Friday Five 2/25
Ransomware hits the industrial sector, behind the scenes of a stalkerware network, and more - catch up on the infosec news of the week with the Friday Five!
1. LockBit, Conti most active ransomware targeting industrial sector by Ionut Ilascu
Bleeping Computer takes a look at a new report via ICS/OT cybersecurity firm Dragos that outlines how appealing the industrial sector has become for ransomware groups, specifically the groups LockBit and Conti. It saw 211 attacks hit the manufacturing sector - a number that accounted for 65% of the attacks, followed by 35 against the food and beverage sector and 27 against the food and beverage business. While the report's breakdown of targets is interesting, its drilldown of issues they face - below - including lack of visibility, use of shared credentials, and whether they have devices with an external connection, is illuminating. It's reaffirming that nuclear facilities appear to be among the most secure the firm looked at.
2. CISA Warns of Attacks Exploiting Recent Vulnerabilities in Zabbix Monitoring Tool by Ionut Arghire
Another week, another heads up from United States Cybersecurity and Infrastructure Security Agency (CISA) on some critical flaws that if you're an administrator, deserve your attention. Especially if your organization runs Zabbix, an enterprise monitoring solution that lets IT track and monitor services, metrics, and so on. Two vulnerabilities in the platform could be exploited by an attacker to bypass authentication and gain administrator privileges, something which could then allow an attacker to execute arbitrary commands. As SecurityWeek notes, patches for the issues were released in December but CISA is pushing organizations to fix the issues now if they haven't as they're being exploited in the wild. Because of that, the bugs have been added to CISA's Known Exploited Vulnerabilities Catalog; the agency is asking organizations to fix the bugs in two weeks, by March 8.
3. Behind the stalkerware network spilling the private phone data of hundreds of thousands by Zack Whittaker
A good scoop here via Zack Whittaker and Techcrunch who on Monday shared that a series of shady spyware apps are plagued by the same vulnerability. The issue exists in a handful of spyware apps - all Android-based - that were found harvesting data from 400,000 phones around the world. The white label apps have pretty generic names - Copy9, MxSpy, TheTruthSpy, iSpyoo, SecondClone, TheSpyApp, ExactSpy, FoneTracker and GuestSpy - and all appear to be operated by the same company, 1Byte. The story was timed with a warning from Carnegie Mellon University’s Software Engineering Institute's CERT/CC about the issue, an Insecure Direct Object Reference vulnerability, that results in a failure to authorize API requests. While some of the apps aren't working anymore, some are. Techcrunch is in a tricky spot however, as it can't explain too much about the vulnerability as it doesn't want to jeopardize those who may have the spyware on their phone. If you think your phone is infected with the spyware however, it’s worth reading Techcrunch’s explainer on how to remove it.
4. Google Plans Privacy Changes, but Promises to Not Be Disruptive by Daisuke Wakabayashi
Speaking of Android, Google announced this week that its planning on limiting how much data its smartphones share on its users, across apps and third parties. The company claims it plans on making more subtle changes to its mobile operating system than Apple did with iOS when it changed its permission controls last year but that it still wants to find a way for developers to make money through advertising while respecting user privacy. While balancing the two can always be a tough ask, Google already has a head start if you consider the merits of Chrome’s Privacy Sandbox, a technology that forgoes cookies in favor of anonymized signals in a person’s browser to allow ad targeting and measure a user’s browsing habits.
5. Consumer data privacy moves to House floor despite Senate inaction by Renzo Downey
There's no shortage of data privacy bills working their way through statehouses across the country right now. This blog looks at one in Florida, introduced by the state’s House of Representatives, that's making moves, from the state's House Commerce Committee to the House Judiciary Committee. It's next step: the House floor. This legislation would give consumers the right to determine what information has been collected, delete or correct the data, and opt-out of the sale or sharing of that personal information. The law, HB 9, differs from FPPA in the Senate; FPPA would include an entity-wide exemption for financial institutions under the GLBA while HB 9 has a partial entity-wide exemption.