AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/14/2022

Joshua Schulte: Former CIA hacker convicted of ‘brazen’ data leak

Joshua Schulte was convicted of sending the CIA’s “Vault 7” cyber-warfare tools to the whistle-blowing platform. He had denied the allegations. The 2017 leak of some 8,761 documents revealed how intelligence officers hacked smartphones overseas and turned them into listening devices. Prosecutors said the leak was one of the most “brazen” in US history. Damian Williams, the US attorney for the Southern District of New York, said Mr Schulte’s actions had “a devastating effect on our intelligence community by providing critical intelligence to those who wish to do us harm”. Mr Schulte, who represented himself at the trial in Manhattan federal court, now faces decades in prison. He also faces a separate trial on charges of possessing images and videos of child abuse, to which he has pleaded not guilty.

State-Sponsored Hackers Targeting Journalists

APT groups are increasingly targeting journalists and impersonating media outlets, according to new research from Proofpoint. The groups – who are state-based or state-aligned actors, are looking to gain access to sensitive information and sources, manipulate news and deceive public relations and other industry professionals into thinking that they are dealing with legitimate news outlets. According to researchers at Proofpoint, there has been a “sustained effort” by APT actors to “target or leverage journalists and media personas.” These attacks increased around the US election in 2021, with a particular focus on US-based journalists covering national security and politics. Some APT groups are using phishing and other techniques to gain access to journalists’ email and communications and to carry out reconnaissance on their network and working environments. They are also targeting reporters’ social media accounts.

Cryptocurrency ‘mixers’ see record transactions from sanctioned actors

Use of so-called cryptocurrency “mixers,” which combine various types of assets to mask their origin, peaked at a 30-day average of nearly $52 million worth of digital currency in April, representing an unprecedented volume of funds moving through those services, researchers at cryptocurrency research firm Chainalysis found. A near two-fold increase in funds sent from illicit addresses has accelerated the increase, indicating that the technology that can obfuscate the currency continues to be highly attractive to cyber criminals. Cryptocurrency mixers work by taking an individual’s cryptocurrency and combining it with a larger pool before returning units equivalent to the original amount minus a service fee to the original account. As a result, it makes it harder for law enforcement and cryptocurrency analysts to trace the currency.

The psychology of secure passwords

Passwords, in recent months, have been the source of much contention in cyber security, with the viability of conventional authentication methods under fire. Although a string of companies are bidding to remove passwords from the information security scene altogether, the reality is they’re still widely prevalent and likely to remain so. Most people lean on passwords to log into anything from personal email accounts to business-critical apps and services, so keeping them secure remains a paramount concern. The threat of hackers cracking weak passwords, meanwhile, has only escalated in recent years. Not only has the spotlight been shone onto poor cyber security hygiene practices like password reuse, but a string of historic data breaches mean many credentials are in circulation around the web. Although it’s difficult to avoid a cyber security horror story in today’s age, the unfortunate truth is the majority of people are prone to reverting to easy solutions when devising passwords. Astoundingly, for example, the most common password of 2021 was ‘123456’, which was used by more than 100 million individuals.

‘Lives are at stake’: hacking of US hospitals highlights deadly risk of ransomware

Last week, the US government warned that hospitals across the US have been targeted by an aggressive ransomware campaign originating from North Korea since 2021. Ransomware hacks, in which attackers encrypt computer networks and demand payment to make them functional again, have been a growing concern for both the private and public sector since the 90s. But they can be particularly devastating in the healthcare industry, where even minutes of down time can have deadly consequences, and have become ominously frequent. The number of ransomware attacks on healthcare organizations increased 94% from 2021 to 2022, according to a report from the cybersecurity firm Sophos. More than two-thirds of healthcare organizations in the US said they had experienced a ransomware attack in 2021, the study said, up from 34% in 2020.

Related Posts