Ukraine’s IT army hit with malware
We previously reported on this show that a volunteer army of Ukranian actors have employed DDoS tools against Russian targets. Cisco Talos reports that cyber criminals are looking to exploit the sudden rash of people interested in performing DDoS attacks, hosting DDoS tool that are laden with malware. These are often hosted on Ukranian Telegram channels. These are being spread posing as legitimate, or at least safe to use, DDoS tools like Liberator, which is being spoofed by threat actors against Ukranians. Once infected, the malware dumps credentials and other crypto-related information back to C2 servers. Some security vendors warn there are very little ways to distinguish safe from malicious DDoS tools.
Mobile endpoints see a lot of malicious apps
A new report by the security firm Zimperium found that in 2021 25% of mobile endpoints have encountered a malicious app. The report also found a 466% increase in exploited zero-day vulnerabilities on mobile endpoints in the year, with iOS devices accounting for 60% of victims. With phishing on the rise, it’s unsurprising that 75% of phishing websites seen in the study were specifically targeting mobile devices.. Overall 42% of enterprises reported either mobile devices or web apps led to security incidents in 2021.
AMD vulnerable to Spectre v2
Last week we covered the new Spectre V2 vulnerabilities that were able to get around speculative execution mitigations through branch history injections. While AMD released a security advisory on it, it believed it was not impacted. However researchers at Intel demonstrated that AMD’s mitigations were still vulnerable to these attacks. Phoronix investigated AMD’s existing mitigations and found that they resulted in performance drops of up to 54% in some tests. AMD issued new recommendations as a result of Intel’s findings, with Linux users able to choose mitigations against Spectre v2 at boot time.
Instagram banned in Russia
After threatening to do so, Russia’s communication regulator Roskomnadzor banned Instagram on March 14th in response to Meta temporarily relaxing community standards around violent speech in Ukraine, Poland and Russia. It’s unclear if Russian users are able to access the service through locally available VPNs. According to internal Meta documents seen by Reuters, Meta’s global affairs president Nick Clegg said the company was narrowing this policy to make it clear this does not allow calling for violence against Russians in general or calling for the death of a head of state.
Thanks to our episode sponsor, Varonis
WeChat faces big fine in China
The Wall Street Journal’s sources say Tencent’s WeChat could face a potential record fine in China for violating China’s anti-money laundering rules. China requires online payment platforms to verify the identities of users and merchants, as well as the source of funds for transactions. The breaches in rules were discovered during a routine inspection by authorities in late 2021. Authorities haven’t finalized the size of the fine, but it’s expected to be at least hundreds of millions of yuan. Last year the Chinese government announced that non-bank payment systems must meet the same anti-money laundering requirements as standard banks.
(WSJ)
Clearview AI used in Ukraine
Clearview AI CEO Hoan Ton-That informed Reuters that it offered its facial recognition services for free to Ukraine’s defense ministry over the weekend. The company claims it has over 2 billion images scraped from the social media service VKontakte. Clearview said it does not provide similar services to Russia. Ton-That says the system could be used to vet people of interest at checkpoints, identify the dead, or reunite families, although he said he doesn’t know how the Ukrainian government is actually using it.
(Reuters)
Denso hit with ransomware
The global automotive component supplier confirmed a cyberattack impacted its German operations. The company had previously disclosed “illegal access” to its network last week. The ransomware group Pandora claimed responsibility for the attack, claiming it obtained 1.4TB of data in the attack. Pandora’s leak site shows the stolen data includes purchase orders, technical information, and sales files. Denso said that the attack did not impact its other global facilities and that it did not impact its manufacturing.
(ZDNet)
Biden set to sign bill with cyber disclosure provision
Last week both the US House and Senate passed a bill which includes a provision that critical infrastructure operators must report cyberattacks within 72 hours. It now goes to President Biden’s desk to sign into law. Disclosure would be required for “substantial” cybersecurity incidents. Any ransomware payment would also have to be disclosed within 24 hours. The law also gives CISA the authority to subpoena for failure to disclose within those timelines.