CyberCrime - W/E - 9/20/19
Facebook Removes Content Associated with Inauthentic Behavior (09/19/2019)
Facebook removed multiple pages, groups, and accounts that were involved in coordinated inauthentic behavior, including two, unrelated operations that originated in Iraq and Ukraine. According to the report, six accounts, 120 Facebook Pages, one Group, two Events, and seven Instagram accounts were pulled down for engaging in domestic-focused coordinated inauthentic behavior in Iraq. In regards to Ukraine, Facebook removed 168 accounts, 149 Facebook Pages and 79 Groups for similar behavior. Facebook said in a statement, "We're taking down these Pages, Groups and accounts based on their behavior, not the content they posted. In each of these cases, the people behind this activity coordinated with one another and used fake accounts to misrepresent themselves..."
Facebook removed multiple pages, groups, and accounts that were involved in coordinated inauthentic behavior, including two, unrelated operations that originated in Iraq and Ukraine. According to the report, six accounts, 120 Facebook Pages, one Group, two Events, and seven Instagram accounts were pulled down for engaging in domestic-focused coordinated inauthentic behavior in Iraq. In regards to Ukraine, Facebook removed 168 accounts, 149 Facebook Pages and 79 Groups for similar behavior. Facebook said in a statement, "We're taking down these Pages, Groups and accounts based on their behavior, not the content they posted. In each of these cases, the people behind this activity coordinated with one another and used fake accounts to misrepresent themselves..."
Huge DDoS Attack Seen in the Wild Targeting Gaming Company (09/18/2019)
A massive distributed denial-of-service (DDoS) attack hit a company in the gaming industry and peaked at 35 Gbps in bandwidth, Akamai reported. According to the vendor, this is the fourth largest DDoS attack it has ever encountered and the attack used a UDP Amplification technique known as WS-Discovery (Web Services Dynamic Discovery). WS-Discovery is a highly exploitable technique developed to ease consumer device network discovery and connectivity.
A massive distributed denial-of-service (DDoS) attack hit a company in the gaming industry and peaked at 35 Gbps in bandwidth, Akamai reported. According to the vendor, this is the fourth largest DDoS attack it has ever encountered and the attack used a UDP Amplification technique known as WS-Discovery (Web Services Dynamic Discovery). WS-Discovery is a highly exploitable technique developed to ease consumer device network discovery and connectivity.
Panda Threat Entity Uses RATs, Cryptominers in Thievery Activities (09/17/2019)
A threat actor named "Panda" has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools and illicit cryptomining malware. Analysis conducted by Cisco shows that Panda uses exploits previously utilized by the Shadow Brokers, a group that published information from the National Security Agency (NSA), and Mimikatz, an open-source credential-dumping program. Panda began employing new command and control and payload-hosting infrastructures around mid-August.
A threat actor named "Panda" has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools and illicit cryptomining malware. Analysis conducted by Cisco shows that Panda uses exploits previously utilized by the Shadow Brokers, a group that published information from the National Security Agency (NSA), and Mimikatz, an open-source credential-dumping program. Panda began employing new command and control and payload-hosting infrastructures around mid-August.
Teen Gamer Receives 15 Months in Prison for Fatal Swatting Incident (09/16/2019)
An Ohio gamer involved in a swatting incident that led to a death was sentenced to 15 months in prison, the Department of Justice (DOJ) announced. Nineteen-year-old Casey Viner pleaded guilty to one count of conspiracy and one count of obstructing justice. In his plea, Viner admitted he argued with co-defendant Shane Gaskill while playing Call of Duty World War II online. Viner contacted co-defendant Tyler Barriss and asked him to swat Gaskill. Viner, however, gave Barriss an incorrect address. Barriss then called police and reported a hostage situation at the address given to him. Law enforcement responded to the hoax call and shot and killed Andrew Finch, an innocent man. Barriss is serving a 20-year prison term. The incident took place in December 2017.
An Ohio gamer involved in a swatting incident that led to a death was sentenced to 15 months in prison, the Department of Justice (DOJ) announced. Nineteen-year-old Casey Viner pleaded guilty to one count of conspiracy and one count of obstructing justice. In his plea, Viner admitted he argued with co-defendant Shane Gaskill while playing Call of Duty World War II online. Viner contacted co-defendant Tyler Barriss and asked him to swat Gaskill. Viner, however, gave Barriss an incorrect address. Barriss then called police and reported a hostage situation at the address given to him. Law enforcement responded to the hoax call and shot and killed Andrew Finch, an innocent man. Barriss is serving a 20-year prison term. The incident took place in December 2017.
Tortoiseshell Threat Group Takes Aim at Saudi Supply Chain (09/18/2019)
A previously undocumented attack group dubbed "Tortoiseshell" is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers' customers. Tortoiseshell has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.
A previously undocumented attack group dubbed "Tortoiseshell" is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers' customers. Tortoiseshell has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.
Treasury Department Imposes Sanctions on North Korean Hacking Groups (09/16/2019)
The Treasury Department's Office of Foreign Assets Control announced sanctions targeting three state-sponsored malicious cyber groups responsible for North Korea's malicious cyber activity on critical infrastructure. The department said that the Lazarus Group, Bluenoroff, and Andariel were responsible for cyber attacks on critical infrastructure and financial institutions and the 2018 WannaCry hack on the National Health Service in the UK. Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence, said, "Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs."
The Treasury Department's Office of Foreign Assets Control announced sanctions targeting three state-sponsored malicious cyber groups responsible for North Korea's malicious cyber activity on critical infrastructure. The department said that the Lazarus Group, Bluenoroff, and Andariel were responsible for cyber attacks on critical infrastructure and financial institutions and the 2018 WannaCry hack on the National Health Service in the UK. Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence, said, "Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs."