news220318

FFT news digest March 18 2022

Faking it

Deep fake technology was used to create a video of Ukrainian President Volodymyr Zelenskyy seeming to tell Ukrainians to surrender. The video appears to be part of a synchronised attack that began when a Ukrainian news outlet, Ukraine 24, was hacked. The outlet issued a frantic message saying the video - and accompanying text - were 'FAKE! FAKE!" President Zelenskyy subsequently posted a video repeating that Ukraine would never surrender to Russia.

As in many other areas, Russia may have underestimated Ukraine. More than two weeks ago, the official army Facebook account carried a warning about deep fake videos. “Imagine seeing Vladimir Zelenskyy on TV making a surrender statement. You see it, you hear it - so it’s true. But this is not the truth! This is deepfake technology,” it said. “This will not be a real video, but created through machine learning algorithms. Videos made through such technologies are almost impossible to distinguish from real ones.”

Given that media reports often endow Russian hackers with what approaches superpower status, the quality of this deep fake was lamentably poor. While President Zelensky's face moves jn a relatively convincing way, his body is completely still and his voice is bracingly unnatural. So just as with the Russian agents who were found in Holland with receipts for their taxi journey from their office to the airport and the excruciating logistical failures at the start of the Russian invasion, perhaps Moscow's abilities to deploy cyber weapons during a war may have been overestimated.

Facial recognition: Ukraine has started using Clearview's controversial technology to uncover Russian assailants, combat misinformation and identify the dead, according to Reuters. Clearview's founder says its database contains more than 2 billion images from the Russian social media service VKontakte, out of a database of over 10 billion photos in total.

Kaspersky: Germany's federal cybersecurity agency has warned against installing Kaspersky antivirus products, saying it has "doubts about the reliability of the manufacturer." Kaspersky branded the announcement as "political." We're inclined to agree.

NATO: Russia's ambassador to Estonia condemned Ukraine's participation in NATO's Cooperative Cyber Defence Centre of Excellence. "This first step will certainly entail others, pursuing the aim of converting Ukraine into a stronghold for political, economic, ideological and military blackmail of Russia," he said. Bleeping Computer

Aviation: The European Union's air transport safety regulator has warned that satellite navigation systems are being interrupted by electronic jamming associated with the invasion of Ukraine.

Communications: An extraordinary tweet from Ukraine's security service has pictures of what it claims is a 'hacker' who was routing calls for Russian forces in the country. He's also accused of sending text messages to Ukrainian forces telling them to surrender. Motherboard

Storage: Sanctions mean that Russia has only two months' worth of data storage left before it runs out, according to Kommersant.

Chinese games

China has been accused of consistently targeting European Union diplomats since August 2020, with the latest attacks coinciding with Russia's invasion of Ukraine. Proofpoint says it was relatively easy to attribute the attacks to China because they hadn't bothered to change anything apart from the content of the phishing lures. Meanwhile, in an attempt to demonstrate it's the victim of cyber attacks, China said it had obtained US cyber weapons used to steal files, and monitor and redirect network traffic. As The Register points out, the only problem is that this weapon was leaked 6 years ago.

Routers

The routers we rely on for internet connectivity provide a target-rich environment for attackers - and the latest company in the crosshairs is Asus. These devices are often ignored (unless they go wrong) but it would be hard to exaggerate the risk of using default passwords or failing to keep the devices updated. The latest attacks appears to come from a group connected to the Russian government, although there's no indication they're linked to the invasion of Ukraine. Trend Micro has a detailed report on the issue. It warns only essential services should be exposed to the internet. It also says that if a device has been infected, it should be replaced.

Mobile phishing

As we've reported repeatedly, this year has seen a sharp rise in the number of attacks on smartphones. That's been accompanied by an increase in websites that are specially designed to fool mobile users. Zimperium says it's essential to be particularly careful when browsing on smartphones because of the smaller screen size and the lack of some of the detailed information available in desktop browsers. Zimperium analysed hundreds of thousands of phishing websites and found those designed specifically for mobile phishing attacks now constitute three-quarters of all such sites.

Updates

Apple: A total of 87 security updates across Apple's products, including iOS, macOS (Monterey 12.3, Big Sur 11.6.5, Catalina), and iTunes 12.12.3 for Windows. NB There are reports that the latest update breaks devices running Monterey that have had their logic board replaced.

Google: Update for the Chrome browser to address a "critical" vulnerability. It's worth noting that Google doesn't often define Chrome issues as critical.

QNAP: The Taiwanese company's network attached storage (NAS) devices have a serious flaw which could allow them to be hijacked. There's no mitigation at the moment. QNAP simply advises users to wait for an update and, in the meantime, has some suggested protections.

Top issues: The US Cybersecurity agency has updated its catalogue of vulnerabilities that are being used by attackers. There are 15 new entries.

Mikrotik: Microsoft has released a scanner to detect any routers that have been taken over by the TrickBot ransomware gang which uses them as part of their operations.

Raspberry: Raspberry Pi devices are simple and very cheap computers that were designed for education but have been put to an extraordinary range of uses. Problem is; everyone knows their default password and they're now being attacked. If you have one, it's time to check! Bulletproof

Threats

Ukraine: You've probably already received at least one Ukraine-related scam. Talos warns that attackers are using an increasing range of lures, some of which can be very persuasive.

3%: Just 3% of employees cause 92% of malware events, with most of them being serial offenders. On a more positive note, 80% of staff have never clicked on a phishing email. Elevate Security

White: Avanan says attackers have begun to highlight text in white, not only to prevent the end-user seeing what's really in an email but also to try to bypass phishing filters.

Contact form: Sneaky criminals are using the contact forms on organisations' websites to begin their work. In one case they posed as a company requesting a quote for supplying a product. Abnormal Security

Romance fraud: Scam artists are stealing substantial sums from iPhone and Android users by exploiting the capabilities of smartphones and their connections to banking and financial institutions. Sophos

Spear phishing: Targeted email attacks are growing increasingly common, and smaller organisations are at particular risk. Barracuda says an average employee of a business with under 100 workers will experience 350% more such attacks than someone at a larger organisation.

In brief

Congratulations: The UK's National Cyber Security Centre has patted itself on the back for taking down 76,000 online scams thanks to the Suspicious Email Reporting Service. Despite that, last year saw a 161% increase in offences involving unauthorised access to personal information.

Chinese spies: Taiwan has arrested 60 Chinese nationals working for technology companies on charges of stealing trade secrets or trying to lure away talented individuals.

Piracy: In a different sort of pricey, a VPN provider has blocked the BitTorrent file sharing service as part of a settlement deal with more than two dozen movie studios. Bleeping Computer

Israel: The country's cyber directorate declared a brief state of emergency this week after the country experienced what it called the "largest" cyber attacks in its history. Haaretz

Snoops: US Immigration and Customs Enforcement (ICE) has been caught with its fingers in Americans' financial details. The hugely effective Senator, Ron Wyden, exposed ICE's practice of obtaining bulk records from financial institutions.