AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/19/2020

Hacking group exploits ZeroLogon in automotive, industrial attack wave

The active cyberattack is thought to be the handiwork of Cicada, also tracked as APT10, Stone Panda, and Cloud Hopper. Historically, the threat group — first discovered in 2009 and one that the US believes may be sponsored by the Chinese government — has targeted organizations connected to Japan, and this latest attack wave appears to be no different. Symantec researchers have documented companies and their subsidiaries in 17 regions, involved in automotive, pharmaceutical, engineering, and the managed service provider (MSP) industry, which have been recently targeted by Cicada.  The active cyberattack is thought to be the handiwork of Cicada, also tracked as APT10, Stone Panda, and Cloud Hopper.  Historically, the threat group — first discovered in 2009 and one that the US believes may be sponsored by the Chinese government — has targeted organizations connected to Japan, and this latest attack wave appears to be no different. Symantec researchers have documented companies and their subsidiaries in 17 regions, involved in automotive, pharmaceutical, engineering, and the managed service provider (MSP) industry, which have been recently targeted by Cicada.

 

The worst passwords of 2020 show we are just as lazy about security as ever

It’s that time of year again — when we see whether or not password security has improved over the past 12 months.  After analyzing 275,699,516 passwords leaked during 2020 data breaches, NordPass and partners found that the most common passwords are incredibly easy to guess — and it could take less than a second or two for attackers to break into accounts using these credentials. Only 44% of those recorded were considered “unique.” On Wednesday, the password manager solutions provider published its annual report on the state of password security, finding that the most popular options were “123456,” “123456789,” “picture1,” “password,” and “12345678.”

 

Be Very Sparing in Allowing Site Notifications

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.  But many users may not fully grasp what they are consenting to when they approve notifications, or how to tell the difference between a notification sent by a website and one made to appear like an alert from the operating system or another program that’s already installed on the device. This is evident by the apparent scale of the infrastructure behind a relatively new company based in Montenegro called PushWelcome, which advertises the ability for site owners to monetize traffic from their visitors. The company’s site currently is ranked by Alexa.com as among the top 2,000 sites in terms of Internet traffic globally.

 

Apple to Pay $113 Million in Settlement With States Over iPhone Battery Slowdowns

Apple will shell out $113 million as part of a settlement negotiated with 33 U.S. states and the District of Columbia resolving allegations that the company made misrepresentations about the batteries in certain older iPhone models and software updates that throttled the devices’ performance. That’s in addition to the class-action settlement Apple agreed to earlier this year over the same issue, under which it will pay up to $500 million to former and current U.S. owners of Apple iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus and the first-generation iPhone SE. Apple will pay customers about $25 per eligible device, depending on the number of total claims. Per the settlement with the state attorneys general, Apple denied any wrongdoing. 

 

A perspective on security threats and trends, from inception to impact

Sophos published a report which flags how ransomware and fast-changing attacker behaviors, from advanced to entry level, will shape the threat landscape and IT security in 2021. The gap between ransomware operators at different ends of the skills and resource spectrum will increase. At the high end, the big-game hunting ransomware families will continue to refine and change their tactics, techniques and procedures (TTPs) to become more evasive and nation-state-like in sophistication, targeting larger organizations with multimillion-dollar ransom demands. In 2020, such families included Ryuk and RagnarLocker. At the other end of the spectrum, Sophos anticipates an increase in the number of entry level, apprentice-type attackers looking for menu-driven, ransomware-for-rent, such as Dharma, that allows them to target high volumes of smaller prey.

 

Accused Ringleader of FIN7 Hacking Group Pleads Guilty

An accused ringleader of the notorious FIN7 hacking group, which prosecutors say stole 15 million payment cards over several years, has pleaded guilty to multiple federal charges, according to court documents filed in the case this week. Andrii Kolpakov, who is a Ukrainian national, pleaded guilty to charges of conspiracy to commit wire fraud and conspiracy to commit computer hacking. He faces a possible 25-year federal prison term and a $500,000 fine when he’s sentenced, federal prosecutors note. In the court documents, Kolpakov was considered a high-ranking member of FIN7 during the two years between when he started working for the hacking group in 2016 and his arrest by law enforcement in Europe in 2018.

Related Posts