FFT news digest March 11 2022

The information war

Russia appears increasingly desperate in its attempts to combat Ukraine's success in the information war. As well as its alarming claims about chemical and biological weapons, the Russian embassy in London claimed a pregnant woman fleeing a maternity hospital in Mariupol was in fact an actor placed there by Ukrainian propagandists. Perhaps not coincidentally, the use of the "crisis actor" defence mimics the tactics of conspiracy theorists in the US - and echoes broader claims on behalf of Russia that Ukraine isn fact bombing itself.

Despite being obviously ludicrous to audiences outside Russia, inside the country such an approach does appear to be effective - at least to some extent. People inside Ukraine report that their relatives in Russia simply don't believe the increasing devastation in Ukraine is caused by Moscow's forces. A Russian YouTuber went out on the streets of Moscow to question young people about their opinion of President Putin. "Is Putin great?" he asked. The "unedited" answers were...careful. Or as one interviewee said, "That's a dangerous question".

Younger Russians are more likely to obtain their news from sources other than state TV - and so it's hardly surprising that the government blocked Facebook and Twitter, and made independent coverage of the war effectively illegal. But, as even China has discovered, cutting off such information sources is easier said than done. Within hours of the social media block being announced, demand for virtual private networks (VPNs) reached a record high, according to Safety Detectives. Twitter launched a Tor onion service, which is designed to defeat censorship, and other media organisations including the New York Times and the BBC have done likewise. And, extraordinarily, Reuters reports that Facebook and Instagram will allow calls for violence against Russians and the Russian military.


The cyber war

The predicted "cyber war" has yet to materialise, but that doesn't mean things haven't been happening. This will be particularly obvious to numerous users of Viasat's KA-SAT service whose terminals stopped working on the morning that Russia invaded Ukraine. Russia has deep expertise in blocking (and detecting) satellite transmissions, as witnessed in Syria, but in the case of KA-SAT the terminals were rendered useless. Following an investigation into the attack, Viasat says affected modems will have to be replaced.

The most plausible analysis of what happened comes from a researcher who has specialised in uncovering some of the satellite industry's dirtier secrets. Ruben Santamarta says initial reports that the service was simply interrupted were undermined by a French military tweet which was the first indication that modules in the terminals had been damaged beyond repair. Santamarta believes the design of the KA-SAT network and the locations of the affected terminals make it much more likely that attackers compromised a Network Operation Centre which enabled them to send commands to the terminals to effectively self-destruct.

The KA-SAT service is used by the Ukrainian military - but it also provides broadband connectivity to domestic subscribers and plays a crucial role in monitoring wind farms. Germany's Enercon said some 5,800 of its wind turbines lost contact with the system designed to monitor and control them. It's a salutary reminder of the sort of damage that can ensue when interconnected networks are attacked.

Threats

Officials: The FBI says scammers are trying to steal personal information and extort money from them by impersonating government officials. These are sophisticated scams involving phone calls that appear to come from genuine numbers.

Fake dating: Romance scams depend on respectability to fool their victims. Malwarebytes says military profiles are often used, including an unfortunate US Army colonel whose details have been used repeatedly since 2014.

Sextortion: At the less subtle end of spectrum, police in Kent say there's been an 88% rise in the number of blackmail attempts over the past three years. These try to persuade the victim that they've been recorded while visiting porn sites. They're nonsense, but they sometimes work.

Hijack: A nasty campaign lures people into opening links by inserting malicious emails into real conversations. It manages this by using accounts that have been compromised. Sophos

Defeating MFA: Multi-factor authentication is good, but it can be defeated. One way of doing this is to bombard a target with 'push prompts' to authorise access to a resource. The idea is that eventually people get bored and accept one. Microsoft has a mitigation for Azure users (via Kevin Beaumont).

Fax: Small and medium-sized organisations are being targeted with emails containing an attachment that purports to be the contents of a fax. It's actually malicious software designed to steal credentials or install ransomware. My Online Security

Social media

Phishing campaigns love social media, so much so that they've reached a record high. Vade Secure says it analysed 184,977 phishing pages as part of its 2021 'Phishers' Favourites' report. Facebook was the most impersonated brand, knocking Microsoft off the top position. Vade also found that phishing lures were becoming increasingly sophisticated - although there are still plenty of rubbish ones around. Thursday seems to be the phisher folks' favoured day for sending their campaigns, although in Microsoft's case, the number rose through the week to peak on Fridays. A separate survey by Egress warns about the use of LinkedIn. It says it recorded a 232% increase in such attacks.

Telegram 

Telegram continues to play a crucial role in the war in Ukraine, much of it on the side of the defenders, but we've had multiple requests to explain how to use it safely. Firstly, it's important to recognise that by default Telegram messages aren't protected by end-to-end encryption; this is only applied to 'Secret Chats'. This feature also enables messages to be deleted automatically after as little as one second. But, secondly, while a conversation might be deleted, a contact will remain unless manually erased. Given that Russian police are now stopping people in the street and searching their phones, it's essential people understand the capabilities - and limitations - of Telegram and other messaging services.

Smartphones

This year has seen a 500% in attempts to infect smartphones with malicious software, according to Proofpoint. Most of the attacks appear to be aimed at stealing usernames and passwords for email or bank accounts. But Proofpoint says some of the malware is increasingly sophisticated and has some of the capabilities of high-end spyware, including the ability to record audio and video, track locations, and delete data. To protect yourself, be cautious of unexpected messages with links, URLs or requests for data of any type. Do install security updates and use a decent antivirus app on Android devices (though not on iPhones because they don't and can't work).

In brief

Alexa: Another excellent reason to be cautious about voice activated assistants. Researchers have discovered that it's possible for an attackers to force Alex Echo devices to issue potentially dangerous commands, like unlocking a door... Ars Technica

UPS: APC is one of the world's leading makers of uninterruptible power supplies. Unfortunately, Armis has discovered three vulnerabilities that could allow them to be disabled or destroyed remotely. Their post also has advice about what to do.

Facial recognition: We know we bang on about this, but a prediction that the sector will be worth $12.67 billion by 2028 does indicate why it's an issue. As does the €20 million fine imposed by Italy on Clearview, one of the market leaders.

Tracked: Researchers at Duke University have described an advanced system that makes it easier to analyse people's eye movements and guess what they're doing or looking at.

Conti: The Conti ransomware gang had much of its information published, seemingly in response to its support for Russia's invasion of Ukraine. But the US is warning that it hasn't gone away and the number of its victims has reached 1,000.

Tinder: Users in the US can now run background checks in the app to check whether their matches have a record of violence or harmful behaviour.
AI health:

Airbnb: An extraordinary tale from Texas where an Airbnb host has been arrested for allegedly recording 2,100 images of his guests when they were naked or having sex. The camera was disguised as a power adaptor. KSAT

Updates

Microsoft: Monthly security update has fixes for three previously unknown ('zero-day') vulnerabilities and a total of 71 issues. Three are classified as Critical because they allow remote code execution. They also address a bug which meant some data wasn't deleted even if a Windows 10/11 device was wiped.

Adobe: Urgent security updates to fix vulnerabilities in Illustrator and After Effects.

Firefox: Updates for Mozilla's browser to address two issues rated 'critical'. If unpatched, they could give an attacker complete control over a device.

Google: Don't try to escape a meeting by blaming Google Meet. Its latest update includes a feature that shares detailed bandwidth information with your employer!

Linux: A horrible vulnerability has been fixed in Linux 5.16.11, 5.15.25 and 5.10.102. By horrible, we mean the vulnerability could be used to gain complete control over an unpatched system.

Android: The March security update includes fixes for 39 vulnerabilities (including the Linux issue above).

VLC: Media Player 3.0.17 addresses issues in several core modules, including audio and video output.

Tails: Version 4.28 includes updates for Tor Browser to 11.0.7, Thunderbird to 91.6.1 and tor to 0.4.6.10.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved