FFT news digest February 26 2021

Nation States

"Cyberwar" is a term that divides the security community because no-one can agree what it actually means. But, however it's defined, we believe cyberweapons present an existential threat to the world. The lack of any convention to govern their use, their extraordinary power and the congenital inabilty of nation states to secure them create the conditions for a perfect storm that attracts far too little recognition. This week brings some excellent examples.

On the subject of failing to secure your weapons, China is reported to have cloned a powerful US tool years before it was leaked online. Check Point says that, in 2013, the US National Security Agency designed exploits to provide administrator-level access to vulnerable Windows systems. Within two years, Chinese government hackers were using the same tool. In 2017, the exploits leaked online and Microsoft fixed the issue. As Check Point puts it, "If we told you that a foreign group managed to steal an American nuclear submarine? That would definitely be a bad thing, and would quickly reach every headline. However, for cyberweapons – although their impact could be just as devastating – it`s usually a different story". This week, China was also accused of using a malicious Firefox extension to spy on Tibetan groups.

Ukraine has accused Russia of planting documents on a government web portal to try to instal malicious software on end users' computers. "The documents contained a macro that secretly downloaded a program to remotely control a computer when opening the files. The methods and means of carrying out this cyberattack allow it to connect with one of the hacker spy groups from the Russian Federation," the National Security and Defense Council of Ukraine said. On Monday, Ukraine blamed Russia for a wide-ranging denial of service attack against government websites and strategically important enterprises. Moscow hasn't commented on the allegations, but there is ample evidence of a long running online campaign against Ukraine, which surely would qualify as cyberwarfare.

And finally, Amnesty International says a hacking group linked to the Vietnam government has been using spyware to target human rights activists both inside and outside the country. "Over the past 15 years, repression linked to online activity has intensified, leading to a wave of harassment, intimidation, physical assault, and prosecution," Amnesty reports. The spyware could compromise both Windows and Mac devices.

For an in-depth look at this whole mess, Nicole Perlroth has a tour-de-force.

Threats

macOS: Apple revoked developer certificates that had been used to create malicious software found on 30,000 devices. The malware is something of a mystery because it doesn't appear to have done anything...yet. Red Canary

Burglars: "Initial Access Brokers" is the fancy term for online criminals who specialise in breaking into networks so they can sell access to the highest bidder. The going rate; around $7,000. Digital Shadows

Phish: Warning that criminals are increasingly focussed on defeating multi-factor authentication by using 'Puppeteer Kits' designed to be used in real-time. WMC Global

Vaccine: Yet more COVID-19 vaccine lures. They look highly believable, as do the websites they lead to. KnowBe4

Flash: Criminals are using Google Alerts to promote a fake Adobe Flash Player updater that installs unwanted programs. Bleeping Computer

Quickbooks: ThreatLocker reports a sharp rise in attempts to target the accounting software with booby-trapped emails. The post includes good advice on staying safe.

PDF: Researchers have found new vulnerabilities in the way many viewers handle digitally signed PDF documents. The Hacker News

Accelion: The 'Five-Eyes' intelligence-sharing alliance has warned about ongoing attempts to target organisations using the Accellion File Transfer Appliance (FTA). NCSC

Amazon

As Alexa owners will know, 'Skills' allow third-party developers to add functionality to Amazon's voice assistant, but the security around them is inadequate, according to researchers. The study, by academics at German and US universities, looked at more than 90,000 unique Skills and found a series of issues that could be exploited and abused. The researchers accuse Amazon of a lack of transparency and say this could easily lead to a Skill being unintentionally activated. Meanwhile, there are claims that Amazon is failing to protect "the empire of data" it has amassed. Amazon insiders, quoted by Politico, say personal "data is at risk because Amazon has a poor grasp of what data it has, where it is stored and who has access to it". The claims are "Inaccurate, unsubstantiated and dated," Amazon says.

Facebook

The high-stakes game of chicken between Facebook and Australia has ended (for the moment) with what looks like a narrow defeat for the social media behemoth. In return for some minor changes to new media legislation, Facebook restored Australian news sources to the site. It also said it would invest an additional $1 billion in the news industry over the next three years, while continuing to claim "a fundamental misunderstanding of the relationship between Facebook and news publishers". Apparently, making Facebook pay for news is "like forcing car makers to fund radio stations because people might listen to them in the car — and letting the stations set the price". As far as we know, car makers aren't earning money from adverts carried by radio stations (yet). Maybe we're missing something.

OSINT

Another brilliant example of open source intelligence from the folk at Bellingcat who examined the case of one of the Capitol Hill rioters, a 22-year old home care worker from Pennsylvania. Riley June Williams faces multiple charges relating to the riot, but Bellingcat investigated open source material and came up with some alarming findings. "She...posted racist and Anti-Semitic content as well as filmed a video that appears openly pro-Nazi and promotes accelerationism (speeding up the collapse of society) as a pathway towards establishing a genocidal white supremacist state," Bellingcat found. The investigation techniques are superlative. 

Passwords

Many people are undermining their security and that of their employers by their behaviour at home, according to research from automation platform, Ivanti. In its 2021 Secure Consumer Cyber Report, it surveyed 1,000 Americans and found (R) that one in four said they used a work email or password for websites and applications such as food delivery, online shopping and dating. As we all know, reusing passwords is Bad. Using work accounts for all sorts of personal stuff is Mad (though understandable in the absence of a password manager). Criminals are taking advantage of remote working. Let's not make it easy for them!

In brief

Cyber Action Plan: UK National Cyber Security Centre launched a self-assessment tool for sole traders and small business. It has also released advice on how to donate old IT devices safely.

Disinformed: Survey for PR agency found extraordinarily high level of antipathy in the UK towards COVID-19 vaccines. Over 40% have been put off having a jab because of "media coverage" (this includes social media). Figure among 16-34 year olds rises to 62%. Eskenzi PR

Fatigue: Feeling worn out by endless video calls? Of course you are, say researchers at Stanford. Immobility, constant close-up eye contact and seeing yourself, and an increased "cognitive load" all cause fatigue. The researchers have lots of good advice on ways to combat it. One thing stood out for us; "just because you can use video doesn't mean you have to".

Payout: Some iPhone and Samsung smartphone owners could receive £30 compensation if legal action against Qualcomm succeeds. A word of caution; a similar case in the US failed. BBC

Mac issue: Latest Macs appear to be making unusually heavy usage of their solid state storage. Solid state drives have a limited lifespan, so the concern is that this will be reduced by the excessive use. No comment from Apple yet. MacRumors

FCP: Software makers loathe one-off payments for their products and users detest the alternative subscription models of companies like Adobe. Patently Apple has spotted signs that Apple may be moving towards a subscription model for Final Cut Pro.

GDPR: As expected, the European Commission has published a draft adequacy decision which provides for the continued free flow of personal data from the EEA to the UK. As our data protection partner, DPN, explains, further hurdles remain.

Samsung: Somewhat bizarrely, Samsung says it will offer Android updates for longer than Google does. Bizarre because, of course, Google makes Android.

NurseryCam: Shortly after it was revealed that its surveillance camera feeds were lamentably insecure, the company's systems were hacked and personal data were stolen. NurseryCam's website remains unreachable at the time of writing. The Register

Roomba: Robotic vacuum cleaners are set to continue to act "drunk" while the manufacturer works on a fix for a firmware update that appears to be behind the problem. The Verge

Updates

macOS: Another update from Apple to stop MacBooks breaking. In this case, the issue is caused by "third-party, non-compliant powered USB-C hubs".

Intel: Updated WiFi and Bluetooth drivers to fix issues causing connection errors and Windows 10 crashes.

VMware: Fix for 'critical ' vulnerabilities in VMware ESXi and vSphere Client which could allow an entire network to be taken over. More than 6,700 instances are currently exposed online.

Cisco: Update to address 'critical' authentication bypass vulnerability in ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine.

SonicWall: Second firmware update for a previously unknown vulnerability in SMA-100 series devices which is being actively exploited.

Firefox: New version includes 'Total Cookie Protection' which aims to prevent organisations tracking users' activities across different websites (aka 'cross-site tracking').

Brave: New version of privacy-focussed browser fixes bugs, including a privacy issues with the built-in Tor mode.

Thunderbird: Version 78.8.0 of email client fixes several security issues and assorted irritations.

Tails: Version 4.16 includes latest versions of Tor browser and Thunderbird email client.

IBM: Security updates for IBM Runtime Environment Java 7 and 8 and Planning Analytics Workspace.

Zimbra: 9.0.0 “Kepler” Patch 12 and 8.8.15 “James Prescott Joule” Patch 19 released.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved