FFT news digest Jun 4 2021

Held to ransom

More ransomware victims emerged this week, including the world's biggest meat processor, the New York subway, Fujifilm and Massachusetts' largest ferry service. The FBI blamed the Russia-based REvil group for the attack on JBS, which operates 150 food processing plants in 15 countries. President Biden will discuss the issue of cyber attacks with President Putin when they meet in Switzerland on June 16. The White House says the US is not taking any options off the table, in terms of how [it] may respond. In reality, the White House has already discussed the issue with Moscow and "delivered the message that responsible states do not harbor ransomware criminals".

As previous attacks on Colonial Pipeline and the health systems in the UK and Ireland have demonstrated, ransomware is a potentially deadly affair.
REvil is believed to be based in Eastern Europe and Russia, and there is general agreement that it has no formal ties to the Russian government. But it's equally accepted that its activities could not take place without Moscow's tacit approval, and it's long been known that Russia has used criminal groups as a cover for its own operations. The US Department of Justice has decided to begin treating ransomware as terrorism, according to an official quoted by Reuters.

For ransomware victims, including some of our own clients, perhaps the biggest issue is not simply the loss of access to key networks, but the publication of information from them. Previously, a key defence against ransomware was the use of secure backups, combined with effective insurance. The ransomware organisations worked out that they could defeat this protection by not only encrypting a victim's data, but also threatening to publish the information unless they were paid. And that information includes credentials and network information that is likely to be sold regardless of whether any money changes hands. The situation has been compounded by a much tougher approach from insurers who are demanding higher premiums, tighter controls and, in some cases, refusing cover altogether.

Threats

There were more cyberattacks over the past year and they were more sophisticated, according to a survey of information security leaders by VMware. That's hardly news - and nor is the perceived link to remote working - but it's worth noting that the security folk admit many of the attacks are caused by outdated technology and process weaknesses.

Office: Vulnerabilities in Microsoft’s Office suite were the most popular among cyber attackers in the first quarter of this year and accounted for 59% of observed exploits. Kaspersky

Filth: There's been a vast increase in the use of 'X-rated' material in phishing attacks against corporate email addresses. GreatHorn puts the rise at 974% in the year to April 2021.

Streaming: Proofpoint says a fake streaming service is designed to trick users into installing malicious software on their systems. And the UK's National Cyber Security Centre is urging people to protect the credentials for their streaming accounts ahead of a summer of sport.

Browser risk: An easy way to improve security is to take care when installing apps. For example, take the world's fourth most popular browser (by user numbers). Alibaba's UC browser vacuums up every possible bit of personal data - even in incognito mode. Forbes

Teens: ESET rounds up five common scams targeting teens; social media fraud (in many guises), cheap luxury goods, scholarship offers, employment opportunities, and romance fraud. As always, when it looks too good to be true, it is.

Flashing

"US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps," is the headline for Bellingcat's latest expose. Its investigation looks at the use of apps as a study aid to help personnel learn the complex security protocols surrounding the US nuclear arsenal in Europe. Unhappily, that has led to the inadvertent disclosure of "a multitude of sensitive security protocols" and locations. "By simply searching online for terms publicly known to be associated with nuclear weapons, Bellingcat was able to discover cards used by military personnel serving at all six European military bases reported to store nuclear devices." The report is frankly terrifying, but it's also a reminder that sensitive data and consumer apps shouldn't mix.

Open data

One of the key themes in our courses is to be careful about how information is shared, and the British Army has just provided a perfect example of why this is so important. In an exclusive report, The Register says the personal data of special forces soldiers was circulating on WhatsApp in a leaked spreadsheet. The document contained details of all 1,182 British soldiers promoted from Corporal to Sergeant, including those in special service units. As The Register points out, the UK goes to great lengths to protect the identities of special forces personnel. It's vital to have robust procedures for handling sensitive data - and equally vital they are followed.

Sidewalk

US owners of Amazon smart devices are about to be opted in to the company's ingenious Sidewalk network, which we think is a glimpse into the future of connectivity. It's worth emphasising that (despite a misleading email last year) Sidewalk is not coming to the UK any time soon. But on June 8 in the US, Echo and Ring devices will become part of a gigantic mesh network that will enable them to keep working even if their normal internet connection fails. The network will also be available to other devices such as Tile trackers. Amazon has stressed its security precautions - and as UK BT customers know - there are precedents for sharing internet connectivity. Nonetheless, not everyone is convinced. Our view is that this sort of technology will be just one part of a seamless mesh connecting everything and everyone all the time. We won't offer an opinion on whether or not that's a good thing.

Ferret in reverse

After telling users to accept new terms and conditions or face limited functionality, WhatsApp has had a rethink. Stretching credulity to its outer limits, WhatsApp said "the majority of users who have seen the update have accepted [it]....We currently have no plans...to limit the functionality of the app." WhatsApp and its Facebook parent had faced a backlash for what was seen by many as a heavy-handed approach - and in Germany regulators imposed a three-month ban on Facebook from processing personal data from WhatsApp. Meanwhile, WhatsApp told WABetaInfo it's working on a feature to allow up to 4 devices to be linked to a single account. And support for the iPad is on the way. 

In brief

TikTok: A change to the social video app's US privacy policy gives it permission to “collect biometric identifiers and biometric information” from user content. That includes “faceprints and voiceprints.” TikTok hasn't explained why it wants the data. TechCrunch

Dark Web: Law enforcement has been enormously successful in disrupting crime on the dark web, so the crooks have been relocating to Telegram. vpnMentor says millions of people's private data are being openly shared in groups and channels.

Romance scams: US prosecutors have charged nine people in connection with a scheme to defraud elderly Americans out of more than $2.5 million by pretending to be friends or romantic partners online. Cyberscoop

Fire alarm: Researchers have built an algorithm to predict deadly "flashovers" with the aim of creating an early warning system for firefighters. NIST

Location: According to court filings in Arizona, Google made it harder to find location settings in its Android phone software so customers would be less likely to turn them off. Softpedia News

Trump: Much cackling about the abrupt demise of Donald Trump's blog after just 29 days of disappointing traffic figures. We have a sneaking suspicion the glee may prove premature. 

Updates

iOS: We spoke too soon. No sooner did we say there were no reported problems with Apple's latest iOS version (14.6) than complaints began emerging about battery drain. While predictable this is very problematic because the update fixes some very serious security issues. This keeps on happening...Apple really has to step up its game. Forbes

Edge: A new version is designed to address a series of problems when starting up Microsoft's browser - and stop the pop up messages that have been driving users crazy. Bleeping Computer has details.

Firefox: Version 89 brings a new design and improved privacy controls.

Huawei: Latest firmware fixes a vulnerability in Huawei's USB LTE dongle which could open a device to attack.

SonicWall: Is urging customers to 'immediately' patch a serious vulnerability affecting on-premises versions of its Network Security Manager (NSM) firewall management solution.

Tails: Version 4.19 of the privacy-focussed operating system updates browser and email app.

Zimbra: Versions 9.0.0 “Kepler” Patch 15 and 8.8.15 “James Prescott Joule” Patch 22 include security fixes.

Subscribe to receive the digest by email

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217