FFT news digest April 15 2022

Ukraine

Doxing is the publication of personal information without the owner's permission - and the war in Ukraine appears to be the first time it's been used at scale during a conflict. As an academic told Wired, compiling lists of opponents is an activity as old as war itself, but openly publishing such information "seems very new." Among the details made public by Ukraine's Central Intelligence Agency are names, birthdays and passport numbers for 1,600 Russian troops who allegedly served in Bucha, a town devastated by the conflict and apparent war crimes. Another dataset purports to contain names and contact details of 620 Russian spies who are registered to work at the Moscow office of the FSB, the country’s main security agency. Of course the question is whether the information is accurate. Bellingcat reckons it's pulled together from open or semi-open sources and from research that appears to be original.

Cyberwar
The role of non-state groups in the Ukraine conflict brings a "strong potential for escalation," according to the former head of US Cyber Command and the National Security Agency. "We have never had a cyber conflict before where we have had so many second and third parties who are now an active extension of the primary combatants," Admiral Mike Rogers told a CyberCX panel. Rogers warned about the risk of "inadvertent escalation," given these groups are not closely controlled by Russia or Ukraine, but instead have a broad licence to “cause harm.” The Ukraine war will be studied closely for years to come, with China paying particular attention. “I think this conflict will be a watershed moment in the history of cyber war. I think the Chinese are really looking at this,” Rogers said.

Electric
Analysts continue to argue about the extent of the role of 'cyber' in the conflict, but a failed attempt to disrupt Ukraine's electricity grid suggests that it's very much present. More than 5 years after Russian hackers (known as Sandworm) managed to turn off the power in part of Kyiv, the same group tried to repeat the trick. They were unsuccessful, although Ukraine admitted they caused some temporary disruption. One theory is that the Kyiv government learned lessons from previous attacks and has put in place defences that are much more difficult to breach. Which is a lesson we would all do well to follow. 

Threats

Amazon: Small and medium-sized organisations are receiving fake Amazon emails telling them a non-existent order has been dispatched. The emails contain a booby-trapped Word document. My Online Security

VLC: An excellent illustration of the importance of taking care only to download software from official sources. In this case, scumbags distributed a modified version of the popular media player to install malicious software on victims' machines. Bleeping Computer

Amex: A widespread campaign is targeting American Express users by asking them to create a 'Personal Security Key'. My Online Security

Android: Fiendishly clever scam uses an app that appears to belong to an authentic bank. It steals information by intercepting calls to customer support numbers and taking them over. As Kaspersky explains, it's essential to be careful about what permissions we give to apps.

Telegram: Malicious software designed to steal credentials is targeting social media users by masquerading as the Telegram messenger app. ThreatLabz

Just Eat: Fake text messages have been telling UK users to update their profile in an effort to steal banking details. WMC Global

COVID-19: An SMS scam is trying to exploit the extraordinarily high infection rates in the UK. The text messages from 'TestNTrace' tells recipients they've been in close contact with someone infected with the Omicron variant and asks them to order a test kit. Malwarebytes

Not muted

It would be reasonable to think that muting your microphone during a conference call would stop audio being sent to the company providing the service. Reasonable, but wrong. Researchers at the University of Wisconsin-Madison analysed popular video conferencing apps and found all of them occasionally gathered raw audio data even if the microphone was off. In the case of Cisco Webex for Windows, "contrary to the statement in [its] privacy policy, [the app] monitors, collects, processes, and shares with its servers audio-derived data, while the user is muted." If you're worried about this, the only solution is to use a headset with a mute button or turn off the microphone in your device's system settings.

Travel Pass

IATA's Travel Pass app has a critical flaw that could be exploited to impersonate someone, according to analysis by Citizen Lab. The report says an attacker would only need to know the details of someone's passport in order to carry out the impersonation. The issue is caused by a deliberate design decision not to verify information in order to minimise the transmission of personal data. The ITP app was created to allow travellers to receive, store and share digital COVID-19 test certificates. As Citizen Lab explains, it highlights a series of challenges in the use of smartphone apps to provide this type of solution.

Spyware

Senior European Commission officials were targeted last year with Pegasus spyware, according to Reuters. Quoting two EU officials and documents it reviewed, Reuters says the commission became aware of the targeting when Apple told thousands of iPhone owners they had been "targeted by state-sponsored attackers." It's not clear who was behind the attack which has not been confirmed - and which the NSO group, which makes Pegasus, said couldn't have involved its tools.

NSO habitually denies such reports, despite many of them later being shown to be true. In the latest example of this, NSO's chief executive confirmed that Israeli police were sold a watered-down version of Pegasus, while insisting that the full-strength product couldn't be used against Israeli cellphone numbers. An Israeli paper had reported that Pegasus was used for widespread surveillance of Israeli citizens. A subsequent investigation rejected the reports, but was itself criticised for an "inherent conflict of interest".

Meanwhile, reports from Greece underline that Pegasus is simply the best known of a range of surveillance products. Last year, Thanasis Koukakis, a financial editor for CNN Greece (and a regular contributor to the Financial Times and CNBC), had his cellphone compromised with Predator spyware. Predator can access a phone’s cameras and microphone and can exfiltrate data from the phone, though it's believed to lack the ability to infect a device without user interaction. Koukakis told the Citizen to Protect Journalists that his phone was infected after he clicked on a link in a text message.

In brief

Snoopers' Charter: The UK government has accepted that the country's mass surveillance legislation fails to provide adequate protection to confidential journalistic sources and material. Computer Weekly

Delete: 55% of Americans surveyed by NordVPN say they would delete themselves from the internet if they could.

Cable: "An international hacking group" was behind an unsuccessful attempt to attack a company in Hawaii that manages a major submarine communications cable. Hawaii Public Radio

Security strategy: Only just over half of the organisations surveyed by the Ponemon Institute refreshed their security strategies in the face of the COVID-19 pandemic.

Cloud security: Poor cybersecurity management and misconfigured services are leaving cloud services vulnerable to simple attacks, according to Palo Alto Networks.

iOS tracking: Apple's introduction of optional limits on tracking could cost tech platforms $16 billion this year, with Meta/Facebook suffering by far the biggest hit. But new research explains the limitations of Apple's measures - and says Apple itself engages in some forms of tracking.

DuckDuckGo: The folk behind the privacy-focussed search engine have released a browser with the same aims. It's invitation only at the moment.

Artificial sense of humour: Google says its researchers have trained an artificial intelligence model which can interpret and explain jokes told by humans.

Medical hack: The manufacturer of a range of medical robots has fixed a series of vulnerabilities that could be exploited to control them remotely. Cynerio

Taken down

This has been a bad start to the year for cybercriminals, with a series of arrests and now the takedown of one of the biggest online marketplaces for buying and selling stolen data. The move follows the arrest of the marketplace's alleged founder, a 21-year old Portuguese national, Diogo Santos Coelho. The US Department of Justice says the forum was founded 6 years ago when Coelho was 15 years old. He first came to the attention of the US authorities in 2018 at Atlanta airport when officials searched his electronic devices and found text messages, files and emails suggesting he was the RaidForums' administrator. Veteran cybersecurity journalist, Brian Krebs, has the whole tangled tale.

Updates

Just 67 vulnerabilities were found in Apple products In the first half of last year. In the subsequent six months, that number surged to 380. That compares with 511 for Google and 428 for Microsoft, according to Atlas VPN. Those are pretty shameful statistics, but for technology users they mean that applying updates promptly is absolutely essential.

Microsoft: A mammoth set of 128 security updates, ten rated critical and three requiring no user interaction in order to spread. A word of warning to Windows users; there are reports that web browsers aren't working following the latest updates. Microsoft says it's aiming to kill off its monthly approach to updates by rolling out a new tool that automates the match management process.

Chrome: 2 updates this week. The latest version is 100.0.4896.127 for Windows, Mac and Linux. One of the vulnerabilities being addressed is already being exploited.

Adobe: Fixes for multiple security issues, including no fewer than 62 issues in Acrobat and Reader.

Juniper: Updates to address vulnerabilities in multiple products. An attacker could exploit some of these to take control of an affected system.

Citrix: Updates to address multiple vulnerabilities across its products , including a high-severity issue in SD-WAN.

SecureDrop: Version 2.3.1 is a bugfix release for performance and localization issues.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved