be recent anti-transgender legislation in the state of Texas, stating, “Texas happens to be one of the largest states banning gender affirming care, and for that, we have made Texas our target.” 


Casualties keep growing in this month’s mass exploitation of MOVEit 0-day 

The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. To date, the hacking spree appears to have breached 122 organizations and obtained the data of roughly 15 million people, based on posts the crime group has published or victim disclosures, Brett Callow, a threat analyst at the antivirus company Emsisoft, said in an interview. 


Zscaler 2023 Ransomware Report Shows a Nearly 40% Increase in Global Ransomware Attacks 

This year’s report tracks the ongoing increase in complex ransomware attacks and spotlights recent ransomware trends, including the targeting of public entities and organizations with cyber insurance, growth of ransomware-as-a-service (RaaS), and encryption-less extortion. Since April 2022, ThreatLabz has identified thefts of several terabytes of data as part of several successful ransomware attacks, which were then used to extort ransoms. “Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks,” said Deepen Desai, Global CISO and Head of Security Research, Zscaler. “Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration. Organizations must move away from using legacy point products and instead migrate to a fully integrated zero trust platform that minimizes their attack surface, prevents compromise, reduces the blast radius in the event of a successful attack, and prevents data exfiltration.” 

Related Posts