Friday Five: Apple’s Fight Against Malware and Threat Actors, Compliance Concerns in Europe, & Ongoing Cyber Warfare in Ukraine
Despite news of ransomware targeting MacOS, Apple’s iOS security marked a win this past week. Read about this, open source software compliance concerns in the EU, a malicious Google Chrome campaign, and more in this week’s Friday Five!
APPLE’S HIGH SECURITY MODE BLOCKED NSO SPYWARE, RESEARCHERS SAY BY LORENZO FRANCESCHI-BICCHIERAI
A security feature launched by Apple this past year for iOS devices, known as Lockdown Mode, was found to have helped block an attack by hackers using NSO Group spyware. Researchers found in their analysis of three zero-day exploits in iOS 15 and iOS 16--all of which were unknown to Apple--that Lockdown Mode successfully blocked the PWNYOURHOME exploitation and a workaround has yet to be observed. While researchers acknowledge that NSO's exploit developers may have developed a way to avoid triggering a Lockdown Mode notification, the original mitigation is still undoubtedly considered a win and "a cause for great optimism."
LOCKBIT RANSOMWARE ENCRYPTORS FOUND TARGETING MAC DEVICES BY LAWRENCE ABRAMS
The LockBit ransomware gang has created encryptors targeting Macs for the first time, likely becoming the first major ransomware operation to ever specifically target macOS. In BleepingComputer's analysis of the encryptors, based on the discovery of out-of-place strings, they determined that the encryptors were likely carelessly "thrown together" in a test. In other words, according to researchers, the observed encryptors are likely not ready for deployment in actual attacks against macOS devices. Read more about what this means for the future and how to prepare for Mac-targeted ransomware.
IN LETTER TO EU, OPEN SOURCE BODIES SAY CYBER RESILIENCE ACT COULD HAVE ‘CHILLING EFFECT’ ON SOFTWARE DEVELOPMENT BY PAUL SAWERS
The European Commission's Cyber Resilience Act (CRA), which is still in a relatively early stage of development after being unveiled this past September, is receiving pushback from multiple organizations over its language concerning open-source software. Being that open-source components reportedly constitute between 70-90% of most modern software products, critics claim that the CRA's self-certification system could stifle open-source development and that the language in the legislation to address those concerns is hazy. “If the CRA is, in fact, implemented as written, it will have a chilling effect on open source software development as a global endeavour, with the net effect of undermining the EU’s own expressed goals for innovation, digital sovereignty, and future prosperity,” said the letter addressed to the European Commission.
FAKE CHROME UPDATES SPREAD MALWARE BY CHRISTOPHER BOYD
A malicious campaign running since this past November is using compromised websites to push fake Google Chrome updates that infect victims with malware, according to an NTT security analyst. Potential victims are shown a fraudulent, yet genuine-looking web browser error from inside the browser window, which prompts users to update their browser using an automatically-downloaded ZIP file to correct the error. Read more about how the malware works, what not to do, and how to properly update Google Chrome manually.
RUSSIA’S DIGITAL WARRIORS ADAPT TO SUPPORT THE WAR EFFORT IN UKRAINE, GOOGLE THREAT RESEARCHERS SAY BY AJ VICENS
According to a security engineer with the Google Threat Analysis Group, the cyber components of Russia's invasion of Ukraine continue with nearly 60% of Russian-backed phishing campaigns targeting Ukraine. But Russia's tactics are reportedly changing, which include promoting highly produced YouTube videos as well as more traditional phishing campaigns. “[Sandworm] remains the most versatile GRU cyber actor with offensive capabilities including credential phishing, mobile activity, malware, external exploitation of services, and beyond,” said Google's security engineer. Read more about Sandworm's latest actions, their newer tactics in the information operation space, and attacks against Ukraine from adjacent groups.