FFT news digest April 22 2022

Spyware

If there were any doubt about the prevalence of commercial spyware, the latest research by Citizen Lab should dispel it. It says evidence of Pegasus software was found on devices associated with the office of the British Prime Minister and the UK foreign affairs department. It also identified at least 65 people connected to civil society groups in Catalonia who had been targeted with "mercenary" spyware including Pegasus and a competitor called Candiru. Catalonia said Spain's central intelligence agency was behind the attacks. 

Ukraine

The 'Five-Eyes' intelligence alliance has warned of an increased risk that Russia-backed hacking groups could target critical infrastructure inside and outside Ukraine. "Critical infrastructure organizations should maintain a heightened state of alert against Russian cyber threats. Stay vigilant and follow the mitigations from our joint advisory to harden your networks," the US National Security Agency said. The alliance brings together the US, Canada, UK, Australia and New Zealand.

Zero-days

Google says it tracked a record number of zero-day issues last year. (Zero-days are so called because, until they were revealed, no-one knew about them and so had zero time to do anything about them). Google's Project Zero identified 58 of them last year, more than double the number it found in each of the previous two years. 

Ill-prepared

Security companies spend a fortune on churning out research which (obviously) is designed to help them sell their products. But that doesn't mean some of the findings aren't important. One of the latest surveys (by Trend Micro and the Ponemon Institute) looked at the second half of last year. It questioned 3,400 IT and security managers; 80% said their organisations had experienced one or more successful cyberattacks in the previous year.

Threats

LinkedIn: The phisherman's friend has become the most spoofed brand in phishing attacks, according to Check Point. That's up from fifth place in the final quarter of last year.

British Airways: Pandemic requirements and chaotic logistics have created fertile ground for criminals. Be very cautious about emails asking for personal information or for money, and only use verified numbers (which don't include those that pop up in Google search results). Flyertalk

SMS: T-Mobile has warned US users of a sneaky campaign trying to steal personal information or install malicious software. It exploits the group messaging feature which means they can't be blocked. Bleeping Computer

Mac: The Verge reports on Mac apps which are designed to force users to sign up for subscriptions. One example is called My Metronome. It won't let the user close it with keyboard shortcuts or the menu bar until they agree to a $9.99 per month subscription.

Banking: Sophisticated social engineering underpins a nasty scam that tricks victims into transferring funds to reverse a non-existent instant payment. It begins with a text message asking whether a payment was attempted. Replying 'no' results in a second message saying a fraud specialist will call shortly. A security engineer explains how he very nearly fell for a similar scam. As always, never engage in these sorts of calls unless you initiate them using a verified number and line. FBI

Crypto: Cryptocurrency is a goldmine for criminals. This Twitter thread collects some of the sneaky phishing messages that are doing the rounds.

In brief

GPS: Police in Virginia are secretly using GPS pings to track people's phones. Court records show they achieve this by ordering mobile phone operators to carry out the tracking and report the results. Reclaim The Net

VPNs: Not all Virtual Private Networks are equal. TechRadar found security issues with Surfshark, TurboVPN and VyprVPN. Surkshark said it had already addressed the concerns.

Telegram: The messaging platform is a powerful mechanism for distributing malicious software and coordinating criminal campaigns. Cisco Talos details one example that is targeting Russian users but which acts as a wider warning.

Beanstalk: An extraordinary tale from the cryptocurrency world. It's complicated, but the basic facts are $76 million were stoien after someone exploited a flaw in the governance process to give himself a controlling stake in the project. The Verge Beanstalk

AI sales: Sales teams are being offered artificial Intelligence-powered software to help them analyse whether potential customers appear interested during virtual meetings. Protocol

Murder: And also on the subject of AI, perhaps the weirdest story we've seen in a long while. An inventor used AI to resurrect his imaginary childhood friend. He added its personality to a voice-enabled Microwave. It then tried to kill him. The Next Web is trying to establish whether the story's true - but there's a video so you can make up your own mind.

Netflix: You probably saw that the streaming giant's growth figures have gone into reverse. Will it crack down on sharing passwords? You bet it will! It's already running an experiment doing exactly that in Chile, Costa Rica and Peru. Netflix has 222 million paying households. It reckons there are another 100 million that love the service but don't pay for it. 

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved