AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 8/29/2024

Dick’s Sporting Goods discloses cyberattack

Dick’s Sporting Goods, America’s largest retail chain for outdoorsy types, has admitted that it suffered a cyberattack last week. In an SEC 8-K filing, the retailer told the regulator that on August 21, it found an unnamed third party was snooping around its servers, “including portions of its systems containing certain confidential information.” However, the filing doesn’t state exactly what information was targeted by the attackers. “The company has no knowledge that this incident has disrupted business operations,” it stated. “The company’s investigation of the incident remains ongoing. Based on the company’s current knowledge of the facts and circumstances related to this incident, the company believes that this incident is not material. Should any of the relevant facts and circumstances substantively change, the company will reassess materiality considerations.”

 

Employee arrested for locking Windows admins out of 254 servers in extortion plot

A former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer. According to court documents, company employees received a ransom email titled “Your Network Has Been Penetrated” on November 25, around 4:44 PM EST. The email claimed that all IT administrators had been locked out of their accounts and server backups had been deleted to make data recovery impossible. Additionally, the message threatened to shut down 40 random servers on the company’s network daily over the next ten days unless a ransom of €700,000 (in the form of 20 Bitcoin) was paid—at the time, 20 BTC were worth $750,000.

 

Microsoft hosts a security summit but no press, public allowed

Microsoft will host a security summit next month with CrowdStrike and other “key” endpoint security partners joining the fun — and during which the CrowdStrike-induced outage that borked millions of Windows machines will undoubtedly be a top-line agenda item. We won’t know for sure, however, because the summit will be held behind closed doors. It won’t be live-streamed, and Redmond has said members of the press aren’t welcome. “This event will not be open to press, and the company has nothing else to share at this time,” a Microsoft spokesperson told The Register.

 

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

We came across a sophisticated malware sample employing a two-stage infection process and seemingly originating from the Middle East, that masquerades as a legitimate Palo Alto GlobalProtect tool. One of the more notable aspects of this malware is its use of a command-and-control (C&C) infrastructure that pivots to a newly registered URL (“sharjahconnect”; note that Sharjah is one of the emirates of the UAE) designed to resemble a company VPN portal. This disguise not only aids in the initial infiltration but also helps maintain persistent access to compromised networks.

 

Secret Service Puts $2.5 Million Bounty On Most Wanted Hacker’s Head

The United States Secret Service has placed a huge bounty of up to $2,500,000 for information leading to the arrest and conviction of a single suspected hacker. The accused cybercriminal, named by the Secret Service as Volodymyr Iuriyovych Kadariya, is a 38 year old Belarusian national charged with conspiracy to commit wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud. The charges revolve around a number of offenses concerning the use of a malware exploit kit known as Angler. This was used, the now unsealed indictment alleged, to distribute malicious adverts to millions of computers between 2013 and 2022.

Related Posts