FFT news digest February 25 2022

Ukraine

The horror show unfolding in Ukraine was foreshadowed by a series of cyber attacks which left websites of the defence, foreign and interior ministries unreachable or unusable. As well as those attacks, destructive malicious software infected hundreds of computers in Ukraine, as well as some in Lithuania and Latvia. On Thursday morning, several Russian government websites, including the Kremlin's, were also inaccessible. So far, cyber attacks have been relatively restrained. Some analysts believe it's unlikely to stay that way. Former head of the UK's National Cyber Security Centre, Ciaran Martin, has a balanced view.

In other Ukraine-related news;

- This is the first open-source war. The Centre for Information Resilience has created a map that draws on videos, photos and tweets to track Russia's military movements. Google Maps' Live Traffic showed the Russian invasion in real time.
Ukraine is a technologically savvy country; its president used messaging app, Telegram, to bypass Russian state controls and talk directly to the people. 
- Reuters reports that the Ukraine government Ukraine has called for  volunteers with hacking skills to help protect the country's critical infrastructure. 
- Politico examines the challenge facing social media companies as they try to combat torrent of disinformation.
- Criminals are seeking to profit from the conflict by offering access to networks and databases that could be useful (to both sides).
- Shortly before the invasion began, the US and the UK published details of new malicious software which they said was developed by Russia's military cyber-unit.
- The crisis in Ukraine will have widespread economic impacts, including on the supply of computer processors. Ukraine is a key producer of neon gas which is used by lasers in chipmaking.
- A state-controlled news outlet in China (accidentally) leaked instructions on how to cover Ukraine. “Do not post anything unfavourable to Russia or pro-Western,” Horizon News staff were told
- One cyber expert grew tired of being asked repeatedly about how to defend against Russian "cyber ops". His resulting advice has some great points for network administrators at any time, not just now.

Threats

OAuth: OAuth is designed to streamline the process of authenticating users, but it also offers opportunities for attackers. Pen Test Partners has an interesting case study explaining how one organisation was affected.

US border: A reminder for visitors to the US - especially anyone  with interesting stamps in their passports. There's every chance US Customs and Border Protection will demand your electronic devices and rifle through them. Electronic Privacy Information Center explains the law - and the tools that are used.

Pirates: Some more excellent reasons not to steal software and games. Criminals are distributing malicious software via carefully designed webpages that offer pirated products and appear high in search rankings. AhnLab

Sextortion: The latest iteration of this scam is targeting France and trying to persuade people that they've been caught watching child pornography. The lure is an email containing an image, somewhat convincing text, and a not very convincing email address. Naked Security

Android: New malicious software (dubbed Xenomorph) managed to sneak into Google's Play Store and infect more than 50,000 Android devices. It's designed to steal banking information and focussed on users in Spain, Portugal, Italy, and Belgium. ThreatFabric

Social Media: Check Point Research spotted a nasty campaign  designed to hijack social media accounts and use them for a variety of money-making schemes. The malicious software is distributed via Microsoft's Store where it masquerades as popular games including Subway Surfer and Temple Run.

Remote working

It's hardly news that remote working has inherent risks, but some new research provides some worrying detail. In a survey by Mobile Mentor,  36% of employees admitted to finding ways to circumvent security policies, and only 43% of personal devices used for work were secured effectively. The study also found passwords to be a significant liability, not least because most users have so many of them. Only 31% used a password management tool, 29% said they simply wrote their passwords down, and 41% said security policies are too restrictive. More than half of those surveyed reckoned they were more efficient if they used non-corporate apps like Dropbox and Gmail. 

Stalking

Domestic abusers are making increasing use of digital tools to pursue  their victims - and, even worse, many surveillance apps are inherently insecure. A UK study examined 146 domestic abuse cases and found that police regarded technology to be a standard feature of them. Unlike sophisticated spyware such as  NSO's Pegasus product, a user needs access to a device to install stalkerware but once installed it has many of the same capabilities. The apps can track a person's movements, and access their messages and photos. To compound the issue, several widely-used apps are themselves insecure, according to an investigation by TechCrunch. It examined a collection of Android apps that share the same underlying technology and which have a crucial security vulnerability that's putting some 400,000 people at risk.

Facial recognition

With apologies for returning to this yet again, but it's kind of interesting that a leading facial recognition company is reported to have told investors that it aims to collect 100 billion photos - to ensure "almost everyone in the world will be identifiable". The report comes from The Washington Post which says it obtained a presentation from Clearview designed to attract new funding. Just for context, Clearview says it already has 10 billion images and is adding 1.5 billion a month. Meanwhile, research has found that people trust deep fake faces that are generated by artificial intelligence more than real ones. The study also discovered that most people's ability to identify fakes was no better than a random guess.

China points a finger

A Chinese security firm has accused the US National Security Agency of being responsible for a decade-old hacking tool. Pangu Lab says it first came across the tool in an attack on "a key domestic department" in 2013 and at the time was unable to attribute it to anyone. Subsequent leaks enabled them to conclude it was the work of the Equation Group, which is widely believed to be linked to the NSA. It's unusual for Chinese companies to publish such reports; one theory is the only reason for doing so in this case is that China believes the tool is no longer of any use for its own cyber operations. Just as in Ukraine, we suggest it simply underlines the growing role of digital weapons in geopolitics.

In brief

Overview: An annual survey by Proofpoint found that many organisations which are held to ransom pay up, only to face demands for additional money. Last year In the UK, 82% of organisations opted to pay at least one ransom, the highest of any region surveyed (and 41% higher than the global average).  
 
Hack back: The US has signalled a more aggressive approach to dealing with cyber threats. Deputy Attorney General. Lisa Monaco, told the Munich Cyber Security Conference that the US would consider "whether to use disruptive actions against cyber threats, even if they might otherwise tip the cybercriminals off and jeopardize the potential for charges and arrests."

Free: There's a wealth of excellent free tools and services to help organisations combat cybersecurity threats. The US Cybersecurity and Infrastructure Security Agency (CISA) has compiled a list of them. 

Leavers: 83% of employees continue to access information from a job after they leave it, according to a survey by Beyond Identity.

Access brokers: The sale of access to organisations' networks has become a key element in the criminal ecosystem. Crowdstrike found that the academic, government and technology sectors were the most popular.

Grid: The BBC has a fascinating story that explains how the sound of the electricity grid can be used in police investigations. Scientists have been recording the noise since 2015 because it fluctuates and so can be matched to digital recordings to authenticate them.

Bricked: Seattle public radio station, KUOW, managed to lock some digital car radios to their broadcasts by sending them an image file without an extension. techdirt

Updates

Firefox: First minor revision to Firefox 97 focusses on minor bugs and performance refinements.

Pixel: Google has acknowledged that a ‘very small number’ of Pixel 6 phones are affected by WiFi and Bluetooth issues. A fix is due next month.

Cisco: Is warning firewall owners to install a recent firmware update, or lose updates to security feeds after March 5.  

Windows 11: Future versions of Windows 11 Pro will require a Microsoft account (and an internet connection) for installation to work. Ars Technica

Ubuntu: Updates for multiple releases, as far back  as 14.04. 

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved