AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/24/2021

A new APT is targeting hotels across the world

A new advanced persistent threat (APT), a term used to describe state-sponsored cyber-espionage groups, has been spotted mounting attacks against hotels across the world. Codenamed FamousSparrow, this new APT was discovered by Slovak security firm ESET, which said it’s been tracking its attacks as far back as 2019. “FamousSparrow’s victims are located in Europe (France, Lithuania, the UK), the Middle East (Israel, Saudi Arabia), the Americas (Brazil, Canada, Guatemala), Asia (Taiwan), and Africa (Burkina Faso),” the company said in a report shared with The Record. Besides hotels, other attacks also hit governments, international organizations, engineering companies, and law firms. “The targeting suggests that FamousSparrow’s intent is cyberespionage,” ESET researchers said today.

 

Plugging the holes: How to prevent corporate data leaks in the cloud

Forget shadowy attackers deploying bespoke zero-day exploits from afar. A risk that is far more real for organizations as they embark on ambitious digital transformation projects is human error. In fact, “miscellaneous errors” accounted for 17% of data breaches last year, according to Verizon. When it comes to the cloud, there’s one particular trend that stands out above all others: misconfiguration. It’s responsible for the leaks of billions of records every year and remains a major threat to corporate security, reputation and bottom line. Mitigating this persistent human-shaped threat will require organizations to focus on gaining better visibility and control of their cloud environments – using automated tooling where possible. Digital transformation saved many organizations during the pandemic. And now it’s seen as the key to driving success as they exit the global economic crisis.

 

Spyware ‘found on phones of five French cabinet members’

Traces of Pegasus spyware were found on the mobile phones of at least five current French cabinet ministers, the investigative website Mediapart has reported, citing multiple anonymous sources and a confidential intelligence dossier. The allegation comes two months after the Pegasus Project, a media consortium that included the Guardian, revealed that the phone numbers of top French officials, including French president Emmanuel Macron and most of his 20-strong cabinet, appeared in a leaked database at the heart of the investigative project. There is no firm evidence that the phones of the five cabinet members were successfully hacked, but the Mediapart allegations indicate that the devices were targeted with the powerful spyware known as Pegasus, which is made by NSO Group. When it is successfully deployed by the Israeli company’s government clients, Pegasus allows its users to monitor conversations, text messages, photos and location, and can turn phones into remotely operated listening devices.

 

CISA, FBI, and NSA issue a Conti ransomware advisory

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. The advisory warned that organizations needed to take supplementary measures to increase their level of security. The three agencies added that the operators behind Conti already conducted over 400 attacks on US and international organizations. “To secure systems against Conti ransomware, CISA, FBI, and the National Security Agency (NSA) recommend implementing the mitigation measures described in this Advisory, which include requiring multi-factor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date,” the advisory read.

 

This ransomware-dropping malware has swapped phishing for a sneaky new attack route

Zloader malware, a tool often used to deliver ransomware, is now being spread through malicious Google ads, according to Microsoft. The malware is a key part of the cybercrime industry and recently popped up on the radar of Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA). CISA yesterday warned that ZLoader was being used to distribute the Conti ransomware service, which pays ransomware distributors a wage rather than a commission for new infections. ZLoader is a banking trojan which uses web injection to steal cookies, passwords and any sensitive information. But it is also used to deliver ransomware and provides attackers with backdoor capabilities and the ability to install other forms of malware, according to security company SentinelOne.

 

Most Business Executives Would Be Willing To Pay Cyber Ransoms: New Survey

A day after the Biden administration announced new initiatives to combat ransomware attacks, a poll released today found that 78% of C-suite executives would be willing to pay a cyber ransom; 56% said they would be willing to pay over $100,000 in order to resume business operations. The international survey of 1,400 senior IT decision-makers and business executives in the U.S., U.K. and Canada was commissioned by security company Arctic Wolf and conducted in August 2021. The result show a lack of faith and confidence that business leaders have in government — and their own staff — to protect them or even identify cyber threats.

Related Posts