Russian secret police exposed in data leak
A leak of data on 58,000 users of the Russian food delivery service Yandex Food contained delivery addresses, phone numbers, and names for individuals believed to be associated with Russia’s secret police. Yandex first revealed the leak on March 1st, citing “dishonest actions” by an insider. Researchers at Bellingcat were able to use this trove of information to uncover names of Federal Security Service and Main Intelligence Directorate agents, eventually able to find vehicle registration information on the latter. The leaked data also contained delivery instructions, providing information on the types of facilities and security at different state-owned locations.
MailChimp hit with breach
We reported yesterday on Trezor wallet owners receiving phishing emails. Now we know the actors obtain those emails. Over the weekend the email marketing firm disclosed that hackers gained access to internal customer support and management tools through social engineering, obtaining personal information that was subsequently used in phishing attacks. Overall 319 accounts were accessed with audience data exported. API keys were also obtained for an unknown number of users, which have since been disabled. Customers in the cryptocurrency and finance sectors were targeted.
The Bureau of Cyberspace and Digital Policy goes live
The US State Department announced the cyberspace and digital policy bureau, which amalgamates three existing teams to “address the national security challenges, economic opportunities and implications for U.S. values associated with cyberspace, digital technologies and digital policy.” The bureau will be headed by a Senate-confirmed ambassador, and includes three units: International Cyberspace Security, International Information and Communications Policy, and Digital Freedom. This marks a reemergence of the State Department’s cyber mission, which was demoted back in 2017 by former Secretary of State Rex Tillerson.
DoD could see rollback of cyber authority
Back in 2018, the National Security Presidential Memorandum-13 became policy. While classified, in 2020 it was described by DOD general counsel as allowing the delegation of “well-defined authorities to the Secretary of Defense to conduct time-sensitive military operations in cyberspace,” without explicit White House approval. CyberScoop’s sources say that the White House launched an “interagency review process” for revisions on this memorandum in order to “regularize cyber operations.” Some have argued that the memorandum gave DoD the agility to continuously engage with cyber threats. Others point out the White House must control decisions to launch cyber initiatives to coordinate with other agencies’ strategic imperatives.
Thanks to our episode sponsor, Code42
Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme.
Russians increasing turning to Western news
Cloudflare published data showing that people inside Russia are increasingly circumventing domestic blocking to get news from Western sources. Russia has blocked direct access to Western media and social networks, but has not isolated the country from the global internet. In March the most downloaded mobile apps in Russia include VPN tools, the secure messaging app Telegram, and Cloudflare’s DNS resolver WARP. By looking at WARP data, Cloudflare saw a precipitous rise in Russia-based use, with most DNS lookups involving large French, British, and U.S.-based newspapers.
Report claims China launched cyber attack against Ukraine
These claims are based on intelligence memos obtain by the Times of London, and state that China launched the attack against military and nuclear targets shortly before the Russian invasion, subjecting over 600 sites to hacking attempts. The UK government confirmed that its National Cyber Security Centre is investigating the allegations. The Ukrainian security serviced denied that it supplied any information to security partners on the alleged attacks, explicitly denying it had nothing to do with the findings of the Times. Some security researchers note that this falls into relatively routine Chinese tactics of scanning for vulnerabilities in infrastructure, and would not constitute support for Russia’s invasion.
Q1 crypto losses up 695%
According to a new report from the firm Immunefi, there has been a lost of about $1.23 billion across the web3 ecosystem in Q1, up almost 700% compared to the $154.6 million lost in Q1 2021. This was headlines by the recent hack of Axie Infinity’s Ronin Network for $625 million, but the quarter also saw massive losses from bridges to Solana as well as exploiting a flaw in Qubit’s QBridge protocol. As of April 4, there is roughly $230 billion in total value locked across various DeFi protocols.
Cadbury scam is anything but sweet
Users on Facebook and WhatsApp report a new scam attempting to lure users with a promise of a free easter basket of Cadbury Eggs. Cadbury confirmed its aware of the scam and is taking action to resolve the issue. Clicking on the link to claim your free basket takes you to a page where you’re asked to share personal information. It does not appear that the page installs any malware directly, but it’s probably not a good idea to share anything you don’t have to with people operating a scam.