news211106

Ransomware

Sinclair Broadcast Group says a ransomware attack is still causing problems nearly three weeks after it happened. "Certain disruptions to...and the full extent of the impact on...business, operations and financial results is not known at the present time," the company said in a filing to the US Securities and Exchange Commission. Sinclair is the second-largest broadcast company in the US with 185 television stations that it owns or operates. A Russian cybercrime group known as Evil Corp is believed to be behind the attack. Malwarebytes has a case study that examines the impact of a ransomware attack and how best to respond to one.

The ransomware business model continues to evolve at pace, with the FBI warning that several gangs have been using financial information, including share valuations and mergers and acquisitions, to pressure victims into giving into their demands. “During the initial reconnaissance phase, cyber criminals identify non-publicly available information, which they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands,” the FBI said. It also warned that one ransomware gang had begun searching their victims’ networks for financial-related information they could use as leverage.

More positively, there has been some progress in law enforcement's efforts to combat ransomware. Europol said an international operation had targeted 12 people believed to be involved in more than 1,800 ransomware attacks on critical infrastructure and large organisations around the world. The suspects were detained in Ukraine and Switzerland and are described as "high-value targets" responsible for "wreaking havoc across the world." And the US government has offered a $10 million reward for information about the gang that disrupted much of the eastern US fuel supply network earlier this year.

Threats

Snake: There's been a spike in use of this credential stealing software which can be bought for as little as $25. It's spread via malicious email attachments or booby-trapped weblinks. Bleeping Computer

Password spray: Microsoft warns about a rise in attacks known as password spraying. Senior executives and administrator accounts are particular targets. The technique involves trying to access accounts by using common passwords. Multi-factor authentication is a good mitigation.

Email: Email is still one of the most effective methods for attacking individuals and organisations. Avanan lists the most common threats - and ways to combat them, including user education and safe browsing solutions.

Work email: 59% of workers are using corporate email for personal business, according to a survey by Sailpoint. It found that Gen Z (77%) and Millennials (55%) are using corporate emails for their social media logins. This falls under the heading, 'Very Bad Ideas'.

Amazon: A multistage phishing campaign uses a fake Amazon order notification page and includes a customer service voice number where the scumbags request the victim's credit card details in order to cancel the non-existent order. Avanan

Call centres: One of the trends we've noticed this year is a rise in the use of call centres to make scams more credible. Proofpoint highlights a variety of lures, including concert tickets, to spread malicious software .

Sport: Football and the Olympics were among the most used subject lines in phishing emails in the third quarter of this year. Kaspersky says spam accounted for 45% of global email in the period - almost the same as the previous quarter. Among countries, 25% of spam originates in Russia, far ahead of Germany in second place with 14%.

Spyware controls

The US has belatedly begun taking some steps to address the threat posed by spyware companies. The US Commerce Department announced sanctions against four companies for allegedly selling spyware and other hacking tools to repressive foreign governments. Israeli companies NSO Group and Candiru as well as Russia-based Positive Technologies and Singapore-based Computer Security Initiative Consultancy (COSEINC) were accused of "engaging in activities that are contrary to the national security or foreign policy interests of the United States." That's quite a statement, given that those companies count many US allies among their loyal customers. There's been excited talk about this being a turning point in the fight against spyware. Would that that were true.

Facebook faces

As you've probably seen, Facebook says it will stop using facial recognition on the platform and will delete the facial records of more than a billion people. Parent company, Meta, cited "societal concerns" as a reason for the decision. But lurking behind the announcement is the sizeable issue of Mark Zuckerberg's determination to build the internet-based alternative reality known as the 'metaverse'. Given the importance of avatars - and security - to that ambition, it's hard to see how it could be achieved without recording biometric data. “That’s a staggering amount of sensitive information in the hands of a company that’s shown over and over it can’t be trusted with our personal data," the Electronic Privacy Information Center told Recode.

AI

A flurry of stories warn about the risks of artificial intelligence, with one scientist describing experts as being "spooked" by their success. Professor Stuart Russell from the University of California, Berkeley, told The Guardian that most experts believed machines more intelligent than humans would be developed this century and international treaties were needed to regulate their development. HIs warning is underlined by Stanford University research that suggests artificial intelligence is learning to evolve like earthly lifeforms. And in a new book, Henry Kissinger, Eric Schmidt and Daniel Huttenlocher argue that artificial intelligence is the most significant foe yet seen by humanity.

Quantum

Hackers are busy gathering sensitive information today in the hope that developments in quantum computing will enable them to decode it in the future. The issue is that the enormous power of quantum computers compared to classical computers means today's encryption schemes won't be strong enough to protect data.“The threat of a nation-state adversary getting a large quantum computer and being able to access your information is real,” a National Institute of Standards and Technology researcher told MIT Technology Review. China is known to be investing enormous sums in research into quantum computing and last week it was reported that it has the two most powerful supercomputers in the world.

In brief

Code red: There's a problem with one of the basic elements of computer code; researchers at the University of Cambridge have discovered that it can be exploited to inject vulnerabilities into any software. The issue affects compilers - the programmes that turn human-readable source code into machine code that computers can understand and execute. The problem is being addressed... Brian Krebs

Identity theft: The BBC has an example of the real risk of stolen personal data. A fraudster obtained a driving licence in someone's name and used the identity to open a bank account. He then sold the man's house, which is now legally registered to the new owner.

Small business: Identity crimes and cyber attacks can have a devastating impact on small organisations. 44% of them spent between $250,000-$500,000 as a result of cyber incidents, according to a new report. Help Net Security

Ukraine: Has published a detailed analysis outlining an extensive Russian hacking campaign that it says began in 2014. The Security Service of Ukraine says the campaign included more than 5,000 cyberattacks against Ukrainian state entities and critical infrastructure.

Myanmar: Reuters describes the military junta's extensive "information combat" operations. After being banned from Facebook, thousands of individual soldiers have been ordered to create fake accounts and fill them with talking points they have been given.

Iran fuel: An Iranian general has blamed Israel and the US for a cyber attack that disrupted fuel distribution across the country.

Fines: More than £5 million in fines issued by the Information Commissioner's Office remain unpaid. They represent more than half the penalties levied over the past two years. This time last year, the figure for unpaid fines was £2 million. The Register

Updates

Monterey: We warn repeatedly about being the first to take Apple's major updates because of the problems they contain. Many owners of older Macs who have upgraded to macOS Monterey are ruing their decision after finding their machines rendered unusable. Last year, exactly the same thing happened when Big Sur was released. Do take security updates, but be very cautious about major releases until the bugs have been squashed.

iOS: Apple's lamentable quality control is underlined by what seems to be its continuing inability to fix issues in its iPhone and iPad operating system. A researcher says two vulnerabilities remain unpatched months after he told Apple about them, and Forbes points to Apple's wider failure to engage with people who uncover problems in its products.

Memory: Some Mac users are also seeing error messages saying their system has run out of memory. Mail is often a cause of this (so much so that we don't use it). 9to5Mac

Windows 11: Microsoft is also having a torrid time with its new operating system. The latest issue affects File Explorer and its context menu. A fix is allegedly in the works. Windows Latest

Android: Google’s Android November 2021 security updates address multiple issues including a 'zero-day' (ie previously unknown) vulnerability that “may be under limited, targeted exploitation.”

Firefox: Update for Firefox 94 addresses multiple high severity vulnerabilities.

Cisco: Updates for multiple vulnerabilities across its products, some rated critical.

Defender: We don't usually write about things until they're released, but Microsoft's latest announcement about its antivirus product is worth keeping in mind. Defender for Business is aimed at small and medium sized organisations and is designed to provide an overview of security that would normally only come with higher end products. A launch date is yet to be set.

FFT news digest Nov 6 2021