AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/08/2022

Water sector in the US and Israel still unprepared to defeat cyber attacks

Ariel Stern, a former Israeli Air Force captain, warns that the US and Israel are still unprepared to defeat a cyber attack against the water sector that could be orchestrated by enemy states like Iran. Stern highlighted the dangers for providers of critical infrastructure and issued his warning following the ransomware attack that in august disrupted the IT operations of South Staffordshire Water, a UK company supplying drinking water to 1.6M consumers daily. The intelligence officer pointed out that nations like Russia, Iran, North Korea, and China have the capabilities to hit the water sector with dramatic consequences.

Can confidential computing stop the next crypto heist?

The theft of billions of dollars in cryptocurrency over recent months could have been prevented, and confidential computing is a key to the security fix. Confidential computing aims to isolate sensitive data without exposing it to the rest of the system, where it would be more vulnerable to intruders. It does this by processing encrypted data in memory using hardware-based secure enclaves. “The number of incidents in this space — just a few months ago the attack of the Ronin Bridge for example,” says Fireblocks co-founder and CTO Idan Ofrat, referencing the $600 million blockchain bridge heist in which an attacker used hacked private keys to forge withdrawals and steal funds. Ofrat’s company focuses on digital asset infrastructure for banks, cryptocurrency exchanges, NFT marketplaces and other organizations that want to build blockchain-based products. 

2023 will be the year of cyber-risk quantification

Geopolitical tensions, supply chain challenges, an economic slowdown, an ongoing pandemic and more have meant that companies and people have been impacted in ways that will change how business will be conducted for many years to come, and the ripple effects of these converging variables will be felt for a long time. As headlines continue to be dominated by increasing interest rates, businesses must ensure their budget is being spent efficiently. But despite the economic downturn, the cybersecurity and AI industries have grown steadily over the past 18 months or so.

China is likely stockpiling and deploying vulnerabilities, says Microsoft

Microsoft has asserted that China’s offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities. China’s 2021 law required organizations to report security vulnerabilities to local authorities before disclosing them to any other entity. The rules mean Beijing can use local research to hoard vulnerability information. A year later, researchers from the Atlantic Council found there was a decrease in reported vulnerabilities coming from China – and an increase in anonymous reports. Microsoft’s 2022 Digital Defense Report, released last Friday, asserts the Chinese law “might” be enabling the Chinese government to weaponize the vulnerabilities. “The increased use of zero days over the last year from China-based actors likely reflects the first full year of China’s vulnerability disclosure requirements for the Chinese security community and a major step in the use of zero-day exploits as a state priority,” said [PDF] Microsoft.

DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace

The Justice Department said it conducted the largest cryptocurrency seizure in its history after searching the home of James Zhong, a hacker who pleaded guilty on Friday to charges related to incidents involving the now-defunct Silk Road darknet marketplace. According to the Justice Department and Internal Revenue Service, the 32-year-old committed wire fraud in September 2012 when he stole more than 50,000 Bitcoin from Silk Road. The stolen funds were seized during a raid on Zhong’s Gainesville, Georgia home in November 2021. “For almost ten years, the whereabouts of this massive chunk of missing Bitcoin had ballooned into an over $3.3 billion mystery,” U.S. Attorney Damian Williams said. “Thanks to state-of-the-art cryptocurrency tracing and good old-fashioned police work, law enforcement located and recovered this impressive cache of crime proceeds. This case shows that we won’t stop following the money, no matter how expertly hidden, even to a circuit board in the bottom of a popcorn tin.”

Hushpuppi: Notorious Nigerian fraudster jailed for 11 years in US

A notorious Instagram influencer from Nigeria has been jailed for more than 11 years in the US for his role in an international fraud syndicate. Hushpuppi, whose real name is Ramon Abbas, was also ordered to pay $1,732,841 (£1,516,182) in restitution to two victims. The influencer rose to fame flaunting his wealthy lifestyle on his page, which boasted 2.8 million followers. But it all came crashing down when he was arrested in Dubai two years ago.

Related Posts