Friday Five: 5/1 Edition
Australia's contact tracing app sparks privacy concerns, Shade ransomware ceases operations, and Google Play deals with malicious apps. Catch up on the week's news with the Friday Five!
1. Australia Launches Controversial Coronavirus Contact Tracing App by Reuters
As Australia prepares to ease restrictions relating to the coronavirus and get its country and economy back on normal footing, officials there continue to worry about the risk of another flare up. Fortunately, Australia and neighboring New Zealand managed to control its coronavirus outbreak before its public health systems was strained, but the country acknowledges that it isn't out of the woods yet. On Sunday, the Australian government launched an app, based on Singapore’s TraceTogether software and using Bluetooth signals to log when people have been close to one another, to help health officials trace people potentially exposed to infections. Civil liberties groups have criticized the app as an invasion of privacy, but the government assured people there that the app does not track location and that no one would have access to that data besides public health officials. The topic of privacy around these contact tracing apps has been an issue almost everywhere. South Korea and Israel, for example, are using high-tech methods to track people’s locations through centralized, surveillance-based approaches. The way Australia chooses to handle transitioning back to normalcy with the use of this app could serve as an example for others, if successful.
2. Hackers’ Malicious Script Skimmed Credit Card Details Off Robert Dyas Website By Graham Cluley
3. Shade Ransomware Shuts Down, Releases 750K Decryption Keys by Lawrence Abrams
This ransomware news is a bit different from what we normally see in the headlines: The operators behind Shade strain of ransomware, which has been functioning since around 2014, has shut down operations, released over 750,000 decryption keys, and apologized for any harm that they caused their victims. The group mostly targeted people in Russia and Ukraine and had steadily distributed ransomware over the years until the end of 2019 when it decided to stop. In the GitHub repository that it created, the group included five master decryption keys, over 750,000 individual decryption keys for victims, instructions on how to use them, and a link to the group's decryption program. “We apologize to all the victims of the trojan and hope that the keys we published will help them to recover their data,” the GitHub post states. Researchers confirmed that the keys are valid, but using a decryptor is not very straightforward, and victims may have trouble getting it to work correctly.
4. Google Play has Been Spreading Advance Android Malware for Years by Dan Goodin
Researchers have revealed that hackers have been distributing an unusually advanced backdoor that’s capable of stealing a wide range of sensitive data by using Google Play. At least eight Google play apps that date back to 2018 have been recovered, and it's likely that more malicious apps from the same advanced group have been on Google’s official market since at least 2016. Google uses a vetting process to keep malicious apps out of Play but attackers used several effective techniques to bypass the security process. One of the techniques was to submit a benign version of an app initially, and then add the backdoor only after the app was accepted. Over time, the backdoor collected data about infected phones including the hardware model, the Android version it ran on, and any apps that were installed. After the attackers downloaded malicious payloads specific to the infected device, they could collect locations, call logs, contacts, text messages, and other sensitive information. Google has removed recent versions of this malware shortly after being notified by researchers, but many remain available on third-party markets.
5. Healthcare Targeted by More Attacks but Less Sophistication by Robert Lemos
It’s not news that healthcare organizations have been experiencing an increase in security breach attempts amid the COVID-19 pandemic. Security experts claim the fraud attempts aren't very sophisticated however. While organizations saw a 30% increase in COVID-19-themed phishing sites and lures last month, the number of successful breaches did not significantly increase. The downturn of the global economy has likely forced some people to turn to cybercrime but many of those people aren't sophisticated actors. While some hackers have vowed not to attack healthcare firms, some are continuing, with 14% of attacks in the first quarter targeting the healthcare sector, according to reports. Healthcare companies have struggled with securing their networks due to older, unpatched operating systems and tighter budgets after cancelling elective surgeries and turning away many patients. Ransomware groups continue to target healthcare companies due to their reputation for paying ransom.