FFT news digest May 27 2022

Trends

A couple of useful reports provide an overview of the key threats facing individuals and organisations. The key one is Verizon's Data Breach Investigations Report which is widely regarded as the leading cybersecurity study in a crowded field. Its main findings include;

- Ransomware remains a fast-growing threat and accounted for 25% of observed security incidents in the year to October 31, 2021, and was present in 70% of all malicious software infections.

- 82% of security breaches involved the "human element" due to stolen credentials, phishing, misuse, or error.

- About 93% of all breaches were financially motivated, and about 6 percent were clearly for espionage purposes. For the most part, hacktivism is an afterthought (though the war in Ukraine may change that).

- Supply chains were responsible for roughly 62% of security incidents last year and are a growing target for bad actors, including groups that are more focussed on espionage than financial gain. For an example of a 'supply chain attack, go no further than 'Solar Winds').
Write-ups: The Register, The Record, ThreatPost

And one other finding, this time from Kroll's Threat Landscape report. Its analysis of threat activity for the first quarter of this year emphasises the importance of protecting email accounts. It says it observed a 54% increase in phishing attacks being used for initial access in comparison with the previous 3 months. Email compromise and ransomware were the two most common threat incident types, again highlighting the integral part played by end users in the intrusion lifecycle.


Threats

PDFs: The ubiquity of PDF documents makes them an irresistible vehicle for attackers. Their latest tricks include using them to smuggle malicious macros (under the guise of a "Remittance Invoice"). HP Wolf Security

Instagram: Beware unexpected messages from contacts asking for help resetting their social media accounts. A technology journalist explains how he was taken in - and how difficult it was to persuade Instagram to take any notice. ZDNet

Sextortion: The number of cases in the UK doubled in 2021 compared to 2020, according to figures from the Revenge Porn Helpline. There has also been a surge in reports of all types of intimate image abuse. Infosecurity

Vishing: Voice phishing cases have increased by almost 550 percent over the year to April 2022. An increasingly common tactic is to use emails with a callback number in the hope that victims will interact with a live scumbag. Help Net Security

Prehijack: You have to admire criminal ingenuity. Researchers have identified how accounts can be hijacked before they've even been registered. They found about half of popular websites they tested were vulnerable to the techniques. The Register has a good write up.

Credit cards: Microsoft has warned online stores that attackers are using stealthier techniques to hide the code that steals credit card details.

Customs fee: If you get an email saying “Item stopped due to unpaid customs fee”, it’s a fake! Malwarebytes

Ukraine

Disparate cyber attacks continue as the ghastly conflict in Ukraine drags on.

Russia Today: An unknown Advanced Persistent Threat (APT) group has targeted Russian government entities with at least four separate targeted phishing campaigns since late February. Devices belonging to Russia Today were infected with a remote access trojan giving access "to almost 100 RT TV employees' email addresses." Malwarebytes

Anonymous: The hacktivist group says it’s launching a "cyber-war" against the pro-Russian group Killnet, which recently attacked European institutions.

Reconnaissance: Russian state-sponsored hacking group Turla has been spotted reconnoitring the Baltic Defence College, the Austrian Economic Chamber, and NATO's e-learning platform. Sekoia

Hacked

Emails between leading pro-Brexiteers including a former head of MI6 have been published online after being stolen by a group with connections to Russian hackers. Google's Threat Analysis Group told Reuters that there were clear links between the 'Very English Coop [sic] d'Etat' website and attackers known in Russia as Cold River. The site says the emails belong to members of a hardline pro-Brexit group that is secretly controlling the UK. Sir Richard Dearlove, who led the UK's foreign intelligence service from 1999 to 2004, said his Proton email account had been compromised by a "Russian operation". The emails captured a "legitimate lobbying exercise which, seen through this antagonistic optic, is now subject to distortion," he added.

In brief

Clearview: The UK data protection regulator has fined the controversial facial recognition company £7.5 million and told it to delete any images it has collected. Clearview responded by saying it's "not subject to the ICO's jurisdiction, and Clearview AI does no business in the UK at this time." The Register

Twitter: Meanwhile, Twitter is being fined $150 million to settle allegations that phone numbers collected for multi-factor authentication were used to target advertising. FTC

Deepfakes: Automated “liveness tests” used by banks and other institutions to help verify users’ identity can be easily fooled by deepfakes. The Verge

Passwords: A database containing more than 800 million stolen passwords reveals that 83% complied with basic security standards. In other words when choosing a password it's worth checking it hasn't already been compromised. Meanwhile, Pen Test Partners explains why passwords need to have at least 10 characters. DarkReading

Apple bugs 1: A class action lawsuit against Apple for defective displays has been dismissed with the court ruling that there was no legal obligation to disclose the design flaw. 9to5Mac

Apple bugs 2: Meanwhile, Bloomberg's Apple watcher reports a nasty bug which involves eSIMs randoms deactivating iMessage and FaceTime. Mark Gurman

DuckDuckGo: The privacy-focussed browser is facing difficult questions after it emerged that it has a deal with Microsoft which prevents it from blocking the organisation's trackers.

Sex toys: Internet-connected sex toys (aka 'teledildonics') are a big thing but the security around them is lamentable. Pen Test Partners has made something of a speciality in identifying the flaws, some of which are really quite alarming... 

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved