FFT news digest Aug 5 2022

Ransomware

We should accept that ransomware will never be eliminated, so combatting it requires concrete measures. That's according to an Atlantic Council report based on interviews with policymakers, technologists and law enforcement. Behind the Rise of Ransomware reckons there needs to be a crackdown on the use of cryptocurrency schemes to enable profits to be realised from ransomware attacks. It also suggests that incentives are required to help small and medium-sized organisations (SMBs) improve their information security. The report is focused on the US but its recommendations have wide applicability. There are three key themes;
  - Since the majority of attacks target SMBs which can't afford expensive cybersecurity programs, there should be tax reliefs designed to encourage them to implement security best practices.
  - SMBs should also be offered tax credits in return for hiring or retaining cybersecurity employees.
  - It should be mandatory to report all ransomware incidents.

Ransomware continues to be a ridiculously widespread issue. Recent victims include a European missile manufacturer, a German chipmaker, a Luxembourg energy company, the Toronto Symphony Orchestra and a UK secondary school. But the European cybersecurity agency, ENISA, says publicly reported incidents are "only the tip of the iceberg." The complete picture "is impossible to capture since too many organisations still do not make their incidents public or do not report on them to the relevant authorities," it adds. Its report urges organisations to take basic precautions, including having an effective backup policy, using security and monitoring software and restricting administrative privileges. The UK cybersecurity centre has detailed guidance here.

Threats

Countdown: A nasty phishing attack uses a timer and tells victims their account will be deleted when it reaches zero unless they enter their username and password. Cofense

Texts: Phishing attacks using SMS (short message service) are on the rise. In the US, some reports estimate consumers received over 12 billion "robotexts" in June. Federal Communications Commission

PayPal: Great example of highly persuasive scam masquerading as a warning about an "unlawful" $1,000 PayPal charge. One of the reasons it's so persuasive is that it exploits PayPal's business invoicing feature so the scam email not only looks like it comes from PayPal, it actually does.

Play Store: The latest episode in our 'Don't Trust the Play Store" series; Google has removed 17 malicious apps designed to steal financial information. It really is essential to be careful about what apps you install because it's clear Google can't keep bad stuff out of its store. Trend Micro

Extensions: The same warning applies to browser extensions. North Korean hackers have been spotted using malicious extensions to spy on Chromium-based browsers. Volexity

On display: Cameras are ubiquitous, so if a password is stuck on a wall or a display, sooner or later it will turn up in a photo or video. The latest example comes courtesy of the BBC's Countryfile programme but it's OK, it was only on a computer display at the UK's nuclear site at Sellafield. Simon Grundy

Spying

The head of Greece's intelligence service has admitted using surveillance software to spy on the cellphone of a financial journalist working for CNN Greece. The admission, reported by Reuters, came at a closed-door parliamentary committee hearing that was set up after an opposition party leader complained an attempt had also been made to use spyware against him. The Greek government has denied deploying spyware, but there's increasing evidence of widespread use of such tools in Europe. The journalist at the centre of the Greek case has worked on investigative reports but says he's baffled as to why he was targeted. We'd suggest it may be because of who he knows, not what he knows.

Bypassing MFA

Criminals are increasingly using sophisticated techniques to defeat common forms of multi-factor authentication. The so-called adversary-in-the-middle (AitM) technique works by hijacking the authentication process in a way that's invisible to the user. Last month, Microsoft warned about a similar campaign that had targeted over 10,000 organisations since last September. Now, Zscaler says another set of attacks that began in June is sending emails containing fake invoices designed to obtain user credentials. Hardware security keys are immune to this type of attack but the most important defence is for users to be wary of emails that connect to a page asking for credentials. 

In brief

Crypto: A cryptocurrency bridge called Nomad was hacked and lost $200 million, amounting to almost all of its funds (a bridge enables crypto tokens to be traded between different platforms). Even worse, a recent security audit of the bridge identified 40 issues, and one of them may have been involved in the attack. Security Week

Child porn: Hacked social media accounts are being used to post "indecent images of children," according to the UK cybercrime centre, Action Fraud. Another very good reason to ensure accounts are protected with multiple-factor authentication whenever possible.

Twitter: Governments around the world have made a record number of demands for access to Twitter content, the company says. “We’re seeing governments become more aggressive in how they try to use legal tactics to unmask the people using our service," it said.

Managing devices: A salutary warning from one Twitter user whose company issued a MacBook to an employee who was then made redundant and refused to unlock the device. Mobile Device Management is your friend.

Spyware: A 24-year old Australian is alleged to have developed spyware that he sold to more than 14,500 individuals in 128 countries. Australian police say he was 15 when he began creating the software.

Phone fraud: The former owner of a T-Mobile store in Los Angeles has been found guilty of using stolen credentials to unlock hundreds of thousands of cellphones in a scheme that earned him some $25 million. DoJ

Uber scam: By far the most gruesome story of the week concerns an elderly woman in the US. Scammers dispatched an Uber to take her to her bank so that their fraud could be completed. Luckily it didn't work. Brian Krebs

Fake news: A network of at least 72 news sites in North America, Europe, the Middle East and Asia are part of a sprawling information operation designed to spread Chinese propaganda. Mandiant

Lifespan: The Washington Post has calculated when your gadget is going to die. For Apple AirPods, the expected lifespan is just 2 years...

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved