FFT news digest Aug 12 2022

Lessons learned

This week has seen successful cyber attacks against some of the world's biggest technology companies as well as the UK's National Health Service. Among the key lessons; even the most sophisticated users can be fooled and never, ever allow a browser to save important passwords.

Kudos to Cisco for a very comprehensive report on how it was breached. The key issue was that attackers obtained access to an employee's personal Gmail account. The employee had stored their work credentials in their browser which meant they were synced to Google and so available to the attackers. To access Cisco's internal network, they still had to overcome the barrier of multi-factor authentication. They achieved that by bombarding the employee with authentication notifications until one was accepted, "either accidentally or simply to attempt to silence the repeated push notifications they are receiving.”

Two other high-profile attacks affected two-factor authentication provider Twilio, and content delivery network, Cloudflare. Twilio was breached, Cloudflare wasn't. The difference was the hardware security keys issued to every Cloudflare employee. As we've been reporting, attackers are increasingly using techniques that defeat most forms of two-factor authentication except those using a FIDO-2 compliant security key. They include a number of features that prevent an attacker impersonating the genuine user. They're not always popular but there's no question they work. Cisco and Cloudflare's incident reports have great summaries of what they've learnt from the attacks.

Threats

Coopetition: Ghastly term created by Sophos to describe a growing trend that involves multiple gangs attacking the same ransomware target simultaneously. Sophos admits it's not entirely sure why this is happening but common characteristics among victims are a failure to fix vulnerabilities or remove tools/configurations left by attackers.

Small-time: Cisco's Talos Intelligence unit has been looking at cybercrime statistics and has concluded that small-scale crime is "about to explode." "Technology has become such an integral part of our lives that anyone with a smartphone and desire can get started in cybercrime," it says.

Redirects: Attackers have been exploiting flaws in high profile websites including Snapchat and American Express to steal Microsoft 365 credentials. The issue allows the domains of trusted brands to be used to convince targets that phishing messages are real. Inky

Energy costs: The horrifying rise in gas and electricity prices makes perfect fodder for criminals. Malwarebytes rounds up the techniques that are being used.

Twitter: That message from 'Twitter Support' is almost certainly fake. TechCrunch warns about the rise in messages urging users to act quickly to avoid suspension. Lots of people have been taken in by these. Very experienced cybersecurity reporter, Dan Goodin, recounts how he nearly fell for a similar scam.

Twitter

A former Twitter employee faces up to 20 years in prison after a San Francisco court found him guilty of spying on users for Saudi Arabia, as well as conspiracy to commit wire fraud and money laundering. A close adviser to Saudi Arabia's de facto ruler offered cash and luxury goods to Ahmad Abouammo and another Twitter employee (who subsequently fled the country) in return for personal information about Saudi dissidents. In 2015, Twitter sent warnings to some users that their accounts had been targeted by state-sponsored actors. This week, Twitter confirmed that an attacker gained access to the contact details of 5.4 million accounts. Both stories reinforce our view that social media companies cannot be trusted to protect their users' information.

WhatsApp

Lots of media coverage of the latest WhatsApp update that will allow members to leave a group chat without everybody being notified about their decision. We empathise because most people who use WhatsApp probably belong to at least one group that generates endless pointless notifications. We'd suggest that rather than leaving it, you can just mute the wretched thing. A new feature will reportedly allow group admins to approve who can join group. If WhatsApp/Meta were really serious about empowering its users, it would give them the same control and allow them to choose whether or not to join a group.

In brief

Schools: Wired provides a glimpse into the life of a modern teenager's life. A school sent teens home with laptops pre-loaded with monitoring software. They plugged their phones into the laptops to charge them. When they sent nudes to each other the software sent alerts to school administrators.

Deepfakes: Attackers are making increasing use of deepfakes, according to VMware's Global Incident Response Threat Report. It says the majority of them were fake videos which were used in business email compromise attacks. Incidentally, a report advises how to identify a deepfake video call; just ask them to turn sideways.

Crypto crackdown: The US has moved to crack down on the use of cryptocurrency to launder the proceeds of crime. The Treasury Department placed sanctions on Tornado Cash, which allows users to move assets between accounts and hide their origin and destination. It estimates it's been used to launder more than $7.6 billion worth of virtual assets since its creation in 2019.

Roomba: Latest acquisition by Amazon is the maker of the Roomba robotic vacuum cleaner. The price - $1.7 billion. Money well spent given its ability to build up a complete understanding of a home and what's in it. The Verge

Sharing: 18 of the world's biggest technology companies are building a common standard for sharing cybersecurity information. The aim is to fix the failure of cyber products to integrate, making it hard to fully assess hacking threats. Wall Street Journal ($)

Stalker: A 41-year old man has been jailed for stalking his ex-girlfriend with an Apple AirTag. A judge at Swansea Crown Court sentenced the man to nine weeks in prison after finding him guilty of glueing the tracking device to her car. He was caught after he texted the woman revealing he knew her location. Wales Online

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved