Shownotes Transcript
The cyberpartisans say they hacked the Belarusian KGB, Avast fined 14 million euros for selling user data, academics discover a new side-channel attack and Ukrainian hackers wipe another Russian telco. This is Risky Business News, prepared by Katalin Kimpanu and read by me, Claire Aird.
Today is the 29th of April and this podcast episode is brought to you by Socket Security. Socket makes a security platform for developers that protects their software from vulnerable and malicious open source dependencies. Find them at socket.dev. In today's top story, Belarusian hacktivist group The Cyberparlasans claims to have hacked the KGB, the National Intelligence Agency of Belarus.
The group says it breached the agency's website in the fall of 2023. The intrusion went undetected until earlier this year when the KGB put its website into maintenance mode.
Over the weekend, the cyberpartisans leaked a copy of the site's database, which they claim contains information on 8,600 current and former KGB employees. The group also launched a Telegram bot with data from the hack. The bot allows Belarusian citizens to upload photos and face match it against the KGB database to detect if someone is part of the agency staff.
Ukrainian hacktivist group the BO Team claims to have hacked MTT, a subsidiary of Russian telecom provider MTS. The attack took place overnight between April 26 and 27. The group says it wiped IT infrastructure and caused internet outages across multiple Russian cities, including Moscow and St. Petersburg. The BO Team says it conducted the hack in cooperation with Ukraine's Military Intelligence Agency.
US organisations patched vulnerable devices only half the time after receiving a security alert from CISA. The agency sent almost 1,800 notifications about unpatched devices to organisations last year, but only 49% of vulnerable systems were patched.
The notifications were sent via the Ransomware Vulnerability Warning Pilot Program. CISA established the program in March last year to warn companies about unpatched devices that are commonly exploited by ransomware gangs.
The US is considering legislation that could ban Chinese drone maker DJI. Officials say the company poses a national security threat as it can collect data on US critical infrastructure. The legislation is known as the Countering CCP Drones Act and would effectively kill the company's business in the US.
The US Department of Commerce added DJI to its export-controlled entity list in 2020. The designation bans US companies from supplying technology to the Chinese company.
The Czech data protection agency has fined cyber security firm Avast 14 million euros for violating EU GDPR rules. The agency says Avast lied to customers on multiple counts on how it dealt with their personal data. The agency found that Avast told customers it was only collecting data for statistical analysis, but secretly sold it to third parties. It also falsely claimed that data would be anonymised.
This is Avast's second fine for the same infringement. It was fined $16.5 million in the US earlier this year. A threat actor has stolen $9.6 million worth of crypto assets from DeFi platform StarWallets. The incident took place on April 17 and the platform says it suffered substantial liquidity losses. More than a week after the attack, the platform is still down.
A 21-year-old from Memphis, Tennessee, pleaded guilty to hacking-related charges. US prosecutors say Cameron Stokes was part of a three-man group that launched credential-stuffing attacks against sports betting site DraftKings in November 2022. Stokes operated an online shop where his co-conspirators sold the hacked accounts. Authorities charged Stokes in January this year, weeks after the gang's leader was sentenced to 18 months in prison.
BEC scams and other types of funds transfer fraud accounted for more than half of cyber insurance claims last year, according to cyber insurance provider Coalition. Ransomware accounted for only a fifth of all claims but was the largest source of claims by severity. Coalition says organisations using certain types of boundary devices were at a greater risk. This included organisations running Cisco ASA, Fortinet devices or RDP endpoints.
Businesses that ran internet-exposed Fortinet devices were twice as likely to experience a claim last year, according to Coalition. Akamai has uncovered a massive phishing campaign targeting US Postal Service customers. The campaign has been active since the 2023 holiday season and is still ongoing. Akamai says the campaign has sometimes generated more traffic to its phishing sites than all the traffic to the real USPS homepage.
Academics have discovered a new side-channel attack in the speculative execution feature of modern Intel processors. The new attack is named Pathfinder and targets the conditional branch predictor mechanism of Intel CPUs. Academics say Pathfinder is a more refined and efficient version of past attacks that targeted the same mechanism. This includes the likes of Spectre or BranchScope.
And finally, Apple will start enforcing an App Store policy in May with new rules for third-party software development kits. Developers will have to provide reasons why they use each API and digitally sign any SDK they use. They will also have to use privacy manifests, which are files that describe the privacy practices of any third-party code used in their apps.
And that is all for this podcast edition. Today's show was brought to you by our sponsor, Socket Security. Find them at socket.dev. Thanks for your company.
