Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security. Bitcoin scammers struck gold on Wednesday by hijacking several high-profile verified Twitter accounts in what’s easily the most catastrophic security breach to hit the platform. Among the hacked accounts were President Barack Obama, Joe Biden, Elon Musk, Jeff Bezos, Bill Gates, corporate handles of Apple and Uber corporate accounts, and a number of popular crypto exchanges. The message sent from the hacked accounts was simple: Send bitcoin and these famous people would send back double your money. Within a matter of few hours, people were duped into sending more than $118,000 to the hackers. Twitter acknowledged the breach as a “coordinated social engineering attack” against its employees who have access to its internal tools. While details of the hack are still not fully clear, it looks like the baddies behind the operation leveraged an internal Twitter tool to access the accounts and change their email addresses in order to make it difficult for the legitimate owner to regain access. More troublingly, Motherboard’s Joseph Cox reported the hackers paid a Twitter insider to do the job. If this is true, the incident would be the second time an inside job has led to severe consequences for the company. Given the unprecedented scale of the hack, Twitter is now likely to face tighter scrutiny of its security practices and the safeguards it has in place to prevent such an attack from happening again. With Twitter being an influential platform for disseminating news, this incident could have gone wrong in a lot of ways. Beyond being an attack on Twitter, it’s an indication of how bad actors can carry out nefarious acts by impersonating public figures. While it’s essential that account holders use a strong password and turn on two-factor authentication, the hack is proof that even those measures may not be enough.
What’s trending in security?
Police shut down EncroChat, a massive global secure communications platform EncroChat used by organized crime gangs. New strains of EKANS ransomware were found targeting industrial control systems, Microsoft took down malicious web domains used in a large-scale cyberattack directed against victims in 62 countries, and a Yahoo! engineer who hacked into 6,000 accounts to look for porn received no jail time.
A joint investigation by French and Dutch police, Europol, and the UK’s National Crime Agency resulted in 746 arrests of prominent criminals across Europe and the seizure of guns, two tons of drugs, and more than $67 million. The three months-long operation was made possible by cracking the security protections of encrypted messaging app called EncroChat, which was used by the criminals to sell weapons and drugs around the world. [Motherboard] The US Central Intelligence Agency has conducted a series of covert cyber operations against Russia, China, Iran, and North Korea with the aim of disrupting and destroying critical systems à la Stuxnet. [Yahoo! News] Convenience always comes at a price. Popular encrypted chat app Signal’s new PIN feature, which lets users migrate their contacts and messages between devices, is attracting privacy concerns. Cybersecurity experts said this could potentially be used by police to extract data from Signal’s servers, but the app’s owner Moxie Marlinspike said the move was to “enable non-phone [number] based addressing.” [Motherboard] Controversial spyware vendor NSO Group is back in the radar after cellphones of several politicians in Spain were targeted with Pegasus malware. It was also revealed that the Spanish government has been NSO Group’s customer since 2015. [The Guardian / Motherboard]
North Korea’s state-sponsored hacking crews, including Lazarus, are breaking into online stores to insert malicious code that can steal buyers’ payment card details as they visit the checkout page and fill in payment forms. [Sansec / Gemini Advisory] Spyware and stalkerware use jumped 51% during the pandemic. “While spyware and infostealers seek to steal personal data, stalkerware is different: it steals the physical and online freedom of the victim,” Avast CISO Jaya Baloo said. As a consequence, Google said it’s banning stalkerware ads on its platform. [Avast / Google] The threat group behind Evilnum malware have updated its toolset to spy on financial technology companies located in Australia, Canada, the EU, and UK with an aim to steal sensitive information. [ESET] Law enforcement agencies in the US are buying access to breached information, including passwords, email addresses, IP addresses, SSNs, and more, from a company called SpyCloud in an attempt to pursue investigative leads. Well intentioned? Of course. Ethically dubious? Undoubtedly. [Motherboard] Google Project Zero’s Brandon Azad detailed the vulnerability that unc0ver used to release a jailbreak for iOS 13.5. The flaw was identified merely four hours after the jailbreak was released on May 23 3 PM PDT, with Apple patching it a week later on June 1. [Google Project Zero]
Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums. [Digital Shadows] Intrusive ads on Android are getting nasty, with users targeted with adware that infect system partitions and make removal difficult. [Kaspersky] Google Cloud announced a new security offering called Confidential VMs as part of its Confidential Computing portfolio to let enterprise customers keep data encrypted while in use. [Google Cloud] New SMS phishing (aka smishing) campaign disguises information stealing FakeSpy malware as legitimate global postal-service apps to pilfer SMS messages, financial data and more from the victims’ devices. [Cybereason] A Russian hacking group called Cosmic Lynx has been tied to a new wave of more than 200 business email compromise (BEC) attacks since July 2019 with an aim to swindle hundreds of thousands of dollars from companies. [Agari] A notorious cybercriminal who netted at least $1.5 million by stealing information from more than 300 corporations and governments in 44 countries has been identified as Fxmsp, a 37-year-old man from Kazakhstan. [Group-IB / MIT Technology Review] The fortnight in leaks, data breaches, and ransomware: Collabera, Data Viper, LogBox, Roblox, Wattpad, and US newspaper websites.
Calling all techies
(Sponsored content)
Tweet of the week
For more on the discussion, click here. — MalwareTech (@MalwareTechBlog) July 4, 2020 That’s it. See you all in two weeks. Stay safe! Ravie x TNW (ravie[at]thenextweb[dot]com)