FFT news digest Oct 7 2022

Spyware

The Mexican government or army is reported to have continued to use Pegasus spyware against the cellphones of journalists and activists, despite a pledge by President López Obrador to end such practices. Press freedom groups said those targeted with the spyware had been investigating human rights abuses by the Mexican army. Their claims are supported by forensic analysis carried out by the University of Toronto group Citizen Lab. Mexico has been an avid user of Pegasus, indeed President López Obrador he himself was a target. After coming to office in 2019 he gave repeated assurances that its use would end.

China appears to have been stepping up efforts to exert ever greater control over use of the internet in the country. Kaspersky says Chinese YouTube users are being tricked into installing a booby-trapped copy of the Tor browser which collects information about anyone using it. Also this week, China is reported to have upgraded its 'Great Firewall' which controls access to the internet in the country. Great Firewall Report says the changes are designed to prevent tools based on TLS encryption from being used to circumvent the controls. Meanwhile, The Intercept has a detailed report on the surveillance state that China has created.

On a (slightly) more positive note, a member of the EU parliamentary committee examining the use of spyware has some robust comments. "The use of mercenary spyware in the European Union is Europe’s Watergate. We know that 14 EU member states had bought Pegasus, and it is likely all member states are using one or another brand of spyware," Sophie in 't Veld says. The problem, as she points out, is that the EU's "intergovernmental institutional architecture is totally not designed for this kind of situation." While the EU parliament has been vocal on the issue of spyware, the European Council of government leaders and the EU Commission have been deafeningly silent.

Threats

Android: New malicious software masquerading as a phone-spoofing app is targeting Android devices. It's being distributed via Telegram and a dedicated website and is designed to spy on organisations. zLabs

LinkedIn: The security menace that is LinkedIn continues to cause problems. Brian Krebs reports on a glut of fabricated identities which combine AI-generated profile photos with text lifted from legitimate accounts and which present a serious challenge for HR departments.

Boss email: Just because an email looks like it's been forwarded by your boss doesn't mean it's genuine. Abnormal Security has details of a sophisticated scam designed to persuade the target to authorise huge wire transfers. ZDNet

Microsoft logo: A Chinese state-backed espionage group has been caught using malicious code hidden inside a Microsoft Windows logo. Symantec says it has been used to attack governments in the Middle East. Antivirus products are being updated to identify the threat.

Virtual machines: Espionage is being blamed for a novel way of attacking the virtual machines that run on a single computer. Mandiant says attackers have found a way to hijack the software that manages the machines. There's no patch for the issue but VMware has advice.

QR codes: Be cautious with QR codes. Earlier this year, the FBI warned about hackers corrupting them to steal money and there are signs this technique is on the increase. Alas, QR codes are a good example of the inherent insecurity in solutions designed to make things easier.

Pig butchers: "Pig butchering" is the technique of engaging a target, building up trust and persuading them to invest in a cryptocurrency scam. We've reported on it before but the FBI is warning that it's becoming increasingly common.

Ransomware

Almost every organisation worries about the threat from ransomware but half of such attacks are relatively easy to defend against. Secureworks says 52% of ransomware attacks begin by exploiting vulnerabilities in remote and internet-facing systems that haven't had the latest security updates applied. This a particular issue with newly-discovered vulnerabilities because attackers are increasingly adept at exploiting them as quickly as possible. (This isn't to say that we underestimate the challenge of updating systems.) This week Sophos reports on a new technique being used by a ransomware gang to bypass antivirus programs on Windows devices. 

Teams

Organisations using Microsoft Teams are paying too little attention to security and backup, according to new research. Hornetsecurity says over half of users are sharing business-critical information on the platform but there is insufficient focus on making them aware of the importance of protecting what they send. And to compound the issue, many organisations don't have robust solutions in place to ensure data is backed up. Hornetsecurity is far from a disinterested party (it provides backup tools for Teams) but its research chimes with some of what we have seen and the report was carried out by a reputable company.

In brief

Twitter: So Elon Musk has decided he'll buy Twitter after all, probably because he finally realised he didn't have a choice. The New York Times has a rather depressing overview of what Twitter under Musk might be like. More Trump anyone?

TikTok: TikTok gathers data on people even if they don't use the app, according to Consumer Reports. It says it uses a mechanism much like that employed by Meta which enables TikTok to harvest information from the webpages people visit.

Uber: Uber's former Chief Security Officer has been found guilty in a US federal court of failing to disclose a massive breach of customer and driver records and of attempting to cover up the incident. He has yet to be sentenced.

Optus: Police in Sydney have arrested a 19-year-old man for allegedly trying to profit from the recent data breach at the Australian telco. His alleged technique was not sophisticated. Police tracked him down after identifying a bank account they say he used. He's not believed to have been behind the original breach.

Deepfakes: You might have seen reports that Bruce Willis sold the rights to his image to an artificial intelligence startup. Not true, his agent told the BBC. Willis, who's 67, retired after being diagnosed with aphasia, a neurological disorder that affects language use and understanding.

Charging: Apple folk are likely to be deeply unhappy with the EU's decision to make USB-C the mandatory standard for charging ports in consumer devices. The idea is to reduce waste and most devices already use the standard....except for iPhones.

GDPR: So the Tory government says it's decided to replace the EU's General Data Protection Regulation with the UK's "own business and consumer-friendly, British data protection system." We wait with interest to see how this results in something acceptable to the EU. Much easier said than done.

Rees-Mogg: Supporters of the British Business Secretary were probably slightly startled to find that the live chat function for an appearance at the Tory party conference had been hijacked. By an adult dating site.

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved