Security News – February 2023

Read our roundup of cybersecurity news from February 2023. Each month, we’ll bring you security cases and interesting insights to help you stay secure. 

A hacking group linked to Indian nationalists has been attacking governmental, military and legal institutions across Asia. It uses phishing campaigns to penetrate networks and the Telegram app to extract data, which makes the detection harder. 

Russia launched Oculus, which uses AI to detect “anti-Russian” messages in order to increase the effectiveness of the censorship machine. During the Russian aggression against Ukraine, the workload of the censorship agency Roskomnadzor has increased significantly.

In the aftermath of the Russian invasion of Ukraine, attacks against the critical infrastructure in countries that support Ukraine have skyrocketed. Medical facilities are a very common target – the pro-Russian group Killnet alone has attacked 17 key US medical facilities. The whole sector is receiving increasing support from the US government.

Anonymous published 128 GB of documents revealing illegal methods of user eavesdropping by the Russian government. This includes previously undisclosed information from the Green Atom program used by the Russian FSB spy service.

China is preparing an anti-Starlink fleet of 13,000 satellites that will be able to compete with the Starlink network. However, among other things, they will be equipped with lasers and high-energy microwave generators that can be used against Starlink satellites.

The British Surveillance and Monitoring Authority issued a warning against the use of Chinese cameras. Specifically, it addressed the brands Hikvision, Dahua and Huawei. These cameras also pose an ethical issue,  as cameras from these brands are used in China for ethnic minority surveillance and oppression. The cameras can be updated remotely (e.g. number plate recognition) and Chinese companies are obliged to cooperate with government intelligence services.

Researchers uncovered vulnerabilities in networks and devices (controllers) in the critical infrastructure. Hackers can gain access to anything from sensors responsible for measuring temperature, pressure, liquid, air and gas levels, to analyzers used to determine chemical composition. They can also physically damage their critical parts, such as moving parts of bridges. The existence of two vulnerabilities was also revealed at Schneider Electric’s Modicon PLCs, whose PLCs are one of the most popular in the world.

Car dealerships and car repair services are becoming frequent targets for hackers. Typically, their employees have low cybersecurity awareness, use outdated technology and they have access to the other parts of their supply chain.

More than 130,000 different developers from Russia and China, with thousands more from Iran, North Korea and other countries with questionable jurisdiction, were able to access sensitive user data on Facebook. Meta must have known about this fact. Their internal documents showed that the data may have been used in espionage. The situation is being investigated by the US Senate committee.

An international police action conducted by Denmark led to the dismantling of Exclu’s encrypted communication tool after a successful penetration of its servers. Forty-two people were arrested and a drug laboratory was discovered. In total, the network had 3,000 users, and their communications are now available to the police for further analysis. 

France caught the Finnish hacker who was responsible for more than 50,000 cybercrimes. In the last case, he was blackmailing clients of a psychotherapy center because he had managed to obtain their personal data.

Oakland in California had to declare a state of emergency as a result of a ransomware attack. For a week, city-provided services were unavailable. Similarly, the Californian city of Modesto was forced to switch to old police procedures after a ransomware attack because computer services were unavailable.

A new type of phishing campaign spreading through the Internet is interesting, due to the multilevel deployment of malware. In the first wave, an unconventional approach is used where the malware just takes screenshots to determine whether it is interesting to deploy further levels of malware.

Following the publication of a caricature contest featuring Iranian leader Ali Khamenei, the satirical newspaper Charlie Hebdo fell victim to a cyberattack. Personal information of its 200,000 customers was leaked. Evidence suggests that an Iranian government-backed group, Neptunium (Holy Souls), was behind the attack.

The attack on the Florida hospital required the interruption of all but critical operations. In several processes, they had to go back to using pen and paper in order to function at least partially.

The world’s largest food manufacturer and distributor, Dole Food Company, was the target of a ransomware attack. The attack directly affected their North American operations and several stores began to run out of their goods. The company had to switch to manual planning and operations execution.

A new viral challenge on TikTok encourages users to steal Kia or Hyundai cars in the US. It has already caused several accidents and eight deaths. The challenge forced these brands to release a free update that will increase the protection of their vehicles.

After 30 years, the support for Internet Explorer (IE) has been discontinued. Starting this month, when Windows 10 users try to launch IE, they will be automatically redirected to Microsoft Edge. Windows 11 will not be affected by the change, since it is no longer possible there either.

Eurostar, the company that operates the Channel Tunnel Express trains, is asking users to reset their passwords in order to improve security. Once logged into their accounts, users cannot do anything else. The problem is that the password reset does not work and so the users lost the access to their accounts.

Do you use free internet resources for your work? Here is a list of the best OSINT (Open Source Intelligence) tools for 2023.

A guide, including 10 recommendations, on how to minimize your digital footprint on the Internet.
Some companies have a bounty program where they reward people for reporting their products’ vulnerabilities. Last year, Google paid out more than $12 million for 2,900 vulnerabilities. It paid $605,000 for the five most serious.