AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/15/2021

BlackMatter ransomware hits medical technology giant Olympus

Olympus, a leading medical technology company, is investigating a “potential cybersecurity incident” that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week. Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries. The company’s camera, audio recorder, and binocular divisions have been transferred to OM Digital Solutions, which has been selling and distributing these products starting with January 2021. “Olympus is currently investigating a potential cybersecurity incident affecting limited areas of its EMEA (Europe, Middle East, Africa) IT systems on September 8, 2021,” the company said in a statement published Saturday, three days after the attack. “Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue.


Microsoft issues patch for zero-day exploit that uses malicious Office files

Microsoft has just rolled out an update fixing 66 security vulnerabilities as part of this month’s Patch Tuesday. One of them addresses a critical zero-day vulnerability that’s being actively exploited by hackers using Office files containing malicious ActiveX controls. A few days ago, Microsoft issued a warning about the flaw after being notified by security researchers who discovered that bad actors are exploiting it by tricking potential victims into opening malicious Office files. Upon being opened, the file automatically launches a page on Internet Explorer, which contains an ActiveX control that downloads malware onto the victim’s computer. When Microsoft published the warning, it didn’t have a fix yet and only asked users to make sure Microsoft Defender Antivirus or Microsoft Defender for Endpoint are switch on. Both programs can detect attempts to exploit the vulnerability. 


Your boss isn’t emailing you about a gift card

Did you get an email from your boss asking you for a favor? Does your boss need you to send gift cards to pay for an upcoming office party? Before you go out and pay up, ask yourself: is that really your boss? It could be a scammer trying to get your money.  Here’s how it can play out. The scammer sends you an email impersonating your boss, either using a spoofed email address, or by hacking into their account. They then make up a story about needing your help with something — an office surprise party, a company event, even a simple errand. Whatever the reason, they’ll ask you to help by paying them with gift cards, promising to pay you back later. But once you hand over the gift card number and PIN, the money is gone. If you get an unexpected email from your boss asking for this kind of help.


You Don’t Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

111 years ago almost to the day, a murder was committed which ultimately led to the first criminal trial to use fingerprints as evidence. We’ve all since watched enough crime shows to understand that fingerprints are unique personal biometric attributes and to date, no two people have ever been found to have a matching set. As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication. I’m writing this on a PC that uses a Verifi fingerprint reader. I’ll probably continue to draft it from a comfy spot later on using my Lenovo laptop that has a built in reader. I’ll also go backwards and forward between my iPhone and iPad with Face ID. But doesn’t this all make biometrics like passwords? What happens if someone obtains, say, my fingerprint just like they may obtain my password in a data breach or a phishing attack? I’ve lost count of the number of times I’ve heard someone say, “don’t use biometrics because you can’t change your fingerprints”. That’s an absurd statement… because you can. There are acids, blowtorches, belt sanders and the good old boxcutter, to name but a few approaches. Thing is though, whilst that may provide (some) benefit to criminals seeking to evade law enforcement matching them up to a scene of a crime, it really provides no benefit whatsoever to those who’ve had their biometric secrets revealed. So, stop burning off your fingertips, and read on…


FTC warns of extortionists targeting LGBTQ+ community on dating apps

The US Federal Trade Commission (FTC) warns of extortion scammers targeting the LGBTQ+ community via online dating apps such as Grindr and Feeld. As the FTC revealed, the fraudsters would pose as potential romantic partners on LGBTQ+ dating apps, sending explicit photos and asking their targets to reciprocate. If they fall for the scammers’ tricks, the victims will be blackmailed to pay a ransom, usually in gift cards, under the threat of leaking the shared sexual imagery with their family, friends, or employers. “To make their threats more credible, these scammers will tell you the names of exactly who they plan to contact if you don’t pay up. This is information scammers can find online by using your phone number or your social media profile,” the FTC said.


The U.S. Should Get Serious About Submarine Cable Security

Nokia recently won a 5G contract with U.S. Cellular, the fourth-largest wireless provider in the United States, another step in building out American 5G without Chinese telecom Huawei. Yet, for all the noise about 5G, cloud, and other “emerging” technologies, the internet still vitally depends on a far-less-flashy infrastructure — submarine cables that haul internet traffic along the ocean floor. For centuries, submarine cables have carried information between continents, from electric telegraphs to voice calls to now, internet data. Today’s internet would quite literally not function without them: it is estimated that over 95 percent of intercontinental internet data flows over these cables. Even if these metal tubes do not receive much press coverage or policy attention, they underpin everything from civilian communications and business transactions to scientific research and government document-sharing on the global internet. 


Russia is fully capable of shutting down cybercrime

It is no secret the locus for a great deal of the world’s cybercriminal activity lays within the boundaries of The Russian Federation. The  onslaught of ransomware attacks directed at non-Russian entities is evidence of that. Last week, Recorded Future’s Insikt Group published a report shedding more light on the connection between the Russian state and criminal actors, a connection that Insikt Group posits is “well established yet highly diffused.” The key judgments from the Insikt Groups analysis are: It is highly likely that Russian intelligence services and law enforcement have a longstanding, tacit understanding with criminal threat actors. This association will continue, though efforts to put space between the government and criminal entities may increase to provide greater plausible deniability to the government.

Related Posts