AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/11/2024

Here’s Some Bitcoin: Oh, and You’ve Been Served! 

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant. Experts say the development could make it easier for victims of crypto heists to recover stolen funds through the courts without having to wait years for law enforcement to take notice or help. 

 

Cybercrooks play dress-up as ‘helpful’ researchers in latest ransomware ruse 

Ransomware victims already reeling from potential biz disruption and the cost of resolving the matter are now being subjected to follow-on extortion attempts by criminals posing as helpful security researchers. Researchers at Arctic Wolf Labs publicized two cases in which casulaties of the Royal and Akira ransomware gangs were targeted by a third party, believed to be the same individual or group in both scenarios, and extorted by a fake cyber samaritan. Victims were approached by a “security researcher” who offered post-exploitation services. In one case, the mark was told the ransomware gang’s server could be hacked and their stolen data could be deleted. 

 

Linux devices are under attack by a never-before-seen worm 

For the past year, previously unknown self-replicating malware has been compromising Linux devices around the world and installing cryptomining malware that takes unusual steps to conceal its inner workings, researchers said. The worm is a customized version of Mirai, the botnet malware that infects Linux-based servers, routers, web cameras, and other so-called Internet of Things devices. Mirai came to light in 2016 when it was used to deliver record-setting distributed denial-of-service attacks that paralyzed key parts of the Internet that year. The creators soon released the underlying source code, a move that allowed a wide array of crime groups from around the world to incorporate Mirai into their own attack campaigns. Once taking hold of a Linux device, Mirai uses it as a platform to infect other vulnerable devices, a design that makes it a worm, meaning it self-replicates. 

 

Only 4% of US States Fully Prepared for Cyber-Attacks Targeting Elections 

Under 4% of US states are fully prepared to detect and recover from election-targeted cybersecurity incidents, according to research by Arctic Wolf. The survey of state and local government leaders across the US found that 14.3% of states were ‘not at all prepared’ to deal with such incidents, with 42.9% only ‘somewhat prepared’ ahead of the 2024 US election cycle, which includes Presidential and other state and local elections. 

 

CISA Urges Patching of Exploited SharePoint Server Vulnerability 

The US cybersecurity agency CISA on Wednesday issued a warning on threat actors exploiting a critical Microsoft SharePoint Server vulnerability in the wild. The security defect, tracked as CVE-2023-29357 (CVSS score of 9.8) and patched on June 2023 Patch Tuesday, is described as an elevation of privilege (EoP) flaw that allows unauthenticated attackers to gain administrator privileges. 

 

Mandiant Details How Its X Account Was Hacked 

Mandiant revealed on Wednesday that its account on the social media platform X, formerly Twitter, was hacked as part of a cryptocurrency theft campaign that generated at least $900,000 for cybercriminals. The X account of Mandiant, which is part of Google Cloud, was hijacked in early January and abused to promote a link to a fake website claiming to be affiliated with the legitimate Phantom cryptocurrency wallet.  

Related Posts