FFT news digest Nov 12 2021

Spyware

A week after the US imposed sanctions on spyware companies, comprehensive research by the Atlantic Council shows the scale of the market for interception and intrusion technologies. "NSO Group has repeatedly made headlines in 2021 for targeting government entities in cyberspace, but there are many more companies selling similar products that are just as detrimental...and policymakers have yet to sufficiently recognize or respond to this emerging problem," the report says. The research provides perhaps the most comprehensive overview of the spyware industry to date, but its authors recognise its limitations because they were searching in English. "The dataset woefully underreports the presence of Chinese companies in this space," they admit.

As far as those sanctions are concerned, one of the companies targeted by them says it's not bothered, because previous measures had no significant impact on its operations. Positive Technologies said 97% of its revenue originated in Russia and CIS countries, although it might hamper plans to expand in the US. A series of stories this week underline the widespread use of spyware;
     - Devices of Palestinian human rights activists were hacked with the NSO Group’s Pegasus spyware.
     - Mexican prosecutors detained a man accused of spying on a journalist using Pegasus software
    - Spyware with similar capabilities to Pegasus was found to have targeted South Koreans by masquerading as legitimate Android apps 

Threats

Android: There's often little that can be done to combat targeted spyware attacks, but we can reduce the risk of malicious Android apps by not installing them. This week, Kaspersky identified a 'Smart TV remote' app that has been downloaded at least 1,000 times and contains Joker malicious software. Bleeping Computer

Squid game: Given the cult series' popularity, it's hardly surprising it's being used as bait in phishing attacks. Among the variations; fake online games and previews of a 'second' season. Proofpoint Kaspersky

Hong Kong: Google's Threat Analysis Group says hackers used a zero-day (or previously unknown) vulnerability to compromise websites and target Mac and iOS visitors.

Blogs: North Korean attackers have been using blog posts to target think tanks in the South. The posts contain malicious Office documents. Cisco Talos

Customer complaint: Fear underpins this scam that targets junior employees. An email from an angry manager refers to a 'customer complaint' and tries to lure the subordinate into opening a booby-trapped attachment. Sophos

Proofpoint: Who better to impersonate than a security company. Emails that seemed to come from Proofpoint were designed to harvest Microsoft and Google credentials. Armorblox

Zoho: Microsoft says a Chinese hacker group is targeting systems running Zoho ManageEngine ADSelfService Plus. Palo Alto says the self-service password management and single sign-on solution has been under attack for several months.

Phishing

Phishing remains the dominant tool used by attackers, growing by 31.5% in 2021 over the previous year, according to PhishLabs. In September, it says the figures were more than twice those of the previous year. Among other key findings; the number of suspicious emails received by employees was 3.3 - though the figure for workers in IT companies was 13.2. Most of the attacks were designed to obtain Office 365 credentials and there was a sharp rise in the number of social media attacks faced by organisations. Some suggested mitigations from PhishLabs; Train users to recognize and report suspicious emails; Use threat intelligence to find and remove threats in user inboxes; Implement multi-factor authentication for O365; Limit use of O365 credentials as authentication beyond email and related office applications.

Hackers for hire

A Russian-speaking organisation has been spying on thousands of individuals and organisations worldwide and selling sensitive information about them to a range of customers. Trend Micro says the group is motivated both by financial gain and politically driven agendas. The stolen data include passport details, SMS messages, and traffic camera footage. "As cyberattacks have become a common tool in the offensive arsenals of powerful organisations, an industry has developed that is based around providing cyberattack services, tools, and even training to potential customers," Trend Micro adds. The report has good advice on how to mitigate (if not eliminate) the risk of such attacks.

Smooth operator

Criminals are smart. A new scam involves sending out mass SMS messages about suspicious financial transactions and waiting for the target to respond. As veteran cybersecurity journalist, Brian Krebs, explains, the text messages appear to come from a bank and ask whether the recipient recognises a transaction. They invite them to reply 'Yes' or 'No'. If the criminals receive a response, they immediately call the target, saying they're from the bank's fraud department, and try to extract account details from the victim. As Krebs says, if in doubt, "Hang up, Look up, and Call Back". We would add, hang up and call your bank from a different phone because it's possible to keep a landline open even when you think you've disconnected the call.

Crimewatch

Computer-linked crimes in England and Wales have reached a four-year high as the number of prosecutions slumped, according to the Office for National Statistics. It says there was an 85% increase in the year to June 2021 compared to the previous 12 months. "This included victims’ details being compromised via large-scale data breaches, and victims’ email or social media accounts being compromised," it added. The actual number of incidents is likely to be far higher because, as the ONS points out, in many cases people may have no idea they have been affected. Unfortunately, contrary to the ONS's suggestion, that doesn't mean they won't be impacted in the future. Meanwhile, figures obtained by CNN say significant cyberattacks against critical targets in Europe doubled in the past year as criminals moved their focus away from the US.

In brief

Addicted: Latest revelations from Facebook's leaked documents reveal that internal research uncovered the service's problematic impact on many of its users. It found 1 in 8 reported compulsive use of social media that impacted their sleep, work, parenting or relationships. The Wall Street Journal

Oversight board: Meanwhile, MetaFace says it's struggling to keep up with the pace of recommendations from its Oversight Board. "We believe the current design of the recommendation process may not be the best way to bring about the long-term, structural changes the board is pushing us to undertake," a report says.

Google lawsuits: A mixed week for Google in European court cases. Victory in London, where the UK Supreme Court refused to allow a US-style class action lawsuit that alleged Google had tracked Safari users even if they'd opted out. But in Brussels, the EU’s second-most senior court upheld a European Commission decision that Google had used its search engine to promote its shopping comparison service to the detriment of its rivals.

TV ads: Just a gentle reminder that smart TVs are busy collecting data about your viewing hablts in what a US university professor described as a "cesspit of surveillance". One Samsung customer decided to return his Samsung TV after finding it bombarded him with adverts that could not be turned off. The Register

Legacy: More details from Apple on how its 'Digital Legacy' service will work. It's designed to allow loved ones to access an iCloud account after its owner's death. Arriving in iOS 15.2, the facility will allow users to designate up to five people as 'legacy contacts' who will be able to access data and personal information after their death.

Insta dead: A scammer managed to persuade Instagram to lock the account of its boss by pretending he was dead. A fake obituary seems to have been all that was needed. Motherboard

Updates

Microsoft: Monthly set of updates has fixes for 6 previously unknown issues and a warning to urgently install a patch for Exchange Servers. Microsoft says the issue affects Exchange Server 2016 and Exchange Server 2019, and is being used in targeted attacks.

Windows 7: Microsoft has confirmed extended support will end on Jan 10 2023. Windows Server 2008 will get another year, with support ending in January 2024.

MacBooks: Apple is reported to have fixed an issue that stopped some Macs with T2 security chips from starting up. Apple told a user that only a small number of devices are affected, but a wide range of recent MacBooks contain the T2 security chip. 9to5Mac

Adobe: Updates address at least four documented security issues that expose users to malicious attacks. The most serious affects RoboHelp Server.

Palo Alto Networks: Some versions of GlobalProtect firewall are vulnerable to a serious issue. Updates have been released.

SAP: Five new and two updated security notes as part of November Patch Day. The most serious addresses a critical vulnerability in ABAP Platform Kernel.

Thunderbird: Version 91.3 addresses several serious vulnerabilities that can be exploited to cause a denial of service, bypass security policies, and allow arbitrary code execution.

Tails: Version 4.24 updates the Tor browser and includes a series of improvements.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved