Weekly Cybersecurity News
Ayushman Singh
Community Manager
We share this week’s important news of current events in the world of cybersecurity that directly or indirectly impact our lives as well as operations of businesses, various institutions and organizations, and governments-nation states in this highly digitalized and interconnected world.
U.S. sanctions Predator spyware operators for spying on Americans:The United States has imposed sanctions on two individuals and five entities associated with the Intellexa Consortium for their involvement in developing, operating, and distributing the commercial spyware technology known as Predator. The sanctions target Intellexa Consortium’s Israeli founder, Tal Jonathan Dilian, and Polish corporate specialist, Sara Aleksandra Fayssal Hamou. The designated companies, operating in North Macedonia, Hungary, Ireland, Greece, and the United Kingdom, were involved in the distribution of Intellexa’s commercial spyware technologies, particularly the ‘Predator’ product. The sanctions freeze U.S.-based assets linked to the designated individuals and entities, with violators facing significant legal and financial consequences. The move underscores the U.S. government’s commitment to countering the misuse of spyware technology and serves as a deterrent to organizations in U.S.-allied countries from engaging with sanctioned entities.
Stolen passwords are a hacker goldmine now:Hackers are increasingly relying on stolen user accounts, including passwords and authentic browser session tokens, instead of malware to infiltrate major companies. This shift allows hackers to better conceal their activities, making it harder for traditional cyber monitoring tools to detect unauthorized access. Recent reports from CrowdStrike and IBM highlight the growing trend of cybercriminals using legitimate login credentials obtained from dark-net markets. IBM’s incident response team observed a 71% increase in attacks relying on valid login credentials in 2023 compared to 2022. Additionally, the number of advertisements from access brokers, selling passwords and session tokens, rose nearly 20% in 2023. The increased dependence on stolen account sessions and passwords was a key factor in high-profile attacks in 2023, affecting companies like Microsoft and 23andMe. Both government hacking teams and financially motivated cybercriminals are utilizing login credentials and session tokens, with incidents ranging from ransomware attacks to phishing campaigns targeting multifactor authentication tokens. The reliance on login credentials has led to a surge in cloud intrusions, prompting experts to recommend the implementation of a zero-trust security framework within companies.
Researchers create AI worms that can spread from one system to another:Researchers have created generative AI worms, including one called Morris II, which can spread from one system to another, posing a potential security risk. The AI worms, demonstrated in a controlled environment, were designed to exploit generative AI email assistants, like ChatGPT and Gemini, by stealing data and sending spam messages. The worms used adversarial self-replicating prompts, triggering the AI models to output further instructions in their replies. The research highlights the risks associated with connected, autonomous AI ecosystems and suggests that generative AI worms could become a new type of cyberattack. The researchers reported their findings to OpenAI and Google.
The FBI’s new tactic: Catching suspects with push alerts:The FBI is using push alerts, the pop-up notifications on phones, as a surveillance technique to catch suspects involved in criminal activities, such as kidnappings and child exploitation. By obtaining a small string of code known as a “push token” from companies like TeleGuard, an encrypted messaging app, the FBI can identify users through their push alerts, stored on Apple and Google servers. Privacy advocates express concerns that this technique could be misused to surveil individuals, particularly at a time when police use cellphone data for investigations related to state abortion bans. The data from push tokens has become valuable evidence for federal investigators in cases involving child sexual abuse material, kidnappings, and other criminal charges.
Spyware maker NSO Group ordered to turn over Pegasus code in WhatsApp case:A California federal judge has ordered NSO Group, the spyware maker, to turn over its Pegasus code as part of discovery in a lawsuit filed by WhatsApp. The judge directed NSO Group to produce its code related to spyware from the year leading up to the alleged victimization of WhatsApp users in 2019 through May 2020. WhatsApp alleges that NSO Group exploited an audio calling vulnerability in its system to attach Pegasus spyware to targeted phones. While NSO Group argued for modified discovery requirements, the judge dismissed the claim, stating that defendants must produce information concerning the full functionality of the relevant spyware. The case could have significant repercussions for NSO Group, known for Pegasus spyware, which has been used globally for surveillance purposes.
Google is silently blocking RCS on rooted Android phones and custom ROMs:Google is reportedly blocking RCS (Rich Communication Services) messaging on rooted Android phones and devices with custom ROMs. Users have reported that RCS messages are not being sent, even though the Google Messages app shows them as connected. Google is implementing Play Integrity API attestation checks on the Google Messages app, which checks the integrity of the Android device. If a device is tampered with, such as having its bootloader unlocked or being rooted, the API throws up an error, preventing certain apps from working. Google cites the need to prevent spam and abuse as the reason behind blocking RCS on modified devices.
95% believe LLMs making phishing detection more challenging:LastPass’s survey reveals that over 95% of IT professionals find social engineering attacks, especially phishing, more sophisticated due to advances in generative AI. Concerns include the use of dynamic content by Large Language Models, making phishing detection challenging. Phishing remains the top threat, with 81% reporting increased attacks. Passkeys adoption is seen as a key defense, with 96% planning to adopt them to mitigate social engineering risks. The elimination of passwords is considered crucial for countering evolving attacks, emphasizing the need for adaptable security practices.
Researchers spot new infrastructure likely used for Predator spyware:Cybersecurity researchers at Recorded Future’s Insikt Group have identified new infrastructure likely used by the Predator spyware in 11 countries. The spyware, developed by Intellexa, is highly invasive, targeting Android and iPhone devices. The analysis reveals potential Predator customers in Botswana and the Philippines. The delivery network involves servers spoofing legitimate entities, making attribution challenging. Predator, misused for targeting civil society, poses privacy and safety risks.
Scammers are using fake news, malicious links to target you in an emotional Facebook phishing trap:A new Facebook phishing scam preys on emotions by hacking into users’ accounts and posting fake messages, such as “I can’t believe he’s gone,” accompanied by harmful links. The scam aims to trick users into clicking on these links, compromising their security and privacy. The deceptive posts, seemingly from friends or relatives mourning a loss, contain links to supposed news articles or videos that lead to fake web pages requesting users to log in to Facebook. Falling for the scam allows scammers to obtain users’ Facebook passwords. The use of hacked accounts makes these phishing attempts appear more genuine and increases the likelihood of victims clicking on the links. Recommendations to protect against such scams include avoiding clicking on suspicious links, confirming with friends if in doubt, and employing good antivirus software on all devices.
Apple, Okta and others help human rights groups fight spyware:Several human rights organizations, receiving funding from the Ford Foundation’s Dignity and Justice Fund, are actively working to counter mercenary spyware vendors. The grantees, often at the forefront of exposing clandestine dealings between spyware vendors and governments engaged in surveilling journalists, dissidents, and politicians, have received over $4 million for their initiatives. The grants focus on international advocacy, litigation, investigations, research, and efforts to establish regulations limiting governments’ use of spyware, particularly in the global south. Corporate donations from entities such as Apple, Okta, Craig Newmark Philanthropies, and Open Society Foundations contribute to the spyware grant program, with Apple initiating a $10 million donation in 2021. Recipients include Citizen Lab, Access Now, Amnesty Tech, Data Privacy Brasil, Digital Rights Foundation, and SocialTIC. Some organizations prefer anonymity to avoid potential attacks. The Dignity and Justice Fund’s Spyware Accountability Initiative, backed by corporate contributions, is set to run for at least the next five years.
WhatsApp and Messenger Get Interoperable End-to-End Encryption:Meta, the parent company of WhatsApp and Messenger, has introduced significant updates to both messaging platforms to align with the European Union’s Digital Markets Act (DMA), effective March 7, 2024. The updates aim to ensure compliance with DMA regulations, making WhatsApp and Messenger interoperable with third-party messaging services while maintaining end-to-end encryption (E2EE) in all circumstances. DMA requires large online platforms, deemed “gatekeepers,” to enable interoperability with eligible third-party services, fostering fair competition and innovation. Meta utilizes the Signal protocol for E2EE, and the updates are designed to accommodate third-party messaging platforms transparently, prioritizing user data security and privacy. However, Meta acknowledges potential imperfections, emphasizing that the overall privacy and security depend on third-party services adhering to high standards.
Apple on EU iOS changes: Has done its best but DMA makes users less safe:Apple is preparing to release iOS 17.4 with significant updates for users in the European Union (EU) to comply with the Digital Markets Act (DMA). The DMA mandates changes, including opening iOS to third-party app stores, implementing a new commission structure, allowing third-party default web browsers, and more. In anticipation of these changes, Apple has shared a comprehensive 60-page whitepaper detailing the adjustments and its commitment to protecting user security and privacy in the EU. Apple emphasizes its efforts to make products enriching users’ lives globally while highlighting that, due to DMA requirements, the EU user experience will be secure, privacy-protecting, and safe but not to the same degree as the rest of the world.
Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online:A recent discovery by security researcher Anurag Sen has revealed an unsecured database on the internet, exposing millions of two-factor authentication (2FA) codes. The vulnerable database, belonging to Asian company YX International, was left unprotected without a password, potentially allowing anyone with the database’s IP address to access it. YX International, a provider of SMS text message routing services, secured the database after being notified. The exposed information included 2FA codes and password reset links for major platforms like Google, WhatsApp, Facebook, and TikTok. While the exposed 2FA codes may not pose an immediate threat due to their short validity periods, experts emphasize the need for stronger authentication methods beyond SMS.
Americans lost a record $12.5 billion to online fraud last year:The FBI’s annual Internet Crime Report reveals a substantial surge in online fraud, with Americans losing a record-breaking $12.5 billion in 2023. The report, based on data from the FBI’s Internet Crime Complaint Center (IC3), shows a 22% increase compared to the previous year, with over 880,000 reported complaints. Investment fraud, especially in cryptocurrency, witnessed the most significant losses, reaching $4.57 billion, representing a 38% surge. Business email compromise (BEC) scams were the second most damaging, resulting in $2.9 billion in losses. The report highlights the increasing use of custodial accounts and stresses the importance of two-factor or multi-factor authentication. Ransomware incidents also saw a rise, with adjusted losses soaring by 74% to nearly $60 million. Despite the alarming trends, the IC3’s Recovery Asset Team (RAT) managed to freeze over $538.39 million and recover more than 70% of funds in various cases.
Relevant tags:
Published on Medium