Week 11: Intro to Dark Web and Intro to Cloud

The North Face has reset all of their users passwords from their website after an attacker lunched a credential staffing attack. On Oct 9th the company has notified their customers regarding the unusual activity on their website.

Credential attack is accomplished by using a credential that were being compromised in the other data breaches and using those credentials to log in to other websites. Accordingly to the article, attacker were able to access to information saved within the account which of the account they were able to access it. The information they could have access is the billing address, shipping address, first and last name, email address, birthday, and phone number. Company does not hold any of the payment information on the portal which the customer has access to which means the attacker was not able to access the payment information such as debit/credit card number, CVV, or the expiration date.

 

References:

O’Donnell, L. 2020. Credential-Stuffing Attack Hits The North Face. Retrieved from: https://threatpost.com/credential-stuffing-attack-north-face/161190/

The UK in Cyber-War against Anti-Vaccine Propaganda

Britain is taking caution about hostile states and terror groups spreading the anti-vaccine propaganda. They created a digital offensive toolkit operation to prevent the circulation of this propaganda, this toolkit is created to tackle disinformation and Islamic state recruitment material.

The group GCHQ has been ordered to take anti-vaxxers offline and monitor/disrupt terrorist propaganda. Most of the focus is on taking down state-linked content and encryption the data/cutting off communication on these cyber-actors. Most private users are not disturbed even if they post disinformation.

This was created to disrupt any lies about the virus and to protect the discovery of a safe vaccine.

https://www.infosecurity-magazine.com/news/uk-in-cyber-war-against-anti/

Intro-to-Ethical-Hacking-Week-11

Kaspersky said it discovered a Linux version of the RansomEXX ransomware on Linux machines.  This is a fairly new strain of ransomware that had been widely affecting Windows machines.  The ransomware has been used in attacks against the Texas Department of Transportation, Konica Minolta, US government contractor Tyler Technologies, Montreal’s public transportation system, and, most recently, against Brazil’s court system (STJ).  This form of ransomware is referred to as a “human-operated ransomware.  The groups that utilize this new ransomware buy access or breach networks themselves, expand access to as many systems as possible, and then manually deploy their ransomware binary as a final payload to cripple as much of the target’s infrastructure as possible.

Many ransomware gangs have realized that attacking workstations first isn’t a lucrative deal, as companies will tend to re-image affected systems and move on without paying ransoms.  Many of these ransomware gangs haven’t bothered encrypting workstations, instead, they target crucial servers inside a company’s network, knowing that by taking down these systems first, companies wouldn’t be able to access their centralized data troves, even if workstations were unaffected.  Creating a new strain that attacks Linux machines was the next step as many companies today are running internal systems on Linux.

https://www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/#ftag=RSSbaffb68