AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/11/2020

The Double-Edged Sword of Cybersecurity Insurance

Cybersecurity insurance is no longer a luxury. As attacks have accelerated — and become more costly — the idea of hedging against a breach has gone mainstream. The global cyber-insurance market now stands at $7.8 billion, but it’s projected to reach $20.4 billion by 2025, according to an October 2020 report from ResearchAndMarkets. Indeed, companies are incorporating cybersecurity insurance into their overall business strategies, says Alexander Chaveriat, chief innovation officer at Tuik Security Group. But – and should we really be surprised? – cybercriminals have also recognized that where there’s insurance, there’s opportunity. “Many gangs do reconnaissance before they pull the trigger on a ransomware attack,” Chaveriat explains. “They’ll see that the business has $2 million in cyber-insurance, and so they make this their ransom.” At the center of all of this is a harsh reality: Many organizations are opting to pay the ransom. Their desire to get systems up and running fast rather than deal with the time and expense of restoring data — even when the data exists — is fueling decision-making. However, this approach is also driving up the price of policies and contributing to more aggressive tactics.

 

The 5 biggest announcements from Apple’s ‘One More Thing’ hardware event

Apple just wrapped up its “One More Thing” hardware livestream, where it announced new versions of the MacBook Air, the 13-inch MacBook Pro and the Mac mini each with its newly announced, promising M1 silicon. Apple first detailed its transition from Intel to its own processors earlier this year — but this event was all about diving deep into what that reality now looks like, and when you’ll be able to get your hands on a computer featuring the just-announced M1 chip.

 

Scammers impersonating the IRS threaten victims with legal action

Aggressive scammers are impersonating the U.S. Internal Revenue Service (IRS) in e-mails designed to trick potential victims into paying fabricated outstanding amounts related to missed or late payments. The phishing emails target users of Microsoft’s Office 365 platform and have so far reached an estimated number of up to 70,000 mail inboxes according to researchers at email security company Abnormal Security. There is a high chance that at least some of the targets will give in and pay the fraudsters seeing that the scammers threaten them with Credit Bureau reports and legal action. To make it as convincing as possible, the fraudsters spoof the email address the scam messages appear to originate from to make it look like they were sent from support@irs.gov.

 

Ransomware Group Turns to Facebook Ads

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening of Monday, Nov. 9, an ad campaign apparently taken out by the Ragnar Locker Team began appearing on Facebook. The ad was designed to turn the screws to the Italian beverage vendor Campari Group, which acknowledged on Nov. 3 that its computer systems had been sidelined by a malware attack. On Nov. 6, Campari issued a follow-up statement saying “at this stage, we cannot completely exclude that some personal and business data has been taken.” “This is ridiculous and looks like a big fat lie,” reads the Facebook ad campaign from the Ragnar crime group. “We can confirm that confidential data was stolen and we talking about huge volume of data.”

 

Mysterious Bugs Were Used to Hack iPhones and Android Phones and No One Will Talk About It

Google’s elite teams of bug and malware hunters found and disclosed a flurry of high impact vulnerabilities in Chrome, Android, Windows, and iOS last week. The internet giant also said that these various vulnerabilities were all “actively exploited in the wild.” In other words, hackers were using these bugs to actually hack people, which is concerning.  What’s more, all these vulnerabilities are in some way related to each other, Motherboard has learned. That potentially means the same hackers were using them. According to the disclosure reports, some bugs were in font libraries, and others were used to escape the sandbox in Chrome, and others were used to take control of the whole system, suggesting some of these bugs were part of a chain of vulnerabilities used to exploit victim’s devices.  

Related Posts