news220902

FFT news digest Sep 2 2022

Euro spies

The Greek government has been trying a variety of tactics to explain how an opposition party leader and journalists ended up with spyware on their mobile phones. It's not going well. The government began by rejecting coverage in The New York Times and Politico as the work of opposition stooges. The journalists stood by their stories and so the government changed its tune and accused foreign forces of "attempting to destabilise the nation." And just to leaven the mix, Greece has condemned efforts by the EU to investigate, saying it's a matter of national security.

Removing the narrative bluster, the facts are clear. The leader of the opposition PASOK party had Predator spyware installed on his phone. The same thing happened to a journalist who is a financial editor for CNN Greece. The attacks were tracked to Greece's intelligence service and its director promptly resigned. This matters because Greece joins Spain, Hungary and Poland as EU governments that have been caught using powerful spyware against opponents and journalists.

The EU has set up a committee to investigate but the obvious agency to find out what's been going on is Europol (mission statement; "to support the 27 EU Member States in their fight against terrorism, cybercrime and other serious and organised forms of crime.) Alas, its director says it serves the member states of the EU and can only operate with the consent of governments. A Dutch member of the EU committee is unimpressed, 'so even if governments are corrupt or involved in criminal activity, @Europol will loyally serve them?" she tweeted.

Threats

Telescope: Attackers have been caught hiding malicious software in images from the James Webb telescope. The attack begins with a malicious Word document attached to a phishing email. Securonix

Extensions: A reminder to beware of extensions promising to make browsing easier. McAfee found five Google Chrome extensions that had been installed by more than 1.4 million users. They purported to allow joint viewing of Netflix shows, find website coupons and take screenshots.

Instagram: A new phishing campaign is trying to scam users with the offer of a coveted blue badge. Vade

Watering holes: China is back with one if its favourite tricks. it sets up booby-trapped websites and then waits for people to browse them, thus infecting their devices. In this case the targets were Australian companies, government agencies and media outlets. The lure was an Australian news site filled with content from the BBC and Sky News. Proofpoint

Translate: Scammers are spreading malicious software disguised as legitimate-looking apps such as Google Translate. It's a clever trick because it offers a desktop version of Translate which would be useful but doesn't actually exist. Check Point

DocuSign: Fake review requests were used to lure targets into entering their Microsoft login details as the first part of a sophisticated scam. Any link that leads to a prompt to enter Microsoft credentials should raise a red flag. Mitiga

TikTok: ESET rounds up the multiple ways criminals are exploiting TikTok to fool users. They include get rich quick schemes, phishing messages, booby-trapped apps, and bot accounts that make it appear a user is chatting with a real person.

Lost luggage: The chaos in air travel has created rich waters for scumbags. Their latest trick is to use a bogus Twitter account to target British Airways customers who have posted about missing luggage. Malwarebytes

Spyware

There's a vibrant market in buying and selling ways to break into the technology we use everyday. We're often asked how this works. Leaked documents from a security company provide a glimpse into this world. They show that in return for a mere €8 million, Israeli-based Intellexa will provide a 12-month licence for spyware that it guarantees will provide access to a wide range of smartphones. And a Greek newspaper has screenshots of another product that has built-in support to clone websites so they can infect visitors devices with malicious software. They give the BBC and CNN as examples.

Data brokers

The US Federal Trade Commission is suing a data broker for (allegedly) selling location information gathered from hundreds of millions of phones. The FTC says that among the data provided by Kochava (based in Idaho) are details that track people at sensitive locations such as reproductive clinics. According to the FTC, the company promotes itself as providing "rich geo data spanning billions of devices globally." For its part, Kochava says it hasn't broken any laws, the FTC is guilty of a "fundamental misunderstanding," and the lawsuit is frivolous. There is a measure of irony here given that various US government and state agencies have been avid purchasers of location data amassed by companies like Kochava.

In brief

Stolen: Stolen credentials were the cause of nearly half the data breaches during the first half of 2022, according to Acronis. It says it "continues to be the number one threat to large and medium-sized businesses."

5G: 5G cellular networks are far more secure than their predecessors. Unfortunately, the same can't be said of many of the cloud systems used to run them, as penetration testers discovered in a series of exercises. Security Research Labs

Montenegro: The US has warned that an ongoing ransomware attack in the country could cause widespread disruption to key public services. Montenegro blamed the attack on Russia. Researchers say a ransomware gang is responsible.

Twilio: It turns out more than 130 organisations have been affected by the Twilio data breach. They were all customers of identity and access management provider Okta. The attackers used imitation Okta authentication sites to compromise the organisations. Group-IB

Home office: The Pwn2Own hacking contest is offering a prize of up to $100,000 for ways to break into a home network through its internet router.

LinkedIn: A marketing manager created a tool that automatically writes "cringe" LinkedIn posts. i.e. ones containing a "large portion of self love, even a little narcissism." (He's already sold it to a marketing company.) Meanwhile, we applaud this LinkedIn CV which says so much about the platform in such a small space. And then there's a TV script created by using artificial intelligence to read 100 million LinkedIn profiles.