AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/25/2021

Groove ransomware calls on all extortion gangs to attack US interests

The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil’s infrastructure last week. Over the weekend, BleepingComputer reported that the REvil ransomware operation shut down again after an unknown third party hijacked their dark web domains. As part of this shutdown, a known REvil operator claimed that the unknown party was “looking” for them by modifying configuration files, so that the threat actor would be tricked into going to a site operated by the unknown entity. Yesterday, Reuters reported that REvil’s takedown resulted from an international law enforcement operation that included support from the FBI. Today, the Groove ransomware gang published a Russian blog post calling on all other ransomware operations to target US interests.

 

FTC: ISPs collect and monetize far more user data than you’d think

The Federal Trade Commission (FTC) found that the six largest internet service providers (ISPs) in the U.S. collect and share customers’ personal data without providing them with info on how it’s used or meaningful ways to control this process. “Many internet service providers (ISPs) collect and share far more data about their customers than many consumers may expect—including access to all of their Internet traffic and real-time location data—while failing to offer consumers meaningful choices about how this data can be used,” the FTC said. This was found as part of a study, started in 2019, into the privacy practices of U.S. broadband companies and related entities and how they collect, retain, use, and disclose info about consumers and their devices.

 

Tesco’s website restored after suspected cyberattack

UK supermarket giant Tesco has restored access to its website and app after an outage struck the service on Saturday, preventing customers from ordering or cancelling deliveries until Sunday evening. In a statement to The Guardian, Tesco said that “an attempt was made to interfere with our systems, which caused problems with the search function on the site.” The retailer, whose 1.3 million online orders per week account for nearly 15% of its UK sales, said there was no reason to believe the attempted interference impacted customer data. Tesco confirmed on Sunday evening that its website and app were now restored, but that it was using a virtual waiting room to handle a backlog in orders.  

 

Microsoft: Russian-backed hackers targeting cloud service

Microsoft said Monday the same Russia-backed hackers responsible for the 2020 SolarWinds breach continue to attack the global technology supply chain and have been relentlessly targeting cloud service companies and others since summer. The group, which Microsoft calls Nobelium, has employed a new strategy to piggyback on the direct access that cloud service resellers have to their customers’ IT systems, hoping to “more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.” Resellers act as intermediaries between giant cloud companies and their ultimate customers, managing and customizing accounts. “Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful,” Tom Burt, a Microsoft vice president, said in a blog post.

 

Amazon details custom Alexa programs for hospitals and retirement communities

Amazon has announced two new programs for Alexa centered around healthcare and retirement homes. Through Alexa Smart Properties, hospitals and senior living communities can run their own custom version of the voice assistant. Retirement homes might tap into Alexa to help residents keep in contact with family and friends, stay in touch with staff, take part in activities and remain engaged with other members of the community. Staff members can use Alexa to broadcast announcements and, of course, the voice assistant can still be used for things like controlling connected devices and smart TVs. Amazon’s aim with the healthcare program is to, among other things, let staff members check in with patients without having to enter their rooms.  In turn, patients can ask nurses questions, and they’ll be able to respond to brief queries without having to leave their station.

Related Posts