Security News – January 2023

Read our roundup of cybersecurity news from January 2023. Each month, we’ll bring you security cases and interesting insights to help you stay secure. 

Politics 

The House of Representatives has banned its members and employees from having TikTok installed on business devices. The pressure for the app to be banned nationwide is due to security risks. The main reasons are the Chinese government’s data control and censorship. Although the company claims that Americans’ personal information is not stored in China, recent reports suggest otherwise.

The FBI director warned about China’s AI program, which is not bound by any law and is built on huge amounts of stolen data.

Russia’s invasion of Ukraine shows a new era of war where it is critical to weaken the enemy’s capabilities through cyber warfare and use that in real-world battles. There are a number of lessons that other countries can learn from this war.

The pro-Russian hacking group Callisto targeted important nuclear research laboratories. To do this, they used a phishing technique in which they created fake login pages for these laboratories and tried to trick researchers into entering their login details.

A misconfigured Jenkins server leaked 1.5 million names that are suspected of being linked to terrorist organizations. This is the so-called No Fly list to the US. 

Investigations and research

Ukrainian police have uncovered 37 fraudsters posing as bank employees who defrauded 18,000 victims through their call center. They extorted access to bank accounts from them and then transferred their funds to other accounts. They even managed to take out quick loans on these victims.

The Irish regulator (GDPR) has launched an investigation of Twitter and its GDPR compliance. The reason is the recent attack, which claims to have obtained the private details of 400 million users. According to the Israeli security agency, the stolen data looks authentic.

The Irish regulator (GDPR) fined WhatsApp €5.5 million for not explaining adequately to users why they need the data collected about the users. This follows another €225 million fine WhatsApp has already received. Another new investigation was also launched to cover all user data processing operations.

The Google Home speaker was vulnerable to unauthorized eavesdropping. Researchers have shown how easy it is to gain access to the microphone and overall control of the device within wireless range. Google paid the researcher a reward of $107,500 for discovering the vulnerability.

France’s GDPR regulator fined Microsoft €64 million for failing to provide clear instructions that would allow users to reject cookies for online ads. Bing’s site also lacked a button that would make it as easy to reject all cookies as it is to accept them. Similarly, TikTok was fined €5 million for imposing its cookie policy on users without adequately explaining it. The process of rejecting cookies was extremely complicated. Also, the process for accepting and for rejecting all cookies was variously challenging.

The French GDPR regulator fined Apple $8.4 million for collecting data during a visit to the App Store. These identifiers were not necessary for the functioning of the App Store and hence they were not allowed to be handled without the prior consent of the users. 

More than 20 vulnerabilities were discovered in firmware for Qualcomm devices, some of which were very serious. Due to the supply to other manufacturers, vulnerabilities also appear in Lenovo, Microsoft, or Samsung devices. There is already an update that removes these vulnerabilities.

Europol, together with national police forces in Bulgaria, Serbia, Germany and Cyprus, has helped to arrest members of online crypto fraud gangs. 15 people have been arrested, 261 questioned. A total of €1 million in cryptocurrencies, several vehicles, apartments and more than 150 computers were confiscated.

Avast has released a free decrypter for BianLian ransomware. It works on well-known versions of this malware, with more options to be added over time.

PyPi malicious packages install spyware. Unlike other campaigns targeting the PyPi platform, these do not pretend to be clones of existing packages. They appeared as serious and reliable projects that were well documented.

Attacks

Attackers exploit Google Ads to spread malware. They create clones of legitimate software websites that users come across thanks to their preferred, ad-supported search display. To avoid detection, an unintrusive subpage is used. It immediately redirects the user to the targeted malicious site, and the malware is downloaded from GitHub, Dropbox, or Discord.

If you installed PyTorch between December 25 and 30, 2022, it is highly recommended that you uninstall and reinstall it. They have identified a malicious dependency that has an identical name to the “torchtriton” library. This attack is called dependency confusion.

Some ransomware gangs have an internal code that they follow. An example is the LockBit gang’s apology to SickKids Hospital for encrypting their network and providing them with a free decryption key. At the same time, they ended their cooperation with the entity responsible for the attack.

A hospital in Louisiana was the target of a ransomware attack by the Hive gang. The outage affected nearly 270,000 patients. Documents containing names, addresses, dates of birth, payment information, medical records and more were stolen.

BTC.com, one of the largest crypto mining pools, was a victim of an attack. No further details are known, but the attackers stole nearly $3 million. Part of the sum was recovered.

Norton Password Manager was a victim of an attack and approximately one million users were affected. Probably a third party got access to a large amount of data via the dark web. Users were urged to change their passwords to individual services.

OneNote has become a new tool for spreading malware. OneNote notebooks are being sent as attachments via mail. While OneNote does not allow you to run macros like Word and Excel, it allows you to add attachments directly to the notebook. They are later easily executed by a double-click. OneNote displays a warning that the content may harm your computer, but this is often overlooked.

Other

Instructions on how to easily send an email with minimal metadata about yourself. The tutorial also includes some existing services (e.g. temporary mails) that you can use as spam protection.

An overview of what cyber attacks targeting satellite infrastructure have looked like. Russia’s aggression in Ukraine has a significant impact.

GitHub introduced new functionality that allows developers to search for vulnerabilities in their code. So far, Python, JavaScript and Ruby are supported. The article also includes a tutorial. 

CISA has ordered the US government to install an update that fixes a vulnerability in Microsoft’s Exchange server. This vulnerability is already being actively exploited by ransomware gangs.

Southwest Airlines were accused of ignoring the serious risks that were associated with their outdated infrastructure and systems. The lawsuit was filed on behalf of shareholders whose shares were purchased after 2020. A similar lawsuit was also filed by unsatisfied customers as more than 60% of the company’s flights were canceled over the Christmas period.

Windows 8.1 officially ended its support on January 10. This means the end of the standard update process. Hospitals, small businesses, smaller municipalities, as well as ATMs may have a problem. We can expect a wave of targeted attacks, as with the end of Windows 7 support.

Do you create your own passwords? Chances are that they are easier to crack than randomly generated passwords. They are more vulnerable even if the user is trying to create a strong password.

ChatGPT helps attackers to create polymorphic malware. That is, malware that can change parts of its code to evade detection by antiviruses. It is relatively easy to do this by bypassing the filter that is supposed to prevent exploitation for these purposes. There were also found examples of infostealers, ransomware  and phishing campaigns. Meanwhile, Russian hackers are actively figuring out how to bypass ChatGPT’s restrictions and misuse it for their own purposes.