KW 29: Spyware used to target journalists and activists around the world, US and EU blame China for cyberattack on Microsoft Exchange servers, US State Department offering $10 million reward for state-backed hackers

NEWS

Spyware used to target journalists and activists around the world: World leaders, human rights activists, journalists, business executives and lawyers across the world have been targeted by authoritarian governments using the hacking software „Pegasus“ sold by the Israeli surveillance company NSO Group, according to an investigation by an international consortium of journalists, including The Washington Post, PBS Frontline, the Guardian in England, Le Monde in France, Haaretz in Israel and others. „Pegasus“ is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones. The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016. The list does not identify who put the numbers on it, or why, and it is unknown how many of the phones were targeted. Among those targeted for hacking were two women connected to murdered Saudi journalist Jamal Khashoggi and Cecilio Pineda Birto, a Mexican journalist who was slain in 2017. The investigation also suggests the Hungarian government of Viktor Orbán appears to have deployed NSO’s technology as part of his so-called war on the media, targeting investigative journalists in the country as well as the close circle of one of Hungary’s few independent media executives.
theguardian.com, washingtonpost.com, politico.com

US and EU blame China for cyberattack on Microsoft Exchange servers: The Biden administration and the European Union, the United Kingdom, Australia, Canada, New Zealand, Japan and NATO formally blamed China on Monday for a massive hack of Microsoft Exchange email server software and asserted that criminal hackers associated with the Chinese government have carried out ransomware and other illicit cyber operations. Separately, the US Department of Justice announced Monday that a federal grand jury in May had indicted Chinese nationals accused of working with official sanction from Beijing to break into computer systems belonging to US companies, universities and governments. US officials also alleged that criminal contract hackers associated with China’s Ministry of State Security have engaged in cyber extortion schemes and theft for their own profit. Almost simultaneously, NATO issued a general warning, not specific to China, of cyberattacks and cybercrime meant to destabilise Euro-Atlantic security and disrupt the lives of citizens. In the United States, Attorney General Merrick Garland has sharply limited how and when prosecutors can secretly obtain reporters’ phone and email records, formalising a Biden administration decree that the government would stop using secret orders and subpoenas for journalists’ data to hunt for leakers.
apnews.com, npr.org, orf.at, washingtonpost.com

US State Department offering $10 million reward for state-backed hackers: The State Department announced a $10 million reward for any information about hackers working for foreign governments. The measure is aimed squarely at those participating in „malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act.“ Officials said in a release that this included ransomware attacks targeting „critical infrastructure.“ In addition to ransomware, the notice mentions a number of other cyber violations and notes that it applies to government computers as well as „those used in or affecting interstate or foreign commerce or communication.“ Ransomware groups have made millions over the last two years attacking pipelines, manufacturers, hospitals, schools and local governments. The Department of Homeland Security estimated that about $350 million in ransom was paid to cybercriminals in 2020.
zdnet.com

– Advertisement –
IoT – Ticker -The physical world meets the digital one. Internet of Things as an interface that revolutionizes both the industry and everyday life. Get a weekly update from the world of „Internet of Things“. iot-ticker.net

German district Anhalt-Bitterfeld resumes work after hacker attack: The administration of the Anhalt-Bitterfeld district resumed its work Monday after it was paralyzed by a hacker attack last week. Individual departments can again be reached via email. An emergency infrastructure was created so that all departments of the administration can communicate with each other as well as with the outside world using email and telephone. The restart is only possible because employees have been given new, clean laptops which are equipped with secure data lines. The ransom demanded by the hackers, the exact amount of which is unclear, will not be paid.
mdr.de

Russian hacker group REvil disappeared: Over the Fourth of July weekend, the Russian-speaking ransomware group REvil hacked the software company Kaseya, using its connectivity to the larger internet ecosystem to infect more than 1,500 organizations around the world. REvil said in a blog post that it would be willing to negotiate the release of a universal decryptor key, one that would unlock every machine hit across the world over the weekend, for $70 million. But now the group has disappeared from the dark web without leaving any known indication why, and the timing is noteworthy. Biden has repeatedly insisted he plans to take some action against ransomware hackers, many of whom are believed to reside in Russia. On Friday, Biden told reporters the US may attack the servers used to carry out attacks, but he didn’t give specifics.
nbcnews.com, forbes.com

Hackers fool Windows facial recognition with fake webcam: A new method for duping Microsoft’s Windows Hello facial-recognition system shows that a little hardware fiddling can trick the system into unlocking when it shouldn’t. Windows Hello facial recognition works only with webcams that have an infrared sensor in addition to the regular RGB sensor. But the system, it turns out, doesn’t even look at RGB data. Which means that with one straight-on infrared image of a target’s face and one black frame, researchers from the security firm CyberArk found that they could unlock the victim’s Windows Hello–protected device. By manipulating a USB webcam to deliver an attacker-chosen image, the researchers could trick Windows Hello into thinking the device owner’s face was present and unlocking.
wired.com

German government’s surveillance law: FDP submits constitutional complaint against state Trojan spiegel.de
Spy software: Azerbaijan is apparently a customer of the Israeli company NSO tagesschau.de
Users targeted instead of platform: Facebook refutes Biden claim that it is ‘killing people’ with vaccine misinformation cnbc.com
Cybersecurity: Ethical hackers remedy cyber risks from misconfigurations it-daily.net
Fake reviews: Amazon just got Fakespot booted off Apple’s iOS App Store theverge.com

– Advertisement –
African Edition – The weekly newsletter that provides you with hand-picked news about current discussions and news from Africa: from socio-political developments to African-European relations. The continent at a glance. african-edition.com

NUMBER OF THE WEEK

Globally, most phishing, pharming and scamming attacks are sent via WhatsApp on Android devices, at 89.6 percent.
t3n.de

BACKGROUND

How WhatsApp wants to close its major security gap: The messenger service WhatsApp advertises that all messages sent are encrypted end-to-end. However, this only applies to the messages on the user’s own device and not to the backups in the cloud. The fan blog WA Beta Info now reported a feature that can be used to create encrypted backups. The feature was briefly available in the WhatsApp beta, but has since been removed. According to a screenshot, a password has to be created to encrypt the cloud backups. Only with this password can the data be restored. When restoring the backup, the created password or an alternative key has to be entered. It is not yet clear why the function was removed from the beta.
netzwelt.de

German authorities brace for cyberattacks in September federal election: Two and a half months before the federal election in Germany, many hacking attacks and disinformation campaigns are being registered by security authorities. Apparently, however, not just foreign states are at work in spreading false news, but also German extremists as well as supporters of conspiracy theories. The Office for the Protection of the Constitution therefore advises people to use all available information channels in order to exclude the influence of false information. A wave of attacks was also launched on members of the Bundestag as well as state parliaments in February. Arne Schönbohm, President of the Federal Office for Information Security, warns of the complex threat situation. He says his agency has made many offers of help to parties and candidates in recent months. Federal Election Commissioner Georg Thiel is confident that this fall’s election will be tamper-proof.
dw.com

QUOTE

„Companies need to think about and address digitization and information security together more than they have in the past. A difficult task, because the money can only be spent once.“
LBBW analyst Andreas Heinemann sees increased cyber resilience in SMEs. Despite increasing spending on digitization, however, SMEs are spending too little on cybersecurity, leaving them increasingly exposed to attacks.
handelsblatt.com

SECURE?

Amazon founder Jeff Bezos returns from space flight: Jeff Bezos has become the second billionaire this month to reach the edge of space, and he did so aboard a rocket built by a company he launched. The founder of Amazon, who stepped down as CEO this month, lifted off early Tuesday with three crewmates on the maiden flight of Blue Origin’s New Shepard launch vehicle. The launch set a record for both the oldest and youngest person to fly to space and came nine days after Richard Branson flew on a similar suborbital trajectory. The back-to-back launches amounted to yet another sign of space exploration’s modern renaissance, a movement that is being fueled not by nations but by a surging commercial space industry backed by billionaires.
npr.org, washingtonpost.com

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:

Safety-Security-Ticker

More digital news briefings

Our political briefings