Cybersecurity News: January Digest
2021 began almost as eventfully as the previous year, 2020. Not much time has passed, but in the world of IT technologies, cybersecurity and anonymity, many things have happened.
But don’t worry that you’ve missed something interesting and important. Our team has prepared the most up-to-date news from the online world to keep you in touch.
Previously, we’ve already talked about important events on the internet. All the information is available here.
The preliminary date of entry into force of the new privacy rules is set for May 15. Before this period, the messenger users who refused to accept the new rules will not be blocked.
If you’ve decided to choose a reliable alternative to WhatsApp, we’ve prepared a list of good options.
Stormshield data leak
Stormshield is a French information security company. It is an official and international provider of the network services for secure connection. Recently, the company has reported a hack. It claimed that an unknown hacker broke into one of the company’s support portals and stole personal information about its customers.
In addition, representatives of the company said that the hacker was able to steal part of the source code of the Stormshield Network Security (SNS) firewall, which was certified to work in French government networks.
An investigation of the incident is underway, during which the specialists will assess the damage. At the time of the investigation, all the company’s developments are “under surveillance.”
Stormshield specialists assure customers that they have taken all necessary measures to prevent other possible attacks. In addition, they have replaced some certificate numbers for SNS updates.
Representatives of Stormshield told the media that about 2% of customer data was affected as a result of the incident; that is, about 200 accounts of more than 10,000. All the victims have already been notified of the incident.
Did you hear about the Facebook data leak? We’ve talked about it more here.
Hackers from North Korea attacked security researchers
In a recent report, Google said that a hacker group from North Korea had attacked cybersecurity communities investigating various vulnerabilities.
The first to discover the data on the attack was the Threat Analysis Group security team, which specializes in such attacks.
According to the report, fake profiles were created on such social media as Telegram, Discord, Twitter, and even email and Keybase. Then, hackers gained the trust of the researches and offered them to help in studying the possible vulnerabilities and tech holes. For this, they recommended using a Visual Studio project that contained dangerous code. Such a program worked as a kind of backdoor program that controls the server. Sometimes, hackers send researches a link to follow that contained a malicious and dangerous code on their email.
This malware attack was linked to the famous Lazarus Group that has been sponsored by North Korea.
Earlier, the frequency of hacker attacks on UK companies was revealed.
Chrome Sync can be used to steal personal data
Brojan Zdrnja, an expert from Croatia, has discovered a dangerous Chrome extension. According to him, the extension abuses the existing Chrome Sync features.
Let’s remember that the Chrome Sync function is used for instant synchronization of user information between devices. You can use it to save data such as passwords, account’s information, history, settings, and cloud extensions.
According to Boyan Zdrnja, this function can be used in a negative way. For example, to send commands to infect the browser or to steal data and leak information.
The expert wrote that the attacker in this case had already gained access to the victim’s computer, but did not have access to protected personal data since they were located inside the user’s private portal. After that, he downloaded the malicious Chrome extension to the victim’s computer and ran it in developer mode.
This extension looked like a special security product of the company. At the same time, it can include a dangerous malicious code that misused the synchronization function, allowing a hacker to remotely control the used browser.
In the extension, the code provided the hacker with a free text field to store the needed keys that previously were copied on the additional server. This field can store any data from personal information to confidential corporate data.
So, a dangerous extension can be implemented to “drain” data from official networks into the attacker’s browser.
Remember that Google is always watching you!
Hackers leaked modified data on Pfizer vaccine
The European Medicines Agency said that attackers forged some data on the Pfizer-BioNTech vaccine candidate before leaking it to the network. The ultimate goal was to undermine public confidence in coronavirus vaccines.
*The European Medicines Agency is an organization that checks medicines for their subsequent legalization in the EU.
The documentation that has been made publicly available, including email correspondence, discloses data from the vaccine evaluation process. However, some messages have been replaced or altered by hackers to undermine the trust of citizens.
In addition, the leaked information included screenshots of electronic messages containing comments from the agency’s experts in Word, PDF, and PowerPoint format.
The agency said it has launched an investigation together with law enforcement agencies.
Learn more about secure and private online communication.
Instagram blocked hundreds of stolen accounts
Instagram has blocked hundreds of stolen accounts with short usernames that consist of one word and are highly valued in the community for this. The company conducted the cleanup together with Twitter and TikTok.
Short nicknames, such as @Killer, @Sick, and @Miracle, attract other users’ attention and give the account a special status, as they indicate that the person has been registered on the platform for a long time.
Instagram found out that the accounts were appropriated by hacking, blackmail or extortion, and then sold for large sums, reaching up to $40,000. At the same time, such actions were not controlled in any way for many years.
Hackers usually steal accounts with short usernames using phishing attacks. They send out emails that look like messages from Instagram to find out the password or substitute the SIM card number to cancel the user’s authentication.
Now Instagram is trying to return the stolen accounts to their real owners, but the process is complicated due to identity verification problems. At the same time, hackers often convincingly impersonate those to whom the profile originally belonged.
Instagram is not a secure place for communication and social interaction. You can read more about it here.
Android devices were used for DDoS attacks
Network security division NetLab has found a dangerous malware that can infect Android devices and create from them a botnet for accomplishing DDoS attacks.
The bot has a name Matryosh. It can track all devices that connected to the Android Debug Bridge interface. Such an interface is famous for its working problems on Android devices.
Matryosh has some special features when it works. The first one is a built-in function of sharing with Tor. This option is necessary for hiding the real IP address and implement a multi-level process for getting the server address.
However, the researches suggest that Matryosh may include some hints indicating its origin. For example, information about its creator is available. In addition, information about the scope of use of the botnet is available. It also includes DDoS attacks.
Unfortunately, there are practically no ways to resist this botnet. The only thing that needs to be done is to disable the ADB interface in the settings, but this feature is not provided for other Android devices, so they will remain vulnerable.
You can read more about the danger of DDoS attacks here.