FFT news digest May 20 2022

Ukraine

Ukraine's information war has won Western hearts and minds - and it's having a material impact on the kinetic conflict in the country - but it belies a complex reality. Mandiant says that outside Ukraine, groups are exploiting the war to support not just Russia but also China, Iran and Belarus. Much of what they're doing simply continues long-running campaigns "to promote fabricated content and desired narratives across various social media platforms, websites, and forums." After a meeting on Monday the US and EU announced a joint effort to tackle Russian disinformation. The Trade and Technology Council accused Russia of an "all-out assault on the truth" in Ukraine and promised an "early response framework" to tackle disinformation in future crises.

Mandiant says it's currently responding to more than a dozen live intrusions by Russian intelligence that have targeted military assets, defence contractors and diplomats. In Germany, supporters of Ukraine have been hit with malicious software designed to steal their data. The campaign, revealed by Malwarebytes, uses fake news bulletins that purport to contain unreleased information about the situation in Ukraine. The aim is to persuade visitors to download a booby-trapped document.

Among the targets for Russian attackers was the Eurovision Song Contest. Police in Italy said they foiled a dastardly plot to disrupt the contest's voting systems. The attackers have turned out to be poor losers. They responded by "declaring war" on ten countries (and on the Italian police).

In Russia, Google's subsidiary is to file for bankruptcy following the seizure of its bank account which it says has made it untenable for its office to function. Free services including search and YouTube will continue to operate, Reuters reports.

Threats

Why: We're our own worst enemies, according to ESET. "The ‘it won’t happen to me’ mindset leaves you unprepared," it says. Their article is a good primer for anyone trying to fix basic behavioural issues (though we might have chosen a slightly more diplomatic approach).

Facebook: A wretched, ridiculous Facebook scam is doing the rounds again. "Look what I found here" is turning up via SMS and Messenger. Do please just ignore it. Malwarebytes

Simple: Attackers will (almost) always choose the simplest approach and Kaspersky's latest research bears that out. HTML attachments can evade security scanners and end up in email inboxes. Do be sceptical!

Crypto: As the values of crypto currencies plummet, investors should also beware of dangerous popups on websites including Etherscan, CoinGecko and DexTools. CoinDesk

Thieves: A phishing campaign is targeting Windows users with three separate malicious software tools. They're all designed to steal sensitive information including usernames, passwords and banking details. The initial message looks like a payment report from a trusted source, with a request to open an Excel document. Fortinet

Fake reCAPTCHA: CAPTCHAs (“Completely Automated Public Turing tests to tell Computers and Humans Apart”) are a necessary evil. If you see one that asks you to "Press Allow to confirm" then it's almost certainly malicious. Just ignore. Sucuri

Chatbots: If you're told you missed a DHL delivery and you're invited to engage with a 'chatbot', be suspicious! Criminals have figured out they make us more likely to hand over personal information that. Trustwave

Bluetooth

As you may know, iPhones may look like they're turned off but in fact they're just dozing. What's emerged this week is that there's a way to exploit this feature to attack the phone. The good news is that the chances of this being used are small. The bad news is that it underlines the problems with adding functionality to technology; what is a great feature for most of us is also an opportunity for criminals and attackers. The latest problem is caused by a lack of security in the phone's Bluetooth module. This stays on even when the device is switched off or seems to have run out of power. This is how the Find My feature allows a phone to be located even when it appears to be dead. Bluetooth isn't a very secure technology at the best of times. This week researchers also described how it could be used to remotely unlock and operate some Tesla vehicles.

Tracking

A study of the most popular websites found many of them leak information entered in forms even before we press 'submit'. The details are picked up by third-party trackers and include email addresses, usernames, passwords, and messages. And to add insult to injury, the tracking takes place even if the information is deleted and never submitted. Among the guilty parties were some well-known newspapers, although many have cleaned up their act since the report was published. Work by the Irish Council on Civil Liberties illustrates the extent to which this information is exploited. It found the average American has their personal details shared in online ad bidding auctions 747 times a day. These auctions are the mechanisms that underpin almost all online advertising. It's an industry worth more than $117 billion...over which we have almost no control.

In brief

Twitter: Least surprising news of the week was the sight of Elon Musk's chilly feet when confronted with some realities about buying Twitter. As we said when the deal was announced, "his plans may lack a certain level of detail." For its part, Twitter has told Musk to put up or shut up.

Android: Cytrox, a North Macedonian spyware developer, used previously unknown ('zero-day') vulnerabilities in highly selective attacks against Android users. The initial lure was a shortened web link in an email. Google

UK/EU data: Lurking in the UK government's Queen's Speech was some verbiage about changing the country's data protection regime to "take advantage of the benefits of Brexit". It would be hard to exaggerate how ridiculous this is, as independent experts have outlined. The Register

Ransomware: Costa Rica has declared a state of emergency as it does battle with the Conti group which has threatened to overthrow the government unless it's paid $20 million. The Record

Culprit: Meanwhile, the US has charged a 55-year-old Venezuelan cardiologist with creating and selling ransomware and profiting from revenue-share agreements with criminals who used his products.

Remote working: The revolution in how we work is increasing concerns about data leaks, ransomware and attacks from remote access tools and cloud services. Hardly surprising but Infoblox's (R) report does have some useful statistics.

Good news: And another survey brings some welcome good news. Specifically that security culture is improving around the world (though more so in bigger organisations than in smaller ones.) KnowBe4

Insurance: The largest US insurance firms increased cybersecurity insurance premiums by 92% in 2021 over the previous year "as a string of high-profile attacks and government action helped boost demand for products," The Wall Street Journal said ($).

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved