AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/19/2022

AirTag leads to arrest of airline worker accused of stealing at least $15,000 worth of items from luggage

An Apple AirTag led to the arrest of an airline subcontractor accused of stealing thousands of dollars’ worth of items from luggage at a Florida airport. Giovanni De Luca, 19, was charged with two counts of grand theft after authorities recovered the stolen items from his home, the Okaloosa County Sheriff’s Office said in a news release last week. Authorities said a traveler reported last month that her luggage never made it to her destination. The items inside were worth about $1,600.

 

Russian brought to Oregon, faces trial in ransomware attacks

A Russian who allegedly laundered more than $400,000 from ransomware attacks in the United States and abroad was extradited from the Netherlands to face trial in federal court in Portland, authorities said Wednesday. Denis Dubnikov, 29, pleaded not guilty on Wednesday, the U.S. Justice Department said. He was indicted in August 2021 for his alleged role in an international cryptocurrency money laundering conspiracy. Dubnikov and his accomplices are accused of laundering ransom payments from victims of Ryuk ransomware attacks. The Ryuk ransomware impacted several U.S. hospitals in 2020, including Sky Lakes Medical Center in Klamath Falls, Oregon. The indictment says there were “multiple” victims in Oregon. Paul Stewart, Sky Lakes’ president and CEO, said at the time that the center refused to pay any extortion and had to cut back on some elective and outpatient services while systems were down.

 

UK scammers mailing counterfeit Microsoft Office USB drives

Cybercriminals in the UK are sending malicious USB drives to people in the post, in an effort to infect their systems with malware. As covered by Sky News, scammers sent USB sticks with fake Microsoft Office suites to random addresses in what appeared to be genuine Microsoft packaging, trying to fool victims into believing they had accidentally obtained a genuine copy of Office Professional Plus – which retails for £420. Instead of installing Office, on being plugged into a PC the USB stick would prompted the target user to call a fake support number. The cybercriminals would use this contact to convince the victim to provide remote access to their PC and hand over their payment details. Martin Pitman, a cybersecurity researcher with Atheniem, says he retrieved the counterfeit USB and package after his mother called him while she was at someone else’s house while they were attempting to install the Office software.

 

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer. KrebsOnSecurity recently heard from a reader who received an email from paypal.com that he immediately suspected was phony. The message’s subject read, “Billing Department of PayPal updated your invoice.”

 

BlackByte ransomware gang is back with new extortion tactics

The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. The threat actors are calling this new iteration of their operation BlackByte version 2.0, and while it is not clear if the ransomware encryptor has changed as well, the gang has launched a brand new Tor data leak site. The data leak site only includes one victim at this time but now has new extortion strategies that allow victims to pay to extend the publishing of their data by 24 hours ($5,000), download the data ($200,000), or destroy all the data ($300,000). These prices will likely change depending on the size/revenue of the victim.

 

Two years on, Apple iOS VPNs still leak IP addresses

Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there’s no sign of a fix. Back in early 2020, secure mail provider ProtonMail reported a flaw in Apple’s iOS version 13.3.1 that prevented VPNs from encrypting all traffic. The issue was that the operating system failed to close existing connections. This could potentially allow an attacker to identify a VPN user’s source IP address. For those actually relying on hiding that data to avoid attention from a repressive regime or someone seeking private information, this is not a trivial concern. ProtonMail at the time said Apple was aware of the issue and that Cupertino was looking at mitigation options. 

Related Posts