news210115

FFT news digest January 15 2021

Capitol Hill - the aftermath

A wealth of news lines in the aftermath of last week's rampage on Capitol Hill, notably the discovery by many of the participants that privacy online is an illusory concept.

Parler: Amazon booted the messaging platform off AWS, but not before enterprising researchers managed to exploit the site's lamentable approach to security and download more than 50 terabytes of publicly available data. Among the information, thousands of videos and photos complete with detailed location data that Parler had failed to remove.

Open Source Intelligence: Informal groups of researchers have been working to identify people who took part in the attack. The number of digital sleuths has led to pleas to take care when identifying possible participants.

Social media: All the major platforms have now banned soon to be former President Trump, but as Twitter's founder, Jack Dorsey, says, the ban "represents a failure to promote healthy conversation." Last week's events crystallised the fundamental problems with social media and Dorsey's lengthy thread offered no solutions.

Facebook: Internal documents seen by the Wall Street Journal illustrate ($) the scale of the social media problem. Amid a ten-fold increase in user reports of violent content on January 6, one internal presentation was subtitled, "Why business as usual isn’t working. Facebook executives are reported to have feared a "feedback loop" in which violence begat violence.

Now what: Social media companies have policies on what users can post. Enforcing rather than ignoring them would be a good start, but this is an obvious challenge for companies that for years have signally failed to do so. We've long thought reform - and regulation - is inevitable, but we don't underestimate how difficult this will be. The Harvard Business Review examines the issues.

Threats

Covid: Vaccine scams keep on coming, and older people are particularly vulnerable. Do talk to relatives and friends to help them stay safe.

Password guessing: More details about the SolarWinds hack are dribbling out, with the US Cybersecurity and Infrastructure Security Agency pointing to poor password practice as a key failing exploited by the attackers. CISA

Brands: Microsoft is still the brand most impersonated by attackers trying to steal credentials. It's followed by DHL, LinkedIn and Amazon. Check Point

Bad websites: Compromised websites were used in a major hacking campaign, according to Google researchers. 'Watering-hole' attacks are a menace. Secjuice explains what they are and has advice on protection.

Deep fakes: Highly realistic video and audio simulations are likely to become a major threat to organisations over the next two years. The issue is exacerbated by the growing number of video and audio samples available online. CyberCube

Macs: Sophisticated malicious software is targeting macOS users. It spreads via pirated software and games, notably MS Office and League of Legends. SentinelOne

C-suite: Ransomware groups are focusing their efforts on senior managers to try to maximise the return on their efforts. ZDNet

Sign-up with: Using Facebook and Google credentials to log into other services is tempting but risky. A researcher explains why. Noteworthy

Students: Return of a scam last seen in December which involves attackers trying to steal students' Microsoft 365 credentials by sending them emails that seem to come from official .edu addresses. zix

Video conferencing: Zoom and its siblings are here to stay - and so are attempts to exploit them. Help Net Security rounds up advice on staying safe.

Cloud hack

Multi-factor authentication is a great way to improve digital security, but it's not foolproof, as a warning from the US Cybersecurity and Infrastructure Security Agency illustrates. CISA says attackers have been using a range of techniques to access cloud resources, including phishing, brute force and theft of authentication cookies. Meanwhile, researchers have shown how to clone hardware security keys, which are seen as the gold standard for authentication. The good news; an attacker would need the key, considerable time and expensive equipment to pull it off.

Privacy redefined

WhatsApp has been on a crusade to persuade us that changes to its privacy policy won't harm the privacy of its users. Outside the European Economic Area (and the UK), users will have to accept the new terms of service or lose access to the app. WhatsApp says the changes only affect business communications and it emphasises it has no access to the content of personal messages. That's true, but so is the value of metadata that WhatsApp has long been sharing with Facebook (although it says this is not used to target ads at European users). Regardless of this, the affair has served to emphasise the lack of trust in WhatsApp and Facebook, with tens of millions of people signing up for other messaging apps, notably Signal.

Takedown

More progress in the fight against online crime, with Europol announcing the takedown of what it says was "the world’s largest illegal marketplace on the dark web." Drugs, counterfeit money, credit card data, anonymous SIM cards and malicious software were among the items traded on DarkMarket. Europol says the site had almost 500,000 users when it was closed down. Perhaps not coincidentally, shortly before the takedown, the Tor network experienced extended downtime because of a denial of service attack. Underground marketplaces depend on Tor which has well-known issues making it vulnerable to such disruption.

WiFi spies

"Router swarms" is the term given to new generation WiFi networks that use multiple access points to eliminate wireless dead zones. "Mesh" networks are a great solution, but they also gather enormous amounts of information about how technology is used - and even how a user moves around a property. They're another reason to read the terms of service so you know what information you're sharing with the manufacturer or service provider. It's no coincidence that Amazon bought a leading manufacturer in 2019.

In brief

Chastity: Well they can't say they weren't warned. Last October, Pen Test Partners examined the CellMate chastity cage and found it could be hacked and locked remotely. Predictably, that's exactly what appears to have happened, with a ransom being demanded to unlock it. Motherboard

Snoopers: The UK High Court has ruled that security and intelligence agencies can no longer rely on "general warrants" to conduct mass surveillance. Privacy International

Ubiquiti: Networking behemoth, Ubiquiti, has told customers to change their passwords and turn on two-factor authentication, following "unauthorised access" to some of its systems. The Register

Biological data storage: "DNA has been the predominant information storage medium for biology", so why not use it to store digital data. Researchers have been doing just that. The first data stored; a text string reading "hello world". The Register

Insider: A UK court has handed an eight-month suspended sentence to a former RAC employee who sold customer details to an accident claims company. ICO

Killer robots: US Army researchers have found a way to train robots to identify targets from thermal images. DEVCOM

Four-minute books: A growing collection aims to distil the essence of a book into a 240 second summary. It already has 1,400 examples. Wow.

Updates

Microsoft: Monthly set of updates has 83 security fixes, 10 rated 'critical'. A Windows Defender issue that could allow code to be executed remotely is already being exploited.

Windows 10: Updates should resolve an infuriating problem which led to random, unwanted and unavoidable reboots.

iOS: Version 12.5.1 for older iPhones fixes a problem with COVID-19 exposure notifications.

TypeForm: Fix for Zendesk Sell which could enable attackers to hijack form submissions with potentially sensitive data to themselves.

macOS: Big Sur users have been complaining about Bluetooth problems. There are signs a fix is on the way.

Adobe: Updates include fix for high processor usage by Creative Cloud on Big Sur MacBooks.

SAP: Security updates for multiple products; five have highest rating of 'hot news'.

Mozilla: Update to address a vulnerability in Thunderbird that could be exploited to take control of an affected system.