FFT news digest Jul 30 2021

War

"It's more likely...if we end up in a war, a real shooting war with a major power, it's going to be as a consequence of a cyber breach of great consequence." So said President Biden in remarks directed at the US intelligence community. His speech is worth reading in full because it takes a much more strategic perspective than that soundbite might suggest. The picture he paints is of a connected world in which geopolitical rivalry and radical climatic change create a worrying potential for global conflict.

Many researchers believe strongly that it's wrong to suggest cyber warfare will lead to a shooting war. As far back as 2012, then US Defence Secretary, Leon Panetta, was talking of a "cyber Pearl Harbor." In fact, as an article in Politico argues, "today’s cyber reality seems simultaneously less scary and more of a hot mess—a series of more frequent, less consequential attacks that add up not to a massive Hollywood disaster but rather to a vaguer sense of vulnerability." We're less phlegmatic. The US has already drawn red lines around critical infrastructure and warned Russia not to cross them. What happens when it does?

As last week's Pegasus Project demonstrated, the technology we use is inherently insecure and the tools to exploit those vulnerabilities are readily available. This week, US whistleblower, Edward Snowden, wrote "State-sponsored hacking has become such a regular competition that it should have its own Olympic category...Each country denounces the others’ efforts as a crime, while refusing to admit culpability for its own infractions." Snowden suggests trade (and investment) in "intrusion software" should be criminalised and where a nation state is involved, "a coordinated international response" should follow. Which sounds awfully like a recipe for an eventual shooting war.

Threats

Spearphish: Everyone is at risk from targeted phishing, as criminals step up the sophistication of their attacks. Barracuda says an average organisation is targeted by more than 700 social engineering attacks in a year, one in five business email compromise attacks focus on sales roles, and 43% of phishing attacks impersonate Microsoft brands.

Windows 11: Kaspersky has a warning for anyone thinking about trying to get hold of an early copy of Windows 11. That's exactly what attackers are hoping you might think and they have booby-trapped versions for you.

macOS: Malicious software known for targeting the Mac operating system has been updated so that it can attack a variety of apps, including Google Chrome and Telegram. The Hacker News

Tech support: Proof that no-one is impervious to being scammed, even a YouTuber whose channel was all about exposing tech support scams. "I was convinced to delete my YouTube channel because I was convinced I was talking [to YouTube] support," Jim Browning said. The technique is ingenious and very, very hard to spot. Linus Tech Tips

Routers: One in 16 home WiFi routers is still using the manufacturer’s default admin password. Comparitech scanned the internet for the 12 most popular routers sold on Amazon and was able to log into most of the models.

Mining: Malicious software is targeting Windows and Linux systems and is spreading via phishing emails, exploits, USB devices, and brute force attacks. The malware is designed to hijack some of the processing power of a compromised device to create or 'mine' cryptocurrency. Microsoft

Iran 

Analysis of cyber warfare often focusses on Russia and China, but Iran's exploits shouldn't be ignored, as a couple of reports this week illustrate. First, Proofpoint details how Iranian attackers pretended to be an aerobic instructor in Liverpool in an 18-month campaign that targeted the defence and aerospace sector. The attackers used email, photos and flirtatious messages as a prelude to persuading their targets to open a booby-trapped file. And Sky News obtained classified documents that appear to describe research into how a cyber attack could be used to sink a cargo ship or blow up a fuel pump at a petrol station.

Surveillance

Much of our work is with journalists and production teams working on sensitive stories or being deployed to hostile environments, and an article in The Guardian illustrates the extent of the threat they face. Bradley Hope is a former Wall Street Journal reporter; "Counterintelligence in journalism used to be the domain of reporters digging into matters of national security or liaising with sensitive government whistleblowers; but increasingly those tactics are necessary across the board," he writes. The reality is that surveillance tools are so common that it would be extraordinary if they weren't used by governments and commercial organisations alike.

VPNs

Canadian VPN provider, Windscribe, has admitted to a security failure that could have compromised traffic passing through its servers in Ukraine. Windscribe said it had failed to encrypt the servers which were seized by the authorities as part of an investigation into the theft of funds from a Ukrainian social services agency. The failure meant attackers could have captured and decrypted traffic passing through the servers. Virtual Private Networks are designed to secure traffic by encrypting it, so this is a pretty fundamental failure (which Windscribe says it is addressing). The lesson is to be very careful when choosing a VPN service - and even then to remember that 100% security doesn't exist.

Insider threat

As organisations wrestle with the challenges of hybrid working, it's essential to ensure there is a program in place to mitigate the threat from insiders. That threat might come from malicious employees who have been suborned to steal information (much more common than you might think) or from someone who simply falls for a phishing email. Tessian has 17 examples ranging from the commonplace (such as taking information when leaving for a new job) to the more exotic (recruitment by a nation state). Whatever form it takes, the threat shouldn't be underestimated, especially as the working environment enters a new phase.

In brief

2FA: It's completely understandable that people resist adding two-factor authentication to their accounts...but figures released by Twitter are still pretty startling. It says only 2.3% of active accounts were using the protection in the second half of last year.

Facial: Out of work in Colorado and want to claim unemployment benefit? First you'll have to complete an identity verification process which includes facial recognition. CNN

Predatory: Sexual predators are targeting vulnerable teens through online ‘anorexia coaching’, according to Suku Sukunesan. His research shows how predators are facilitated by social media algorithms.

Ink: Don't be tricked by warnings from manufacturers about the risks of using third-party printer ink. "The best third-party inks were very close in quality to...a printer’s original branded ink,” Which? said.

Running: A 'bipedal' robot designed by researchers at Oregon State University has completed the first robotic 5 kilometre outdoor run. It took 'Cassie' 53 minutes and a single battery charge to run the route. OSU 

Updates

Top issues: Cybersecurity agencies from Australia, the US, and the UK have issued a joint advisory listing the security flaws that have been exploited most frequently over the past two years. The vulnerabilities include VPN appliances, email servers, network access gateways and desktop software. There are updates for all these issues, but there are still systems that remain unpatched.

iOS: Predictably, Apple has released iOS 14.7.1 just a week after it issued the previous version. The update addresses a 'zero-day' vulnerability (i.e. one that previously was unknown) which is likely to be one exploited by the NSO Group in its Pegasus software. Unfortunately, NSO almost certainly has plenty of other 'zero-days' up its capacious sleeves. Also unfortunately, the latest update doesn't completely fix a bug that prevented iPhones from unlocking Apple Watches. But none of that alters the fact that this is an update worth installing immediately.

macOS: The issue that affected iPhones and iPads also applies to macOS Big Sur and there's an update for that as well.

Microsoft: Has issued mitigations for a nasty issue that could allow an attacker to take over a domain controller or other Windows servers. It affected the Windows NT LAN Manager (NTLM) which is used to authenticate a client to a resource on an Active Directory domain. The mitigation? Turn it off when it's not needed.

Windows 10: Microsoft has released an emergency update to fix an issue preventing some printers and scanners from working correctly.

Signal: An update for the Android app fixes a weird issue with sending pictures. The problem was that, as well as a selected picture, a bunch of other random images might be sent as well. Apparently, a "rare intersection" of database properties was responsible. Users are unimpressed.

Zimbra: 9.0.0 “Kepler” Patch 17 and 8.8.15 “James Prescott Joule” Patch 24 released. News also emerged this week of two issues, now patched except in older versions, that could be chained together and allow a Zimbra server to be hijacked simply by sending a malicious email.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved