FFT news digest Jul 8 2022

Ukraine

The UK National Cyber Security Centre has warned organisations to prepare for a long-term threat from the war in Ukraine. The UK doesn't face specific risks from Russia but there is no room for complacency, the NCSC says. "The cyber threat to the UK remains heightened, and we expect it to stay that way for some time. Accordingly, organisations should respond to this potentially protracted period of heightened cyber threat from Russia by maintaining a strengthened cyber posture."

There has been substantial disagreement about the extent of Russia's cyber operations in its invasion of Ukraine but it's clear that disinformation is a key weapon in Moscow's arsenal. A study by Recorded Future says a key aim is to undermine Western support for Ukraine by sowing division between allies. Primary targets are France, Germany, Poland and Turkey and messages include "stirring domestic discontent toward Western political leaders; negatively portraying Ukrainian refugees and the impacts they have on their host countries; blaming economic, energy, and food security concerns on Western governments for their negative policies toward Russia."

In an unexpected impact of the Ukraine war, The Daily Telegraph says Microsoft Azure isn't accepting new customers in the UK "as the business is squeezed by emergency demand from Ukraine." Microsoft is providing remote hosting for Kyiv's entire government IT infrastructure. The issue emerged when a small British IT company had a number of requests for cloud services rejected by Microsoft. 

Threats

Twitter: Attackers are hijacking verified Twitter accounts to send fake but cleverly-crafted suspension messages that try to steal other verified users' credentials. Bleeping Computer

Word: A reminder not to click on Run if a prompt appears when opening a Word document. ReversingLabs explains how a ransomware gang is using an old trick.

Facebook Messenger: A complex scam begins with a phishing email saying a Facebook page has been deleted because of a possible 'Standards violation'. If the target takes the bait, the scam continues with multiple web pages and automated chat functionality. Trustwave

Complacency: Interesting interview with the deputy director of the US Cybersecurity and Infrastructure Security Agency which highlights complacency as a key threat to organisations. She gives the example of a ransomware incident at a small school district which told the attackers it didn't have any money. “No," the attackers replied. "We know how much money you have.”

Visas: A campaign is seeking to exploit people hoping to move to the UK. WhatsApp messages appear to come from the UK government and offer a free visa and other benefits to would-be immigrants. Malwarebytes

AirTags

More concerns about the security risks represented by Apple AirTags (and similar devices). In Japan, Asahi Shimbun reports that police found an AirTag on one of their vehicles "raising concerns that criminals may be using the devices to track police movements." In the US, an actor took to Twitter to explain how an AirTag had been used to track her during a visit to Disneyland. These are only the latest such examples and Apple has introduced a number of measures to help prevent abuse. 9to5Mac has a detailed guide explaining how AirTags work and what can be done to control their use.

iPhone security

Apple is launching a new security feature designed to protect its users from "grave, targeted threats to their digital security.” 'Lockdown Mode' is due to be released in September and will work by turning off features that are most likely to be exploited by attackers. This means blocking most iMessage attachments as well as incoming FaceTime calls from unknown callers. Lockdown Mode will also prevent organisations enrolling devices in Mobile Device Management platforms which is understandable but basically rules out its use on enterprise devices. To give Apple its due, it also says it will pay up to $2 million to researchers who identify vulnerabilities in Lockdown Mode. That's a radical increase that puts it on a par with the amounts paid by major exploit brokers. But Apple's announcement also illustrates the rule that security is always a tradeoff between usability and safety.

In brief

Location data: Google is to begin automatically deleting location data when users visit abortion clinics and other highly sensitive locations. Privacy groups say it highlights a deeper issue about the information gathered by technology companies.

Police records: The UK has signed up to a US plan for sharing police-held biometric data about citizens with US border officials, according to The Register

Spying: Motherboard obtained the code used by the FBI to access an encrypted messaging app. It worked by creating a 'ghost' contact that hid itself from users' contact lists and silently received every message.

Stalkerware: Kaspersky has launched a new portal to accompany their open-source tool to help people detect if their devices are being monitored. 'TinyCheck' is a great resource but it does require some work (and hardware). Bleeping Computer

Army: How secure are your social media accounts? The UK army is investigating how its Twitter and `YouTube accounts were hijacked on Sunday. Surely it has multi-factor authentication in place, so either that was compromised or a third-party tool was compromised.

EU law: The European Parliament has approved two laws which impose significant restrictions on major technology companies (although they won't be enforced until January 2024). The Digital Markets Act aims to rein in the power of technology "gatekeepers" that are too large to be avoided. The Digital Service Act is based on the principle that "what is illegal offline, should be illegal online," as the EU Parliament puts it. The Register

Speed limiters: From this week, all new vehicles in the EU and the UK will have to be fitted with a surveillance-based speed limiter. For the moment use of them will be optional. Reclaim The Net

Conspiracy theories: Polls show as many as 11% of Americans believe the earth might be flat, The Next Web examines how such theories spread.

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved