FFT news digest May 6 2022

Ukraine

As the war in Ukraine grinds on, there's some clarity on the real objective of Russian cyber attacks while in Russia the technology sector turns to prisoners for IT help.

Digital dossiers: Russia’s relentless digital assaults on Ukraine may have caused less damage than many anticipated but that may not be the aim of much of its hacking. Instead it appears to be trying to gather data that could be used to identify and locate the people most likely to resist an occupation. AP

Internet: Russia has rerouted internet traffic in the occupied Ukrainian region of Kherson through Russian communications infrastructure, according to the internet service disruption monitor NetBlocks. Reuters

Criminal help: Russia appears to be turning to criminals to compensate for the exodus of IT experts from the country. Russian media outlets reported that plans are being prepared to recruit IT specialists from the country's prisons. They would work remotely for domestic companies. KrebsonSecurity

China: In a move that may or may not be spurred by the sanctions imposed on Russia, Beijing is reported to have ordered government agencies and state-backed companies to replace foreign PCs with domestic ones running local operating systems. Bloomberg

Tractors: Russian troops stole almost $5 million worth of farm equipment from a John Deere dealer only for the machines to be shut down remotely, making them inoperable. CNN


Threats

Password stealer: A mass campaign targeting Windows PCs aims to steal login credentials and financial information. The good news; it uses a vulnerability in Internet Explorer which Microsoft says we shouldn't be using and which is due to be retired in June. Bitdefender

Fake antivirus: Antivirus apps obviously need unfettered access to devices in order to work...which makes them ideal mechanisms to attack us. China has been caught using malicious versions of legitimate products, while Google's Play Store is littered with badly designed or downright dangerous apps.

M&A: Mandiant has details of a sophisticated group that appears to be focussed on obtaining information about merger and acquisition activity.

Twitter: The coveted verification blue badge is a double-edged sword; it denotes that an account is authentic, but also makes the account a target for attackers...as Malwarebytes explains.

Deep fakes: Europol says "law enforcement agencies will need to enhance the skills and technologies at officers’ disposal if they are to keep pace with criminal use of deep fakes." Meanwhile, the use of this technology is increasing and we should all be on our guard.

Phony media: A Russian cyber espionage group has been found using fake news websites in a targeted phishing campaign. The sites' names are slightly altered in an attempt to fool the target. Recorded Future

Windows 10: Fake updates are being used to distribute ransomware as part of what is described as a "massive" campaign. Bleeping Computer

Spyware

Efforts were made to undermine Citizen Lab researchers who have led investigations into the use and abuse of Pegasus spyware, according to data obtained under UK freedom of information laws. Meanwhile, it has emerged that cellphones used by the Spanish Prime Minister and Defence Minister were infected with Pegasus last year. There is a measure of irony here, as the news came shortly before after Citizen Lab said spyware, including Pegasus, had been used against dozens of pro-independence figures in Catalonia. One Catalan separatist politician says Spain's top intelligence official admitted her agency was behind some of the attacks.

Passwords

So 'World Password Day' rolls around again and with it the same old tired warnings about lousy passwords, sharing passwords and so on. Password manager outfit, Bitwarden, says "the importance of password management best practices is getting through to people." Is it hell. Their own survey found 55% of respondents admitted to using their memory to manage their passwords. We provide annual training for many of our clients which means we can track the uptake of password managers. There is uptake but, trust us, it's slow. There's really only one message for Password Day, just use a Password Manager. Have a look at our guide and do it this weekend!

In brief

Data loss: Too many stories this week that emphasise the degree to which information about us is being sold without our knowledge or explicit consent. Motherboard paid just $160 for a week's worth of data about visitors to Planned Parenthood. The information showed where they came from and where they went afterwards. And The Wall Street Journal says the dating app, Grindr, had a privacy flaw that meant third parties could buy data on millions of users.

Drone swarm: Chinese researchers have developed technology to link drones together so that they can operate as a swarm and autonomously track a human through a dense forest. The Verge

Mental health apps: A study by Mozilla has found that mental health apps fail "spectacularly" at user security and privacy.

Romanian arrest: A Romanian living in the UK has been arrested for alleged involvement in attacks against Romanian government websites. He's said to have worked with a pro-Russian group; it responded by threatening to disable ventilators in hospitals across Romania, Moldova, and the UK.

Vaccine hijack: Once upon a time, there was a website designed to provide information about COVID-19 vaccines. Registration of its name was allowed to lapse, so now vacfind.org greets visitors with explicit porn focussing on 'stepcest'. It's a thing. Motherboard 

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved