AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/07/2022

World’s Most Expensive Observatory Floored by Cyber-Attack

The world-famous Atacama Large Millimeter Array (ALMA) observatory in Chile has become the latest unlikely victim of a cyber-attack, forcing it offline. The facility, which also claims to house the world’s most powerful telescope for observing molecular gas and dust, revealed the incident on Twitter earlier this week. It said the attack on its computer systems came last Saturday, “forcing the suspension of astronomical observations and the public website.” At the time of writing, the official ALMA website was still down. “There are limited email services at the observatory. The threat has been contained, and our specialists are working hard to restore affected systems. The attack did not compromise the ALMA antennas or any scientific data,” it explained.

Uncertainty Around Twitter’s Blue Checkmark Fuels New Phishing Campaigns

Phishers are capitalizing on the mayhem surrounding Twitter’s plan to charge users for Verified status on the microblogging platform now owned by billionaire Elon Musk. In typical phishing manner, the messages aim to scare users, telling them they’ll be stripped of their privileged rank if they don’t immediately confirm their identity with Twitter. On the other end of the line, scammers simply wait for the victim to punch in their user name, password and phone number. Originally reported by TechCrunch, the rather crude campaign uses a Gmail address and a website disguised as a Twitter help form.

Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup

The settlement last week in a $100 million lawsuit over whether insurance giant Zurich should cover losses Mondelez International suffered from NotPetya may very well reshape the entire cyber insurance marketplace. Zurich initially denied claims from Mondelez after the malware, which experts estimate caused some $10 billion in damages globally, wreaked havoc on its computer networks. The insurance provider claimed an act of war exemption since it’s widely believed Russian military hackers unleashed NotPetya on a Ukrainian company before it spread around the world. Now, however, it’s increasingly clear insurers aren’t off the hook for NotPetya payouts or from covering losses from other attacks with clear links to nation-state hackers.

Medibank cybercrime update

Medibank is committed to taking decisive action to protect our customers, our people, and the community in relation to the cybercrime perpetrated against its customers last month. Medibank CEO David Koczkar said we again unreservedly apologise to our customers and recognise the distress this cybercrime has caused. Medibank has today announced that no ransom payment will be made to the criminal responsible for this data theft. Mr Koczkar said: “Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published. In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. “Given the geography of the targets and the current geopolitical situation, it’s unlikely that the RomCom RAT threat actor is cybercrime-motivated,” the BlackBerry Threat Research and Intelligence Team said in a new analysis.

Related Posts