FFT news digest Aug 13 2021

Combatting child abuse

Apple's PR machine has been in overdrive following its announcement that it will scan iPhones and iPads that sync to iCloud for child sexual abuse images. While no-one is complaining about efforts to protect children, there has been widespread concern (including from Apple's own employees) that the scanning mechanism could be open to government abuse. In an interview with TechCrunch, Apple rejected the charge, saying the system has a number of in-built protections - and "it's not very useful for trying to identify individuals holding specifically objectionable images." It also pointed out that scanning will happen initially only in the US - and can be prevented by not syncing photos to iCloud.

The introduction of photo scanning is one of three initiatives announced by Apple. It's also enhancing the controls in Messages to alert parents when under-13s are about to view an explicit image. And any searches for terms related to child abuse will provoke a warning message. "As important as it is to identify collections of known CSAM [child sexual abuse material] where they are stored in Apple’s iCloud Photos service, It’s also important to try to get upstream of that already horrible situation... It is also important to do things to intervene earlier on when people are beginning to enter into this problematic and harmful area," Apple said.

Apple is far from alone among the tech giants in taking action to improve protections for children. This week, Google announced a series of measures that include an end to targeting ads at children and a reduction in location-tracking for under-18s. It will also restrict children's access to pornography and give parents the ability to remove images of their children from Google search results. Last month, Instagram made new under-16s' accounts private by default which will mean only approved followers can view posts and "like" or comment. On the other hand, it's also going ahead with plans for apps designed for under-13s.

Threats

Phishing: May saw a record rise in the number of phishing sites; up 440% on the previous month. Large organisations continued to experience extortion and ransomware attacks, with financial organisations being a key target. PayPal remained the most popular brand leveraged by scammers. Webroot Brightcloud

DocuSign: A new attack uses DocuSign to send malicious documents and phishing links. It's the latest example of a tactic that exploits online services to try to fool targets and defeat email filters. Previously, hackers used fake Docusign notifications. Now they're using genuine links. Avanan

WeChat: Fake installers for the Chinese social media app are appearing at the top of Google search results. As one security researcher observed, "One of the most dangerous things to do on the Internet in 2021: use Google without an adblocker and/or click on Google Ads."

Android apps: Malicious apps distributed through the Google Play store and third-party app market places are luring users by offering coupon codes for Netflix and Google AdWords. zLabs

App Store: More scam apps have been spotted in Apple's app store. They work by charging users hundreds of dollars a year to do nothing. As Forbes reports, this an area in which Apple is a repeat repeat, repeat, repeat, repeat offender."

Instagram: Scammers are offering to have accounts banned by abusing Instagram's protections against suicide, self-harm and impersonation. They charge tens of dollars to secure a ban - and thousands to have the account restored. Motherboard

LEDs: Researchers in Israel have demonstrated how to monitor conversations remotely by analysing the LED lights on connected speakers. Their paper shows that it's possible "to recover speech from a speaker’s power LED indicator with good intelligibility from a distance of 15 meters and with fair intelligibility from 35 meters." Ben-Gurion University of the Negev

China Iran

It's difficult to establish exactly who is behind cyber espionage activity, and that's often because the attackers plant false flags in a bid to pin the blame on someone else. The latest example of this comes courtesy of China. Detailed research from Mandiant says Chinese attackers targeted Israeli organisations in a campaign that began in January 2019, and during which the group often tried to disguise itself as an Iranian threat actor. The attacks form part of a wider campaign against targets across the Middle East, Europe, Asia, and North America. Sectors affected included government, technology, telecommunications, defence, finance, entertainment, and health care sectors.

Belarus hack

A group calling itself “Belarusian Cyber-partisans” succeeded in hacking the servers of the country's police and the Interior Ministry, with spectacular results. They downloaded an entire database containing all personal details of every Belarusian citizen, including passport photos, home address and place of work. Among the data are details of people working for the KGB security service and the history of emergency calls in which regime supporters informed on their co-workers and neighbours. They were also able to access camera feeds from police stations, prisons and drones. Extraordinary. 

Crime capers

No-one is safe online, and that includes the scammers, criminals and scumbags themselves. Veteran cybersecurity journalist, Brian Krebs, has a wild tale of a would-be criminal who got in touch to complain he had been scammed by a cybercrime forum. Amusingly, the hapless crook had made the rookie error of believing Google's search results and confusing the cybersecurity reporter with the proprietor of what may be the largest online forum for stolen credit and identity data, known as BriansClub. A fake version of the forum appears to be a nice little earner, extracting tens of thousands of dollars every year from the dishonest and unwary.  

COVID-19

Scumbags have sought to exploit the pandemic every step of the way, and now they're impersonating US and UK government bodies and pretending to offer financial assistance. But this is only one aspect of a vast web of related scams. There's a rash of text messages that try to scare the recipient into paying for a test kit. And CheckPoint Research says the price of fake COVID-19 vaccine cards and passports has more than halved in the past 5 months and is now around $100. Fake EU Digital COVID certificates as well as CDC and NHS Covid vaccine cards are all available, and are being advertised in groups with up to 450,000 members. Check Point describes an "exponential growth in volumes of followers and subscribers to groups and channels offering and advertising COVID-19 certifications and other means to bypass the need to physically get the vaccine."

Insiders...again

The move to more remote working looks unstoppable, but so does the determination of some companies to monitor their workers' productivity at home. The issue has been highlighted by employees of a call centre company who told NBC News that their new contract allowed the use of AI-powered cameras to observe and record their workspaces. The company, Teleperformance employs more than 350,000 people in 83 countries and provides services to industry giants including Amazon, Apple and Uber. Apple said it had not requested extra monitoring. Uber said it had, because calls involved financial information.

Unheist

You may have heard the news this week that more than $600 million worth of cryptocurrency assets were stolen. Well, the thief is now handing them back, most likely to try to avoid the longish arm of the law. If you're interested in how a hacker thinks, take a look at the messages sent by the attacker. 

In brief

Credentials: More data on the value of stolen network credentials. IntSights says (R) the average price on the dark web is $9,640. Most common are credentials for RDP (Remote Desktop Protocol) and VPNs (Virtual Private Networks).

Facebook: Facebook’s own advertising statistics show how its users tilt old. In Ireland, they suggest that users over 65 outnumber teenagers by three to one. Independent.ie

Master face: Last week saw widespread coverage of a purported weakness in facial recognition systems. As is often the case, the reality turns out to be more complex. As The Register explains, the idea of "master faces" sounds scary, but probably wouldn't work in the real world.

Going Dutch: Dutch citizens came top in a study examining awareness of internet risks in Europe. Overall, Italians came bottom. In the UK, the 55-74 age group did well. Younger generations not so much. heyData

Raided: Police in London arrested a man who found documents about a controversial property development online and shared them on social media. The developers claimed their systems had been hacked. In fact, the documents were found in a Google search. The Register

Cookies: Online privacy campaigners have filed hundreds of complaints against websites and platforms in Europe over alleged violations of rules on cookies. They say consent popups fail to give users the simple "yes or no" choice over data collection that the law requires. noyb

Updates

Microsoft: Monthly set of updates includes 44 security fixes, seven rated critical. Three issues were previously unknown ('zero-day vulnerabilities'). Key among the updates is a fix for a printing issue that Microsoft has been trying and failing to fix for weeks. But no sooner did the update appear than Microsoft acknowledged another vulnerability in the way Windows manages printing. It took nearly a month for that acknowledgement to emerge and Microsoft is still working on a fix for the issue. Until that appears, the only mitigation is to stop the Print Spooler service and disable it. You'd be forgiven for being confused by the issues around Windows printing. There are several bugs, some of which should now have been fixed. One of those earlier issues is already being exploited by a ransomware gang, according to Crowdstrike.

Routers: Multiple consumer routers, including models used by O2 and Vodafone, are vulnerable to track because of a flaw in the firmware they use. Updates are available. Tenable has the details.

Apple: Another update for its Big Sur OS. 11.5.2 update brings unspecified bug fixes and comes barely two weeks after the previous update. The fact Apple has not disclosed what the update fixes is not reassuring.

Adobe: Updates for Adobe Connect and Magento.

Mozilla: Updates for for Thunderbird 78.13, Firefox ESR 78.13, and Firefox 91.

SAP: 19 new and updated SAP security patches, including three rated 'HotNews'. Two of those - affecting SAP Business One and Netweaver Development Infrastructure are very dangerous.

Citrix: Update to address a vulnerability affecting ShareFile storage zones controller.

Synology: Is warning customers about ongoing attacks targeting their network-attached storage devices. It's advising users to ensure they have strong administrator credentials, to enable account protection and auto block, and to set up multi-factor authentication where possible.

Subscribe to receive the digest by email

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217