AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/31/2021

Fake DMCA and DDoS complaints lead to BazaLoader malware

Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service (DDoS) attacks. The messages contain a legal threat and a file stored in a Google Drive folder that allegedly provides evidence of the source of the attack. The DDoS theme is a variation of another lure, a Digital Millennium Copyright Act (DMCA) infringement complaint linking to a file that supposedly contains evidence about stealing images. In submissions seen by BleepingComputer, the threat actor used Firebase URLs to push BazaLoader. The goal is the same though: use contact forms to deliver BazaLoader malware that often drops Cobalt Strike, which can lead to data theft or a ransomware attack. Microsoft has warned about this delivery method in April, when cybercriminals used it to deliver IcedID malware. The recent campaigns are similar, only the payload and the lure have changed. Website developer and designer Brian Johnson posted last week about two of his clients getting legal notifications about their websites being hacked to run DDoS attacks against a major company (Intuit, Hubspot).


A Bad Solar Storm Could Cause an ‘Internet Apocalypse’

SCIENTISTS HAVE KNOWN for decades that an extreme solar storm, or coronal mass ejection, could damage electrical grids and potentially cause prolonged blackouts. The repercussions would be felt everywhere from global supply chains and transportation to internet and GPS access. Less examined until now, though, is the impact such a solar emission could have on internet infrastructure specifically. New research shows that the failures could be catastrophic, particularly for the undersea cables that underpin the global internet. At the SIGCOMM 2021 data communication conference on Thursday, Sangeetha Abdu Jyothi of the University of California, Irvine presented “Solar Superstorms: Planning for an Internet Apocalypse,” an examination of the damage a fast-moving cloud of magnetized solar particles could cause the global internet. Abdu Jyothi’s research points out an additional nuance to a blackout-causing solar storm: the scenario where even if power returns in hours or days, mass internet outages persist.


1 GB of data belonging to Puma available on Marketo

The emerging underground marketplace of stolen data ‘Marketo’ available in TOR network announced the publication of data presumably stolen from sportswear manufacturer Puma. The ad on Marketo claims to have about 1GB of data stolen from the company that are now auctioned to the highest bidder. Cybercriminals behind ‘Marketo’ claim to be operators of an organized ‘marketplace of stolen data’ and not as a typical ransomware group distributing malicious code to disrupt IT operations by blocking the network of the victim and by encrypting available files on various data storage. One of the unique features provided by ‘Marketo’ – the ability to ‘bid’ on stolen data, which obviously creates competition between parties interested in data acquisition including the end victim. At the time of this writing, 157 threat actors have made their bid to buy the sensitive data.


January 6th Capitol attack investigators demand records from tech giants

Since the January 6th attack on the US Capitol, a “Select Committee” has been formed in the House of Representatives to investigate the circumstances that led to a mob breaching the country’s seat of government. Part of that wide-ranging investigation will apparently involve a close look at the biggest social media companies in the world. The committee today announced that it was requesting records relating to the attack from 15 companies, who were asked to respond in the next two weeks. It’s a who’s who of the biggest players on the internet, including Google, YouTube, Twitter, Facebook, Reddit, Snap, Twitch, Telegram and TikTok. On the list are a number of smaller, pro-Trump sites that have sprung up in recent years, including Gab and Parler, as well as known cesspools 4chan and 8kun (formerly 8chan). 


BBB Scam Alert: Don’t send money to fake friends on Venmo

You get an out-of-the-blue Venmo request from a friend who needs money. Perhaps your friend has lost their wallet and needs to buy groceries. Could you send a couple hundred dollars to tide them over?  It sounds like a reasonable request. And it looks legitimate too. The message comes from an account using – what seems to be – your friend’s username and profile photo. But if you look closer, you notice that the name is a character or two off from their real Venmo account. Scammers are taking advantage of generous friends by changing their username and profile pictures to impersonate real app users. Using the information visible in Venmo’s public feed, they figure out from whom this person had previously sent or received money. Then, scammers contact these users with requests for money.  

Related Posts