AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/17/2020

Schools remain ‘easy target’ for ransomware as Maze targets big K-12 systems

Actors using the Maze ransomware are claiming credit for a recent string of attacks against large public school districts across the United States, just as students and teachers are returning to their mostly virtual learning environments. Last Friday, the school system in Fairfax County, Virginia, which enrolls nearly 200,000 students, reported that it had been compromised by Maze, which posted a file containing stolen data on a website it uses to extort its victims into paying. While Fairfax County Public Schools officials said the incident has not affected its remote learning services, it occurred days after similar attacks against the public school organizations in Toledo, Ohio, and Clark County, Nevada. Maze has also claimed credit for those, threatening to publish stolen files if bounties are not paid. Another attack last week in Hartford, Connecticut, credit for which has not been claimed, delayed the start of the new academic year there.


Justice Dept. charges five Chinese members of APT41 over cyberattacks on U.S. companies

The Justice Department has announced charges against five alleged Chinese citizens, accused of hacking over 100 companies in the United States, including tech companies, game makers, universities, and think tanks. Zhang Haoran and Tan Dailin were charged in August 2019 with over two-dozen counts of conspiracy, wire fraud, identity theft and charges related to computer hacking. Prosecutors also added nine additional charges against Jiang Lizhi, Qian Chuan, and Fu Qiang last month. Prosecutors also charged two businessmen, who were arrested in Malaysia, for their role in trying to profit from the group’s intrusions into game companies to steal and sell digital goods and virtual currency.


This security awareness training email is actually a phishing scam

A creative phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company. As computer users become more aware and educated on standard phishing techniques and templates, threat actors need to continually evolve their methods to develop innovative ways to trick users into providing their login credentials. Such is the case with a new phishing campaign discovered by email security firm Cofense that pretends to be “Security Awareness Training” from KnowBe4. With the rise of phishing attacks, cybersecurity companies offer phishing education and simulation tests to see how well employees can spot malicious emails. One well-known email security company is KnowBe4, which offers phishing training and simulation tests.


Security researchers slam Voatz brief to the Supreme Court on anti-hacking law

The security practitioners, including computer scientists and vulnerability disclosure experts, on Monday criticized Voatz’s argument that a federal anti-hacking law should only authorize researchers with clear permission to probe computer systems for vulnerabilities. An amicus brief filed by Voatz earlier this month, the security specialists charged, “fundamentally misrepresents widely accepted practices in security research and vulnerability disclosure.” At issue is the Computer Fraud and Abuse Act (CFAA), a more than 30-year-old law that legal experts say could be abused to target good-faith researchers who break systems while trying to make them more secure. The Supreme Court is set to consider whether corporate terms of service can be considered an inviolable boundary under the CFAA when it resumes in October.


Sweeping internal Facebook memo: “I have blood on my hands”

After being fired by Facebook this month, a data scientist published a 6,600-word memo to the company’s internal communication systems breaking down 2.5 years of her experiences on the “fake engagement team.” The resulting stories, largely centered on misinformation campaigns with both subtle and clear links to government staffers and political parties around the world, were shared with BuzzFeed News and reprinted with various redactions on Monday, prompting the reporters to describe the memo as “a damning account of Facebook’s failures.” Former Facebook data scientist Sophie Zhang pointed to activity across the world in nations such as Azerbaijan, Honduras, India, Ukraine, Spain, Bolivia, and Ecuador. Some of these stories include metrics for how many fake accounts Zhang purged, with one story in particular, about the potential spread of COVID-19 misinformation to United States users, linked to a ring of 672,000 accounts in Spain.


US charges two Iranian hackers for years-long cyber-espionage, cybercrime spree

The US has filed charges and is seeking the arrest of two Iranian nationals believed to have carried out cyber-intrusions at the behest of the Iranian government and for their own personal financial gain. In an indictment unsealed today, prosecutors accused Hooman Heidarian and Mehdi Farhadi, both from Hamedan, Iran, of launching cyber-attacks against a wide range of targets since at least 2013. Past victims included several US and foreign universities, a Washington think tank, a defense contractor, an aerospace company, a foreign policy organization, non-governmental organizations (NGOs), non-profits, and foreign government and other entities the defendants identified as rivals or adversaries to Iran, with most targets located in the US, Israel, and Saudi Arabia.

Related Posts