news220408

Cyber war

Experts continue to disagree over the cyber dimension of the dreadful conflict in Ukraine. A Foreign Affairs analysis entitled "The Myth of the Missing Cyberwar" argues that Russian hacking not only succeeded in Ukraine and but also poses a threat elsewhere. In particular, it points to the attack on the KA-SAT satellite broadband service, as well as strikes against many official Ukrainian resources. "A full accounting of the cyber-operations reveals the proactive and persistent use of cyberattacks to support Russian military objectives," the authors argue.

While that's true, it's worth pointing out that Russia's cyber operations have had far less impact than previous attacks against Ukraine. In 2015, Moscow managed to disable the power grid in large parts of the country, and in 2017 the infamous NotPetya malware caused an estimated $10 billion worth of damage not just in Ukraine but around the world. This time, Ukraine was able to defend itself much more effectively. A US researcher describes how he led a US-funded program to train hundreds of cybersecurity academics and students. Key lessons were effective access control and eliminating the use of pirated software. Adoption of official tools meant that Russian attacks were spotted almost immediately. And in Washington, the US said it had secretly removed malware from computer networks around the world to pre-empt Russian cyberattacks.

There are also signs of gaps in Russia's information blockade, with Cloudflare reporting signs of increasing use of Western news sources. In March, the most downloaded mobile apps in Russia were VPN solutions, Telegram, and a privacy-focused service from Cloudflare that prevents internet service providers monitoring requests for web pages. It says its service has shown a significant rise in Russia-based use, with most requests for major US, British and French newspapers. Controlling internet use is hard, as Sri Lanka demonstrated this week. Amid widespread unrest, the government imposed a ban on social media only to lift it 16 hours later. The President's nephew resigned as a minister and derided the ban as "completely useless", which he demonstrated by posting the comment on Twitter.

Telegram: Ukraine's technical security and intelligence agency is warning of a new wave of attacks aimed at gaining access to Telegram accounts. They use a Telegram message warning the recipient about a supposed login from a new device located in Russia. The message urges users to confirm their accounts by clicking on a friendly blue button. As always, ignore! If concerned, go to Telegram's settings and make any changes there.

Kyiv IT: Fascinating report on how officials in Kyiv have repurposed technology to keep people connected following the Russian invasion. Time

Intel: The US chipmaker says it has suspended business operations in Russia. It joins Apple, Microsoft and Dell in halting sales in the country. Reuters

Anonymous: The hacker group has published personal details of some 120,000 Russian soldiers as part of its ongoing campaign against President Putin and the invasion of Ukraine. Fortune says the details include "dates of birth, addresses, passport numbers, and unit affiliation."

Twitter: Is stepping up efforts to protect the accounts of journalists and activists. It also says it will also require the removal of tweets posted by "government or state-affiliated media accounts” if they contain images or videos showing prisoners of war. And it's taking action to “drastically” reduce the chances of people seeing posts from Russian government accounts.

Voicemail

You receive a voicemail in which an unknown person is talking about you to someone else. "I'm trying to get a hold of them right now," the voice says. The aim is to pique your curiosity and get you to call back. If you do, the scammers will try to steal information by offering fraudulent tax planning services. The example is provided by Hiya, which is trying to flog its call filtering tool, but it's a good reminder that curiosity is frequently the button that scammers push when they're trying to con us. A similar tactic is being used in a campaign that's sending emails pretending to include a WhatsApp voicemail message. Armorblox found that clicking 'Play' eventually leads to a page that brings up a popup window asking you to Allow or Block notifications prompt. Choosing 'Allow' could result in the installation of malicious software...which is why we never allow these notifications.

Malware as a Service

Some good examples this week that illustrate how easy it is to become a cyber-criminal. ZScaler has details of "BlackGuard", a new tool being sold in a Russia hacking forum which is designed to steal passwords from crypto wallets, browsers, email clients and messaging apps. Its cost; $200 per month or a $700 one-off payment. And also appearing on Dark Web markets is "Borat", a toolset that gives its operator wide-ranging capabilities, including keylogging, ransomware deployment and audio and video recording. These tools are often distributed as pirated software or cracks (cheats) for games.

Spyware

More evidence of the widespread use of Pegasus spyware, this time in Jordan. Citizen Lab says phones belonging to four Jordanian human rights defenders, lawyers, and journalists were hacked between August 2019 and December 2021. In one case, an activist was compromised with a 'zero-click" exploit that required no user intervention. Citizen Lab's investigation suggests that another iPhone was attacked even after Apple began legal action against the manufacturer of Pegasus. Meanwhile, a notorious German spyware operator, FinFisher, is reported to have closed down and filed for insolvency. The news has been welcomed, but it's worth pointing out that while spyware companies come and go, the people behind them tend to re-emerge in another guise.

Updates

Apple: Those naughty people at Apple have failed to release updates to address security vulnerabilities in the Catalina and Big Sur versions of its Mac operating system. Experts are unimpressed. An estimated 35-40% of Macs are at risk, Intego said. Apple's failure runs counter to its assurances that it supports the current operating system version and the two previous ones. If your computer is compatible with Monterey, this might be a time to install it - but do make sure you have a complete backup first.

Chrome: Google has released version 100.0.4896.75 of its browser to address serious vulnerabilities. It's also rolling out a guide to Chrome's privacy settings.

Firefox: Version 99 of Mozilla's browser is also designed to fix security issues.

Thunderbird: Version 91.8.0 includes security updates and makes an important change to Google Mail account authentication. The latter is due to a system-wide change Google plans to introduce on May 30.

Trend Micro: Update for Apex Central product management console.

Zyxel: Is urging users of its firewall products to install a security update immediately.

VMware: Critical issues affect five of its products, including Cloud Foundation and Workspace One.

Palo Alto: Some firewall, VPN, and XDR products have a serious vulnerability that was disclosed three weeks ago. A fix isn't expected until April 18.

Tails: Version 4.29 updates apps including the Tor browser, Thunderbird and the Linux operating system.

Threats

China: A widespread campaign linked to the Chinese government appears to be exploiting vulnerabilities in Microsoft Exchange. Symantec says the sophisticated campaign has targeted government, legal, religious, and non-governmental organisations around the world. Prompt patching and secure identity management are essential, Symantec says.

Smartphone apps: Another week, another report warning about the risks of lookalike smartphone apps. Pradeo points out that there's a widespread tendency to look for free versions of apps requiring a subscription. For criminals, that's a free hit because all they have to do is copy the genuine app and add some malicious code to it. Meanwhile, Google has removed dozens of malicious apps from the Play Store. They allegedly contained code linked to a contractor employed by US national security agencies.

Routers: D-Link routers that are no longer supported should be thrown out, according to the US Cybersecurity & Infrastructure Security Agency. The DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L models received their last update on 19 December 2021.

Hamas: A hacking group connected to Hamas is back with its favourite tactic; fake profiles of attractive women. This has been used repeatedly in recent years; the latest targets are senior Israeli officials. Cybereason

Parrot: Beware of pages telling you to update your browser. Parrot is the name of a redirection service spotted by Avast. It uses compromised web servers to display fake update pages - and it's surprisingly widespread. Never follow a link to update your browser. Just close and reopen it!

Shortened links: Links like 'bitly' that convert a long website address into short one are a risk because you can't see where they will take you. Panda Security has good advice on how to stay safe, though we're doubtful that anyone has time to use it. If in doubt, don't click!

In brief

Social media surveillance: The FBI is paying up to $27 million for surveillance software that will enable it to monitor social media posts. “It turns out that people dismissed as paranoid because they thought Big Brother was watching everything they say on social media were not paranoid after all,” one critic said. The Washington Post

Crime: New figures put the cost of identity fraud in the US at $52 billion last year. Javelin's annual report says 42 million Americans were affected.

Fake warrants: A US Senator is demanding more information after it emerged that attackers are obtaining data from official sources by using fake warrants. KrebsonSecurity

Stalking: Instagram is exposing women to an "epidemic of misogynist abuse," according to the Center for Countering Digital Hate. Meanwhile, Motherboard has collected police records from across the US showing widespread use of Apple's AirTags to stalk women.

TV hell: Vizio has provided a glimpse into the future of television by enabling a feature that displays banner advertisements over live shows. The Next Web

Life saver: A British snowboarder says an iPhone saved his life after he fell into an off-piste crevasse and couldn't climb out.

Satellite broadband: A French court revoked a licence allowing Starlink to use two frequency bands (an alleged detrimental impact on cattle and a lack of consultation were blamed). Meanwhile, Amazon said it has reserved up to 83 launches to put its planned 3,236 satellites in orbit.

FFT news digest April 8 2022