FFT news digest Jul 29 2022

Spyware

There is growing awareness of the threat that spyware represents but precious little agreement as to what to do about it. At a session this week, the US House Select Committee on Intelligence took evidence from a succession of experts and spyware victims. They called on the US intelligence community to use its power to cut off the supply of vulnerabilities on which spyware tools depend. The problem is that this would involve exposing the same vulnerabilities and exploits used by intelligence agencies themselves.

The harm caused by spyware was demonstrated by Carine Kanimba, a US citizen who was born in Rwanda and targeted by the powerful Pegasus spyware last year. The infection came after her father, a vocal opponent of Rwanda's government, was lured to Rwanda where he was sentenced to 25 years in jail. But it's not just activists who are targets. In 2019, it emerged that Pegasus was used against US diplomats connected to Uganda. The chairman of the House committee said spyware posed a serious threat to national security and warned its use could be much more widespread than anyone realises. “We are very likely looking at the tip of the iceberg,” he said.

Also this week, Microsoft published details about a little known spyware manufacturer in Austria. It said it had linked a number of cyber attacks to the Vienna-based intelligence-gathering company, Decision Supporting Information Research Forensic. Its tool, dubbed Subzero, enables its customers to remotely and silently access a victim’s computer, phone, network infrastructure and internet-connected devices. Victims are said to include law firms, banks, and strategic consultancies in Austria, Panama, and the United Kingdom.

Threats

A report from email security company, Tessian, paints a dismal picture of cybersecurity training and its impact on organisations and their employees. Tessian says 85% of the workers it surveyed take part in security awareness programmes but 64% don't pay full attention and 36% found the sessions boring. 30% of the employees said they didn't think they had any personal responsibility for their organisation's cybersecurity. As Tessian points out, it's hardly surprising that 75% of the organisations it talked to had experienced a security breach in the last year.

Ransomware and Business Email Compromise attacks cause nearly 70% of cyber incidents, according to research by Palo Alto Networks. The data comes from more than 600 incident response cases over the past 12 months. "Cybercrime is an easy business to get into because of its low cost and often high returns. As such, unskilled, novice threat actors can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web," the company said. To put this in context, the FBI says global attacks targeting business emails (i.e. BEC) raked in nearly $17 billion from 2016-2021.

MFA: Multi-factor authentication isn't foolproof but it works. Europol says it has seen cases in which it was monitoring criminals. As soon as they saw MFA in use, they gave up and moved on to the next target. ZDNet

USB: It's an age-old trick but it's still in use. Security company, KnowBe4, explains how a booby-trapped USB stick arrived in the mail in a Microsoft-branded package.

Facebook business: A new phishing campaign is targeting professionals on LinkedIn in an attempt to take over Facebook business accounts that manage advertising for their organisations. Bleeping Computer

Exchange servers: Microsoft is warning of attacks targeting its Internet Information Services (IIS) web server. The warning is directed at Outlook on the Web and Exchange Server customers.

Artificial Intelligence: The FBI is worried that AI will increasingly be used in cyber attacks in the next few years and that deepfakes will become indiscernible from real content within the same timeframe. Cyberscoop

Filtering the trolls

Harassment on social media is a growing and at times frightening issue, especially for journalists and production teams. A new tool is designed to help. TRFilter is a web application that syncs with Twitter accounts and uses machine learning to identify abusive comments. This allows users to mute and block abusers but also to create reports documenting harmful accounts and accounts from which they're sent. The tool is funded by the Thomson Reuter Foundation and was designed with the help of Jigsaw, Google's unit that creates technological solutions to support open societies.

Web proxies

A college student in the US turned the tables on an attacker who distributed nude images of her. As Bloomberg reports, the attacker had posed as a security employee and tricked her into sharing a code that allowed him to take over her account. After receiving scant support from police, the student took matters into her own hands and created a web address designed to record the IP address of anyone who clicked it. The attacker visited the link without using a virtual private network to hide his details, so he was quickly identified and arrested. He turned out to be a 29-year-old chef living in New York who had broken into at least 300 other Snapchat accounts. He was sentenced to six months in jail.

Attacking the internet

The internet is obviously fundamental to modern life but it's very far from secure. This week, Russia's largest internet provider tried repeatedly to route users of Apple services through its own servers. For 12 hours, Rostelecom and Apple played a cat and mouse game involving the protocol that links networks together to form the internet. There are longstanding concerns over the insecurity of this protocol which has been abused successfully in the past. Meanwhile, Wired follows up the sabotage in April of crucial internet cables in France. The culprits remain unknown although a theory that it was the work of environmental activists has been discounted. As one internet service provider says, "the internet is locally vulnerable but globally resilient.”

In brief

JustTalk: There are lots of messaging apps that claim to be encrypted and secure but the saga of JustTalk underlines why it's important not to take such promises on trust. It claims to use end-to-end encryption but, as TechCrunch reports, the reality is rather different.

Smart locks: The same health warning applies to smart locks. NCC Group found 11 vulnerabilities in Nuki products, including issues that could allow an attacker to unlock them.

Radiation alert: Police in Spain arrested two men on suspicion of sabotaging the country's radiation alert system. Their motive is unclear.

Facebook: Testing times for Meta which for the first time has reported a fall in its quarterly revenue, though it still earned $28.82 billion. On a more theoretical level, Meta and Apple are entering a period of "very deep, philosophical competition" that will define the future of the Internet, according to comments by Mark Zuckerberg obtained by The Verge. 

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved