FFT news digest March 25 2022

Cyber revenge

While the cyber element of Russia's war against Ukraine has so far been limited, the US is warning organisations that it may not stay that way. President Biden cited "evolving intelligence that the Russian Government is exploring options for potential cyber attacks" and said the risk to critical infrastructure was so great that hundreds of US organisations had been given classified briefings. In a statement on the nation's cybersecurity, Biden urged the private sector to take appropriate precautions. "If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year," he said.

The recommended actions constitute pretty good advice for any organisation;
- Implement multi-factor authentication
- Deploy security tools on computers and devices to search for and mitigate threats
- Apply patches as quickly as possible, and adopt best practice in use of passwords.
- Back up data and ensure there are offline backups that attackers can't reach.
- Run exercises and test emergency plans.
- Encrypt data so they cannot be used if stolen.
- Educate employees about how attackers operate.
- Work with government agencies to establish relationships before incidents, not after they've happened.

Leaving: TechCrunch reports on the exodus from Russia of entrepreneurs, computer programmers and other highly skilled individuals. One entrepreneur said the tipping point came when investors said they couldn't put money into his startup if it remained in Russia.

Hi there: The FBI is said to be targeting social media ads at cellphones located inside or just outside the Russian Embassy in Washington DC, in an attempt to reach anyone upset by the invasion of Ukraine. Washington Post

Sabotage: Data was wiped from computers in Russia and Belarus after a developer added malicious code to widely-used open source software. Following the attack, a Russian bank told its customers not to update their applications. Snyk

WhatsApp: While Facebook and Instagram are now banned in Russia, WhatsApp is still very much online. The reason's unclear, but Wired suggests it may be because the government doesn't want to upset the messaging app's 84 million users in the country.

Drones: Ukraine has urged Chinese drone manufacturer, DJI, to use the 'geofencing' function in their devices to prevent them being used by Russian forces. Motherboard

Fake browser windows

Browsers are a key target for attackers, and the latest method of exploiting them is decidedly effective. The kit (which is free to download) enables the creation of login forms using fake Chrome browser windows. The "Browser in the Browser" tool differentiates itself from similar phishing kits by using pre-made templates that are alarmingly realistic. The key is that they exploit the "Sign on with" workflow, e.g. Sign in Google, Microsoft etc. The technology underlying this is known as OAuth 2.0 and it is famously prone to being implemented incorrectly. We advise strongly against using it - and the Browser in the Browser kit provides another reason to steer clear. Bleeping Computer has the complete write-up.

Passwords

We detest passwords and so does the Fast Identity Online Alliance (FIDO) which has spent nearly 10 years trying to find a way to rid us of the wretched things. In its latest white paper, FIDO says it's come up with the answer. To simplify the solution, at root it means using smartphones as an authentication device and creating better support for syncing credentials between devices. FIDO brings together the world's biggest technology companies, all of which agree passwords should be abolished but which have also been forced to keep on using passwords for want of anything better. We believe new solutions will be introduced over the next few years, but alas we also think we're not about to see the complete disappearance of passwords any time soon. Until we do, the least worst solution is a password manager.

Okta breach 

One of the world's biggest authentication companies has been breached, and Bloomberg reports that the criminal mastermind behind the attack is aged 16 or 17 and living with his mum near Oxford. Quoting researchers, Bloomberg says the teenager is so skilled that at first his work appeared to be automated. The attack on Okta was carried out by a group calling itself Lapsus$ which only appeared in the past few months. In that time, it has already succeeded in accessing the Brazilian Foreign Ministry, graphics card manufacturer, Nvidia, and in its latest feat, Microsoft. Microsoft said Lapsus$ has focused on suborning insiders to give them access to their organisations. UK police have arrested seven teenagers in connection to the gang, but haven't confirmed whether the young mastermind is one of them.

Updates

iOS: There have been widespread complaints from iPhone users that their battery life has plummeted after they installed iOS 15.4. As Apple explained on Twitter, this is 'normal' because the phone has to spend 48 hours getting used to major updates.

macOS: The latest Monterey 12.3 update appears to be causing problems with external displays, according to posts on the Apple Support and MacRumors forums. MacRumors

Studio Display: If you pay Apple up to £1,749 for a monitor, you might be entitled to expect it to come with a decent webcam. In fact, it has turned out to be pretty rubbish. Apple has told The Wall Street Journal that there's a software problem and it's working on a fix.

HP: Firmware updates have been released to address 'critical' vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. As anti-Russia hackers demonstrated this week, printers are a longstanding security risk. ITPro has advice on how to secure them.

Windows: Windows 10, Windows 11, and Windows Server are affected by a persistent vulnerability that Microsoft hasn't been able to fix. The issue could allow the level of someone's administrative privileges to be increased without authorisation. An unofficial solution has now been released.

Windows 10: Microsoft has fixed a Bluetooth issue causing some Windows 10 systems to crash after installing the January KB5009596 cumulative update.

VLC: Version 3.3 is a major update for iOS, iPadOS and tvOS. (By the way, the venerable media player is now 20 years old!)

Firefox: Release 98.0.2 includes a series of bug fixes, including one for a glitch that prevented macOS users from typing in the address bar after opening a new tab and pressing cmd + enter. 

Threats

Profits: The FBI estimates potential losses from cyber reached $6.9 billion last year; a 64% increase compared to 2020.

Instagram support: Google's email filters are pretty effective, but Armorblox has details of a fake Instagram support email that managed to evade them. It's a sneaky one.

Android: 'Craftsart Cartoon Photo Tools' is a malicious Android app designed to steal Facebook credentials. It has been installed over 100,000 times from the Google Play Store. Pradeo

macOS: Volexity has identified a sophisticated software tool designed to attack devices running macOS. It says the malicious software is the work of a Chinese espionage group known to attack organisations across Asia. Volexity has advice on protection.

Microsoft help: An off-the-shelf spyware product is using Microsoft HTML help files to try to fool its targets. The .CHM files are actually disk images that allow the malicious software to be installed. Trustwave

Access broker: How do ransomware gangs get access to their victims' networks? With the help of access brokers like 'Exotic Lily'. Google's Threat Analysis Group explains how Exotic Lily works, in particular the large-scale phishing campaigns it runs.

Fake chips: Europol has warned about the dangers of fake semiconductors, as criminals try to take advantage of the worldwide shortage of computer chips. 

In brief

Bad Google: An Irish researcher says Google's Messages and Dialer apps for Android devices have been sending it data without telling users what it was up to. Google says it plans to make changes.

Crap technology: 67% of people working remotely are struggling with outdated or broken devices. The figures come from a seller of refurbished equipment which is hardly a disinterested party - but the research broadly reflects what we see. EuroPC via Laptop

Bing China: Microsoft has switched off its search engine's auto-suggest functionality in China following pressure from the government. The Register

Telegram: The messaging platform was briefly banned in Brazil after it failed to comply with legal requirements. The ban was revoked after it apologised and promised to block accounts spreading potentially misleading information.

Stalkerware: The Australian government is taking action against surveillance apps. It plans to help up to 30,000 survivors of domestic abuse sweep their phones for stalker ware and other monitoring apps.

Doomscrolling: Lets face it, there's no shortage of negative news at the moment, but psychologists say reading an endless stream of it doesn't just depress you, it's also bad for your cognitive abilities. The Next Web

Physical security: A woman is alleged to have broken into a town hall in Oregon by using the code '1234' to access the building. The code had been set up as a temporary measure for a contractor. Allegedly.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved