This week’s cybersecurity news is packed! We’ve got Google stepping up its game with anti-malware features for Android 15, a data breach impacting Nissan employees, the takedown of a major hacking forum, and a case of stolen Ethereum cryptocurrency involving two brothers. Plus, the FCC is taking aim at robocalls with a new classification system. Want to know more? Read on!
Android 15 Introduces Enhanced Anti-Malware and Anti-Fraud Measures for Google Play Protect
Google announced this week that a ton of new security features will come with Android 15 and Google Play Protect.
The new features are being introduced to keep Google users safe from scams, malware, and phishing and also assist developers in building more secure applications. Android 15 will conceal OTPs (One Time Passwords) from notifications, expand restricted settings so that permissions are required for apps to access certain data, hide sensitive information like passwords and card details while screen sharing, and will also give you warnings if you are connected to unencrypted cellular networks.
But that’s not all. Google Play Protect will also come with on-device live threat detection and will monitor all applications, flagging them for suspicious activities. You can also disable an app until Google reviews its safety.
All of these features will be available before the end of the year with the official release of Android 15.
Nissan North America Data Breach Affects More Than 53,000 Employees
This week, Nissan North America disclosed a data breach where 53,000 of its current and former employees were affected.
The threat actors attacked the car giant in early November 2023 by targeting its external VPN (Virtual Private Network) and shutting down some of the organizational systems. Nissan said that no data was encrypted and informed its employees about the cyberattack.
But this year, Nissan discovered that the threat actor behind the attack accessed files that contained employee data (Social Security Numbers and Personal Identifiers). Now, Nissan has sent data breach notification letters to all the impacted former and current employees and has filed a report with the Maine Attorney General’s office.
It is also collaborating with cybersecurity experts to investigate and contain the attack and offering free 24-month credit monitoring and identity theft protection services to the affected employees. This type of incident highlights the urgent need for phishing protection solutions.
Brothers Apprehended in $25 Million Ethereum Blockchain Theft Case
The U.S. DoJ (Department of Justice) charged two brothers, Anton and James Pepaire-Bueno, this week for manipulating the Ethereum blockchain to steal $25 million worth of cryptocurrency in just 12 seconds.
The brothers are facing charges of wire fraud, conspiracy to commit wire fraud, and money laundering, which contain the maximum penalty of 20 years in prison if they are convicted. The IRS-CI (IRS Criminal Investigation) conducted the investigation with the help of the New York City Police and U.S. Customs and Border Protection.
The threat actors used their backgrounds in computer science and math to exploit the Ethereum blockchain. They accessed pending private transactions and manipulated them to make away with the crypto funds, and then refused to return them. Apparently, they have been planning the attack since December 2022 and used multiple cryptocurrency addresses, foreign exchanges, shell companies, and a privacy layer network to study the victims and conceal their identities and the stolen crypto.
They are highly skilled and even deployed bait transactions so they could identify the victim’s trading patterns and exploit a vulnerability in the MEV Bots‘ relay code to get the full content of the block prematurely. Then, they re-ordered the block and published them in the Ethereum blockchain to benefit themselves.
FBI Takes Down BreachForums Hacking Forum Linked to Data Breaches
The FBI seized the hacking forum BreachForums on Wednesday with help from international partners.
BreachForums was known for trading, selling, and leaking stolen data. It replaced previous forums like RaidForums and Breached, both of which were taken down by law enforcement. This all happened after some stolen data from a law enforcement portal in Europe (Europol, to be exact) showed up on BreachForums last week.
Seems like that was the last straw for the FBI. They swooped in on Wednesday and took control of the whole website. You can see a message on display on the seized BreachForums website, which confirms the FBI’s control and their review of the site’s data. Law enforcement is also encouraging users to contact them with information about cybercrime activities on the forum. They gained access to user data like email addresses, I.P. addresses, and private messages.
The FBI also took down BreachForums’ Telegram channel and some others linked to the forum’s admins. There are even rumors floating around that they might have arrested one of the admins, a threat actor called Baphomet.
The FBI is now searching for information about BreachForums and its members from victims and the public. If you know something, you can contact them via email, Telegram, or the new dedicated subdomain on their official website.
FCC Unveils Royal Tiger as Inaugural Tagged Robocall Threat Actor
The FCC (Federal Communications Commission) has taken a significant step in its fight against robocalls by designating its first official robocall threat actor–a group called the Royal Tiger.
Royal Tiger is a group operating across India, the United Kingdom, the United Arab Emirates, and the United States. They are accused of placing robocalls impersonating government agencies, banks, and utility enterprises. These calls make use of spoofed phone numbers and promote misleading offers like credit card interest rate reductions to entice the victims.
The group is allegedly led by Prince Jashvantlal Anand and Kaushal Bhavsar, who are said to be operating several entities in the U.S. linked to illegal robocalls. These entities include VoIP organizations Illum Telecommunication Limited (Illum), P.Z. Telecommunication LLC (P.Z. Telecom), and One Eye LLC (One Eye). They have also been linked to routing robocalls through Texas-based Great Choice Telecom, an enterprise that was previously sanctioned by the FCC and FTC for similar offenses.
The FCC’s new classification system, the C-CIST (Consumer Communications Information Services Threat), will assist state, national, and international bodies in identifying and tracking individuals or threat actors who are abusing telecommunications for robocall scams. You can also report suspecting people or organizations to the FCC at CCIST@fcc.gov.