White House targeted, Google links spyware, Android app fake accounts
Elon Musk’s Starlink and White House targeted by Killnet hackers
Russian-backed Killnet claimed triple denial-of-service (DDoS) attacks against Elon Musk’s Starlink, the White House, and the Prince of Wales as punishment for their support of Ukraine against the Russian invasion. Killnet claimed it took down Starlink on Nov. 18, when customers complained on Reddit that they couldn’t log in to their accounts. Trustwave researchers found evidence to support the Russian-backed hackers’ claims in collaboration with other groups, including Anonymous Russian, Radis, and Halva. Killnet boasted it was able to run “30 minutes of a test attack” on the White House website on Nov. 17. The Prince of Wales’ site was attacked on Nov. 22, and warned that the NHS healthcare system would be next, with future threats on the London Stock Exchange and the British Army.?
Google links Windows exploit framework used to send spyware
Google has discovered an exploit framework that targets now-patched vulnerabilities in the Firefox and Chrome web browsers and Microsoft Defender security app to a Barcelona-based software company. Google’s Threat Analysis Group (TAG) focuses on protecting Google users from state-sponsored attacks as well as keeping track of companies that enable governments to spy on political opponents, journalists, and dissidents. TAG has found that the Spanish software firm is a commercial surveillance vendor whose exploitation framework consists of multiple components that target specific software security flaws. Google is actively tracking 30 vendors selling surveillance capabilities or with ties to government-sponsored threat groups or actors and continues to take action against the commercial spyware industry.
Malicious Android app creates fake accounts on multiple platforms
A malicious Android SMS app named Symoo was discovered on the Google Play Store to harvest text messages to create accounts on multiple platforms like Facebook, Google, and WhatsApp. The Symoo app had over 100,000 downloads and functioned as a relay for transmitting messages to an account-creating service server. The malware used the phone numbers associated with the infected devices to gather one-time passwords that are sent to users to verify new accounts. Services illegally signed up using the phone numbers include Google, Amazon, Facebook, Instagram, TikTok, and WhatsApp. Google has removed the app from the Play Store and banned the developer.
French electricity provider fined for storing users’ passwords
Electricity provider électricité de France was fined €600,000 by the French data protection watchdog on Tuesday for violating European Union General Data Protection Regulation (GDPR) requirements. The provider was found to have stored the passwords of 25,800 accounts by hashing them using the MD5 algorithm. MD5 is considered broken since December 2008 because of the risk of collision attacks. The watchdog authority found that the passwords of 2,414,254 customer accounts had only been hashed and not salted which exposed the account holders to cyber threats. EDF was also found to have failed to comply with GDPR data retention policies and for providing inaccurate information on data origin. The fines follow CNIL’s Discord fine of €800,000 for failing to enforce a strong password policy and to respect data retention periods for inactive accounts.
领英推荐
Thanks to this week’s episode sponsor, Automox
Businesses found to increase cybersecurity spend without clear strategy
According to a recent Fastly research study, most businesses surveyed were willing to spend more than their current cybersecurity budget. While 71% of businesses were confident in their current budgets, 73% wanted them to increase. In the US, 85% of IT leaders felt their current budget was inadequate and 79% wanted it to increase. Although increasing the budget may not be the solution, many businesses surveyed felt they experienced information overload and were blindly putting faith in the latest technology. Fastly also found that 39% of current cybersecurity tools were not fully deployed and active, and only 42% of those that are fully operational overlap.
Australian bill passes to fine companies $50 million for data breaches
The Australian government has markedly increased their penalty fines from AU$ 2.22 million to AU$ 50 million after a new bill was passed to combat repeat offenders of serious data breaches. Companies are fined 30% of their adjusted turnover or three times the value of any benefit received through misuse of information. The new bill comes after major breaches at Optus and Medibank that resulted in the leak of the personal data of 12 million customers combined. The Privacy Legislation Amendment Bill bestows more powers on the Australian Information Commissioner and modernizes outdated existing safeguards. Commissioner Angelene Falk said, “new information-sharing powers will facilitate engagement with domestic regulators and our international counterparts to help us perform our regulatory role efficiently and effectively.”
Android and iOS apps extort and harass borrowers
More than 280 Android and iOS apps on the Google Play and Apple app stores have trapped borrowers in vicious loan schemes with misleading terms while using various methods of extortion and harassment. The apps stole data from mobile phones that are not required to offer loans. Once the predatory loan apps are installed it requests access to sensitive data and uploads it to their own servers, which it then uses as ransom. Cybersecurity firm Lookout produced a recent report where researchers uncovered 251 Android 35 iOS lending apps that were downloaded 15 million times, specifically in developing countries like India, Thailand, Mexico, and the Philippines, where fraud is less likely prosecuted. Google and Apple removed all of the apps after Lookout reported their findings.?
Small biz IaaS users see an increase in attacks
In the latest Sophos report, SMBs were found to be increasingly exposed to attacks via their cloud infrastructure. Over half surveyed experienced an increase in the volume and complexity of attacks. The security vendor Sophos surveyed 4984 IT professionals across 31 countries whose business use Infrastructure as a Service (IaaS). Of those surveyed, 53% experienced an increased impact from the attacks they received over the last year, while 67% reported they were hit by ransomware. With the public cloud service market set to grow to $600bn next year, Sophos’ report indicates that SMBs must prioritize security and implement best practices with updated technology to combat future threats.?