Pete Recommends – Weekly highlights on cyber security issues, August 20, 2022

Subject: White House Cyber Director: ‘Defense is the New Offense’ for Cyber
Source: Nexgov

In a conversation with journalist Kim Zetter Friday at the hacker conference DEF CON, White House National Cyber Director Chris Inglis asserted that the way forward for cybersecurity is defense, defined roles and responsibilities and investing in resilience and robustness.According to Inglis, there are “three waves of attacks” that have progressed in recent years.

“The most important lesson from that is [attackers] then held the confidence of millions of people at risk,” Inglis said. “And what they eventually succeeded in doing was in defeating one, they defeated all. They defeated tens of millions of people because of a single person’s error. We need to flip the script.”


Subject: Verizon Blocked Over 11 Billion Spam Messages In 2021
Source: Android Headlines

Verizon has provided an update on its security measures against spam calls and messages. The company says it blocked more than 11 billion spam texts from reaching consumers in 2021, protecting them from potential threats. Its systems processed a total of 267 billion text messages last year….

Spam robocalls are on the rise too. As said earlier, spam calls are also increasing. Verizon has various measures against those as well, such as Call Filter. Along with STIR/SHAKEN Caller ID verification and other protective tools, the company identified or blocked 2.5 billion unwanted calls directed toward its wireless customers between May and June this year. Additionally, Verizon also protects more than three million Fios voice customers from robocalls every day. It identifies and labels 1.2 million verified calls and 85 thousand spam calls daily.


Subject: War in Ukraine Highlights the Growing Strategic Importance of Private Satellite Companies—Especially in Times of Conflict
Source: Nextgov

Satellites owned by private companies have played an unexpectedly important role in the war in Ukraine. For example, in early August 2022, images from the private satellite company Planet Labs showed that a recent attack on a Russian military base in Crimea caused more damage than Russia had suggested in public reports. Ukrainian President Volodymyr Zelenskyy highlighted the losses as evidence of Ukraine’s progress in the war.Soon after the war began, Ukraine requested data from private satellite companies around the world. By the end of April, Ukraine was getting imagery from U.S. companies mere minutes after the data was collected.

My research focuses on international cooperation in satellite Earth observations, including the role of the private sector. While experts have long known that satellite imagery is useful during a conflict, the war in Ukraine has shown that commercial satellite data can make a decisive difference – informing both military planning as well as the public view of a war. Based on the strategic value commercial satellite imagery has held during this war, I believe it is likely that more nations will be investing in private satellite companies.

Growth of the commercial satellite sector – Remote-sensing satellites circle the Earth collecting imagery, radio signals and many other types of data. The technology was originally developed by governments for military reconnaissance, weather forecasting and environmental monitoring. But over the past two decades, commercial activity in this area has grown rapidly – particularly in the U.S. The number of commercial Earth observation satellites has increased from 11 in 2006 to more than 500 in 2022, about 350 of which belong to U.S. companies.


Subject: This Android banking malware now also infects your smartphone with ransomware
Source: ZDNet

Sova malware adds new features that make it more dangerous to a wider range of Android payment and banking app users.

Now, as detailed by cybersecurity researchers at online fraud prevention company Cleafy, Sova has been updated with a range of new abilities, including the ability to mimic over 200 banking and payment applications, plus the capability to target cryptocurrency wallets. Sova can also now encrypt devices with ransomware, although this feature still appears to be in the process of being implemented.

This raises the prospect of victims not only having information including bank details, passwords and other personal data secretly stolen by trojan malware, but also losing their files to encryption, unless they give in and pay a ransom demand.

Sova has been updated with new capabilities multiple times in recent months, including the ability to intercept multi-factor authentication (MFA) tokens, allowing attackers to steal information even if the account is protected with the recommended additional layer of defence.


Subject: Digital Medical Companies Funnel Patient Data To Facebook For Advertising
Source: Forbes

A new study shows how websites and apps gather people’s sensitive health-related information, sometimes without consent, and channel it to the social media giant to generate business.

Digital health companies are funneling sensitive data that patients have shared with them to Facebook to help target advertisements, according to a new study from research group the Light Collective. In some cases this sharing is running afoul of the companies’ own privacy policies and raising concerns about HIPAA violations.

The peer-reviewed study, published Monday in Patterns, a data science journal, examines the way data from individuals’ health-related activity online is tracked across websites or platforms and then used for advertising purposes on Facebook. The researchers studied the online activities of 10 participants active in the online cancer community who had used digital health tools from five different companies: Color Genomics, Myriad Genetics, Invitae, Health Union and Ciitizen. They found that third-party ad trackers used by those companies followed the patients online and marketed to them based on those activities. Three of the companies went against their own privacy policies in the process.

“Health privacy is a basic requirement in digital medicine for reducing the abuse of power and supporting patient autonomy.”

Subject: Reps. Nadler, Thompson Send Letter to FBI, DHS on Personal Data
Source: Gizmodo

In a letter to their directors, seven agencies are asked to provide Congress with records about their purchases of private data.vTwo top Democrats in the House of Representatives have issued requests to a host of federal law enforcement agencies, including the FBI and Department of Homeland Security, demanding details of alleged purchases of Americans’ personal data. The lawmakers accuse the seven federal agencies of using commercial dealings with data brokers and so-called location aggregators to sidestep warrant requirements in obtaining Americans’ private data.

In a letter addressed to Attorney General Merrick Garland and six other agency heads on Tuesday, Reps. Jerrold Nadler and Bennie Thompson said that recent reports had found many law enforcement agencies — “including yours” — had purchased data or direct access to it “instead of obtaining it through statutory authorities, court order, or legal process.”


Subject: CRYPTO-GRAM (where crypto means cryptography, not that other stuff)
Source: RISKS Digest and Bruce.Schneier

CRYPTO-GRAM (where crypto means cryptography, not that other stuff)

1. San Francisco Police Want Real-Time Access to Private Surveillance Cameras
2. Facebook Is Now Encrypting Links to Prevent URL Stripping
3. NSO Group’s Pegasus Spyware Used against Thailand Pro-Democracy Activists and Leaders
4. Russia Creates Malware False-Flag App
5. Critical Vulnerabilities in GPS Trackers
6. Apple’s Lockdown Mode
7. Securing Open-Source Software
8. New UEFI Rootkit
9. Microsoft Zero-Days Sold and Then Used
10. Ring Gives Videos to Police without a Warrant or User Consent
11. Surveillance of Your Car
12. Drone Deliveries into Prisons
13. SIKE Broken
14. NIST’s Post-Quantum Cryptography Standards
15. Hacking Starlink
16. A Taxonomy of Access Control
17. Twitter Exposes Personal Information for 5.4 Million Accounts
18. Upcoming Speaking Engagements

Subject: Spy group abuses Microsoft OneDrive to steal credentials in hack-and-leak campaigns
Source: ZDNet

Microsoft spotlights the work of Seaborgium, a Russia-based threat actor that has abused OneDrive to phish high-value targets and uses LinkedIn to research them.

Microsoft has warned that a “highly persistent” threat actor from Russia has targeted NATO nations with credential theft campaigns that abuse OneDrive to compromise accounts, steal data and then leak information to sway public opinion.

Dubbed Seaborgium by Microsoft, the group has worked to steal information from targeted NATO countries, particularly the US and UK, and occasionally from other countries in the Baltics, the Nordics, and Eastern Europe, as well as Ukraine government organizations prior to Russia’s February 24 invasion. On occasion, the group also leaked data as part of what seem to be disinformation/misinformation campaigns.

The Microsoft Threat Intelligence Center (MSTIC), which tracks sophisticated and state-sponsored actors, has focused on Seaborgium ‘s abuse of OneDrive to gain visibility into the group’s activities.

The group has both used OneDrive as a lure in attachments that impersonate the service, and abused OneDrive to host PDFs containing links to malicious URLs.

“The victim is presented with what appears to be a failed preview message, enticing the target to click the link to be directed to the credential-stealing infrastructure. Occasionally, Seaborgium makes use of open redirects within the PDF file to further disguise their operational infrastructure,” says MSTIC in a blogpost.



Subject: Google blocks largest HTTPS DDoS attack ‘reported to date’
Source: Bleeping Computer

A Google Cloud Armor customer was hit with a distributed denial-of-service (DDoS) attack over the HTTPS protocol that reached 46 million requests per second (RPS), making it the largest ever recorded of its kind.In just two minutes, the attack escalated from 100,000 RPS to a record-breaking 46 million RPS, almost 80% more than the previous record, an HTTPS DDoS of 26 million RPS that Cloudflare mitigated in June.

Assault lasted 69 minutes – The attack started on the morning of June 1, at 09:45 Pacific Time, and targeted the victim’s HTTP/S Load Balancer initially with just 10,000 RPS.

To put into perspective how massive the attack was at its peak, Google says that it was the equivalent of getting all the daily requests to Wikipedia in just 10 seconds.

Luckily, the customer had already deployed the recommended rule from Cloud Armor allowing operations to run normally. The assault ended 69 minutes after it started.

“Presumably the attacker likely determined they were not having the desired impact while incurring significant expenses to execute the attack,” reads a report from Google’s Emil Kiner (Senior Product Manager) and Satya Konduru (Technical Lead)

Another characteristic of the attack is the use of Tor exit nodes to deliver the traffic. Although close to 22% or 1,169 of the sources channeled the requests through the Tor network, they accounted for just 3% of the attack traffic.


Subject: Idaho tech company suing FTC over privacy data use

Aug. 18 (UPI) — An Idaho data marketing and analytics company is suing the U.S. Federal Trade Commission, alleging the agency threatened it with a lawsuit over its consumer-tracking capability, according to court documents.”Kochava develops a set of software tools and programs that device application (“app”) developers can use to measure, track, organize, and visualize mobile app data for their marketing campaigns across marketing channels and partners,” according to documents filed in the U.S. District Court for the District of Idaho Northern Division.

The FTC had threatened to enforce an injunction against the company over its precise geolocation data. The agency argues the data can be used to track a person’s precise location. The FTC argued that made it possible for third parties to use the location date to track visits to abortion clinics. It also argued users weren’t properly informed of the possibility.

“Kochava operates consistently and proactively in compliance with all rules and laws, including those specific to privacy,” the company said in a statement to Ars Technica.

Posted in: Big Data, Cybercrime, Cybersecurity, Economy, Financial System, Healthcare, Legal Research, Privacy, Social Media