news221021

FFT news digest Oct 21 2022

Hacking hacks

A former Wall Street Journal reporter has accused a leading US law firm of being part of a plot to use stolen emails to discredit him and have him fired from his job. Jay Solomon was the paper's chief foreign affairs correspondent and was sacked after evidence suggested he was engaged in business dealings with a key Iranian source. In court documents, Solomon alleges that 11 defendants, including the law firm, used mercenary hackers to steal the messages. The law firm has denied the accusations.

Solomon’s suit is the latest in a series of legal actions that follow reports by Reuters about hired hackers based in India. In June, the news agency said several such operations were involved in longstanding espionage campaigns that targeted thousands of people, including more than 1,000 lawyers at 108 different law firms. In a statement carried by Reuters, Solomon said the hack-and-leak he claims to have experienced was an example of "a trend that's becoming a great threat to journalism and media, as digital surveillance and hacking technologies become more sophisticated and pervasive."

This is obviously a very tangled tale and we wouldn't seek to prejudge the court case(s) but as this newsletter has reported repeatedly it is commonplace for technology to be used against journalists around the world. Worrying as spyware like Pegasus may be, just as concerning is the tactic of planting documents on journalists' computers which are then used to prosecute them. Organisations including Arsenal Consulting and SentinelOne have published convincing evidence setting out how these tactics have been used in India and Turkey. In Turkey, it took journalists six years to be acquitted of fabricated charges.

Threats

Top lines: KnowBe4 has gathered the most commonly used phishing subject lines. Top is Google: You were mentioned in a document Strategic Plan Draft. Followed by HR: Important Dress Code Changes, HR: Vacation Policy Update, Adobe Sign: Your Performance Review, Password Check Required Immediately.

Home: A ransomware attack delivered by fake Windows 10 and antivirus software updates is targeting home users. It lures victims to websites that persuade them they need to install an important software update. HP Wolf

Office docs: A complex campaign begins with a booby-trapped Office document pretending to determine the eligibility of an applicant for a US government job. Rather than launching an attack immediately, the aim is to install a backdoor that enables later access by anyone willing to pay for it. Cisco Talos

Zoom: Zoom-themed attacks are growing in popularity, enabling attackers to steal sensitive information and financial details. Fake Zoom websites, e.g. zoomus[.]website and zoom-download[.]space, are used to lure users into downloading the malicious software. ITPro

Facebook: A phishing campaign that hijacks Facebook accounts running advertising campaigns for businesses is using new malicious software designed to steal credentials. The lures are ZIP files offering games, subtitle files, adult videos, and pirated MS Office apps. ZScaler

China: The US National Security Agency has urged organisations to consider the potential impact of an escalation in tensions between China and Taiwan. The Register

Phishing vs deepfakes

Phishing works so well that most attackers don't bother with fake video so we shouldn't worry too much about it, according to Sophos. One of its researchers told The Register that "panic" over deepfakes is completely overblown because "people will give up info if you just ask nicely." We agree. Simple tactics will always be the first choice which is why it's so important to ensure there is a firm foundation for cybersecurity. But we shouldn't ignore deepfakes because they are used (as Sophos says) particularly in romance scams and business email compromise.

Pesky kids

Not for the first time, there's evidence that younger workers pay more attention to their own security than that of their employers. EY surveyed 1,000 US workers who are issued with corporate devices and found 58% of Gen Z and 42% of millennial respondents said they ignored mandatory IT updates for as long as possible while the figures were 15% for 'baby boomers' and 31% for Gen X. Younger generations are also more likely to use the same passwords for work and personal accounts. "There is an immediate need for organisations to restructure their security strategy with human behaviour at the core," EY said.

In brief

Qatar: Everyone travelling to Qatar during the football World Cup will be asked to download two apps that are effectively spyware. The apps, one of which is a COVID-19 tracking solution, require access to functions including location, disable screen lock, and can read, delete or change all content on a phone. NRK

Breach: Microsoft has confirmed that there has been a data leak linked to a misconfigured server for a cloud storage service. It disputes a report describing the leak as one of the largest such incidents in recent years.

Iran: The German cybersecurity agency that taken down a web server used to control malware deployed by the Iranian government to spy on participants of recent anti-government protests. Risky Biz News

China: More evidence has emerged of China's ongoing campaign to target organisations in Hong Kong. Symantec says the main aim appears to be to gather intelligence.

Right to repair: The campaign to enable consumers to fix their devices is gathering momentum in the US with the Federal Trade Commission consulting on whether manufacturers should be forced to provide guides and maintenance instructions with some products.

Keyless: Europol says an international operation has taken down a gang that specialised in stealing French keyless cars. 31 suspects were arrested, 22 locations were searched, and over one million Euros in criminal assets were seized.

Netflix: Despite adding 2.4 million users in the last three months, Netflix is planning to go ahead with its crackdown on sharing passwords. The changes will start early next year. They're prefaced by the Profile Sharing feature that is rolling out at the moment and allows people to create their own accounts but keep their settings.

Student: A University of Puerto Rico student has been jailed for 13 months after being found guilty of hacking the email and Snapchat accounts of email classmates.