AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/27/2021

Hackers breached computer network at key US port but did not disrupt operations

Suspected foreign government-backed hackers last month breached a computer network at one of the largest ports on the US Gulf Coast, but early detection of the incident meant the intruders weren’t in a position to disrupt shipping operations, according to a Coast Guard analysis of the incident obtained by CNN and a public statement from a senior US cybersecurity official. The incident at the Port of Houston is an example of the interest that foreign spies have in surveilling key US maritime ports, and it comes as US officials are trying to fortify critical infrastructure from such intrusions. “If the compromise had not been detected, the attacker would have had unrestricted remote access to the [IT] network” by using stolen log-in credentials, reads the US Coast Guard Cyber Command’s analysis of the report, which is unclassified and marked “For Official Use Only.” “With this unrestricted access, the attacker would have had numerous options to deliver further effects that could impact port operations.”


China declares all crypto-currency transactions illegal

“Virtual currency-related business activities are illegal financial activities,” the People’s Bank of China said, warning it “seriously endangers the safety of people’s assets”. China is one of the world’s largest crypto-currency markets. Fluctuations there often impact the global price of crypto-currencies. The price of Bitcoin fell by more than $2,000 (£1,460) in the wake of the Chinese announcement. It is the latest in China’s national crackdown on what it sees as a volatile, speculative investment at best – and a way to launder money at worst. Trading crypto-currency has officially been banned in China since 2019, but has continued online through foreign exchanges. However, there has been a significant crackdown this year.


Ransomware attackers targeted this company. Then defenders discovered something curious

Cybersecurity researchers have detailed a ransomware campaign that clearly borrows attack techniques used by nation-state-backed hacking and cyber-espionage operations. The campaign came to light when cyber criminals attempted to launch a ransomware attack against an unspecified product safety testing organisation. The attack was detected and stopped before it was successful, but provided cybersecurity researchers at eSentire with enough information to analyse the tactics, techniques and procedures being used. As eSentire’s security research team began to investigate the incident, they said they “discovered some very curious findings, relating to both the threat group behind the attack, as well as the tools and techniques used in the attack”. 


Experts say China’s low-level cyberwar is becoming severe threat

Chinese state-sponsored hacking is at record levels, western experts say, accusing Beijing of engaging in a form of low-level warfare that is escalating despite US, British and other political efforts to bring it to a halt. There are accusations too that the clandestine activity, which has a focus on stealing intellectual property, has become more overt and more reckless, although Beijing consistently denies sponsoring hacking and accuses critics of hypocrisy. Jamie Collier, a consultant with Mandiant, a cybersecurity firm whose work is often cited by intelligence agencies, said the level of hacking emerging from China in 2021 was “a more kind of severe threat than we previously anticipated”. That culminated, in July, with the US, the EU, Nato, the UK and four other countries all accusing Beijing of being behind a massive exploitation of vulnerabilities in Microsoft’s widely used Exchange company server software in March. In some cases they blamed China’s Ministry of State Security (MSS) for directing the activity.


Former Apple engineer says the button on iPhones asking apps not to track you is a ‘dud’ that gives users a ‘false sense of privacy’

Johnny Lin, a former Apple engineer and co-founder of the software company Lockdown Privacy says Apple’s “Ask App Not To Track” button is a “dud” that gives users “a false sense of privacy,” according to a Washington Post report. Even if users request apps not to collect their activity across other companies’ apps and websites, popular iPhone apps like Subway Surfers still collect personal data, a new study by Lockdown Privacydetermined. “We found that App Tracking Transparency made no difference in the total number of active third-party trackers,” the study says. “We further confirmed that detailed personal or device data was being sent to trackers in almost all cases.” Sybo, the company that makes Subway Surfers, told The Washington Post that “in order for the game to function properly, some data is communicated to Ad Networks,” but did not explain why detailed personal information was required. “As a company, we do not track users for advertising purposes without their consent,” Sybo added.


EFF to deprecate HTTPS Everywhere extension as HTTPS is becoming ubiquitous

The Electronic Frontier Foundation said it is preparing to retire the famous HTTPS Everywhere browser extension after HTTPS adoption has picked up and after several web browsers have introduced HTTPS-only modes. “After the end of this year, the extension will be in ‘maintenance mode’ for 2022,” said Alexis Hancock, Director of Engineering at the EFF. Maintenance mode means the extension will receive minor bug fixes next year but no new features or further development. No official end-of-life date has been decided, a date after which no updates will be provided for the extension whatsoever. Launched in June 2010, the HTTPS Everywhere browser extension is one of the most successful browser extensions ever released. The extension worked by automatically switching web connections from HTTP to HTTPS if websites had an HTTPS option available. At the time it was released, it helped upgrade site connections to HTTPS when users clicked on HTTP links or typed domains in their browser without specifying the “https://” prefix.

Related Posts