AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/27/2021

Money launderers for Russian hacking groups arrested in Ukraine

The Ukrainian cybercrime police force has arrested members of a group of money launderers and hackers at the request of U.S. intelligence services. In a press release by Ukraine’s SSU, law enforcement says the individuals engaged in large-scale international operations where they laundered tens of millions of USD for various hacking groups. To engage with their “clients,” the threat actors created several accounts with unique nicknames on dark web platforms and provided their services to hacking groups, including some operating in the Russian Federation. The police say the hackers used an extensive network of fictitious persons and financial services for the money laundering process, but the police provided no further details. The SSU carried out simultaneous raids in the Mykolaiv region and seized computer equipment, software, hand notes, and cash as part of the law enforcement operation. 


FBI Raids Chinese Point-of-Sale Giant PAX Technology

U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX’s systems may have been involved in cyberattacks on U.S. and E.U. organizations. Headquartered in Shenzhen, China, PAX Technology Inc. has more than 60 million point-of-sale terminals in use throughout 120 countries. Earlier today, Jacksonville, Fla. based WOKV.com reported that agents with the FBI and Department of Homeland Security (DHS) had raided a local PAX Technology warehouse. In an official statement, investigators told WOKV only that they were executing a court-authorized search at the warehouse as a part of a federal investigation, and that the inquiry included the Department of Customs and Border Protection and the Naval Criminal Investigative Services (NCIS). The FBI has not responded to requests for comment.


Microsoft 365 will soon offer extra security configuration

Microsoft is working to enable users of Microsoft Defender for Office 365 to customize a new authentication mechanism in a bid to further extend its anti-spoofing protection. Named Authenticated Received Chain (ARC), Microsoft has already enabled the new authentication mechanism for all Office 365 hosted mailboxes to help preserve authentication results even when an email hops through multiple intermediaries. “With this change, admins will be able to add trusted intermediaries in the Microsoft 365 Defender portal to allow Microsoft to honor these ARC signatures, thereby allowing legitimate messages,” notes Microsoft in its roadmap. 


You definitely don’t want to play: Squid Game-themed malware is here

South Korean Netflix show Squid Game has become a runaway hit, surpassing Bridgerton to become the most watched Netflix show of all time. With 111 million viewers and counting, scammers have started to smell blood in the water, Kaspersky reports, and Squid Game-themed scams and malware have begun to appear online. Kaspersky reports that, between September and October 2021, it found several dozen malicious files on the web with Squid Game mentioned in their names. The majority of the scams were simple Trojan downloaders that installed other malicious programs, but scammers are getting creative in other ways, too.


Cyber-attack hits UK internet phone providers

An “unprecedented” and coordinated cyber-attack has struck multiple UK-based providers of voice over internet protocol (VoIP) services, according to an industry body. Industry body Comms Council UK said several of its members had been targeted by distributed denial of service (DDoS) attacks in recent weeks. “An overall threat has been made to the entire industry,” a spokesman added. Ofcom said it was aware of the situation. DDoS attacks work by flooding a website or online service with internet traffic in an attempt to throw it offline, or otherwise make it inaccessible.


Scammers Are Using Fake Job Ads to Steal People’s Identities

It has become a ubiquitous internet ad, with versions popping up everywhere from Facebook and LinkedIn to smaller sites like Jobvertise: Airport shuttle driver wanted, it says, offering a job that involves picking up passengers for 35 hours a week at an appealing weekly pay rate that works out to more than $100,000 a year. But airports aren’t really dangling six-figure salaries for shuttle drivers amid some sudden resurgence in air travel. Instead, the ads are cybercriminals’ latest attempt to steal people’s identities and use them to commit fraud, according to recent warnings from the FBI, the Federal Trade Commission and cybersecurity firms that monitor such threats. The U.S. Secret Service, which investigates financial crimes, also confirmed that it has seen a “marked increase” in sham job ads seeking to steal people’s personal data, often with the aim of filing bogus unemployment insurance claims.

Related Posts