FBI seizes BreachForums, Android threat detection, US AI investment
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
FBI seizes BreachForums
On the morning of March 15th, the U.S. FBI announced its seizure of the illicit clear-net hacking forum as well as its Telegram channel, updating the BreachForums homepage with a takedown notice. It also said it obtained and began reviewing the site’s backend data. The FBI sent a Telegram message from BreachForum’s admin Baphomet, but it’s unclear if it arrested the individual operating the account. BreachForums began operation in March 2022, leaking stolen data from Europol,? AT&T, 23andMe, HPE, Home Depot, and many other breaches.??
Android getting live threat detection
At its I/O developer conference, Google announced it will roll out a new live threat detection service on Android as part of Google Play Protect, using on-device AI to look at various sensitive permissions and interactions for malicious activity. The system will flag suspicious apps for Google to review and either send a warning to the user of the activity or disable the app. The feature will initially come later this year to Google Pixel devices, with other Android OEMs joining in, although notably not Samsung. In other Android security news, Google also said it will hide one-time passwords in notifications.?
Senators recommend billions for AI investments?
A bipartisan group of US Senators called on Congress to draft emergency spending legislation to fund new R&D and standards testing around AI, recommending at least $32 billion over the next three years. Their report also calls for transparency requirements and studies about potential job impacts from any AI advances.?
In related news, three bills focused on generative AI technology made it out of committee in the Senate and are set for a final vote. The Protect Elections from Deceptive AI Act would ban “materially deceptive” AI-generated content regarding federal candidates with provisions for content takedowns. The AI Transparency in Elections Act would require disclosure of AI-generated images in political ads. Last, the Preparing Election Administrators for AI Act would require the Election Assistance Commission to work with NIST to report to Congress on AI use in elections, as well as establish guidelines for such content for state and local elections.?
Black Basta weaponizes Quick Assist
Microsoft began tracking a social engineering campaign, which sees Black Basta operatives email bombing targets with numerous email subscription services, then approaching them as either Microsoft or company-based help desk staff to fix spam proliferation. In this approach, the attackers attempt to get victims to launch Windows Quick Assist, which allows for subsequent downloading of ZIP files to deliver a malicious payload. Ultimately the approach attempts to deploy Black Basta’s ransomware using the Windows PSExec telnet-replacement tool. Microsoft recommends blocking or uninstalling Quick Assist if not regularly used.?
领英推荐
Huge thanks to our sponsor, Vanta
Scam syndicates steal billions per year
A new report from the United States Institute of Peace claims that fraud operations in Cambodia, Laos, and Myanmar steal roughly $43.8 billion a year in scams, typically through pig butchering scams on messaging and dating apps to get victims to make faked investments. That figure accounts for about 40% of these three countries’ reported GDP. Organized crime syndicates run these operations, using hundreds of thousands of trafficked victims to perform the scams. While individual governments, particularly China, started cracking down on these operations, the report recommends coordinated international action to actually disrupt the practice.?
NCSC expands election cybersecurity
The UK’s National Cyber Security Centre launched the Personal Internet Protection service, designed to protect political candidates from cyber threats in the 2024 election cycle. This will see the NCSC offering customized personal device configurations to maximize security and notify users when trying to visit known malicious domains. The service will also monitor registered email addresses for appearances on illicit websites. The NCSC already offered a Protective Domain Name Service for organizations with this new program.??
Crypto mixer dev sentenced
A Dutch court sentenced one of the main creators and developers of the Tornado Cash cryptocurrency mixer, Alexey Pertsev to 64 months in prison. He was convicted on money laundering charges, helping the infamous mixer move over $2 billion worth of crypto assets. Dutch authorities claim Pertsev remained active in the project from July 2019 through August 2022. Pertsev claimed he formed Tornado Cash to provide privacy for users and had no way to prevent abuse. The US Department of Justice charged the other two founders of the mixer on money laundering charges last August.?
Turla Group looks to backdoor diplomatic missions
Researchers at ESET detailed how an unnamed European Ministry of Foreign Affairs saw three of its diplomatic missions in the Middle East targeted by two novel backdoors. ESET said it had medium confidence that the Russian-affiliated group Turla orchestrated the attack. The LunarWeb backdoor deployed on servers, while LunarMail targeted workstations as an Outlook add-in, communicating with C2 servers over email. LunarMail spreads through a spearphishing email with malicious Word doc attachments, while LunarWeb uses a compiled ASP.NET page to decode two embedded components in the attack chain. An analysis shows both used in targeted attacks since 2020.?