Les Bell
Blog entry by Les Bell
Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.
News Stories
Brazilian Gang Runs Supply Chain Attack via NPM
Security researchers at CheckMarx have discovered 199 trojanized and other malicious NPM packages in a supply chain attack linked to a group called "LofyGang", which appears to be of Brazilian origin.
The gang seems to be primarily interested in collecting credit card information as well as accounts on streaming services and online gaming services, as well as Discord. They create sock-puppet accounts with names which are variations and permutations of a few key roots such as lofy, life, polar, panda, kakau, evil, devil and vilão (villain), and the presence of Brazilian Portuguese phrases in their files clued the researchers in to their origin.
Their main activity in underground hacking forums is to sell fake Instagram followers, many of which are linked to their malicious package profiles. And while they sell their malware to others, it is often trojanized - not with code in the main package, but in a dependency, to evade detection.
Harush, Jossef, LofyGang - Software Supply Chain Attackers; Organized, Persistent, and Operating for Over a Year, Checkmarx blog, 7 October 2022. Available online at https://checkmarx.com/blog/lofygang-software-supply-chain-attackers-organized-persistent-and-operating-for-over-a-year/.
Election Interference Advisory
The FBI and CISA have published a joint public service announcement describing methods used by foreign actors to spread and amplify false information, including reports of alleged malicious cyber activity, in attempts to undermine trust in election infrastructure.
The agencies also confirmed that they "have no information suggesting any cyber activity against U.S. election infrastructure has impacted the accuracy of voter registration information, prevented a registered voter from casting a ballot, or compromised the integrity of any ballots cast.”
In short, these foreign actors have not been able to compromise election systems, but they are likely to spread a lot of sensationalized BS on social media, just to stir up doubt and mistrust.
FBI & CISA, Foreign Actors Likely to Use Information Manipulation Tactics for 2022 Midterm Elections, Alert Number I-1006622-PSA, 6 October 2022. Available online at https://www.ic3.gov/Media/PDF/Y2022/PSA221006.pdf.
Impact of Identity Theft
We all deal with the theoretical impact of data breaches and privacy breaches in our daily work; we go through risk analysis and estimate the costs of remediation, fines and judgements, reputation damage and so on. But most of us, fortunately, have never had to reckon the personal cost of identity theft.
A story in The Saturday Paper relates the real costs - not financial, but time and stress - of having your personal information stolen, in this case, by burglary, followed by online activities and social engineering. Emma Phillips' wallet and keys were stolen, along with a few other possessions - but of course it contained her driver's licence and credit cards.
Months later, somebody changed her bank account details; the bank changed them back and launched an investigation but the following day the bank took four phone calls from someone impersonating her with the correct identification details. This was followed by an attempt to empty the account from a distant branch (in the middle of COVID lockdowns that restricted travel). And so it went, for months on end, with multiple accounts affected, right down to Medicare.
A useful reminder that data which might not be particularly valuable to us can be incredibly valuable to the subject of that data.
Phillips, Emma, What happens when your identity is stolen, The Saturday Paper, 8 October 2022. Available online at https://www.thesaturdaypaper.com.au/life/2022/10/08/what-happens-when-your-identity-stolen.
These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.
Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.