Friday Five: 8/14 Edition
Ransomware group launches a new data leak site, 1 Billion Android phones possibly at risk of data theft, and England is testing a new coronavirus contact-tracing app - catch up on the week's news with the Friday Five.
1. FBI Says an Iranian Hacking Group is Attacking F5 Networking Devices by Catalin Cimpanu
The FBI sent out a Private Industry Notification to the US private and government sector last week, alerting them that a group of elite hackers associated with the Iranian government may be targeting them. Although the hacking group was not officially named in the alert, sources told ZDNet that the group is tracked by the larger cyber-security community under codenames such as Fox Kitten or Parisite. According to cybersecurity experts, the group's main purpose is to attack large private corporation and government networks to provide an “initial beachhead” to other Iranian hacking groups. The group primarily targets high-end and expensive network equipment using exploits for recently disclosed vulnerabilities before companies have enough time to patch devices. Targeted vulnerabilities include Pulse Secure “Connect” enterprise VPNs, Fortinet VPN servers running FortiOS, Palo Alto Networks “Global Protect” VPN servers, and Citrix “ACD” servers and network gateways. FBI officials warn that the group isn’t targeting any particular sector and that any company running a BIG-IP device is likely to be targeted.
2. Avaddon Ransomware Launches Data Leak Site to Extort Victims by Lawrence Abrams
Avaddon ransomware is following the lead of many cybercrime groups and launching a data leak site that will be used to publish the stolen data of victims who do not pay a ransom demand. Sites like these leverage organizations’ financial information, personal information of employees, client data, etc. to threaten victims into paying the ransom. Attackers are hoping victims pay to avoid the extra costs associated with data breaches, the aggravation of disclosing a breach to employees and clients, and the potential reputational harm. Avaddon ransomware operators announced the launch of their data leak site on a Russian-speaking hacker forum over the weekend and currently only have one 3.5MB entry on the site from a construction company.
3. Snapdragon Chip Flaws Put >1 Billion Android Phones at Risk of Data Theft by Dan Goodin
Researchers have reported there are over 400 vulnerabilities in Qualcomm’s Snapdragon chip that could leave a billion or more Android devices susceptible to hacks that can turn them into spying tools. Downloading a video or other content that’s rendered by the chip or installing malicious apps that require no permissions at all makes a target especially vulnerable to exploitation. Once exploited, attackers can monitor locations, listen to nearby audio in real time, exfiltrate photos and videos, and even render the phone completely unresponsive. Disinfecting devices can be difficult as it is possible for infections to be hidden from the operating system. According to Check Point, Qualcomm has released a fix for the flaws but has no incorporated it into the Android OS or any Android device that used Snapdragon.
4. Coronavirus: England’s Contact-Tracing App Gets Green Light for Trial by Leo Kelion
England has revamped their coronavirus contact-tracing app and has based the software on Apple and Google’s privacy-centric method of one smartphone detecting another. The app is set to begin public trials on Thursday, and it’s main purpose is to use people’s phones to calculate high risks of contagion by logging when and how long one person has been in contact with another person. If one user is later diagnosed with the disease, all users who came in contact with that person will be notified. Users will also be asked to scan a QR barcode when they enter a property which could enable England to return to more normal daily activities with the reassurance that their contacts can be rapidly and anonymously notified if they have potentially been infected. Officials are concerned about people wrongly going into quarantine as a result of the Bluetooth-based tech incorrectly flagging people as being within 6ft of each other. A large focus of the app testing will be to improve the accuracy rate of the location tracking to a high enough – but not perfect – level.
5. NHS Hit with Wave of Scam Emails at Height of COVID-19 Pandemic by Owen Hughes
Between March and the first half of July, NHS Digital doctors, nurses, and other key workers reported over 40,000 spam and phishing attacks. The attacks came in the form of malicious emails, and over half of them were sent in March alone – at the height of the coronavirus pandemic. NHS Digital’s chief information security officer, Neil Bennett, said that a large part of the organization’s cybersecurity operations is to collaborate with all areas of the system to ensure they are aware of potential threats, so the increase in reporting has shown that NHS staff were taking their responsibilities to keep information safe seriously. The hospital warned employees of phishing emails with malicious links and provided additional advice and guidance around cybersecurity best practices while working from home. NHS Digital is not the only health organization to experience a spike in cyber attacks as the global pandemic has brought with it a large number of cybercriminals looking to exploit the widespread uncertainty.