AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/24/2020


Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let them. Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to receive money or other benefits. The FBI advises you to be on the lookout for the following:


2 – Security Breach Disrupts Fintech Firm Finastra

Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks. London-based Finastra has offices in 42 countries and reported more than $2 billion in revenues last year. The company employs more than 10,000 people and has over 9,000 customers across 130 countries — including nearly all of the top 50 banks globally.


3 – Justice Dept. files its first coronavirus takedown: a bogus vaccine website

U.S. federal prosecutors have filed and won a temporary restraining order against a website offering a fraudulent coronavirus vaccine, which the Justice Department said is its first enforcement action related to the pandemic. In a statement, the Justice Dept. said the action was taken against a website, said to be engaging in a wire fraud scheme, seeking “to profit from the confusion and widespread fear” surrounding COVID-19. The website, seen by TechCrunch, claims the World Health Organization is “giving away vaccine kits” to unsuspecting victims who pay a small fee for shipping. The website asks for a victim’s credit card information.


4 – New government cyber unit set to crack down on coronavirus fake news

The UK government has created a new cyber team in an effort to crack down on the spread of fake news regarding the recent coronavirus outbreak on social media platforms. The new unit is compromised of members from departments across Whitehall with the aim of assessing the potential extent, scope and impact of fake news. The cyber team will also be responsible for identifying and responding to disinformation about the novel coronavirus. Additionally, the unit will hold talks with social media companies to learn more about how they monitor interference and limit the spread of disinformation on their platforms.


5 – These ‘ninja robots’ are helping Thai hospitals fight the coronavirus

Some hospitals in Thailand are taking a high-tech approach to fight the spread of the novel coronavirus. They’ve begun employing so-called “ninja robots,” which refers to their all-black appearance. Those robots can do everything from monitor patient temperatures to allow a doctor to stay outside the room and speak with the patient via the robot so that the front-line doctors and medical workers reduce their risk of infection. Engineers there are planning to make more of the robots for additional hospitals, robots that could also perform tasks like disinfecting rooms.


6 – Hacker selling data of 538 million Weibo users

The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online, according to ads seen by ZDNet and corroborating reports from Chinese media. In ads posted on the dark web and other places, a hacker claims to have breached Weibo in mid-2019 and obtained a dump of the company’s user database. The database allegedly contains the details for 538 million Weibo users. Personal details include the likes of real names, site usernames, gender, location, and — for 172 million users — phone numbers. Passwords were not included, which explains why the hacker is selling the Weibo data for only ¥1,799 ($250).


7 – Smart Thermometers Could be Key to Tracking the Coronavirus, For Better or Worse

Recently, one manufacturer, Kinsa rolled out a nationwide map of “seasonal illnesses” nationwide. As the company explained: The map shows two key data points: (1) the illness levels we’re currently observing, and (2) the degree to which those levels are higher than the typical levels we expect to see at this point in the flu season. We believe this latter data point—which we’re calling “atypical illness”, may in some cases be connected to the COVID-19 pandemic. These data points are aggregated from the company’s network of “more than one million” smart thermometers being popped into the mouths of parents and children in houses and schools nationwide. And the data may be useful when it comes to tracking cases of covid-19 infection while the U.S. is still experiencing inadequate testing and an overwhelmed health care system that’s incapable of taking care of citizens during normal times. 


8 – Government wheels out Census excuse and blames myGov crash on DDoS

The federal government’s myGov portal was down on Monday, after thousands flocked to the website to sign up for income assistance following forced business closures in the wake of the COVID-19 coronavirus outbreak. Speaking with media about the long queues at Centrelink service centres and the inability to access myGov on Monday afternoon, Minister for Government Services Stuart Robert blamed a distributed denial of service (DDoS) attack for the outage. “Over the weekend, we took our number of users of myGov from an average of 6,000 concurrent users to what is now 55,000 concurrent users,” he said. “We’ve put a 10-fold increase on our digital channels over the weekend in preparation, unfortunately this morning we also suffered a distributed denial of service on our main channels, which also highlights that other threats are still inbound.”


9 – ‘Incompetence attack’: MyGov website did not crash because of DDoS cyber attack, as Stuart Robert claimed

The government services minister, Stuart Robert, has had to walk back a claim that the MyGov website suffered a distributed denial of service (DDoS) attack on Monday just as people were logging on to register for welfare services. As Australians suddenly out of work across the country attempted to log on to MyGov, the government’s digital platform where Centrelink services are hosted, the website was slow and inaccessible for most of the morning. Robert claimed in a press conference on Monday shortly after 1pm that it was not due to the large number of people who are unemployed and trying to log into MyGov to register for Centrelink, but was due to a DDoS attack – where a service is targeted and attempted to be overwhelmed in traffic until it becomes inaccessible to regular users.


10 – Hackers breach FSB contractor and leak details about IoT hacking project

Russian hacker group Digital Revolution claims to have breached a contractor for the FSB — Russia’s national intelligence service — and discovered details about a project intended for hacking Internet of Things (IoT) devices. The group published this week 12 technical documents, diagrams, and code fragments for a project called “Fronton.” ZDNet has also seen the documents first hand, along with BBC Russia, who first broke the news earlier this week. According to screenshots shared by the hacker group, which ZDNet asked security researchers to analyze, and based on BBC Russia’s report from earlier this week, we believe the Fronton project describes the basics of building an IoT botnet.


11 – Microsoft’s Major New Browser Security Move Reveals Serious COVID-19 Impact

On March 18, Google took the powerful but necessary step amid the COVID-19 crisis to pause new Chrome releases until further notice. Following in Google’s footsteps, Microsoft has now confirmed it will hold back on new releases of Edge, which is also based on the Chromium browser engine.  Microsoft Edge developers said in a tweet that given the coronavirus-related challenges browser makers are facing, the Edge team will “pause updating the Stable channel to Edge 81 consistent with the Chromium Project.”  Like Google, Microsoft will be focusing on “security and stability” as a priority for Edge 80. 


12 – Google’s coronavirus website finally launches alongside enhanced search results

Alongside the website and potentially more importantly, Google will start providing more enhanced information cards for people who search for terms related to the coronavirus. There will be information tabs for symptoms, prevention, global statics, and locally relevant information. The website is at google.com/covid19. It does have useful resources, including a card that mimics what you see above. Google’s post announcing the site says that you will be able to find “state-based information, safety and prevention tips, search trends related to COVID-19, and further resources for individuals, educators and businesses.” Google emphasizes that it’s pulling information from “authoritative” sources like the WHO and the CDC.


13 – Facebook to cut video streaming quality in virus-hit Europe

Facebook will downgrade video streaming quality on its platform and on Instagram in Europe, the latest U.S. tech giant to respond to an EU call to stave off internet gridlock as thousands work from home due to the coronavirus outbreak. Earlier this week, Netflix, Alphabet Inc’s YouTube, Amazon and Disney said they would downgrade their video quality. EU industry chief Thierry Breton has urged streaming platforms to free up bandwidth for healthcare and distance learning for thousands of children sent home by closing schools.


14 – GOP lawmakers call on Twitter to ban Chinese Communist Party from the platform

Two Republican lawmakers on Friday called on Twitter to ban the Chinese Communist Party (CCP) from its platform following a surge in Chinese misinformation around the coronavirus. Sen. Ben Sasse (R-Neb.) and Rep. Mike Gallagher (R-Wis.) sent a letter to Twitter CEO Jack Dorsey strongly urging him to remove the CCP from the platform, and to block access to Twitter for any other foreign officials that ban the use of Twitter in their countries. “While the coronavirus pandemic is afflicting families, governments, and markets around the world, the Chinese Communist Party is waging a massive propaganda campaign to rewrite the history of COVID-19 and whitewash the Party’s lies to the Chinese people and the world,” Gallagher and Sasse wrote. 


15 – COVID-19 Vaccine Test Center Hit By Cyber Attack, Stolen Data Posted Online

A medical facility on standby to help test any coronavirus vaccine has been hit by a ransomware group that promised not to target medical organizations. The criminals behind the Maze ransomware attacks have struck again, stealing data from a victim and then publishing it online to get them to pay the ransom demanded. That, in and of itself, would not be particularly newsworthy, sadly. However, the Maze threat actors were amongst the leading cybercrime gangs which, just days ago, pledged not to attack healthcare and medical targets. The Maze threat actors didn’t go as far as those behind the DoppelPaymer threat by offering free decryptor codes to those hit by accident. Nor, it would appear, did they mean what they said. The latest victim is Hammersmith Medicines Research, a British company that previously tested the Ebola vaccine and is on standby to perform the medical trials on any COVID-19 vaccine.


16 – Norwegian Cruise Line Suffers Data Breach

A major cruise operator has suffered a data breach as the travel industry battles the storm created by the COVID-19 outbreak. Information from a database belonging to Norwegian Cruise Line was discovered on the dark web by an intelligence team at DynaRisk on March 13.  Data exposed in the incident included clear text passwords and email addresses used to log in to the Norwegian Cruise Line travel agent portal by agents working for companies including Virgin Holidays and TUI.  DynaRisk said data relating to 29,969 travel agents was breached from the portal on the agents.ncl.eu website on March 12. “After verifying that the data records are legitimate credentials, we notified a Norwegian Cruise Line representative immediately. Despite opening our message later that day, we received no response. After five days a representative responded to our team to discuss the breach,” said a DynaRisk spokesperson.


17 – Hackers are targeting other hackers by infecting their tools with malware

A newly discovered malware campaign suggests that hackers have themselves become the targets of other hackers, who are infecting and repackaging popular hacking tools with malware. Cybereason’s  Amit Serper found that the attackers in this years-long campaign are taking existing hacking tools — some of which are designed to exfiltrate data from a database through cracks and product key generators that unlock full versions of trial software — and injecting a powerful remote-access trojan. When the tools are opened, the hackers gain full access to the target’s computer. Serper said the attackers are “baiting” other hackers by posting the repackaged tools on hacking forums. But it’s not just a case of hackers targeting other hackers, Serper told TechCrunch. These maliciously repackaged tools are not only opening a backdoor to the hacker’s systems, but also any system that the hacker has already breached.


18 – Microsoft Warns of Hackers Exploiting Unpatched Windows Bugs

Microsoft warned today of targeted attacks actively exploiting two zero-day remote code execution (RCE) vulnerabilities found in the Windows Adobe Type Manager Library and impacting all supported versions of Windows. “Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released,” the company says. The two RCE security flaws exist in Microsoft Windows “when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.”


19 – Speech recognition algorithms may also have racial bias

We’re outsourcing ever more of our decision making to algorithms, partly as a matter of convenience, and partly because algorithms are ostensibly free of some of the biases that humans suffer from. Ostensibly. As it turns out, algorithms that are trained on data that’s already subject to human biases can readily recapitulate them, as we’ve seen in places like the banking and judicial systems. Other algorithms have just turned out to be not especially good. Now, researchers at Stanford have identified another area with potential issues: the speech-recognition algorithms that do everything from basic transcription to letting our phones fulfill our requests. These algorithms seem to have more issues with the speech patterns used by African Americans, although there’s a chance that geography plays a part, too.

Related Posts