FFT news digest May 21 2021

Ransomware

Ransomware group, DarkSide, earned over $90 million in just 9 months, according to researchers who tracked down its Bitcoin records. UK blockchain analytics firm, Elliptic, said it found 47 separate wallets (an average $1.9 million ransom per victim). DarkSide operated a Ransomware as a Service (RaaS) model in which affiliates used its tools, and any ill-gotten gains were divided, with the developers taking between 25%-10% of the loot. At least that was the idea. In fact, a number of the affiliates are complaining they were never paid.

DarkSide says it has shut up shop, apparently in response to the furore around the attack on Colonial Pipeline that shut down most of the US east coast's fuel distribution network. In announcing the closure, DarkSide said it had lost control of key parts of its infrastructure, according to a post spotted by Recorded Future. Of course, the idea that the people behind DarkSide have retired to a beach to count their cash is far-fetched to say the least. The profits to be made from ransomware are simply too profitable to resist, and there are persuasive signs that some of the group's affiliates are still in business.

All this means that the number of ransomware attacks will almost certainly grow, and it's vital to protect against them. The key risk is no longer simply lack of access to data that have been encrypted, but also the publication of sensitive information. A report from Zscaler illustrates the problem. "New methods like double extortion and DDoS attacks [are] making it easy for cybercriminals to sabotage organizations and do long-term damage to their reputation," Zscaler says. The UK's National Cyber Security Centre has advice here.

Threats

Banking: Malicious software known as Bizarro is making inroads in Europe after spreading from its Brazilian base. It uses fake tax alerts to fool victims and steal banking credentials. Kaspersky

Missing: The FBI says scammers have been targeting the families of missing persons with the aim to extort money from them using information shared on social media.

iPhone Calendar: There has been a resurgence in 'calendar spam', with iPhone users reporting that they have been bombarded with junk events. Apple thwarted a previous campaign, but the scammers seem to have found a workaround. Malwarebytes

Search: Be wary of search results. The FBI says criminals are using adverts and search results to spread phishing sites that impersonate banking websites. KnowBe4

Fake authenticator: Do be wary when installing extensions from Google's Chrome Store. In the latest security failure, Google failed to spot a fake extension masquerading as Microsoft Authenticator. GHacks

Vishing: Fraudsters are using voice-based phishing tactics to try to steal credit card details. The lure employs fake Amazon receipts in a bid to persuade targets to phone a number to return the non-existent item. Armorblox

Dark Patterns

It's no accident that you feel inclined to click on that friendly blue button to change your password or sign up for a service. There's a whole theory that underpins the design of such processes. It's called 'Dark Patterns' and we've covered it here before, because it's also used by cyber criminals. Now, a coalition of groups including the Electronic Frontier Foundation, has launched a campaign to "hold companies accountable for their dishonest and harmful practices." Dark Patterns appear in multiple guises. Few have been quite as deceptive as the one used by Grubhub which hid a 15% service charge under 'taxes and fees' on its receipts.

Crime

The FBI’s Internet Crime Complaint Center (IC3) says it logged one million complaints related to online scams in the last 14 months, bringing the total number recorded to six million. To put this in context, the FBI says says it took nearly seven years for the IC3 to log its first million complaints. The main themes are business email compromise (aimed at organisations), romance scams (an online confidence trick), and investment fraud. The scale of digital crime is also illustrated by the extraordinary number of 'credential stuffing' attacks. Akamai says there were 193 billion failed attempts to access user accounts using stolen or reused credentials. And data gathered by The Next Web illustrate why. Prices for stolen credit cards are on the rise, although the value of social media accounts has dropped (possibly because so many are available).

Apple cheek

The case between Apple and games maker, Epic, took a turn for the surreal this week when Apple's software chief defended the App Store on the grounds that the alternative would be to make iPhones as insecure as MacBooks. Apple is bending over every which way to try to preserve the 30% cut it takes from sales made in the App Store. Throwing its Mac operating system under the bus is an intriguing tactic. Meanwhile, The New York Times reports that concessions to China have "made it nearly impossible for [Apple] to stop the Chinese government from gaining access to the emails, photos, documents, contacts and locations of millions of Chinese residents."  

Framed

India has joined the club of governments to have planted documents on the computers of people whose activities they don't like. Arsenal Computing submitted technical evidence in a case against 11 prominent Indian human rights activists who are accused of "inciting violence against the state" following mass protests in January 2018. Arsenal determined that malicious software was used to plant fake documents which form the basis of the case against the accused. The documents were saved on a hidden folder that had not been opened and were created using a newer version of Microsoft Word than that installed on the compromised computer. "This is one of the most serious cases involving evidence tampering that Arsenal has ever encountered," the company said.

In brief

Stalkerware: Android apps designed to track individuals are riddled with vulnerabilities that create additional risks for targets, but also expose the privacy and security of the people who use them. ESET

GDPR: UK organisations should review whether they need to appoint an EU-based data protection representative. The warning comes after Dutch regulators announced Canada-based locatefamily.com would be fined €525,000 for failing to do so. Pinsent Masons

Vizio: The TV maker says it now earns almost as much money from monetising user data as it does from selling TV sets.

Bitly trick: Bitly shortens web addresses, and they can be dangerous because they hide where a link leads. Adding a + to the bitly link reveals the real address. @_sn0ww

Starline: Google has been talking future technology, including a video-calling solution it describes as a "magic window" that allows people to feel as if they're in the same room, even if they're on opposite sides of the world. Google

Captchas: It's not your imagination. Those irritating tests used to prove we're human are getting harder in an effort to stay ahead of hackers. Cloudflare says Captchas are "madness" and it has an answer. Alas, widespread adoption looks a long way off.

Sex: No sex here, we're eBay. It has announced a strict ban on "items that contain explicit sexual material." And that includes "sexually explicit" books and films.

Fax off: The CIA is about to retire its last fax machines. The devices have been used for secure communications with private contractors. They'll be replaced by a special email system. So that's all good. Nextgov

Updates

Why updates matter: It took only five minutes for attackers to begin scanning for vulnerabilities after Microsoft announced previously unknown vulnerabilities in Exchange Server, according to Palo Alto Networks.

Windows 10: The 'v21H1' update (known as Windows 10 May 2021) is a minor update, but some problems have already been reported, particularly when updating older versions of the operating system.

OneDrive: Microsoft has published a workaround for users experiencing 0x8004de40 errors when trying to signing into their accounts.

Teams: After almost a year in preview, new features have been released with a focus on personal use.

Google Workspace: New security features provide administrators with more tools for protecting users and organisations.

Android: Latest update addresses four previously unknown 'zero-day' vulnerabilities that are being actively exploited.

Cisco: Updates address a high-severity vulnerability in AnyConnect Secure Mobility Client.

Thunderbird: Version 78.10.2 is a security update that also includes usability improvements and bug fixes.

SecureDrop: Version 1.8.2 is a bugfix release for servers running Ubuntu 20.04

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved