#AxisOfEasy 229: FBI: Hackers Impersonated Amazon To Deploy Ransomware


Weekly Axis Of Easy #229


Last Week’s Quote was “You cannot escape from a prison if you don’t know you’re in one.”
was by Vernon Howard.  A couple of guesses… but no winner for a 3rd week!

This Week’s Quote:  “Never do anything against conscience even if the state demands it.”…by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.



Attention!  We are now hiring in two roles, one in Dev and the other in support. 
Check out the job descriptions here: 

https://easydns.com/blog/2022/01/10/were-hiring-a-ux-dev/

https://easydns.com/blog/2022/01/17/were-hiring-a-support-representative/


In this issue:

  • FBI: Hackers impersonated Amazon to deploy ransomware 
  • Open-source libraries ‘colors’ and ‘faker’ were corrupted by Dev
  • Germany doesn’t rule out closing Telegram – interior minister
  • Bitcoin Magazine official channel banned from YouTube 
  • Teen Hacker claim to have hacked third-party Software for Teslas


Elsewhere online:
 

  • Update: New Apple Update fixes doorLock bug
  • 500M Avira Antivirus Users get Avira Crypto software
  • New malware “SysJoker” designed to run across Window, Mac and Linux
  • Iranian Hackers behind attempt to exploit Log4j vulnerability
  • Critical bug in Office fix but Microsoft delays macOS security updates

 

FBI: Hackers impersonated Amazon to deploy ransomware

In a recent alert, the Federal Bureau of Investigation (FBI) warned the US defense industry that “FIN7” –a financially motivated cybercriminal group– had been targeting companies with packages containing malicious USB devices to deploy ransomware.

According to the FBI, the threat actors used United States Postal Service (USPS) and United Parcel Service (UPS) to mail the packages containing the contaminated USB device, targeting transportation and insurance industries since August 2021 and defense firms since November 2021.

Operators from the cybercriminal group are said to have been impersonating Amazon and the US Department of Health & Human Services (HHS) to trick the targets into opening the packages and connecting the USB drives to their systems. It isn’t the first time FIN7 uses this method though, two years ago operators impersonated Best Buy and mailed similar packages containing malicious flash drives to hotels and restaurants.

Read: https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/ 


Open-source libraries ‘colors’ and ‘faker’ were corrupted by Dev

‘Colors’ and ‘Faker’ users were left stunned after their applications began displaying gibberish data and breaking when using these libraries. Most assume that the NPM libraries had been compromised, but that wasn’t the case. 

Apparently, Marak Squires –the developer behind the two popular packages– had intentionally sabotaged the libraries. Squires intentionally introduced an infinite loop, impacting the applications relying on NPM libraries’ ‘colors’ and ‘faker.’  The gibberish message printed by the apps included the text ‘LIBERTY LIBERTY LIBERTY’ followed by a sequence of non-ASCII characters. The infinite loop is said to keep running indefinitely on the console for those applications that use ‘colors.’

According to the developer, his reason behind this issue is retaliation against the big corporations that benefit and rely on cost-free software but do not give back to the community. Marak’s move attracted mixed responses, with some people praising his actions while others are alarmed by them.

Read: https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps


Germany doesn’t rule out closing Telegram – interior minister

On Wednesday, Germany’s interior minister, Nancy Faeser announced that the European country could still shut down Telegram if the app continued to violate German law.

We cannot rule this out,” she told Die Zeit weekly. “A shutdown would be grave and clearly a last resort. All other options must be exhausted first.

The messenger service is popular with far right groups and people who oppose pandemic-related restrictions. In her remarks, the minister added that Germany was discussing with its partners how to regulate Telegram.

Read:
https://www.reuters.com/technology/germany-doesnt-rule-out-closing-telegram-interior-minister-2022-01-12/ 



Bitcoin Magazine official channel banned from YouTube

On Tuesday, Youtube made the surprising move to ban Bitcoin Magazine’s official channel during a live stream about Bitcoin-related news. The popular platform defended its decision saying that “content that encourages illegal activities or encourages users to violate YouTube’s guidelines is not allowed on YouTube.”

Bitcoin Magazine’s channel was back online an hour after the media company filed an appeal but it is still unclear why YouTube chose to take such actions. The livestream was informing viewers about recent Bitcoin-related news, including Cash App integrating the Lightning Network and the latest updates on bitcoin mining in Kazakhstan.

Read: https://bitcoinmagazine.com/business/youtube-bans-bitcoin-magazines-60k-follower-channel


Teen Hacker claim to have hacked third-party Software for Teslas

On Monday, 19-year-old independent security researcher David Colombo claimed to have hacked two dozen Tesla vehicles worldwide and was able to remotely run commands to control the cars. In his tweets, Colombo said that he had discovered a software flaw that allowed him to “disable Sentry Mode, open the doors/windows and even start Keyless Driving.”

Apparently, Colombo had “full remote control of over 20 Teslas in 10 countries and there seems to be no way to find the owners and report it to them.” No further details about the software vulnerability were revealed but the teenager said he was preparing to release a report on the issue.

Since then, Colombo has stated that Tesla’s Security team was investigating the vulnerability and would get back to him with updates as soon as they had it. 

Read: https://www.zerohedge.com/technology/hacker-takes-control-25-teslas-worldwide


Elsewhere online:


Update: New Apple Update fixes doorLock bug
https://www.bleepingcomputer.com/news/security/apple-fixes-doorlock-bug-that-can-disable-iphones-and-ipads/ 

500M Avira Antivirus Users get Avira Crypto software
https://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/  

New malware “SysJoker” designed to run across Window, Mac and Linux
https://www.infosecurity-magazine.com/news/new-undetected-backdoor-three-os/ 

Iranian Hackers behind attempt to exploit Log4j vulnerability
https://thehackernews.com/2022/01/iranian-hackers-exploit-log4j.html 

Critical bug in Office fix but Microsoft delays macOS security updates
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-critical-office-bug-delays-macos-security-updates/?&web_view=true

 

Previously on #AxisOfEasy

 

4 thoughts on “#AxisOfEasy 229: FBI: Hackers Impersonated Amazon To Deploy Ransomware

Leave a Reply

Your email address will not be published. Required fields are marked *