This week in InfoSec shows that May has historically been a good year for hacker tools Rant of the Week is a dishy story putting faith in the bad guys Billy Big Balls is a warning for digital nomads Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is a job transition hack for those new to the industry
This week in InfoSec (09:59)
With content liberated from the “today in infosec” twitter account and further afield
26th May 2006: BackTrack v1.0 was released.
https://twitter.com/todayininfosec/status/1265471687761424384
21st May 2012: Nmap 6.00 was released. https://nmap.org/6/
https://twitter.com/todayininfosec/status/1263589918107791362
23rd May 1997: Carlos Felipe Salgado Jr. (aka "Smak"), who allegedly stole 100,000 credit cards from an Internet provider was granted bail on the condition he not go "anywhere near a computer." He was arrested after trying to sell it to the FBI.
https://twitter.com/todayininfosec/status/1264033568436568070
Rant of the Week (16:25)
Dish confirms 300,000 people's data was exposed in February's attack
But don't worry – we know it was deleted.
Dish Network has admitted that a February cybersecurity incident and associated multi-day outage led to the extraction of data on nearly 300,000 people, while also appearing to indirectly admit it may have paid cybercriminals to delete said data.
Dish customers can rest easy, at the very least, as the telco said in a sample letter posted to the Maine Attorney General's breach notification website that customer databases weren't accessed and the stolen data belonged instead to employees both past and present, their family members, "and a limited number of other individuals" that Dish didn't specify.
The satellite TV company also didn't say what sorts of personal information was stolen from those 296,851 individuals in the attack, aside from driver's license and non-driver ID card numbers.
Dish never went on the record to publicly state the attack was caused by ransomware, though internal sources who contacted The Register, did report that ransomware was involved. Dish also made mention of ransomware in its SEC filing.
Reports from February citing internal Dish sources claim the Black Basta ransomware gang was behind the break-in at Dish, and in its template letter [PDF] notifying affected individuals of the incident, the company sought to reassure recipients that there's no evidence the extracted data has been misused, and that it believes the data has been deleted.
Er, who confirmed that again?
"We have received confirmation that the extracted data has been deleted," Dish said, adding that it has been monitoring the dark web and criminal forums for signs the data is available online. "The results of the monitoring are consistent with the confirmation that the extracted data has been deleted," it added.
That, as Emsisoft security analyst Brett Callow has pointed out, could be interpreted as an admission that Dish paid whatever ransom was demanded of it because "totally untrustworthy cybercriminals assured us the data would be deleted if we paid the ransom," Callow tweeted.
Billy Big Balls of the Week (26:30)
Ads for lucrative jobs in Asia fail to mention chance of slavery as crypto-scammer
The FBI has issued a warning about fake job ads that recruit workers into forced labor operations in Southeast Asia – some of which enslave visitors and force them to participate in cryptocurrency scams.
The warning follows reports of multi-storey slave compounds housing unwilling workers in places like Cambodia.
The FBI's advice suggests those scams are ongoing.
"Criminal actors assign debts to victims under the guise of travel fees and room and board, and use victims' mounting debt and fear of local law enforcement as additional means to control victims. Trafficked victims are sometimes sold and transferred between compounds, further adding to their debt," said the FBI.
Advocacy groups and media report similar tactics, with victims targeted online and promised lucrative jobs abroad with travel fees and other benefits paid.
Upon arrival in a foreign country – which may not even be the one jobseekers were told they'd visit – workers' passports and travel documents may be confiscated, and the victim coerced to conduct scams under the threat of violence.
The scams the slaves conduct often involve "pig butchering" tactics that see perpetrators encourage victims to make investments in cryptocurrency. Once payments are made, the scammer ceases communication with the victim and their cash disappears. Pig butchering perps often use romance scams, promises of sex, or illegal gambling as lures.
Industry News (32:53)
Meta Fined €1.2bn for Violating GDPR
China Issues Ban on US Chipmaker Products
Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust
Private Sector Cybersecurity Task Force Called for to Defend Democracies
US Sanctions North Korean Entities Training Expat IT Workers in Russia, China and Laos
SMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain Attacks
NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure
Expo Framework API Flaw Reveals User Data in Online Services
Tweet of the Week (39:35)
https://twitter.com/ireteeh/status/1661635416204648448
https://twitter.com/VladCraita/status/1661461184665604096?s=20