FFT news digest April 29 2022

Twitter

Elon Musk says Twitter direct messages should be protected with end to end encryption "so no one can spy on or hack your messages." Mind you, an hour earlier he had tweeted that he would be buying Coca-Cola to put the cocaine back into it. More seriously, he says, "for Twitter to deserve public trust, it must be politically neutral, which effectively means upsetting the far right and the far left equally." So, when you put all this together, you get a sense that his plans may lack a certain level of detail.

Ukraine

Russia began cyber preparations for war at least a year before invading Ukraine, according to research from Microsoft. It says six hacker groups aligned with the Russian government have carried out hundreds of cyberattacks and found direct links between cyber attacks and the timing of military operations. "We have seen...237 operations against Ukraine – including destructive attacks that are ongoing and threaten civilian welfare," it said. Microsoft reckons the attacks it has observed are only a fraction of the total activity targeting Ukraine.

Hacking hacks

North Korean hackers are renowned for their expertise, and their latest targets are journalists specialising in the affairs of the hermit kingdom. The attack, which was discovered by NK News, appears to have been aimed at accessing confidential information and sources. It exploited the personal email account of a former director of South Korea’s National Intelligence Service to make the messages look more realistic.

Access all areas

Cyber criminals are now wealthy enough to fund the development of sophisticated hacking tools that previously were available only to governments and groups affiliated with them. MIT Technology Review says "one-third of all hacking groups exploiting 'zero-days' last year were financially motivated criminals as opposed to government-backed cyberespionage groups". 

Threats

Simple: Sophos has a good example of a simplistic but highly effective email lure. It tries to persuade the recipient to click on a link by saying some emails failed to be sent.

Facebook: A devious phishing campaign aims to steal passwords from Facebook users, including administrators of company Pages. It begins with an email from 'The Facebook Team'. Abnormal Security

Financial scams: Avanan has tips for avoiding scammers who impersonate financial institutions.

Business Email Compromise: The FBI reckons that this type of social engineering attack cost organisations $2.3 billion last year. It's astonishingly widespread and extraordinarily successful. It's essential to have cast-iron processes to secure payments otherwise, sooner or later, someone in your organisation will be fooled. ESET

Security questions: Answers to memorable questions are a pitifully poor security mechanism because most of them are known to fraudsters. Indeed Pindrop reckons fraudsters are better than genuine customers at answering them.

Agriculture: The FBI has warned farming businesses that they face an increased threat from ransomware attacks, particularly at planting and harvest times. The Next Web has an insight into the degree to which farming has become a technology industry - as illustrated by John Deere.

In brief

Fools: More details about the failure of major technology companies to protect their users. Last month Bloomberg revealed that Apple, Google, Meta/Facebook and Twitter were being duped by fraudulent data requests. Now it says some of the data has been used to sexually extort children. 9to5Mac

Fiber: Much of France's internet connectivity was disrupted this week after a large number of fibre optic cables were dug up and destroyed. They were cut in such a way as to complicate repairs. Cyberscoop

Surveillance: The Intercept has an insight into the extent to which we are being watched, in real time, without any regulation. One company claims that it can track roughly 3 billion devices thanks mainly to our collective failure to read the terms and conditions of the apps we use.

China: China's homegrown Twitter equivalent will start showing information to reveal users' locations. Weibo says the move is designed to combat "bad behaviour" online. Reuters

Eavesdroppers: Amazon has been using data from smart speaker conversations to target advertisements in violation of privacy commitments, according to a paper from US university researchers. Meanwhile, Amazon tells the FT about its vision for ambient computing.

Ransomware: Costa Rica's official IT systems have been crippled for more than a week following an attack by the Conti ransomware group. Significant amounts of data have already been leaked as the country refuses to pay a ransom. AP

Exposed databases: There's been a rise in the number of databases publicly exposed to the Internet. 308,000 were identified in 2021. Bleeping Computer

Apple repair kits: iPhone users in the US can now repair their own devices. You probably won't be surprised to hear that the kits are almost as expensive as the cost of having the phones fixed professionally. The Verge

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved