AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/06/2021

US rejects calls for regulating or banning ‘killer robots’

The US has rejected calls for a binding agreement regulating or banning the use of “killer robots”, instead proposing a “code of conduct” at the United Nations. Speaking at a meeting in Geneva focused on finding common ground on the use of such so-called lethal autonomous weapons, a US official balked at the idea of regulating their use through a “legally-binding instrument”. The meeting saw government experts preparing for high-level talks at a review conference on the Convention of Certain Conventional Weapons from 13 to 17 December. “In our view, the best way to make progress … would be through the development of a non-binding code of conduct,” US official Josh Dorosin told the meeting. The United Nations has been hosting diplomatic talks in Geneva since 2017 aimed at reaching an agreement on how to address the use of killer robots.


Colorado energy company loses 25 years of data after cyberattack while still rebuilding network

Colorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historical data to be lost. In an update sent to customers this week, the company said it expects to be able to begin accepting payments through its SmartHub platform and other payment kiosks during the week of December 6. “We also tentatively estimate we will be able to resume member billing the week of December 6 – 10. We recognize this will result in members receiving multiple energy bills close together. As a reminder, we will not disconnect services for non-payment or assess any penalties through January 31, 2022,” the company said on a page that has been updated repeatedly over the last month. 


Ransomware Operations Double Down on Data Leak Sites

Many ransomware-wielding attackers continue to rely on a number of cybercrime-as-a-service providers to support their ability to easily gain access to targets and steal data. An increasing number of ransomware operations also run data leak sites to pressure nonpaying victims into meeting attackers’ ransom demands, researchers say. One cornerstone of the ransomware ecosystem remains initial access brokers, who provide paying customers with remote access to a victim’s network. While such access can come in many forms, security researchers say stolen remote desktop protocol credentials remain common, as do stolen virtual private networking connections. Tracking just how much access gets sold remains difficult because many brokers do not publicly list victims or prices. Some brokers also have exclusive, private relationships with ransomware operations.


U.S. State Department phones hacked with Israeli company spyware

Apple Inc iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter. The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country, two of the sources said. The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO, but it was not clear whether intrusions were always tried or succeeded. Reuters could not determine who launched the latest cyberattacks.


Who Is the Network Access Broker ‘Babam’?

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “Babam,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years. Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit, mainly selling virtual private networking (VPN) credentials stolen from various companies. Babam has authored more than 270 posts since joining Exploit in 2015, including dozens of sales threads. However, none of Babam’s posts on Exploit include any personal information or clues about his identity.


Apple AirTags are being exploited to steal cars in Canada

Apple announced AirTags back in April, enabling consumers to track items. While the device is meant to be used as a key finder so people can locate personal objects that may be misplaced easily, its utility is being misused by malicious actors in some areas. As reported by MacRumors, the York regional police has issued an advisory indicating that at least five incidents have involved the use of AirTags to steal cars which are parked in public places. Thieves reportedly place the AirTags in discreet locations of the cars like in a tow hitch, inside the bumper, or in an external electrical port, making it difficult for car owners to notice the small device. These AirTags use nearby Apple devices as crowd-sourced beacons to broadcast the location of the car to thieves so they can plan their heist under conducive conditions. Although Apple issues notifications to nearby users if it suspects that AirTags are being used to track their location, it’s possible that victims dismiss these alerts or don’t even use an Apple device to receive said alerts.

Related Posts