The war against cyber threats is perhaps a never-ending one, which is why robust preparedness and using the right cybersecurity tools is the need of the hour to tackle today’s cyber threats. This week’s cyber headlines discuss some of the latest measures adopted by global governments and organizations in an attempt to ensure cybersecurity for everyone, among other crucial headlines.
Six Russian Organizations To Be Restricted From Doing Business With The US
In an abundance of caution and prioritizing the nation’s cybersecurity stance, the Biden government had placed some demands before the Russian government in the June summit in Geneva. As an extension of this cybersecurity drive, the US Department of Commerce has banned six Russian entities (four IT and two others) from doing business with the US without a special license.
These Russian organizations on the DoC’s entity list include Federal State Autonomous Institution Military Innovative Technopolis Era, Aktsionernoe Obschchestvo Pasit, Aktsionernoe Obshchestvo AST, Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA), Obshchestvo S Ogranichennoi Otvetstvennostyu Neobit and Aktsionernoe Obshchestvo Pozitiv Teknolodzhiz (or JSC Positive Technologies).
These companies are reportedly associated with Russian intelligence services and hence are a threat to US national security. If nothing else, this move, among many others, reaffirms Biden’s claim that the US government can go to any extent to safeguard its cyberinfrastructure and people from potential cyberattacks.
Over 50% of US Organizations Use Ineffective Cybersecurity Measures
The latest research by Osterman Research reveals that only 37% of the surveyed 130 US cybersecurity professionals feel that they employ effective ransomware protection strategies. Almost half of US organizations are still struggling to deal with phishing (which continues to be the most frequent form of attack), BEC scams, account compromises, and ransomware attacks.
The study highlighted seventeen critical best practices. The respondents were asked to select how many of these strategies they employed in ransomware or phishing attacks. Only 37% of them followed 11 or more of the 17 listed best practices for cybersecurity, while over 72% of respondents feel that their hacking prevention strategies for home infrastructure are ineffective.
The report also mentioned some recommendations for organizations that included user training, a risk-based approach, improved authentication, and an incident response plan.
Microsoft Seizes 17 Malicious Domains Used For BEC Scams
The adversaries have time and again tricked Office 365 users into making fraudulent payments using BEC scams. Microsoft’s Digital Crimes Unit (DCU) has taken over 17 malicious homoglyph domains that impersonate real business and communicate with their clients, to stop this malicious trend.
Microsoft’s complaint explains that these malicious domains are registered through KS. Domains Ltd./Key-Systems GmbH and NameSilo LLC and target Office 365 services and customers. Typically, the attackers use the homoglyph domains along with stolen customer credentials and access customers’ email accounts to know about their pending financial transactions. All this, with hopes of deceiving victims out of their funds and making them transfer funds to threat actors.
As per Microsoft’s findings, the adversaries are based in West Africa and target only North American small businesses. This historic seizure of the 17 malicious domains brings much hope and assurance of email security to Office 365 users.
Four Major Encryption Flaws Detected In Telegram
Back when WhatsApp’s privacy policy seemed dubious, many people made a swift shift to Telegram for the supposed end-to-end encryption and privacy it provides. Now cybersecurity researchers have discovered four significant flaws in Telegram’s cryptographic protocol, MTProto. These flaws would allow adversaries to access, alter and manipulate the encrypted user chats. This revelation was made by academic researchers at the University of London, Royal Holloway, and ETH Zurich University.
The four cryptographic vulnerabilities included were:
- Message alteration
- Retrieval of plain text
- Identifying encrypted messages
- Man-in-the-middle attacks
These flaws existed In Telegram’s iOS 7.8.3 version, Android 7.8.1 version, and desktop 2.8.8 version. If exploited, these vulnerabilities would enable the adversaries to change the sequence in which messages were sent, recover plain text from encrypted texts, launch man-in-the-middle attacks, and identify a user’s encrypted messages. However, the good news is, Telegram fixed these flaws soon after receiving the notification. No specific security release was posted for these flaws; Telegram patched them as part of its regular updates. All users who may be still using the vulnerable versions of the application are advised to get the latest Telegram update immediately.
Diavol Ransomware Steals Data
The ransomware gang Diavol’s claims of stealing victims’ data after attacking their systems, was declared untrue by cybersecurity researchers from FortiGuard. But the latest update by security analysts proves that Diavol is indeed capable and malicious enough to steal the victims’ data. The other latest revelations on Diavol include its use of Cobalt Strike’s HTTP beacon for data exfiltration and malware injection.
The researchers proved that it’s a risky business to get infected by Diavol by sharing copies of data that Diavol stole from multiple organizations. These days, it is almost certain that a data breach will follow a ransomware attack. Therefore, organizations and their security professionals must adopt robust ransomware protection measures well in advance.
Spanish National Police Arrests An Attacker Behind The 2020 Twitter Hack
Almost a year after that colossal Twitter hack, the authorities have arrested another cyber attacker associated with the attack. The 22-year-old UK citizen Joseph O’Connor was recently detained by the Spanish National Police in the Spanish town of Estepona following a US warrant.
O’Connor was accused of gaining unauthorized access to a protected computer, stealing information, and launching an extortion campaign. He was also charged with the illegal takeover of Snapchat and TikTok user accounts, cyberstalking an unnamed juvenile, and defying cybersecurity norms. The accused had worked with Nima Fazeli, Mason Sheppard, and Graham Ivan Clark under the name of PlugWalkJoe to launch the massive Twitter hack of 2020. They had exploited Twitter’s internal tools to breach the verified accounts of celebrities, politicians, and companies and promote a cryptocurrency scam that collected over $100,000 in Bitcoin.
This arrest sends out an important message to malicious actors like O’Connor that the law shall find them and make them pay for their cybercrimes. O’Conner’s arrest comes four months after this sentence of three years in prison was announced. Despite all this, what’s striking is O’Connor’s unwavering denial and lack of remorse for his crimes. He was found saying, “I don’t care. They can come to arrest me. I would laugh at them. I haven’t done anything.”