Friday Five: Android Malware, More Law Enforcement Action, New NIST Guidance, & More
Despite law enforcement’s best efforts to combat and take down cybercriminals, home routers, Android phones, and Android-based TV boxes are all being threatened by new malware. Catch up on all the latest in this week’s Friday Five!
POTENTIALLY MILLIONS OF ANDROID TVS AND PHONES COME WITH MALWARE PREINSTALLED BY DAN GOODIN
Two recent reports, the first coming from Trend Micro and the second coming from TechCrunch, claim that multiple lines of Android devices came with preinstalled malware that couldn’t be removed without users taking drastic measures. Trend Micro's report found that as many as 8.9 million phones comprising as many as 50 different brands were infected with malware, while the TechCrunch report found that several lines of Android-based TV boxes sold through Amazon are laced with malware. People in the market for an Android phone are advised to stick to trusted brands with better quality assurance.
JUSTICE AND COMMERCE DEPARTMENT ‘STRIKE FORCE’ TARGET THEFT OF QUANTUM, AUTONOMOUS TECHNOLOGIES BY TONYA RILEY
The Justice and Commerce Department’s joint Disruptive Technology Strike Force announced five "coordinated enforcement actions taking aim at individuals seeking to help China, Russia, and Iran gain access to sensitive U.S. technologies," including charges against procurement networks, two Russian nationals in Arizona, and a former Apple software engineer. “We are not going to stop every transfer of every sensitive technology…we’re not going to get to zero...but I think you’re seeing where the efforts of not only the United States but our allies and partners around the world to prevent the transfer of technology to Russia supportive of its war effort is having a significant and detrimental effect on the Russian economy and in particular on its military readiness,” said Matthew G. Olsen, assistant attorney general of the Justice Department’s National Security Division.
NIST DEBUTS NEW CYBER GUIDANCE FOR CONTRACTORS HANDLING SENSITIVE DATA BY ALEXANDRA KELLEY
The National Institute of Standards and Technology made revisions to NIST SP 800-171 Rev.3 this past week that are intended to help federal contractors understand how to protect Controlled Unclassified Information that they may handle when working with government entities. “Many of the newly added requirements specifically address threats to CUI, which recently has been a target of state-level espionage,” said Ron Ross, one of the publication’s authors and a NIST fellow. “We want to implement and maintain state-of-the-practice defenses because the threat space is changing constantly. We tried to express those requirements in a way that shows contractors what we do and why in federal cybersecurity. There’s more useful detail now with less ambiguity.”
HACKERS INFECT TP-LINK ROUTER FIRMWARE TO ATTACK EU ENTITIES BY BILL TOULAS
A Chinese state-sponsored hacking group dubbed "Camaro Dragon" has been found infecting residential TP-Link routers with a custom "Horse Shell" malware to attack European foreign affairs organizations, according to a report from Check Point Research. The backdoor malware is reportedly deployed in a custom and malicious firmware designed specifically for TP-Link routers so that the hackers can launch attacks appearing to originate from residential networks. According to the report, "infecting a home router does not necessarily mean that the homeowner was a specific target, but rather that their device was merely a means to an end for the attackers."
RUSSIAN MAN CHARGED OVER RANSOMWARE ATTACKS, INCLUDING AGAINST D.C. POLICE BY BENJAMIN FREED
Mikhail Matveev, a resident of Kaliningrad, Russia, was accused of and charged with carrying out multiple ransomware attacks, including a 2021 incident against the Washington, D.C., Metropolitan Police Department. After an investigation that involved the FBI, IRS, and local law enforcement in D.C. and New Jersey, as well as authorities from Japan, the U.K., France, Germany, and the European Union, Matveev now faces multiple counts of transmitting ransom demands, conspiracy to damage protected computers and intentionally damaging protected computers, which carry a maximum penalty of 20 years in prison. Learn more about Matveev's background and other attacks he is said to be involved with in the full story from StateScoop.