AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/04/2022

Ukraine Shutters Major Russian Bot Farm

Ukrainian law enforcers claim to have dismantled a large bot farm used by Russian special services to spread disinformation and propaganda in the country. The Secret Service of Ukraine (SSU) said the million-strong bot farm was used to “spin destabilizing content” on the country’s military and political leadership to an audience of over 400,000. This included fake news on the situation at the front, an alleged conflict between the President’s Office and the commander-in-chief of Ukraine’s armed forces, and a campaign to discredit the first lady. A Russian citizen and ‘political expert’ based in Kyiv was unmasked as the leader of the operation. With his help, the group automated the management of a large number of bot accounts on social media, using equipment based in Kyiv, Kharkiv and Vinnytsia, the SSU said. This kit included 5000 SIM cards used to register new accounts, and 200 proxy servers designed to spoof IP addresses and circumvent internet blocks.

 

India scraps data protection law in favor of better law coming … sometime

The government of India has scrapped the Personal Data Protection Bill it’s worked on for three years, and announced it will – eventually – unveil a superior bill. The bill, proposed in 2019, would have enabled the government to gather user data from companies while regulating cross-border data flows. It also included restrictions on sharing of personal data without explicit consent, proposed establishment of a new Data Protection Authority within the government, and more. On Wednesday, telecom minister Ashwini Vaishnaw tweeted that the bill was nixed because the Joint Committee of Parliament (JCP) recommended 81 amendments to the Bill’s 99 sections. “Therefore the bill has been withdrawn and a new bill will be presented for public consultation,” said Vaishnaw.

 

Post-quantum encryption contender is taken out by single-core PC and 1 hour

In the US government’s ongoing campaign to protect data in the age of quantum computers, a new and powerful attack that used a single traditional computer to completely break a fourth-round candidate highlights the risks involved in standardizing the next generation of encryption algorithms.  Last month, the US Department of Commerce’s National Institute of Standards and Technology, or NIST, selected four post-quantum computing encryption algorithms to replace algorithms like RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman, which are unable to withstand attacks from a quantum computer. In the same move, NIST advanced four additional algorithms as potential replacements pending further testing in hopes one or more of them may also be suitable encryption alternatives in a post-quantum world. The new attack breaks SIKE, which is one of the latter four additional algorithms. The attack has no impact on the four PQC algorithms selected by NIST as approved standards, all of which rely on completely different mathematical techniques than SIKE.

 

Cyber security vulnerability statistics and facts of 2022

A cyber security vulnerability generally refers to a flaw in software code that allows an attacker access to a network or system. Vulnerabilities leave businesses and individuals open to a range of threats including malware and account takeovers. There is a huge range of possible vulnerabilities and potential consequences to their exploits. The US government’s National Vulnerability Database (NVD) which is fed by the Common Vulnerabilities and Exposures (CVE) list currently has over 176,000 entries. One well-known example of a cybersecurity vulnerability is the CVE-2017-0144 Windows weakness that opened the door for WannaCry ransomware attacks via the EternalBlue exploit. Another infamous case is the Mirai botnet that spread through the exploitation of multiple flaws. Once vulnerabilities are discovered, developers typically work fast to release an update, or “patch.” Ideally, all users install the update before attackers have a chance to exploit the vulnerability. But the reality is that in many cases, attackers strike quickly to take advantage of a known weakness. Plus, even when a patch is released, slow implementation of updates means that attackers can exploit vulnerabilities years after they have been discovered.

 

The evolution of security: the story of Code Red

Code Red was a worm that targeted Windows-based systems with Microsoft IIS (Internet Information Services for Windows Server) installed. Its story has a happy beginning at least: the spread of the malware was detected right at the start of the outbreak. Code Red discoverers were researchers at eEye Security, who at the time of detection (July 13, 2001) just so happened to be developing a system for finding Microsoft IIS vulnerabilities. All of a sudden, their test server stopped responding. This was followed by a sleepless night, which they spent poring over the system logs looking for the traces of infection. They named the malware after the first object that caught their blurry eye: a can of Mountain Dew Code Red soda.

Related Posts