AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/08/2022

LinkedIn Continues its Reign as the Most-Impersonated Brand in Phishing Attacks

As cybercriminals look for novel and effective ways to gain entrance to a victim network, LinkedIn is proving to be fruitful enough to keep the attention of phishing scammers. I hope you can appreciate the sophistication of a phishing attack that targets not just a specific company, or even an individual, but a role within the organization – complete with a tailored socially engineered campaign of emails, landing pages, impersonated brands, phone call scripts, and a defined process for the prospective victim to follow… until they perform the malicious action desired by the threat actor at the helm.


Record labels’ war on ISPs and piracy nets multiple settlements with Charter

Charter Communications has agreed to settle piracy lawsuits filed by the major record labels, which accused the cable Internet provider of failing to terminate the accounts of subscribers who illegally download copyrighted songs. Sony, Universal, Warner, and their various subsidiaries sued Charter in US District Court in Colorado in March 2019 in a suit that claimed the ISP helps subscribers pirate music by selling packages with higher Internet speeds. They filed another lawsuit against Charter in the same court in August 2021. Both cases were settled. The record labels and Charter told the court of their settlements on Tuesday in filings that said, “The Parties hereby notify the Court that they have resolved the above-captioned action.” Upon the settlements, the court vacated the pending trials and asked the parties to submit dismissal papers within 28 days.


Charity & Disaster Scams

Cyber criminals know that one of the best ways to rush people into making a mistake is by creating a heightened sense of urgency. And one of the easiest ways to create a sense of urgency is to take advantage of a crisis. This is why cyber criminals love it whenever there is a traumatic event with global impact. What most of us regard as a tragedy, cyber criminals view as an opportunity, such as the breakout of a war, a major natural disaster such as a volcanic explosion, and of course infectious disease breakouts like COVID- 19. When there is an immense amount of social media and news coverage about a certain event, cyber criminals know that is the time to strike.


Banks face a WhatsApp reckoning as regulators clamp down on messaging apps

As regulators hand out hundreds of millions of dollars in fines for record-keeping failures related to the use of social messaging platforms such as WhatsApp, the finance industry faces a choice: properly enforce bans on the use of these apps or find ways to make them compliant. “The explosion of new electronic communications channels — and the pervasive use of these — raises lots of red flags for the regulators,” said Anthony Diana, a partner at law firm Reed Smith’s Tech & Data Group. “The fear is that, if bad things are happening, they’re happening on these personal apps, not on the sanctioned communication channels that are surveilled.”

North Korean Hackers Target Crypto Job Seekers

Suspected North Korea state hackers are targeting cryptocurrency workers with a new phishing campaign. Malwarebytes threat intelligence researcher, Hossein Jazi, posted details of the campaign to Twitter. It appears to leverage a PDF containing details of the non-existent role of “engineering manager, product security” at crypto giant Coinbase. In fact, the file is hiding a malicious executable which will infect the victim’s machine. This isn’t the first time that actors from the notorious Lazarus Group have used such tactics. Back in January, Jazi and colleague Ankur Saini, revealed a spear-phishing attack perpetrated by the group, which targeted job seekers with documents embedded with malicious macros. “We identified two decoy documents masquerading as American global security and aerospace giant Lockheed Martin,” they said.

Cyber attack on software supplier causes “major outage” across the NHS

A software supplier to the UK’s National Health Service (NHS) has reportedly been the victim of a cyber attack leaving many services disrupted. Emergency prescription services, ambulance dispatching systems, and the non-emergency 111 line, among others, are thought to be affected. The attack has been confirmed by software supplier Advanced. The company told IT Pro that the incident was first spotted on Thursday morning and resulted in a loss of service. Only a small proportion of the supplier’s servers were affected, its CEO Simon Short said, and all health and care environments were isolated as a precaution.

Related Posts