news220107

FFT news digest January 7 2022

Media under siege

The new year began with attacks on media organisations in Portugal, Israel and Norway, continuing the trend seen in 2021. in Portugal, the Lapsus$ ransomware gang successfully attacked Impresa, the country's largest media conglomerate, took control of its networks and taunted it with idiotic tweets. In Israel, The Jerusalem Post's website was defaced, apparently to mark the second anniversary of the killing of the head of Iran's Revolutionary Guard. And last week, Norway's largest local news publisher was forced to shut down several systems including its printing presses.

These attacks are only going to continue, because they work. Whether driven by greed or politics, media organisations are irresistible targets because of their high public profiles which make them particularly attractive to ransomware gangs, although 'gangs' is a misleading term. Those responsible for such attacks are highly organised and operate just like any commercial company, with marketing, finance and support departments. In many cases, they don't carry out attacks themselves, but rent out their solutions in what's known as Ransomware as a Service.

So what should organisations do? Above all, make sure there is an effective backup policy which includes maintaining offline copies of essential data. That won't prevent the disruption caused by attacks - or the damage done if the information is leaked - but it will minimise the risk of data being lost altogether. Other measures include; ensuring systems and devices are up to date; changing default passwords; implementing multi-factor authentication; prohibiting email attachments containing executable files; and planning what to do in the event of an incident. Awareness training is also essential (see below). The UK National Cyber Security Centre has detailed advice.

Threats

Telegram: Malicious installers of the Telegram messaging application are being used to attack Windows machines. Minerva

HomeKit: There's a problem with Apple's smart-home management solution. A researcher has found that giving a HomeKit device a really long name can mess up an iPhone - and fixing the problem isn't easy. Apple has promised a fix which is yet to arrive.

CBD: Stressed workers in the US and France are being targeted with a phishing campaign that appears to promote CBD products. Vade Secure

Shoulder surfing: Some attacks are sophisticated. Others definitely are not. ESET has a reminder that it's really worth avoiding letting people look at what you're doing, especially when you're logging into SnapChat.

QR codes: Right at the start of the COVID-19 pandemic, we warned about the risk of malicious QR codes. They're now even more ubiquitous and a US police department has warned about fake codes stuck to parking meters.

Google Voice: The FBI has warned about a scam targeting people who share their phone number online. The sneaky technique involves creating a Google Voice account in the target's name.

Training

Most large organisations use online training to achieve cybersecurity awareness - and to satisfy compliance requirements. The only problem is it doesn't work. Given that we only offer face to face training, you might expect us to say that - but it's not just us. "I think one of the most important things to realise is most of the education and training done, it's not very effective," Stuart Madnick, professor of information technology and engineering systems at MIT Sloan Executive Education told ZDNet Security Update. Madnick says the key for every organisation is to build a culture of cybersecurity that actively involves everyone. We believe the best way to do that is to make cybersecurity interesting and connect it to people's everyday life. This news digest is part of our efforts to keep the subject alive, long after the awareness session is over.

Privacy

People have been turning to privacy-focussed solutions as distrust in big tech grows. Chrome competitor, Brave, doubled the number of active monthly users last year to 50 million - still far fewer than the estimated 3.2 billion who use Google's browser, but not bad for a solution that was only launched in 2017. And the privacy-focussed search engine, DuckDuckGo, saw a 46.4% increase in queries over 2020. As Bruce Schneier explains, DuckDuckGo isn't as good as Google, but you can use it to add privacy to Google's search results by putting !Google before your search term. This hasn't been a great start to the year for Google and Facebook. France's data protection regulator has announced significant fines (€150 million and €60 million respectively) because it takes more clicks to reject Google and Facebook cookies than to accept them.

Fake reboot

A security firm says it has found a way to subvert the process for restarting an iPhone or an iPad so that it looks like it's rebooting when it isn't. ZecOps said the technique involved intercepting commands to restart the phone and then disabling the user interface so that the device appears to be turned off. In fact, it is still powered on, but to stop it ringing or vibrating ZecOps disables those features and even includes a fake Apple logo to complete the illusion of a genuine reboot. The technique doesn't work with forced restarts because these take place at a hardware level, but ZecOps says it might be possible to intercept these as well. All this matters because it's good practice to restart an iOS device every week, not only because it helps performance, but also because it can eliminate some forms of spyware.

Naughty Norton

The cryptocurrency bubble continues to expand, as more and more (particularly young) people are drawn into it. Now an antivirus company has leapt into the fray. Norton 360 antivirus is kindly offering its US customers the opportunity to mine (ie create) cryptocurrency when their computers aren't doing anything else. Sounds great, except that Norton will charge users 15% of any currency they create (and there will be transaction fees on top of that). The problem is that creating cryptocurrency requires enormous amounts of processing power - and electricity - so once Norton has taken its cut, the user may actually end up losing money, especially given the ridiculously high cost of electricity at the moment.

In brief

Asus: Not a great look for the Taiwanese computer giant. It has been forced to recall PCs with the Z6909 Hero motherboard after they began catching fire.

Chinese tracking: The New York Times examines how China tracks even the mildest critics, wherever they are in the world. As one analyst put it, "They cut down the things that look spindly and tall — the most outspoken. Then they look around, the taller pieces of grass no longer cover the lower ones."

Skyped: New Skype users have discovered a radical form of torture, courtesy of Microsoft. Anyone trying to create a new Microsoft account at the same time as signing up for Skype is presented with 10 captcha challenges to prove they're human. Bleeping Computer has the (barely believable) details.

No more batteries: Last year Samsung introduced a solar-powered TV remote control. This year, it's added the ability to charge the remote by harvesting radio waves from a WiFi router. The Verge

Lightbulb: A less positive announcement, also emanating from the Consumer Electronics Show. A new lightbulb from Sengled is designed to use radar technology for health monitoring. The company says it can measure heart rate and body temperature as well as track sleep habits.

BlackBerry: Farewell BlackBerry. We knew you well and we remember your baleful LED with some fondness. On Tuesday, the company turned off access to legacy services, marking the final end of a remarkable rise and fall.

Updates

Windows Server: An emergency update to fix issues affecting Remote Desktop.

Exchange: And an emergency update for on-premise Microsoft Exchange servers that stopped delivering email because of a date format snafu.

Netgear: The latest update (1.0.4.122) addresses multiple vulnerabilities in the (very) popular Nighthawk R6700v3 router.

Chrome: A new year. Another set of fixes for Google's browser, 37 of them in fact, 11 of them rated critical or high severity.

VMware: Updates for Workstation, Fusion, and ESXi products to address an "important" security vulnerability that could be exploited to take control of affected systems.