Risky Biz News: Microsoft ties security goals to executive compensation
08:53 Share

Microsoft ties new security goals to exact compensation. EU and NATO countries condemn Russia over APT28 hacks. UK authorities detain a hacker-for-hire suspect in London. And a hacktivist group is going after far-right and transphobic groups. This is Risky Business News, prepared by Kabelin Kimpanu and read by me, Claire Aird.

Today is the 6th of May and this podcast episode is brought to you by Thinkst, the makers of the much-loved Thinkst Canary.

In today's top story, Microsoft will tie compensation for some of its executives to the security of its products. Microsoft CEO Satya Nadella announced the new policy in a memo sent to employees last week. Nadella says Microsoft will prioritise security in its hiring decisions going forward. The new policies are part of Microsoft's Secure Future initiative.

This project was announced last year to overhaul the company's poor cybersecurity posture. Nadella told employees to prioritize security even at the expense of new features or legacy support. In other news, the German and Czech governments, the European Union and NATO have condemned Russia for a major hacking campaign carried out by its military intelligence unit.

Officials say the APT28 group used a Microsoft Outlook Zero day to compromise email accounts throughout 2023. The campaign targeted governmental entities, critical infrastructure operators and political parties across the EU. Most of the victims were located in Germany, Chechnya and Ukraine. Russian officials called the statements unsubstantiated and unfounded and designed to incite anti-Russian sentiments in Germany.

Germany has summoned Russia's top diplomatic envoy to answer for the hacks and called on Russia to refrain from such behaviour.

The German armed forces have misconfigured their Cisco Webex systems, exposing details of their meeting schedules. Reporters from German newspaper Die Zeit found links to thousands of meetings exposed on the internet. Meeting titles reference sensitive topics such as Taurus missiles and battle tactics. The German government is also affected by the same issue with their Cisco Webex video conferencing software. Reporters say they easily found video conferences scheduled for Prime Minister Olaf Scholz and other ministers.

Ukraine's military hackers claim to have carried out a large-scale cyber attack against Russia's Tatarstan region. The operation targeted the Uyghur special economic zone where Russia makes some of its attack drones.

DDoS attacks hit the region's main ISP and allegedly cut off internet access to Tatarstan's capital of Kazan, Russia's fifth largest city. The attack was carried out by Ukraine's Defense Intelligence Main Directorate, which previously hit multiple Russian organizations with data wipers. It's unclear if GUR managed to wipe any IT systems in the attack. The Ukrainian military previously struck Russian drone factories in the same region last month.

The Biden administration will unveil a new US international cyberspace strategy this week at the RSA Security Conference in San Francisco. The document will be unveiled by Secretary of State Anthony Blinken and will include mentions of 5G communications security and foreign influence operations. The new strategy will replace a 13-year-old document from the first Obama administration.

The European Union is about to pass new cyber security regulations for electricity providers. Under the new rules, providers will have to undergo cyber security risk assessments every three years, will have to disclose security incidents and implement various safeguards. EU officials are adopting the new rules to prevent hacks from causing widespread blackouts. According to the Wall Street Journal, the new rules are inspired by the Ukrainian conflict and are expected to pass this week.

NATO's annual cyber defence exercise concluded last week in Tallinn, Estonia. More than 4,000 cyber security staff from 50 countries participated in this year's locked shields exercise. Teams cooperated to defend the infrastructure of a fictional country against a simulated cyber attack. Teams parried attacks against critical sector infrastructure, 5G networks and the use of AI technologies. A team from Ukraine participated in this year's edition for the first time.

The UK has arrested an Israeli man for allegedly conducting a cyber espionage campaign on behalf of an American PR firm. Amit Forlit was arrested at Heathrow Airport last week while trying to board a flight to Israel. He was detained on an international arrest warrant issued by the US. American authorities are currently trying to secure his extradition.

A Russian national has pleaded guilty to money laundering charges for his role in operating the BTCE cryptocurrency exchange. 44-year-old Alexander Vinik was arrested in Greece after the FBI seized the BTCE platform in July 2017. Officials say Vinik's platform laundered over $100 million in cybercrime profits, including from ransomware attacks. Vinik's

Vinik was sent to the US in 2022 following a multi-year extradition battle with France and Russia. Europol and authorities in six countries have raided 12 call centres linked to internet scams and fraud. The call centres were located in Albania, Bosnia-Herzegovina, Kosovo and Lebanon. Officials say the call centres were involved in romance scams, investment scams and fake police emergency calls that aimed to defraud victims.

Europol estimated victims lost around 10 million euros. Authorities have identified 39 suspects linked to the operation and managed to arrest 21 of them.

Law enforcement officials have reactivated the old LockBit dark web portal to tease an upcoming doxing of the gang's leader. The individual is known online as LockBitSup and officials say they plan to reveal his real identity on Tuesday. The FBI and Europol took down the LockBit gang's operation in February this year. The US State Department has offered a $10 million reward for any information on the gang's leader.

A hacking group has breached and leaked data from several far-right and transphobic organisations. The SiegeSec group has taken credit for hacks at the River Valley Church, the West Borough Baptist Church and far-right news sites Real America's Voice, The Postmillennial and Human Events. The hacks are part of what the group calls Operation Trans Rights 2. SiegeSec hopes the leaked data will expose the real-world identity of far-right and transphobic individuals.

The city of Wichita, Kansas, says it shut down IT systems to prevent the spread of a ransomware attack. The incident took place over the weekend on May 5. According to Emsisoft researcher Brett Callow, Wichita is the 36th state and local US government to have suffered a ransomware attack this year. Wichita is the 50th largest city in the US.

Security firm Dr. Web has found a new Android Trojan distributed via apps on the official Google Play Store. The Trojan works by secretly loading ads to generate revenue for its creators. It can also launch DDoS attacks and subscribe victims to premium services. Dr. Web says it found the malware inside a physical activity tracking app and apps to control adult toys. According to Play Store data, the apps were downloaded and installed more than 1.5 million times...

An earlier version of the same Trojan was also spotted on low-end Android-based TV set-top boxes.

And finally, Cisco Talos has disclosed a major vulnerability in the TinyProxy server before a patch was available. The remote code execution vulnerability can allow threat actors to take over proxy servers. Exploitation is expected to take place after proof-of-concept code was published online last week. Security firm Census says it found more than 90,000 TinyProxy servers exposed online, of which more than half appear to be unpatched and vulnerable to attacks.

The tiny proxy server is widely popular with IoT device makers and is widely deployed in South Korea, Europe and the US. In a GitHub post, the project's admins say Talos researchers failed to disclose the issue through the proper channels. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Thinkst, the makers of the much-loved Thinkst Canary. Find them at canary.tools. Thanks to your company.