White House hacked, Google links spyware, fake accounts for Android apps
Elon Musk’s Starlink and the White House are targeted by Killnet hackers
Russian-backed Killnet claimed triple denial-of-service (DDoS) attacks against Elon Musk’s Starlink, the White House and the Prince of Wales as punishment for their support of Ukraine against the Russian invasion. Killnet claimed it took down Starlink on November 18, when customers complained on Reddit that they couldn’t log into their accounts. Trustwave researchers found evidence to support the Russian-backed hackers’ claims in collaboration with other groups, including Anonymous Russian, Radis and Halva. Killnet boasted that it was able to run “30 minutes of a test attack” on the White House website on November 17. The Prince of Wales’ website was attacked on November 22, warning that the NHS health system would be next, with future threats to the London Stock Exchange and the British Army.
Google links to the Windows exploit framework used to send spyware
Google has discovered an exploit framework that targets now-patched vulnerabilities in the Firefox and Chrome browsers and the Microsoft Defender security app of a Barcelona-based software company. Google’s Threat Analysis Group (TAG) focuses on protecting Google users from state-sponsored attacks, as well as keeping tabs on companies that enable governments to spy on political opponents, journalists and dissidents. TAG has found that the Spanish software firm is a commercial surveillance vendor whose exploit framework consists of several components that target specific software security flaws. Google is actively tracking 30 vendors that sell surveillance capabilities or have ties to government-sponsored threat groups or actors, and continues to take action against the commercial spyware industry.
Malicious Android app creates fake accounts on multiple platforms
A malicious Android SMS app called Symoo was spotted in the Google Play Store to retrieve text messages to create accounts on multiple platforms such as Facebook, Google and WhatsApp. The Symoo app had over 100,000 downloads and acted as a relay to send messages to an account creation service server. The malware used the phone numbers associated with the infected devices to collect one-time passwords sent to users to verify new accounts. Services illegally registered with the phone numbers include Google, Amazon, Facebook, Instagram, TikTok and WhatsApp. Google has removed the app from the Play Store and banned the developer.
(The Hacker News)
French electricity supplier fined for storing users’ passwords
Electricity supplier Électricité de France was fined €600,000 on Tuesday by the French data protection watchdog for breaching the EU’s General Data Protection Regulation (GDPR). The provider was found to have stored the passwords of 25,800 accounts by hashing them using the MD5 algorithm. MD5 is considered broken since December 2008 due to the risk of collision attacks. The watchdog authority found that the passwords to 2,414,254 customer accounts were only hashed and not salted, exposing the account owners to cyber threats. EDF was also found to have failed to comply with GDPR guidelines for data storage and to have provided inaccurate information on data origin. The fines follow CNIL’s €800,000 Discord fine for not enforcing a strong password policy and for respecting data retention periods for inactive accounts.
(The Hacker News)
Thanks to this week’s episode sponsor, Automox
Companies have found themselves increasing the cost of cyber security without a clear strategy
According to a recent Fastly research study, most companies surveyed were willing to spend more than their current cybersecurity budget. While 71% of businesses were confident in their current budgets, 73% wanted them to increase. In the US, 85% of IT managers felt their current budget was insufficient, and 79% wanted it increased. While increasing the budget may not be the answer, many companies in the survey felt they were experiencing information overload and blindly relying on the latest technology. Fastly also found that 39% of today’s cybersecurity tools were not fully deployed and active, and only 42% of those that are fully operational overlap.
The Australian bill transfers to companies fined $50 million for data breaches
The Australian government has significantly increased its fines from AU$2.22 million to AU$50 million after a new bill was passed to combat repeat offenders of serious data breaches. Companies are fined 30% of their adjusted turnover or three times the value of any benefit received through misuse of information. The new bill comes after major breaches at Optus and Medibank which resulted in the leakage of the personal data of a total of 12 million customers. The Privacy Act Amendment Bill gives the Australian Information Commissioner more powers and modernizes outdated existing safeguards. Commissioner Angelene Falk said: “New information sharing powers will facilitate engagement with national regulators and our international counterparts to help us carry out our regulatory role effectively.”
(The Hacker News)
Android and iOS apps push and harass borrowers
More than 280 Android and iOS apps in the Google Play and Apple app stores have ensnared borrowers in malicious loan schemes with deceptive terms while using various methods of extortion and harassment. The apps stole data from mobile phones that are not required to offer loans. Once the predatory apps are installed, it requests access to sensitive data and uploads it to their own servers, which it then uses as ransom. Cyber security firm Lookout produced a recent report in which researchers uncovered 251 Android 35 iOS lending apps that were downloaded 15 million times, particularly in developing countries such as India, Thailand, Mexico and the Philippines, where fraud is less likely to be prosecuted. Google and Apple removed all the apps after Lookout reported their findings.
Small biz IaaS users are seeing an increase in attacks
In the latest Sophos report, SMBs were increasingly exposed to attacks via their cloud infrastructure. Over half of those surveyed experienced an increase in the volume and complexity of attacks. Security provider Sophos surveyed 4,984 IT professionals in 31 countries whose businesses use Infrastructure as a Service (IaaS). Of those surveyed, 53% experienced an increased impact from the attacks they received in the past year, while 67% reported being hit by ransomware. With the public cloud services market set to grow to $600 billion next year, Sophos’ report indicates that SMBs must prioritize security and implement best practices with up-to-date technology to combat future threats.