Ukraine points fingers in recent cyber attacks
Late last week, we covered that Ukraine was hit with a cyberattack that knocked dozens of government websites offline. According to a statement from the Ukrainian digital transformation ministry, “[a]ll the evidence points to Russia being behind the cyber-attack,” but reiterated that the personal information of Ukrainian citizens was not accessed in the attack. Russia denies the allegations.
Yesterday we also covered disclosure from Microsoft about a ransomware-like malware active in Ukraine, that lacked a ransom recovery system to effectively just brick impacted machines. According to Ukraine’s deputy secretary of national security and defense council, this attack is attributed to the threat group known as Ghostwriter, which “is a cyber-espionage group affiliated with the special services of the Republic of Belarus.” The deputy secretary noted however that the group was using tools and methods similar to those used by Russia’s SVR spy agency.
Another dark web marketplace calls it quits
The dark web market UniCC has been in operation since 2013 and is one of the largest marketplaces for stolen credit card information. The operators of UniCC announced plans to shut down, giving users 10 days to spend remaining balances. This comes almost exactly a year after the leading dark web market for credit card info, Joker’s Stash, announced a similar shut down. Last year also saw the voluntary closures of other major dark web markets, like White House Market, Cannazon, and Torrez. While a large market in credit card information sales with over $100 million in 2021, this still represents only 7.5% of the estimated $1.4 billion market.
Renewable energy targeted for cyber espionage
Security researcher William Thomas recently discovered a large-scale cyber espionage campaign targeting the renewable energy industry, active since at least 2019 and targeting over fifteen organizations. Large companies like Schneider Electric, Honeywell, Huawei and HiSilicon were hit, as well as several universities. This campaign used a custom “Mail Box” toolkit to deploy a phishing package, paired with compromised websites used to host phishing pages. The campaign appears to focus on collecting user logins. Activity indicates the Russian-linked APT FancyBear could be behind the campaign.
Android gets 2G kill switch
The Electronic Frontier Foundation spotted a new Android 12 option that lets users disable 2G connections to avoid privacy and security problems exploited by cell-site simulators. Also known as “stingrays” or IMSI Catchers, the devices can impersonate a cell tower, making cell phones in their range to connect to them and intercept personal data use and information. A setting in the OS lets users enable using 2G networks, but by default in Android 12 2G is off. When attempting to dial emergency services, the phone will automatically attempt to use 2G signals if available.
Thanks to our episode sponsor, Datadog
Accellion reaches settlement on major data breach
In December 2020, Accellion users experienced data breaches, which targeted flaws in the company’s file transfer appliance, or FTA. The company offered FTA for secure file sharing for over two decades, although had largely phased it out in favor of a new file transfer solution called Kiteworks. A class action lawsuit alleged the company failed to maintain proper data security practices. The settlement will see Accellion pay $8.1 million, although it accepts no liability and denies all the allegations.
DHL now the phishing king
According to data gathered by the threat intelligence firm Check Point, DHL was the most imitated brand in phishing campaigns in Q4 2021, which saw the brand used in schemes around Black Friday, Cyber Monday, and other holiday shopping. DHL was used in 23% of all phishing attacks globally, displacing Microsoft from the top spot, who was still used in 20% of phishing messages. WhatsApp, Google, and LinkedIn rounded out the top five most impersonated brands.
Intel deprecates SGX, breaks Blu-ray support
A data sheet released by Intel shows that the company deprecated support for its Software Guard Extensions, or SGX, on 11th and 12th-gen series CPUs. SGX was introduced with Skylake processors, and provided a secure container to protect confidentiality of data, meant to support secure computing, browsing, and DRM. Deprecating SGX means that 4K UHD Blu-rays are no longer supported on Intel processors. This only applies to DRM-protected content, 4K without DRM is otherwise perfectly playable on the processors.
Walmart might be working on a cryptocurrency
The US retail giant filed several new trademarks last month, indicating it intends to sell virtual goods. A separate filing with the US Patent and Trademark Office indicates the company plans to offer a digital currency as well as “a digital token of value for use by members of an online community,” aka NFTs. The filings don’t get into any specifics on the technical backend used for the currency. While not commenting on the specific filings, Walmart said it is “continuously exploring how emerging technologies may shape future shopping experiences.”
(Fast Company)