AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/9/2024

Half of polled infosec pros say their degree was less than useful for real-world work

Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. We’re a glass half-empty lot. The Moscow-headquartered multinational revealed those figures today in the first part of a multi-stage report based on a survey of 1,012 infosec professionals across 29 countries. About a quarter of those probed said their higher education was “not at all useful” for their working life in cybersecurity; 12 percent said it was “slightly useful;” and 14 percent described it as “somewhat useful,” adding up to 50 percent for the negatives. On the flip side, 29 percent said their education was “extremely” useful, and 21 percent said “very” useful.

 

Raspberry Robin devs are buying exploits for faster attacks

Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to the group – most likely the latter. That’s according to Check Point Research (CPR) which has tracked how long it takes for vulnerability exploits to be added as features to the malware. In 2022, Raspberry Robin added exploits for vulnerabilities that were up to 12 months old, such as CVE-2021-1732, but this has quickly switched to those less than a month old, like CVE-2023-36802.

 

Hyundai Motor Europe hit by Black Basta ransomware attack

Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. Hyundai Motor Europe is Hyundai Motor Company’s European division, headquartered in Germany. BleepingComputer first learned of the attack in early January, but when we contacted Hyundai, we were told they were just experiencing IT issues.

 

AnyDesk Shares More Information on Recent Hack

AnyDesk has shared more information on the recent hacker attack, including when threat actors first breached its systems and the impact of the incident. According to the developer of the popular remote access software, the intrusion was discovered in mid-January and a forensic investigation showed that the hackers first breached its systems in late December 2023. The investigation revealed that the hackers compromised production systems, but there is no indication that they have obtained customer credentials or that malicious versions of the AnyDesk software have been distributed as a result of this incident.

 

Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict

In the context of the Israel-Hamas conflict, Iran’s offensive operations against Israel were initially reactive and chaotic, but quickly ramped up and expanded in scope, Microsoft says. Immediately after October 7, Iranian threat actors were seen ‘leaking’ old material and using pre-existing access to networks, with their rather chaotic activities suggesting little or no coordination with Hamas, despite early claims by Iranian state media. However, Iran-aligned adversaries quickly ramped up their cyberattacks and influence operations in support of Hamas, with 14 groups engaging in anti-Israel cyber operations two weeks into the armed war, up from only nine in the beginning.

Related Posts