KW 31: Garmin fitness tracker hacked, Hackers sabotage hackers, German parliament hacker in court in September

NEWS

Garmin fitness tracker hacked: The American GPS and fitness-tracker company Garmin is dealing with the aftermath of a ransomware attack. Garmin announced that it was the victim of a cyberattack that encrypted some of its systems. Owners of its products had been unable to use its services since Thursday. A gang of Russian hackers may be behind the cyberattack. The attackers reportedly crippled the smartwatch maker’s Garmin Connect service last week with malicious software tied to Evil Corp., a Moscow-based hacker group run by alleged cybercriminal Maksim Yakubets.
bbc.com, nypost.com

Hackers sabotage hackers: An unknown vigilante hacker has been sabotaging the operations of the recently revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected. Emotet works by spamming targets with emails perpetrating to be business-related communications. These emails either contain a malicious Office document, or a link to a malicious Office file that users are told to download on their PCs. But an unknown intruder has been replacing Emotet payloads with animated GIFs – which means that when Emotet victims open the malicious Office files, they won’t get infected as the Emotet malware won’t get downloaded and executed on their systems.
zdnet.com

German parliament hacker in court in September: The now 22-year-old hacker who spied on 73 politicians, journalists and celebrities between 2015 and 2019 will have to appear for a hearing at the youth court in Alsfeld in September. He is accused of attempting to extort six politicians, among other things. The hacker had released a large amount of data of politicians and celebrities before being arrested in 2019
bild.de

EU to impose sanctions on Russian and Chinese hackers: The European Commission will impose sanctions on four Russian hackers who tried to hack the Organisation for the prohibition of chemical weapons in The Hague. In addition, another Russian group, two Chinese organizations and a North Korean hacker gang will be added to the sanctions list. The Russian hacker who spied on German politicians will not be added to the list.
spiegel.de

Apple launches security research program: Apple has launched a new security research program that will provide special iPhones to bug hunters and professional hackers. Appple said the program is designed to help improve security for iOS users, bring more researchers to iPhone, and improve efficiency for those who already work on iOS security. The program features iPhones dedicated exclusively to security research, with unique code execution and containment policies. The iPhones will allow researchers to run custom commands and will also include debugging tools that will allow them to run their code.
mobilesyrup.com

Pacemaker vulnerability: Germany’s Federal Office for Information Security (BSI) has examined medical devices to discover possible entry points for hackers and found dangerous security gaps. Pacemakers, defibrillators, monitors and pumps are not adequately secured. The BSI wants to ensure that the critical infrastructure is better protected. Hackers can manipulate medical decives with just a few individual components.
welt.de

Attack on Dave.com: Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev zdnet.com
OilRig: Hackers are targeting Telkos datensicherheit.de
F5 networks: Hackers are actively taking advantage of critical network vulnerabilities inside-it.ch
Spearphishing: Evilnum hackers target FinTech it-finanzmagazin.de
New phishing method: Not human, not bot – a hacker! industry-of-things.de

NUMBER OF THE WEEK

According to Check Point, only 11 percent of companies have implemented complete security solutions for IoT.
infopoint-security.de

BACKGROUND

Suspected Chinese hackers allegedly targeted Covid-19 research: The US justice department has announced charges against two suspected Chinese hackers who allegedly targeted US companies conducting Covids-19 research. The indictment did not say whether the men managed to steal any of that research or data. According to the indictment, the defendants waged the cyber-campaign for their own personal financial gain — but also at times on behalf of the Chinese Ministry of State Security. Prosecutors allege the men worked with a green light from the MSS and also received assistance from an MSS officer.
npr.org

Why Russian hackers are often targeted: In the United States and Europe, politicians often view Russian hackers as the culprits when it comes to corporate problems or data theft. The Russian hacker scene has earned this reputation. It is not just about the number of attacks emanating from Russia, but also about the quality. Hackers often have a certain proximity to Russian agents. Professionalization has also progressed – security companies like Kaspersky set high standards for their work.
handelsblatt.com

QUOTE

“We need an assessment of how trustworthy the manufacturers and suppliers actually are.”
Arne Schönbohm, head of Germany’s Federal Cyber Security Authority, talks about working with international manufacturers on the 5G network standard.
welt.de

SECURE?

Premier League targeted by cybercriminals: Hackers are targeting Premier League soccer clubs as they look for ways to cash in on cyberattacks against Britain’s sports sector, according to the UK’s National Cyber Security Centre. In a report, the UK intelligence agency highlighted a case where the emails of a managing director at a Premier League team were hacked before a transfer negotiation. As a result, it required late intervention by the club’s bank to thwart the loss of almost 1 million pounds to the cyber criminals, the report said.
bloomberg.com

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:

Safety-Security-Ticker

More digital news briefings

Our political briefings