AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/13/2022

Microsoft investigates Iranian attacks against the Albanian government

Shortly after the destructive cyberattacks against the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged by the Albanian government to lead an investigation into the attacks. At the time of the attacks and our engagement by the Albanian government, Microsoft publicly stated that “Microsoft is committed to helping our customers be secure while achieving more. During this event, we quickly mobilized our Detection and Response Team (DART) to help the Albanian government rapidly recover from this cyber-attack. Microsoft will continue to partner with Albania to manage cybersecurity risks while continuing to enhance protections from malicious attackers.” This blog showcases the investigation, Microsoft’s process in attributing the related actors and the observed tactics and techniques observed by DART and the Microsoft Threat Intelligence Center (MSTIC) to help customers and the security ecosystem defend from similar attacks in the future.


A utility company locked thousands of customers out of their smart thermostats in Colorado

Thousands of Colorado residents found themselves locked out of their smart thermostats during sweltering temperatures last week in an effort to prevent power demand from overwhelming the grid. About 22,000 Xcel customers lost control of their smart thermostats for hours on August 30th, Denver7 News reports. That led to backlash on social media as some people said the temperatures inside their homes reached as high as 88 degrees Fahrenheit. Outdoor temperatures climbed into the 90s that day across parts of Colorado as much of the western US grappled with sweltering heat. All of the customers affected had enrolled in an energy-saving program, called AC Rewards, that’s meant to ease the strain on the power grid during heatwaves.


Lorenz ransomware breaches corporate network via phone systems

The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. Arctic Wolf Labs security researchers spotted this new tactic after observing a significant overlap with Tactics, Techniques, and Procedures (TTPs) tied to ransomware attacks exploiting the CVE-2022-29499 bug for initial access, confirming Crodwstrike reporting in June. While these incidents weren’t linked to a specific ransomware gang, Arctic Wold Labs was able to attribute similar malicious activity to the Lorenz gang with high confidence.


Extreme California heat knocks key Twitter data center offline

Extreme heat in California has left Twitter without one of its key data centers, and a company executive warned in an internal memo obtained by CNN that another outage elsewhere could result in the service going dark for some of its users. Twitter (TWTR), like all major social media platforms, relies on data centers, which are essentially huge warehouses full of computers, including servers and storage systems. Controlling the temperature in those centers is critical to ensuring the computers don’t overheat and malfunction. To save on cooling costs, some tech companies have increasingly looked to place their data centers in colder climates; Google, for example, opened a data center in Finland in 2011, and Meta has had one center in northern Sweden since 2013.


A Cyber Workforce Strategy is Coming From the White House, Along with an Implementation Body to Make Sure it Works

National Cyber Director Chris Inglis’ team is working on a plan to address the shortage of cybersecurity professionals and push broader awareness and education about cybersecurity.  It’s no secret that there’s a talent shortage in the cyber industry. The latest estimates put the number of vacancies at over 714,000, according to CyberSeek, a project backed by the National Institute of Standards and Technology. Across the government, different agencies and departments have been using various tools, strategies and programs to try to broaden the talent pool and fill jobs – a situation that prompted two expert panels to recommend in two separate reports this year that Inglis coordinate across efforts and sectors. Now, the Office of the National Cyber Director is starting its work on a national cyber workforce and education strategy, announced at a cyber workforce summit this summer. 


U-Haul Says Customer Data Accessed Using Compromised Credentials

On Friday, U-Haul began sending notification letters to potentially impacted customers to inform them that compromised credentials were used to access some of their data without authorization. “We detected a compromise of two unique passwords that were used to access a customer contract search tool that allows access to rental contracts for U-Haul customers,” reads a notification letter sample that U-Haul submitted to the Montana Attorney General. The search tool, the company says, does not store payment card information, meaning that no credit card details were exposed in the incident. However, the unauthorized party was able to access customer names, driver’s license numbers, or state identification numbers. Between November 5, 2021, and April 5, 2022, the attackers accessed some rental contracts, the company says, without providing information on the number of impacted customers.

Related Posts