WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

Amazon Fresh kills “Just Walk Out” shopping tech—it never really worked

“AI” checkout was actually powered by 1,000 human video reviewers in India.

Amazon is giving up on the cashier-less “Just Walk Out” technology at its Amazon Fresh grocery stores. The Information reports that new stores will be built without computer-vision-powered surveillance technology, and “the majority” of existing stores will have the tech removed. In the early days, Amazon’s ambitions included selling Just Walk Out to other brick-and-mortar stores. The problem was that the technology never really worked.

A May 2023 report from The Information revealed the myriad tech problems Amazon was still having with the idea six years after the initial announcement. The report said that “Amazon had more than 1,000 people in India working on Just Walk Out as of mid-2022 whose jobs included manually reviewing transactions and labeling images from videos to train Just Walk Out’s machine learning model.”

Training is part of any AI project, but it sounds like Amazon wasn’t making much progress, even after years of working on the project. “As of mid-2022, Just Walk Out required about 700 human reviews per 1,000 sales, far above an internal target of reducing the number of reviews to between 20 and 50 per 1,000 sales,” the report said.  More…

Fake AI law firms are sending fake DMCA threats to generate fake SEO gains

If you run a personal or hobby website, getting a copyright notice from a law firm about an image on your site can trigger some fast-acting panic. As someone who has paid to settle a news service-licensing issue before, I can empathize with anybody who wants to make this kind of thing go away.

Which is why a new kind of angle-on-an-angle scheme can seem both obvious to spot and likely effective. Ernie Smith, the prolific, ever-curious writer behind the newsletter Tedium, received a “DMCA Copyright Infringement Notice” in late March from “Commonwealth Legal,” representing the “Intellectual Property division” of Tech4Gods.

The issue was with a photo of a keyfob from legitimate photo service Unsplash used in service of a post about a strange Uber ride Smith once took. As Smith detailed in a Mastodon thread, the purported firm needed him to “add a credit to our client immediately” through a link to Tech4Gods, and said it should be “addressed in the next five business days.” Removing the image “does not conclude the matter,” and should Smith not have taken action, the putative firm would have to “activate” its case, relying on DMCA 512(c) (which, in many readings, actually does grant relief should a website owner, unaware of infringing material, “act expeditiously to remove” said material). The email unhelpfully points to the main page of the Internet Archive so that Smith might review “past usage records.”  More…

[Bob says:  This has happened to me, and it is pretty difficult to tell if the DMCA takedown notice is legitimate or part of a scam.]

From OneNote to RansomNote: An Ice Cold Intrusion (8 minute read)

This article provides an overview of a campaign in which attackers gained access via phishing users and escalated to a full ransomware attack. The threat actor utilized OneNote links that loaded IcedID for their initial access. The actor then stayed dormant while beaconing for 30 days before utilizing Cobalt Strike and AnyDesk to move laterally to a file server. Files were exfiltrated with FileZilla, and then the Nokoyawa ransomware was deployed. The article includes IoCs for each part of the attack.

[Heads Up] Your Apple Users Are Now Targeted With New MFA Attacks

A new string of multi-factor authentication (MFA) attacks tblog.knowbe4.com/apple-users-become-targets-of-mfa-attacksargeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more.

A recent post on Twitter/X from entrepreneur Parth Patel outlines his experience when his phone became inundated with requests to reset his Apple ID password – to the tune of over 100.

Similar to the MFA fatigue attacks we’ve seen last year, this attack sought to use the same technique to get the victim to either answer “yes” to make the prompts stop, or to make a mistake and accidentally allow the password reset.

While this kind of attack may not seem mainstream enough to pay attention on terms of warning users about it, etc., it does demonstrate how the cyber crime economy is growing enough that threat actors are looking for ways to fit into the economy by establishing a niche victim set for them to go after – digital identity theft via Apple IDs.

These attacks aren’t unique as Krebs on Security covered this and another similar attack on an IT professional, demonstrating it’s more than a one-off experience.

Blog post with links:
https://blog.knowbe4.com/apple-users-become-targets-of-mfa-attacks

New Report Shows Phishing Links and Malicious Attachments Are The Top Entry Points of Cyber Attacks

New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk.

In cybersecurity vendor ReliaQuest’s Annual Cyber-Threat Report: 2024, there is a ton of great detail mapped to the MITRE ATT&CK Framework outlining which threat actions are used and how organizations are most effectively fighting back and stopping attacks.

According to the report:

• Phishing links or attachments were involved in 71% of all initial access phases of cyber attacks
• The top three MITRE ATT&CK techniques in attacks involved phishing or spear phishing
• Drive-by-compromise was used in 29% of attack
• QR code phishing saw a 51% increase in just one month – September – over the previous 8 months combined

More..

CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

04/11/2024 02:15 PM EDT

Today, CISA publicly issued Emergency Directive (ED) 24-02 to address the recent campaign by Russian state-sponsored cyber actor Midnight Blizzard to exfiltrate email correspondence of Federal Civilian Executive Branch (FCEB) agencies through a successful compromise of Microsoft corporate email accounts. This Directive rhttps://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-systemequires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts.

While ED 24-02 requirements only apply to FCEB agencies, other organizations may also have been impacted by the exfiltration of Microsoft corporate email and are encouraged to contact their respective Microsoft account team for any additional questions or follow up. FCEB agencies and state and local government should utilize the distro MBFedResponse@Microsoft.com for any escalations and assistance with Microsoft. Regardless of direct impact, all organizations are strongly encouraged to apply stringent security measures, including strong passwords, multifactor authentication (MFA) and prohibited sharing of unprotected sensitive information via unsecure channels.