Friday Five 12/4
Trickbot's new tricks, attacking vaccine cold chains, and CFAA in front of the Supreme Court - catch up on all of the week's infosec news with the Friday Five!
1. The Internet's Most Notorious Botnet Has an Alarming New Trick by Andy Greenberg
The threat actors behind the seemingly unkillable botnet Trickbot are trying a new technique: targeting firmware instead of operating systems. The new module searches for vulnerabilities in a user’s computer to plant a backdoor in the code through which the device’s operating system boots up. This new approach is concerning because this part of the code sits on a chip outside of the hard drive, which allows TrickBot to avoid most antivirus detection and software updates. This new strategy is necessitated by the increased attention that Trickbot has received from major US agencies and companies. If it wants to survive under increased scrutiny, its attacks have to be stealthier. To combat the new technique, researchers suggest that companies update their computer’s firmware and check their PCs for tampering.
2. Hackers targeting groups involved in COVID-19 vaccine distribution, IBM warns by Raphael Satter
In the latest development surrounding the delivery of the COVID vaccine, researchers warn that criminals are targeting the components critical to vaccine distribution. Specifically, there’s evidence of phishing emails targeting the vaccine cold chain, which is the process by which the vaccines are kept at an extremely cold temperature to maintain their effectiveness throughout the distribution process. Any disruption to the cold chain could dramatically affect the ability to deliver the vaccine on time. The perpetrator of the campaign is unknown, but it’s not unreasonable to assume nation-states might be involved, as any information related to distribution is likely at the top of the list of concerns of every country.
3. iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever by Dan Goodin
Dan Goodin wrote a summary of a report from Project Zero this week which detailed a nasty memory corruption bug in the iOS kernel. The bug allowed remote access to attackers through Wi-Fi with no user interaction required. To make matters worse, the exploits were wormable, meaning that they could travel to other devices with no user interaction. Once exploited, attackers could gain access to a user’s personal data: including emails, photos, messages, passwords, and crypto keys. Apple has patched the vulnerability and there’s no evidence that the vulnerability was exploited to steal any data. Still, it's eye-opening that a single bug could provide wireless access to what is thought to be one of our most secure consumer devices.
4. Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date by Tim Starks
The Supreme Court heard oral arguments on Monday in Van Buren v. United States, a case which deals with questions regarding the Computer Fraud and Abuse Act (CFAA). The case in question rests on whether an individual exceeded authorized access to a computer under the definition of the CFAA. The law was written in the 1980s and has long drawn consternation for its outdated, vague, and punitive nature. The details of the case involves an officer who is accused of accepting a bribe to lookup license plate information in an official law enforcement database. Researchers fear that a broad ruling for the government could lead to prosecutions of ethical hacking under the CFAA. The court will issue a ruling sometime before the court goes on recess next summer, but court observers noted that many of the justices seemed skeptical of the government’s position.
5. FBI warns of email forwarding rules being abused in recent hacks by Catalin Cimpanu
The FBI has issued a warning that cybercriminals are increasingly relying on email forwarding rules to hide their presence inside hacked email accounts. The technique was used in the BEC (Business Email Compromise) attacks this summer. Auto forwarding email rules allow threat actors to receive copies of incoming emails without having to log in every day and risk discovery. While this technique has existed for years, gangs running BEC scams have been especially active with using forwarding rules when trying to convince employees and business partners of the exploited company to authorize payments to accounts controlled by the threat actors. To mitigate the risk, the FBI recommends syncing email account settings.