AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/01/2022

Huge network of 11,000 fake investment sites targets Europe

Researchers have uncovered a gigantic network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe. The platforms show fabricated evidence of enrichment and falsified celebrity endorsements to create an image of legitimacy and lure in a larger number of victims. The goal of the operation is to trick users into an opportunity for high-return investments and convince them to deposit a minimum amount of 250 EUR ($255) to sign up for the fake services. Researchers at cybersecurity company Group-IB discovered the operation and mapped the massive network of phishing sites, content hosts, and redirections.

 

Microsoft ties novel ‘Raspberry Robin’ malware to Evil Corp cybercrime syndicate

Microsoft’s security team published evidence this week tying the Raspberry Robin malware to Russian cybercrime syndicate Evil Corp. In an update to a May report on the ransomware-as-a-service industry, Microsoft Threat Intelligence Center (MSTIC) said some existing Raspberry Robin infections are being used to deploy FakeUpdates, a malware downloader in activity suspected to be linked to Evil Corp. Raspberry Robin was discovered in September 2021 by researchers from cybersecurity company Red Canary, which coined the name for the cluster of activity they were seeing. The activity involved a worm that is often installed through USB drives and relies on msiexec.exe to call out to its infrastructure, which Red Canary said is often connected to compromised QNAP devices. 

 

Bolt Mobility has vanished, leaving e-bikes, unanswered calls behind in several US cities

Bolt Mobility, the Miami-based micromobility startup co-founded by Olympic gold medalist Usain Bolt, appears to have vanished without a trace from several of its U.S. markets. In some cases, the departure has been abrupt, leaving cities with abandoned equipment, unanswered calls and emails and lots of questions. Bolt has stopped operating in at least five U.S. cities, including Portland, Oregon, Burlington, South Burlington and Winooski in Vermont and Richmond, California, according to city officials. City representatives also said they were unable to reach anyone at Bolt, including its CEO Ignacio Tzoumas.

 

Threat actor claims to have hacked European manufacturer of missiles MBDA

MBDA is a European multinational developer and manufacturer of missiles that was the result of the merger of the main French, British and Italian missile systems companies (Aérospatiale–Matra, BAE Systems, and Finmeccanica (now Leonardo). The name MBDA comes from the initialism of the names missile companies: Matra, BAe Dynamics and Alenia.  A threat actor that goes online with the moniker Adrastea, and that defines itself as a group of independent cybersecurity specialists and researchers, claims to have hacked MBDA. Adrastea said that they have found critical vulnerabilities in the company infrastructure and have stolen 60 GB of confidential data. The attackers said that the stolen data includes information about the employees of the company involved in military projects, commercial activities, contract agreements and correspondence with other companies.

 

The Silent Threat Of Software Supply Chain Jacking

There is a complex web of interdependencies required to source, process, manufacture, and transport goods that has to occur before a vehicle is available on a dealer lot, a product is sitting on the shelf at Target, or the Amazon delivery guy shows up at your door. The same is actually true for software today. There is a supply chain of software code involved in delivering an application or service—and attackers are taking advantage of its weaknesses.

 

The most impersonated brand in phishing attacks? Microsoft

Vade announced its H1 2022 Phishers’ Favorites report, a ranking of the top 25 most impersonated brands in phishing attacks. Microsoft came in at #1 on the list, followed by Facebook. Rounding out the top five are Crédit Agricole, WhatsApp, and Orange. With 11,041 unique phishing URLs, Microsoft is the top target for brand impersonation. The popularity of Microsoft 365 among SMBs and enterprises has made Microsoft a lucrative target for phishers hoping to steal valuable data from Microsoft 365 applications.

Related Posts