Stolen crypto used to fund North Korean missile program
A UN report found that North Korean cyberattacks stole over $50 million worth of digital assets between 2020 and mid-2021, providing an important revenue source for the regime’s nuclear and ballistic missile program. These attacks targeted three crypto exchanges across North America, Asia, and Europe. This actually dwarfs a figure published by the security company Chainalysis in January, which estimated that North Korea netted as much as $400 million in digital assets in 2021. This isn’t a new strategy for North Korea either, with a 2019 UN report finding the state had amassed at least $2 billion for its weapons’ programs using cyberattacks over the years.
(BBC)
Microsoft disables protocol used by malware
The Redmond company announced it temporarily disabled the ms-appinstaller protocol for the MSIX packaging format, saying it was being abused by Emotet and other malware. Microsoft patched. The ms-appinstaller protocol allows for installing apps by clicking on a link without downloading a full package. Threat actors have been actively exploiting a glass in the AppX installer to send malicious links in phishing messages. Disabling the protocol means apps cannot be directly installed from a web server. Microsoft plans to reintrocuce the protocol as a Group Policy that IT admins could opt into in order to control its usage within organizations.
Meta may pull out of the EU
n Meta’s annual report to the Securities and Exchange Commission, Meta emphasized the need for a new data framework to transfer data from EU users to the US, saying “complex and evolving US and foreign laws” could harm it’s business. The European Court of Jusice invalidated the US-EU Privacy Shield framework in 2020. While Facebook currently uses Standard Contractual Clauses for data transfers, these have been challenged in court and await a decision by Ireland’s data protection commission to see if they meet GDPR muster. IIf a new framework is not adopted and SCC’s are successfully challenged in the EU, Meta says, “we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe.”
(Thurrott)
Israel investigating domestic use of NSO Group spyware
The Israeli government announced it will form a committee to investigate reports from Calcalist that domestic law enforcement agencies used NSO Group’s Pegasus spyware in the country without a court order, including a prosecution witness in former Prime Minister Benjamin Netanyahu’s corruption trial. Police officials initially denied use of the tool, but later ordered an investigation citing “additional findings.” NSO maintains that it carefully controls access to hacking tools like Pegasus for use by intelligence agencies by a vetted group of select countries, although has never disclosed its actual customers.
Thanks to our episode sponsor, Datadog
To learn more about how Datadog Security Monitoring can solve cloud complexity challenges with a unified platform, download the product brief at datadoghq.com/ciso/
FCC delivers new network equipment swap bill to Congress
FCC chairwoman Jessica Rosenworcel informed Congress that network service providers applied for $5.6 billion of reimbursements for “ripping and replacing” equipment deemed insecure by the US government, mostly to replace network equipment from ZTE and Huawei. Much of this impacts small and rural ISPs, who selected Huawei and ZTE equipment because it was price competitive. In September 2020, the FCC estimated the effort would cost $1.8 billion, and Congress allotted $1.9 billion as part of the Supply Chain Reimbursement Program.
TargetCompany ransomware decryptor released
The antivirus firm Avast released the decryption utility, providing a free path to potentially regain access to files for victims of the ransomware. However Avast warned that it can only be used to restore encrypted files “under certain conditions.” The company warns the process will be extremely resource intensive, maxing out processor core for up to tens of hours. The decryptor works by cracking the password after comparing an encrypted file with its original unencrypted version. The utility can also backup encrypted files, which Avast recommends in case anything goes wrong during the decryption process. TargetCompany ransomware has been active since mid-June 2021, with activity peaking in December.
Google expands VM threat detection
Google Cloud added to its Security COmmand Center, offering Virtual Machine Threat Detection in public preview. At launch this is limited to scanning for cryptominers, using agentless memory scanning from the hypervisor to look for signals of compromise without impacting performance of the VMs. Google plans to add additional capabilities over time, and potentially integrate it with other Google Cloud security tools. A recent Google Cybersecurity Action Team Threat Horizons Report found that 86% of compromised cloud instances were used to mine cryptocurrency.
Australian court tells Meta it’s all about the cookies
The Office of the Australian Information Commissioner filed a lawsuit against Meta in September 2020 (then known as Facebook), for breaching the privacy of over 300,000 Australians as part of the data harvested by Cambridge Analytica without their consent. This data was gathered based on just 53 Australians installing Cambridge Analytica’s personality test app used for the collection. Meta attempted to have the case thrown out, saying it not carry out business or collect or hold personal information in Australia, and therefore cannot be sued under Australia’s privacy laws. Australia’s federal court threw out the argument, saying parts of it were “divorced from reality” and arguing that installing cookies on user devices in Australia showed it was carrying out business in the country.