AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/22/2021

FIN7 hackers set up a fake company to recruit for cyberattacks

FIN7, a financially motivated Russian hacking group, has set up a fake company to lure unwitting IT specialists into supporting its continued expansion into ransomware, security researchers have found. According to researchers at Recorded Future’s Gemini Advisory unit, FIN7 — known for hacking into point-of-sale registers and stealing over $1 billion from millions of credit cards — is now operating under the guise of Bastion Secure, which claims to offer specialized public sector cybersecurity services. Bastion Secure’s website looks like the real deal. But the research found FIN7 is using real, publicly available information from existing, legitimate cybersecurity companies — phone numbers, office locations and text pulled from real websites — to create a veil of legitimacy. Bastion’s website claims it won “Best Managed Security Service” at the SC Magazine awards in 2016, and that the fake company’s consultancy arm was acquired by Six Degrees in 2016. Neither are true.

 

Multiple governments involved in coordinated takedown of REvil ransomware group

Cybersecurity experts have told Reuters that law enforcement officials from multiple countries were involved in the disruption of the REvil ransomware gang, which went dark for the second time on Sunday. Rumors and questions about the group’s most recent disappearance dominated conversation this week after Recorded Future security expert Dmitry Smilyanets shared multiple messages on Twitter from ‘0_neday’ — a known REvil operator — discussing what happened on the cybercriminal forum XSS. He claimed someone took control of the group’s Tor payment portal and data leak website. In the messages, 0_neday explains that he and “Unknown” — a leading representative of the group — were the only two members of the gang who had REvil’s domain keys. “Unknown” disappeared in July, leaving the other members of the group to assume he died.  The group resumed operations in September, but this weekend, 0_neday wrote that the REvil domain had been accessed using the keys of “Unknown.” 

 

450 million cyberattacks attempted on Japan Olympics infrastructure

The NTT Corporation, which provided wide-ranging telecommunications services and network security for the Olympic & Paralympic Games in Tokyo this summer, said there were more than 450 million attempted cyberattacks during the event in July. NTT officials said none of the attacks were successful and added that the games went on without a hitch. But the number of attacks was 2.5x the number seen during the 2012 London Summer Olympics. NTT’s Andrea MacLean compared the cybersecurity struggle to Harry Potter’s final fight against Voldemort, calling the effort to protect the event “Herculean.” “Cybercriminals certainly saw the Games — and its related supply chain — as a high-value target with low downtime tolerance. After all, crime follows opportunity. And with connected stadiums, fan engagement platforms and complete digital replicas of sporting venues and the events themselves becoming the norm, there’s plenty of IT infrastructure and data to target — and via a multitude of components,” MacLean said. 

 

Edward Snowden: ‘If you weaken encryption, people will die’

Our online privacy faces growing threats. Governments around the world are calling for encryption backdoors that would enable access to personal information. They argue that encryption protects criminals. But it also protects activists, dissidents, persecuted groups, and ordinary citizens. Edward Snowden is among the most prominent beneficiaries. The whistleblower’s first messages to journalists were made with encryption. They resulted in revelations that millions of Americans had been under illegal mass surveillance. “If you weaken encryption, people will die,” said Snowden in a statement. “This year alone, after the fall of the government of Afghanistan, we saw how crucial encryption is in keeping ordinary people safe.” Snowden has joined the Global Encryption Coalition to launch a campaign to protect encryption. The group of civil society organizations and tech firms warns that undermining encryption will leave people more vulnerable to crime and surveillance.

 

Two SIM swappers phished a phone company so they could steal $16K in crypto

Twenty-year-old Kyell Bryan of Pennsylvania has pleaded guilty to aggravated identity theft for a SIM swapping and cryptocurrency theft scheme, according to the United States Attorney’s Office of the District of Maryland. According to the initial indictment statement, in June 2019, Bryan, who was 19, conspired with Jordan K. Milleson, then 21, and others. The group engaged in phishing and vishing (voice phishing) to trick employees at an unnamed wireless operator into coughing up their login credentials.  As Brian Krebs reported when Bryan and Milleson were indicted, they were active participants of the OGUsers trading forum, which has spawned similar phishing attacks against Twitter and others, usually with the intent of stealing and trading social media handles. Leaked messages from OGUsers reveal that in 2019, Bryan asked another member for help crafting a site that would look like T-Mobile’s employee login page.

 

Gartner advises tech leaders to prepare for action as quantum computing spreads

Quantum computing has hit the radar of technical leaders, because of the huge efficiency it offers at scale. It will take years to develop for most applications, however, even as it makes limited progress in the near term in highly specialized fields of materials science and cryptography. Quantum methods are gaining more rapid attention, however, with special tools for AI, as seen in recent developments around natural language processing that could open up the “black box” of today’s neural networks. Last week’s release of a Quantum Natural Language Processing (QNLP) toolkit by Cambridge Quantum shows the new possibilities. Known as lambeq, the kit takes the form of a conventional Python repository that is hosted on GitHub. It follows the arrival at Cambridge Quantum of noted AI and NLP researchers and affords the chance for hands-on experience in QNLP. The lambeq package, which takes its name from late semantics researcher Joachim Lambek, is said to convert sentences into quantum circuits, offering a new view into text mining, language translation, and bioinformatics corpora.

Related Posts