AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/19/2024

Law enforcement infiltrates fraud platform used by thousands of criminals worldwide

A website used by more than 2,000 criminals to defraud victims worldwide has been infiltrated in the Met’s latest joint operation to tackle large-scale online fraud. ‘LabHost’ is a service which was set up in 2021 by a criminal cyber network. It enabled the creation of “phishing” websites designed to trick victims into revealing personal information such as email addresses, passwords, and bank details. Users were able to log on and choose from existing sites or request bespoke pages replicating those of trusted brands including banks, healthcare agencies and postal services. But LabHost has now been infiltrated and disrupted as the result of a worldwide operation led by the Met.


House passes bill banning Uncle Sam from snooping on citizens via data brokers

A draft law to restrict the US government’s ability to procure data on citizens through data brokers will progress to the Senate after being passed in the House of Representatives. The Fourth Amendment Is Not For Sale Act (H.R.4639) was passed on Wednesday by a narrow 219-199 majority vote, despite fierce opposition from the White House. The bill aims to ban the US government from purchasing data on Americans from data brokers, which currently serves as an alternative means to gather information without a warrant. The issue has drawn much attention in recent years and the bill has divided both parties, including the Biden administration, which released a fresh statement on Tuesday strongly opposing it.


LastPass users targeted in phishing attacks good enough to trick even the savvy

Password-manager LastPass users were recently targeted by a convincing phishing campaign that used a combination of email, SMS, and voice calls to trick targets into divulging their master passwords, company officials said. The attackers used an advanced phishing-as-a-service kit discovered in February by researchers from mobile security firm Lookout. Dubbed CryptoChameleon for its focus on cryptocurrency accounts, the kit provides all the resources needed to trick even relatively savvy people into believing the communications are legitimate. Elements include high-quality URLs, a counterfeit single sign-on page for the service the target is using, and everything needed to make voice calls or send emails or texts in real time as targets are visiting a fake site. The end-to-end service can also bypass multi-factor authentication in the event a target is using the protection.


Ransomware feared as IT ‘issues’ force Octapharma Plasma to close 150+ centers

Octapharma Plasma has blamed IT “network issues” for the ongoing closure of its 150-plus centers across the US. It’s feared a ransomware infection may be the root cause of the medical firm’s ailment. “All centers are experiencing network issues and are currently closed,” according to a  banner across the top of the company’s website.  One source familiar with the situation, however, told The Register Octapharma Plasma fell to a BlackSuit ransomware infection on Monday. We’re told the downtime stateside will affect supplies of plasma into Octapharma’s European operations. “If they don’t restore the systems, they will need to close their factories in Europe as more than 75 percent of their plasma comes from the US,” the source told us. “IT management don’t give a s*** about security and they are now learning a lesson.”


‘Large volume’ of data stolen from UN agency after ransomware attack

A large volume of United Nations Development Programme data related to staffers and other internal operations was stolen and posted to a ransomware website in late March, the agency announced this week.  The UNDP issued a statement Tuesday saying that “local IT infrastructure in UN City, Copenhagen, was targeted,” and that a “data extortion actor had stolen data which included certain human resources and procurement information.” The statement did not detail the kind of data that was stolen from the UN’s lead agency on international development. But notifications shared with affected parties and viewed by CyberScoop said attackers were able to “access a number of servers” and steal “a large volume of data.”



FBI Director Christopher Wray warned this week that China-linked threat actors are preparing an attack against U.S. critical infrastructure, Reuters reported. According to the FBI chief, the Chinese hackers are waiting “for just the right moment to deal a devastating blow.” In February, US CISA, the NSA, the FBI, along with partner Five Eyes agencies, published a joint advisory to warn that China-linked APT Volt Typhoon infiltrated a critical infrastructure network in the US and remained undetected for at least five years. “the U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years,” reads the alert.

Related Posts