Security News – August 2022

Read our roundup of cybersecurity news from August 2022. Each month, we’ll bring you security cases and interesting insights to help you stay secure. 

Investigations

The usage of digital forensics on mobile phones helped to arrest members of an aggressive organized group specializing in car theft. 

A former Twitter employee has been legally convicted as a foreign agent for monitoring more than 6,000 Twitter accounts for the benefit of Saudi Arabia.

Austria is investigating the company behind the spyware Subzero, which is used to illegally eavesdrop on law firms, banks and strategic consultants, particularly in Austria, the UK and Panama.

Vulnerabilities

Microsoft is blocking UEFI bootloaders that could bypass the Secure Boot functionality of the Windows OS and execute unauthorized code in the initial booting stages of a computer, before the operating system is started.

The new version of Microsoft’s Sysmon tool allows you to block the creation of malicious Exe files based on selected parameters. It may be a good tool for administrators, but it is certainly not a 100% protection. There is already a workaround for this new feature.

A misconfigured Meta (Facebook) Pixel, for tracking ad performance, leaked personal data (e.g. email, phone number, medical appointment type) of 1.3 million patients. Meta did not respond to deletion / contact requests.

Both Google and Apple fixed their zero-day vulnerabilities in their browsers that were already being actively exploited.

More than 9,000 VNC endpoints (for remote connections) are available without any authentication. Attackers can thus easily get into their computer networks. Several allow connections to systems that are extremely sensitive (industrial pumps).

Janet Jackson’s song Rhythm Nation was officially identified as a security vulnerability that was causing some disk models in older computers to freeze. The video did not need to be played on the affected computer.

Attacks

Cisco fell victim to the Yanluowang ransomware attack in May 2022. Attackers used an employee’s stolen access credentials to his personal Google account, which synced login credentials with the browser.

An automotive subcontractor was the victim of three ransomware attacks in two weeks. This is an illustration of the need to emphasize removing the root cause of system intrusion when recovering from an attack. Otherwise, the entire effort may be wasted.

Google Cloud Armor experienced the largest HTTPS DDoS attack to date. The amount of requests in 10 seconds was equivalent to a full day’s worth of requests for Wikipedia. Due to the recommended policy setup for customers, the attack had no impact on service availability.

Estonia was the target of a hacker attack. The largest since 2007, when a number of institutions in the country were impacted. In the meantime, Estonia has become a leader in cybersecurity and the latest attack, with a few exceptions, was not even noticed by the public.

The 7-Eleven store chain in Denmark fell victim to a ransomware attack that put its 175 stores out of business. The details of the execution of the attack and the type of data stolen is still unknown.

A hospital in France that provides care to an area of 600,000 inhabitants was the target of a ransomware attack. Operations had to be interrupted and patients had to be sent to other medical facilities. The ransom demanded is €10 million.

The Kimsuky hacker malware only attacks selected victims. The malware uses multi-stage scanning of the attacked device. The final version of the malware gets installed only when the device is assessed as suitable.

The LastPass source code has been stolen. However, customers’ stored passwords were not directly compromised. Nevertheless, it is possible that vulnerabilities may be exposed in the near future due to the analysis of the leaked source code.

Other 

The US is looking into a form of cyber protection for companies that provide the country’s water supply. It’s not simple, as there are more than 51,000 drinking water distribution systems involved, and many of them are small companies without additional resources for cybersecurity.

The White House is heading towards stronger cybersecurity regulation for critical infrastructure even without congressional approval.

Australia’s ACCC announced a $60 million fine for Google for misleading Android users in Australia. Users were tracked even if they turned off the “Location History” option on their device.

Eset has published a 10-point list on how to tell if you’ve been hacked and what you can do about it. Similarly, they also published an article about the 10 most common ways attackers try to lure money from their victims.

Podcast

In the Digital Forensics in Real Life podcast, investigators and prosecutors share their experiences from their cases and how digital forensics has helped them. Warning: these are not fictionalized stories and some of the descriptions of the investigations may be intense for the faint of heart.