AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/09/2024

Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks

A 19-year-old from California has been charged over his alleged role in Scattered Spider attacks, and court documents show that he did a poor job at covering his tracks. Bloomberg [paywalled article] reported that the teen, Remington Ogletree, was arrested last month and released on bail. According to court documents, Ogletree conducted cybercriminal activities between at least October 2023 and May 2024. He has been accused of gaining unauthorized access to various companies’ networks, stealing confidential data and selling some of it on the dark web, and stealing cryptocurrency, with losses caused by his actions totaling over $4 million.

 

DuckDuckGo Donates $1.1M in 2024 to Privacy & Digital Rights

DuckDuckGo continues to promote user rights, donating some $1.1 million to groups promoting privacy, digital rights, and a better internet. Once known primarily as an alternative, privacy-focused search engine, DuckDuckGo has been expanding its reach, developing an entire suite of applications and services aimed at helping individuals preserve their privacy. In a year-end review, DuckDuckGo has revealed that it donated some $1.1 million in 2024 to a variety of privacy and digital rights causes, as well as to projects that play a fundamental role in the internet.

 

Data deletion enters the ransomware chat

Ransomware remains one of the biggest cyber threats to companies today. In a survey by security provider Cohesity, 83% of respondents said they were affected by a ransomware attack in the first half of 2024. According to security experts, there is no relief in sight for 2025 either. But according to security provider G Data, an unsettling trend may be emerging: Newer hacker gangs are increasingly using ransomware to delete data instead of “just” encrypting it. “We are currently observing a new generation of hackers who have significantly less technical skills than known criminal groups,” reports Tim Berghoff, security evangelist at G Data CyberDefense.

 

Teenagers leading new wave of cybercrime

Today, the world of cyber hacking is not confined to grown ups nor is the fallout. According to the FBI, the average age of someone arrested for cybercrime is 19 vs. 37 for any crime. Many teens will have been recruited into the “business” by more sophisticated fraudsters, who reach them through online gaming, chat and social media. As more states pass legislation against revenge porn, cyberbullying, and other forms of online fraudulent attacks, we may see a dramatic increase in the number of teens prosecuted for hacking and fraud. As more companies continue to train their employees on the responsible use of AI, we could see a marked increase in the use of that AI education by those very same employees for internal theft, sensitive information sourcing, and much more. Next year could see at least one global brand impacted by fraud perpetrated by an insider to whom it provided educational AI training.

 

US critical infrastructure hit once again by a new group on the scene

Storm-0227, a Chinese state-sponsored advanced persistent threat (APT) actor started targeting critical infrastructure organizations, as well as government entities, in the United States. This is according to Sherrod DeGrippo, director of threat intelligence strategy at Microsoft. Speaking to The Register recently, DeGrippo said that the group abuses software vulnerabilities and engages in spear phishing attacks to gain access to people’s devices.

 

Booking.com says typos giving strangers access to private trip info is not a bug

You may want to be extra careful if you’re booking holiday travel for family and friends this year through Booking.com. A stunned user recently discovered that a typo in an email address could inadvertently share private trip info with strangers, who can then access sensitive information and potentially even take over bookings that Booking.com automatically adds to their accounts. This issue came to light after a Booking.com user, Alfie, got an email confirming that he had booked a trip he did not.

 

New Windows zero-day exposes NTLM credentials, gets unofficial patch

A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. The flaw was discovered by the 0patch team, a platform that provides unofficial support for end-of-life Windows versions, and was reported to Microsoft. However, no official fix has been released yet. According to 0patch, the issue, which currently has no CVE ID, impacts all Windows versions from Windows 7 and Server 2008 R2 up to the latest Windows 11 24H2 and Server 2022.

Related Posts