This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Thom Langford, CISO, Velonetic, also host of the Host Unknown podcast.
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
The week LockBit got bitten
Monday’s takedown of LockBit led by the FBI and the UK’s National Crime Agency along with other partners has been the story of the week. We covered the takedown news on Tuesday, the seizure of key assets and arrests of affiliates on Wednesday, and yesterday we highlighted the fact that the gang did not delete stolen data even after having been paid, and that the U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates. It now also appears that its developers were secretly building a new version of their file encrypting malware, called LockBit-NG-Dev but probably to be eventually named LockBit 4.0. This latest version was written in .NET rather than C, supported three encryption modes, provided randomization of file naming to complicate restoration effort, and had a self-delete mechanism. A link to a technical analysis of LockBit 4.0, prepared by Trend Micro is available in the show notes to this episode.
(Bleeping Computer and Trend Micro)
Air Canada must honor refund invented by its chatbot, says court
This case deals with a passenger who booked a flight last year to attend the funeral of his grandmother. He asked the airline’s chatbot for its bereavement policy, which allows a discount for such quickly booked flights. The bot provided information that did not agree with the airline’s main bereavement policy page. When Air Canada refused to honor what the bot had promised, the passenger took his case to a small claims tribunal. Air Canada’s defense was that it should not be liable for the chatbot’s misleading information because it is “a separate legal entity that is responsible for its own actions.” The tribunal disagreed. Air Canada later stated that the AI-powered bot was intended chiefly to assist during periods of peak demand, helping customers confirm their flights. “Experts told the Vancouver Sun newspaper that Air Canada may have succeeded in avoiding liability in this case if its chatbot had warned customers that the information that the chatbot provided may not be accurate.”
Will ransomware payments be used to aid Ukraine?
An agreement between Estonia and the US, signed last week at the Munich Security Conference, appears to be paving the way for seized ransomware payments to be assigned to assist Ukraine in its defense efforts. The signed agreement was not related to ransomware but represented $500,000 in funds confiscated from Russia after it was caught attempting to smuggle a high precision weapons making tool via Estonia. As part of the Justice Department’s special task force called KleptoCapture, the idea is being floated that “proceeds from ransomware attacks could be included in the basket of offenses that allow them to garnish the funds and send them to Ukraine.”
Thanks to today’s episode sponsor, Conveyor
Two Israeli aircraft hijacked via cyber attack
According to the Jerusalem Post, two passenger aircraft flying from Thailand to Israel fell victim to cyber hijacking. The two EL AL flights were temporarily diverted from their original course when hijackers briefly gained control of the aircraft communication service. Fortunately, the pilots worked with international air traffic officials to regain control and safely reached their destination with only a minor delay. Some aircraft are equipped with two-way, multi-mode, communication systems which enable pilots to switch between communication channels if anomalies are detected. The incident occurred in airspace controlled by an Iran-backed militant group (Houthis).
VoltSchemer attack exposes flaws in wireless chargers
Blowing up key fobs and manipulating a smartphone’s voice assistant with a wireless charger—a sentence I never imagined piecing together, but researchers at the University of Florida and CertiK say it’s possible. The researchers say they’ve discovered a new set of attacks called “VoltSchemer” that can inject voice commands to manipulate a smartphone’s voice assistant through the magnetic field emitted by an off-the-shelf wireless charger, according to Bleeping Computer. The research shows that the attack uses electromagnetic interference to manipulate the charger’s behavior, which can heat a device close to the charge to over 536 degrees Fahrenheit (280°C). For perspective, those temperatures are high enough to cause the battery of a car key fob to explode (we know this because researchers actually tested it). Researchers say the purpose of the experiment was to highlight security gaps to vendors to remove the risk of a VoltSchemer attack.