AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/14/2021

New SnapMC group extorts companies after short 30-minute hacks

Security researchers have discovered a new threat actor that carries out lightning-fast hacks, typically under 30 minutes, steals a company’s files, and then extorts the victim with threats to leak the data online or to media outlets unless a ransom payment is made within a few days. Discovered by Dutch security firm Fox-IT, the company named the group SnapMC because of its short-lived intrusions and the use of a tool called mc.exe for data exfiltration. Fox-IT researchers said the group typically breaches company networks via vulnerabilities in web-facing software, with several intrusions linked to the exploitation of CVE-2019-18935, a vulnerability in a UI component for the Telerik ASP.NET framework. Once inside, the group moves fast to collect data from local systems and typically doesn’t spend more than 30 minutes on a hacked network. Following a successful exfiltration, SnapMC operators send emails to the hacked company with a list of the stolen files as evidence. Companies are usually given 24 hours to respond to the email and another 72 hours to negotiate a ransom payment.


Overly Complex IT Infrastructures Pose Security Risk

More than two-thirds of companies plan to increase their cyber budget in 2022 to better protect their systems and data, with more than half of executives fearing an increase in reportable attacks, new data from consulting firm PricewaterhouseCoopers shows. Yet the major threat to companies is an avoidable level of unnecessary complexity that has led to increased risk, with three-quarters (75%) of executives agreeing that their organization’s infrastructure has become too complex and nearly the same number agreeing that complexity has led to concerning levels of risk, according to the report. Overall, executives worry that complexity will primarily lead to breaches and financial losses but also hamper innovation and undermine operational resilience. Organizations need to focus on simplifying their operations and infrastructure and determine whether complexity is necessary, according to PwC’s new “2022 Global Digital Trends Insights” report.


‘She opens the app and gets bombarded’: parents on Instagram, teens and eating disorders

Early in the Covid-19 pandemic, Michelle noticed her teenage daughters were spending substantially more time on Instagram. The girls were feeling isolated and bored during lockdown, the Arizona mom, who has asked to be identified by her first name to maintain her children’s privacy, recalled. She hoped social media could be a way for them to remain connected with their friends and community. But as the months progressed, the girls fell into pro-diet, pro-exercise and ultimately pro-eating-disorder hashtags on the social media app. It started with “health challenge” photos and recipe videos, Michelle said, which led to more similar content in their feeds. Six months later, both had started restricting their food intake. Her eldest daughter developed “severe anorexia” and nearly had to be admitted to a health facility, Michelle said. Michelle attributes their spiral largely to the influence of social media.


Google creates cybersecurity team to respond to increased hacks

Google on Tuesday announced the creation of a new cybersecurity team to help respond to attacks against governments and other critical groups, along with a new program to help strengthen the cybersecurity of businesses. The Google Cybersecurity Action Team will be made up of company cybersecurity experts, and will provide customers with incident response services, advisory services for security plans, and ways to deploy Google Cloud in a secure way that will make it more difficult for these customers to be successfully targeted by hackers. “Cybersecurity is at the top of every C-level and board agenda, given the increasing prominence of software supply chain exploits, ransomware, and other attacks,” Google Cloud CEO Thomas Kurian said in a statement Tuesday. “The Google Cybersecurity Action Team is part of our ongoing commitment to be the best partner for our enterprise and government customers along their security transformation journey.”


Facebook captured more than 2,000 hours of first-person video to train next-generation A.I.

Facebook on Thursday announced a research project in which it collected 2,200 hours of first-person footage from around the world to train next-generation artificial intelligence models. The project is called Ego4D, and it could prove to be crucial to Facebook’s Reality Labs division, which is working on numerous projects that could benefit from AI models trained using video footage shot from the perspective of a human. This includes smart glasses, like the Ray-Ban Stories that were released by Facebook last month, and virtual reality, in which Facebook has invested heavily since its 2014 $2 billion acquisition of Oculus. The footage could teach artificial intelligence to understand or identify something in the real world, or a virtual world, that you might see from a first-person perspective through a pair of glasses or an Oculus headset.


Verizon digital carrier Visible customer accounts were hacked

Visible, a US digital wireless carrier owned by Verizon, admitted that some customer accounts were hacked after dealing with technical problems in the past couple of days. The announcement was made on Visible’s official sub-reddit by an employee who said the company is investigating an incident that led to a small number of accounts being breached. As the post mentions: “We’re currently investigating an incident where information on a small number of member accounts was changed without their authorization. We’re working hard to take protective steps to secure these accounts…You should review any other accounts that share the same email, login, or password, and make any changes you determine necessary to secure those accounts.” While the company’s statement provides limited details regarding the incident, the employee advised customers to secure accounts with credentials also used with other online services hinting at a potential credential stuffing attack.

Related Posts