AdaptiveMobile Security has published a white paper entitled “Messaging for the Future: Securing SMS in 5G” which explains why 5G networks will be at increased risk because of the interplay between the way SMS messaging has been implemented and the manifold vulnerabilities inherited from earlier generations of network. The paper makes many recommendations about how to shore up the defenses surrounding SMS messaging before telcos suffer even worse abuses than those which hit the headlines throughout 2021.
A third party has scraped contents of TLO, a massive database of personal information used by private investigators and law enforcement, and then posted the information elsewhere on the internet, including peoples’ physical addresses, phone numbers, email addresses, and the contact details of their relatives. The finding shows the risk of databases like TLO that contain hundreds of millions of sensitive data points. Once someone has access to TLO, they may copy that information, distribute it, and otherwise use it however they see fit. In this case, the data was scraped and then posted online where it could theoretically be discovered by others. In this case, access to the scrape was password protected, but the password was easily discoverable.
To better enable defense against malicious cyber actors, U.S. Cyber Command’s Cyber National Mission Force has identified and disclosed multiple open-source tools that Iranian intelligence actors are using in networks around the world. These actors, known as MuddyWater in industry, are part of groups conducting Iranian intelligence activities, and have been seen using a variety of techniques to maintain access to victim networks. MuddyWater is an Iranian threat group; previously, industry has reported that MuddyWater has primarily targeted Middle Eastern nations, and has also targeted European and North American nations. MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS). According to the Congressional Research Service, the MOIS “conducts domestic surveillance to identify regime opponents. It also surveils anti-regime activists abroad through its network of agents placed in Iran’s embassies.”
As with so many elements of cyber threats: Everything old is new again. In this case, the QakBot malware that has been around for roughly 15 years, has reared its ugly head more aggressively in the past year, and IT security is meeting this with a firm and proactive response. On Thursday, Trustwave SpiderLabs released a new article and decryption tool to aid financial services institutions (FSIs) in finding and rooting out the QakBot Trojan, which has become more pervasive in the past year, spread largely by phishing emails (as is often the case).
Beginning as early as January 2019, a threat actor breached the computing networks at SolarWinds—a Texas-based network management software company, according to the company’s Chief Executive Officer. The federal government later confirmed the threat actor to be the Russian Foreign Intelligence Service. Since the company’s software, SolarWinds Orion, was widely used in the federal government to monitor network activity and manage network devices on federal systems, this incident allowed the threat actor to breach several federal agencies’ networks that used the software (see figure 1).
North Korean hackers stole almost $400m (£291m) worth of digital assets in at least seven attacks on cryptocurrency platforms last year, a report claims. Blockchain analysis company Chainalysis said it was one of most successful years on record for cyber-criminals in the closed east Asian state. The attacks mainly targeted investment firms and centralised exchanges. North Korea has routinely denied being involved in hack attacks attributed to them. “From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%,” Chainalysis said in a report. The hackers used a number of techniques, including phishing lures, code exploits and malware to siphon funds from the organisations’ “hot” wallets and then moved them into North Korea-controlled addresses, the company said.
A massive cyberattack warning Ukrainians to “be afraid and expect the worst” hit government websites late on Thursday, leaving some websites inaccessible on Friday morning and prompting Kyiv to open an investigation. Ukraine’s foreign ministry spokesperson told Reuters it was too early to say who could be behind the attack but said Russia had been behind similar strikes in the past. The cyberattack, which hit the foreign ministry, the cabinet of ministers and the security and defence council among others, comes as Kyiv and its allies have sounded the alarm about a possible new Russian military offensive against Ukraine.