FFT news digest Jul 15 2022

Privacy

We train a lot of journalists and some of them ask why anyone would bother targeting them. Our short answer is because of the information and contacts they have. Cybersecurity outfit Proofpoint provides a longer answer in a detailed report that examines the reasons journalists make juicy targets and the methods used by nation states to attack them.

Proofpoint says journalists and media organisations are "sought-after targets" - particularly for groups connected to nation states - because "the media sector and those that work within it can open doors that others cannot." Proofpoint's report focuses on activity by China, North Korea, Iran, and Turkey, and analyses their sustained activities, many of which have been timed to coincide with sensitive political events in the US.

On a practical level, Proofpoint describes specific tactics used by attackers;

- Email is a key mechanism, not least because journalists' accounts contain so much useful information. And it's challenging to defend against such attacks because journalists inevitably interact with so many people, many of whom may be strangers.

- Emails are used to gather information about targets, including IP addresses and computer details.

- In another demonstration of its paper thin skin, North Korea was spotted targeting a US-based media organisation after it published material that was critical of Kim Jong-Un. The lure was a fake job opportunity.

- Hijacking social media accounts is a very popular tactic; sometimes to cause embarrassment by publishing fake material, sometimes to inconvenience the account's owner.

- A favoured Iranian tactic is to pose as a journalist or editor as a way to engage a target in conversation.

Threats

Messaging: Twitter and Discord users are being told to watch out for direct messages telling them their accounts have been flagged because of bad behaviour. Bleeping Computer The Register

Cybersecurity: Criminals have started pretending to be cybersecurity companies as part of their efforts to infect their targets' networks. The phishing messages try to provoke a response by telling recipients they have suffered a cyberattack. CrowdStrike

Subscriptions: Fake subscription emails for Zoho, MasterClass, and Duolingo are being used to breach organisations and steal confidential information. Sygnia

WhatsApp: Hackers used the phone number of the former German chancellor Angela Merkel in an unsuccessful attempt to hijack the WhatsApp account of the European Central Bank president. Meanwhile, WhatsApp has warned of fake versions of its app which are targeting Android users.

LinkedIn: The risk of LinkedIn job offers is highlighted by a booby-trapped PDF document masquerading as a job offer. It led to the theft of $540 million from a video game company. The Block

France: Tourists driving to France are being scammed by websites selling them fake clean air (Crit'Air) certificates. ESET

Chips: Researchers have uncovered a new vulnerability in the fundamental operations of computer processors. The issue can be exploited to obtain sensitive information like passwords from an operating system but it's one of a number of similar vulnerabilities that are difficult (though not impossible) to exploit. ETZH

Convicted

A former CIA engineer has been convicted in what a prosecutor described as "one of the most brazen and damaging acts of espionage in American history.” Joshua Schultze was found guilty of handing over to Wikileaks a treasure trove of the tactics and technology used by the CIA to hack computers, smartphones and smart TVs. It's a hell of a story which makes a fascinating long-read in The New Yorker. The prosecution argued that Schulte leaked the material in revenge for what he saw as his disrespectful treatment at work. Schulte said he had been scapegoated by the government which had failed to protect its hacking tools. He now faces a maximum of 80 years in prison.

Web proxies

Microsoft has warned about a rise in phishing attacks which can bypass security measures and has already hit 10,000 organisations. The "Adversary-in-the-Middle" technique, as Microsoft calls it, involves creating a website that sits between a user and the server they're trying to log into. This enables the attacker to intercept authentication data issued by the server and use it to log in as if they're the genuine user. The design of the technique defeats multi-factor authentication unless it involves more sophisticated techniques such as a physical security device. Knowbe4 has a guide.

In brief

Apple app store: Dozens of dangerous and damaging iOS apps remain available to download in Apple’s mobile app store months after being discovered, according to VPN Check.

iCloud security: Claims by a hacker to have accessed Hunter Biden's iCloud backup underline the importance of making sure these accounts are secured with a strong password and 2-step verification. Motherboard

Supreme Court: A cybersecurity firm says the US Supreme Court Justices who overturned Roe v. Wade have had their personal information (including physical and IP addresses, and credit card details) published. Cybersixgill

Restaurants: Scammers are blackmailing high-end US restaurants with one-star Google reviews. They're demanding a $75 gift card in return for ceasing and desisting. New York Times via Engadget

Eavesdropping: The EU is creating an anti-surveillance unit "to prevent, detect and potentially neutralise eavesdropping of information in any physical or electronic form." euobserver

Ring: Amazon says that video footage from the devices has been given to US police at least 11 times this year without the permission of their owners -- and the terms and conditions allows this. Meanwhile, San Francisco councillors are considering proposals to allow police to use private security cameras in real time for surveillance. The Verge Politico

Broken dreams: "The utopian vision of an open, reliable, and secure global network has not been achieved and is unlikely ever to be realized," according to the Council on Foreign Relations. It argues that a new foreign policy is needed for cyberspace to respond to a "fragmented and dangerous internet."

Twitter: Least surprising news of the week was Elon Musk's efforts to extricate himself from the deal to buy Twitter. As we said when he announced the purchase, it's possible he didn't think this through. Twitter is suing Musk and its complaint does not hold back.

Honda: The Japanese car maker has confirmed the findings of researchers who were able to hack the keyless security system of some of their vehicles to unlock the doors and start the engines. 

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved