AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/09/2020

FireEye cybersecurity tools compromised in state-sponsored attack

One of the US’s leading cybersecurity firms, FireEye, says it’s been hacked by a state-sponsored attacker. Hackers targeted and accessed the firm’s so-called Red Team tools, which it uses to test customer security and find vulnerabilities. Now there’s concern that the hackers could release these tools publicly or use them to attack others, though there is no evidence that this has happened yet. FireEye says that it does not believe any customer information was taken. Although the blog post, authored by FireEye CEO Kevin Mandia, does not say who is responsible, it says that the attacking nation has “top-tier offensive capabilities.” The Wall Street Journal reports that Russia is a suspect, specifically its foreign-intelligence service known as the SVR. However, the investigation into who is responsible is ongoing.


Ransomware gangs are now cold-calling victims if they restore from backups without paying

In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands. “We’ve seen this trend since at least August-September,” Evgueni Erchov, Director of IR & Cyber Threat Intelligence at Arete Incident Response, told ZDNet on Friday. Ransomware groups that have been seen calling victims in the past include Sekhmet (now defunct), Maze (now defunct), Conti, and Ryuk, a spokesperson for cyber-security firm Emsisoft told ZDNet on Thursday. “We think it’s the same outsourced call center group that is working for all the [ransomware gangs] as the templates and scripts are basically the same across the variants,” Bill Siegel, CEO and co-founder of cyber-security firm Coveware, told ZDNet in an email.


Candor about cybersecurity incidents can save money as well as trust, says survey

There’s an old adage that says, “Honesty is the best policy.” A new survey from security vendor Kaspersky suggests it might also pay. The survey, released Monday, says that on average, small and medium-sized businesses that tell stakeholders and the public about a data breach are likely to lose 40 per cent less than their peers that saw the incident leaked to the media. Data suggest the same tendency has also been found to be the case in enterprises. “Proactive disclosure can help turn things around in a company’s favour, and it goes beyond just the financial impact,” said Yana Shevchenko, senior product marketing manager at Kaspersky. “If customers know what happened firsthand, they are more likely to maintain their trust in the brand. In addition, the company can give its clients recommendations on what to do next so that they can keep their assets protected. The company can also tell their side of the story by sharing reliable and correct information with the media, instead of publications relying on third-party sources that may depict the situation incorrectly.”


Foxconn electronics giant hit by ransomware, $34 million ransom

Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices. Foxconn is the largest electronics manufacturing company globally, with recorded revenue of $172 billion in 2019 and over 800,000 employees worldwide. Foxconn subsidiaries include Sharp Corporation, Innolux, FIH Mobile, and Belkin. BleepingComputer has been tracking a rumored Foxconn ransomware attack that occurred over the Thanksgiving weekend. Today, the DoppelPaymer ransomware published files belonging to Foxconn NA on their ransomware data leak site. The leaked data includes generic business documents and reports but does not contain any financial information or employee’s personal details.


Uber Gives Up on the Self-Driving Dream

IN 2015, THEN Uber CEO Travis Kalanick pulled off a bold talent raid when he poached some 40 roboticists from the National Robotics Engineering Center at Carnegie Mellon. The move reportedly left the world-class engineering university reeling, and it seemed to signal that the world’s hottest startup was on the cusp of making self-driving cars a reality. Now, that self-driving unit is no more, and the estimated timeline for robotaxi domination has extended well into this decade. Uber said Monday it would sell off the self-driving unit that was the result of that raid, the Pittsburgh-based Advanced Technologies Group. The 1,200-person unit will be acquired by the self-driving-tech developer Aurora. Uber will invest $400 million in Aurora as part of the deal, bringing Aurora’s valuation to $10 billion and tripling its workforce. Uber’s current CEO, Dara Khosrowshahi, will also take a seat on Aurora’s board.

Related Posts