AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/7/2020

1 – U.S. Government Issues Warning About Possible Iranian Cyberattacks

Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency issued a warning about a potential new wave of Iranian cyber-attacks targeting U.S. assets after Maj. Gen. Qassim Suleimani was killed by a U.S. airstrike at the Baghdad airport in Iraq. “Given recent developments, re-upping our statement from the summer,” Krebs said in a rare warning on Twitter.  “Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS,” he added. “Make sure you’re also watching third party accesses!”


2 – UK investigates if cyberattack led to stock exchange outage

UK officials are worried that a London Stock Exchange outage in August wasn’t just the glitch that many suspected. Wall Street Journal sources say the GCHQ intelligence agency is investigating the possibility that the failure may have been due to a cyberattack. It’s reportedly taking a close look at the associated code, including time stamps, to determine if there was any suspicious activity. The exchange was in the middle of updating its systems when the outage happened, and there’s a fear this left systems open to attack.


3 – Xiaomi Cameras Connected to Google Nest Expose Video Feeds From Others

Internet-connected devices have been one of the most remarkable developments that have happened to humankind in the last decade. Although this development is a good thing, it also stipulates a high security and privacy risk to personal information. In one such recent privacy mishap, smart IP cameras manufactured by Chinese smartphone maker Xiaomi found mistakenly sharing surveillance footage of Xiaomi users with other random users without any permission. The issue appears to affect Xiaomi IP cameras only when streamed through connected Google’s Nest Hub, which came into light when a Reddit user claimed that his Google Nest Hub is apparently pulling random feeds from other users instead of his own Xiaomi Mijia cameras.


4 – Maze Ransomware Sued for Publishing Victim’s Stolen Data

The anonymous operators behind the Maze Ransomware are being sued by a victim for illegally accessing their network, stealing data, encrypting computers, and publishing the stolen data after a ransom was not paid.  The company suing Maze is Southwire, a leading wire and cable manufacturer from Carrollton, Georgia, who was attacked in December 2019. As part of this attack, the ransomware allegedly stole 120GB of data and encrypted 878 devices. After a ransom of 850 bitcoins, or $6 million. was not paid by Southwire, the Maze operators published a portion of their stolen data on a “news” site that the threat actors created.


5 – ‘Serious cyber-attack’ on Austria’s foreign ministry

Austria’s foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country. The ministry said the seriousness of the attack suggested it might have been carried out by a “state actor”. The hack started on Saturday night and experts warn it could continue for several days. The breach occurred on the same day Austria’s Green party backed forming a coalition with conservatives . It was recognised very quickly and countermeasures taken immediately, the foreign ministry said in a statement.


6 – Ransomware Attackers Offer Holiday Discounts and Greetings

To celebrate the holidays, ransomware operators are providing discounts or season’s greetings to entice victims into paying a ransom demand. As ransomware operators look at their organizations as a business, it is not surprising to see them offering discounts or season’s greetings to their victims. Such is the case with the Sodinokibi Ransomware (REvil) who MalwareHunterTeam noticed had changed their ransom note over the holidays to include a new message wishing the victims a “Merry Christmas and Happy Holidays”.


7 – The Hidden Cost of Ransomware: Wholesale Password Theft

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single password stored on each infected endpoint. The result of this oversight may offer attackers a way back into the affected organization, access to financial and healthcare accounts, or — worse yet — key tools for attacking the victim’s various business partners and clients.


8 – Samsung’s ‘artificial human’ project definitely looks like a digital avatar

On Friday we wrote about Samsung’s mysterious “artificial human” project Neon, speculating that the company was building realistic human avatars that could be used for entertainment and business purposes, acting as guides, receptionists, and more. Now, a tweet from the project’s lead and some leaked videos pretty much confirm this — although they don’t give us nearly enough information to judge how impressive Neon is. The lead of Neon, computer-human interaction researcher Pranav Mistry, tweeted the image below, apparently showing one of the project’s avatars. Mistry says the company’s “Core R3” technology can now “autonomously create new expressions, new movements, new dialog (even in Hindi), completely different from the original captured data.”


9 – Software and the war against complexity

Look around: what is happening? Australia, AI, Ghosn, Google, Suleimani, Starlink, Trump, TikTok. The world is an eruptive flux of frequently toxic emergent behavior, and every unexpected event is laced with subtle interconnected nuances. Stephen Hawking predicted this would be “the century of complexity.” He was talking about theoretical physics, but he was dead right about technology, societies, and geopolitics too. Let’s try to define terms. How can we measure complexity? Seth Lloyd of MIT, in a paper which drily begins “The world has grown more complex recently, and the number of ways of measuring complexity has grown even faster,” proposed three key categories: difficulty of description, difficulty of creation, and degree of organization. Using those three criteria, it seems apparent at a glance that both our societies and our technologies are far more complex than they ever have been, and rapidly growing even more so.


10 – DeathRansom evolves from joke to actual ransomware

A ransomware strain known as DeathRansom, once considered a joke, is now capable of encrypting files using a solid encryption scheme, cyber-security firm Fortinet reported today. Making matters worse, the ransomware has been backed by a solid distribution campaign, and has been making regular victims on a daily basis for the past two months. First DeathRansom infections were reported in November 2019. Initial versions of this ransomware were deemed a joke. At the time, DeathRansom merely mimicked being a ransomware without encrypting any of a user’s files. These first versions would add a file extension to all of a user’s files and drop a ransom note on the user’s computer asking for money.


11 – School management software provider discloses severe security breach

Active Network, a company that provides web-based school accounting software for K-12 schools and districts, disclosed a severe security breach earlier this week. The US-based company said hackers gained access to Blue Bear, a software platform that facilitates administration and management of school accounting, student fees, and online stores on behalf of schools and other educational institutions. Parents who accessed a school’s (Blue Bear-based) web store to pay school fees or buy books and school supplies between October 1, 2019, and November 13, 2019, might have had their personal data stolen by hackers, Active Network said.

Related Posts