Risky Biz News: Two cyber-criminals included in US-Russian prisoner swap
10:29 Share

Two cyber criminals are included in a major US-Russian prisoner swap, shareholders sue CrowdStrike over the IT outage, Greece absolves itself of the PredatorGate scandal, and a ransomware attack impacts US blood donation centres. This is Risky Business News, prepared by Katalin Kimpanu and read by me, Claire Aird. Today is the 2nd of August, and this podcast episode is brought to you by no-code automation platform, Tynes.

In today's top story, two Russian cybercriminals held in the US have been sent home in the prisoner swap that freed Wall Street Journal reporter Evan Gershkovich and former US Marine Paul Whelan. A White House spokesperson confirmed that as part of the deal, the US released convicted Russian cybercriminals Roman Seleznev and Vladislav Klushin. Seleznev was being held on a 27-year prison sentence for running the Carter.su carting forum,

Klyushin was being held on a nine-year prison sentence for using hacked data for insider trading. The prisoner swap involved 24 individuals held in seven countries and also saw the release of several Russian opposition political figures.

In other news, Greece's Supreme Court has ruled that there's no evidence that the country's government agencies were involved in the Predatorgate spying scandal. The decision comes in a two-year-old case where the ruling government was accused of spying on dozens of opposition leaders and journalists.

The case was also investigated by the EU's Pega Commission, which named Greece one of the worst spyware offenders in the EU. The Supreme Court's decision has dismissed charges against government officials, but has left the door open for the prosecution of individuals tied to the spyware. The decision comes contrary to multiple reports from local journalists that exposed the hacks, exact targets and even ties between the government and the spyware maker. I'll

Opposition leaders call the Supreme Court's decision a stain on the country's justice system. South Korea's intelligence agency estimates that around 8,400 hackers are currently part of North Korea's cyber force. The number is up from 1,700 recorded in 2015. Officials say these units are involved in both cyber warfare and cybercrime operations.

Germany has formally blamed the Chinese government for hacking its national office for cartography in a 2021 cyber attack. The German government has summoned the Chinese ambassador for the first time since the Tiananmen Square massacre. In typical Beijing fashion, the Chinese embassy in Germany called the accusation targeted defamation. The British government also summoned the Russian ambassador last December after the FSB's cyber units hacked members of parliament.

China's Internet Watchdog is working on a new regulation that will assign a digital identifier to each Chinese citizen using the Internet. The new system would link a person's real identity to a unique ID to be used when registering for online platforms.

Beijing officials say the new system is designed to prevent online fraud and the ability of private companies to track user behaviour, since users will not have to share any of their personal data with online platforms going forward. Critics say the new system allows the government easier ways to track users online. Shareholders have filed a lawsuit against security firm CrowdStrike over a recent IT outage that impacted countries all over the world.

The outage was caused by an update to the company's Windows EDR kernel driver that contained a bug and was not properly tested. In a class action lawsuit filed in Texas this week, shareholders accused the company of concealing inadequate software testing practices. The lawsuit claims the company previously described its software as validated, tested and certified.

Multiple Azure services went down this week following a DDoS attack. The incident lasted for eight hours and impacted some of Microsoft's largest services, including the Microsoft 365 platform. The company says the incident was actually made worse by its DDoS mitigation service. Microsoft says an error in the front door DDoS mitigation system amplified the attacks instead of blocking the malicious traffic.

Microsoft has seized another domain operated by a Vietnamese cybercrime group named Storm 1152. The domain hosted a service designed to bypass capture services. The seizure is Microsoft's second legal action against the group. Redmond's lawyers previously seized domains and servers from the group last December. Microsoft says Storm 1152 created and sold access to more than 750 million Microsoft accounts.

UK authorities have shut down an online platform that was used by hundreds of cyber criminals to defraud victims across the world. Named Russian Comms, the platform launched in 2021 and allowed threat actors to spoof phone numbers. Cybercrime groups use the service to pose as banks, tech companies and law enforcement and request payments from their targets. UK police have detained three suspects, including two of the site's administrators.

A ransomware attack has crippled the operations of OneBlood, a blood donation non-profit serving the southeastern US. OneBlood says it's operating at a reduced capacity after the attack crippled some of its IT systems. The non-profit says it asked the more than 250 US hospitals to activate critical blood shortage protocols as it works to restore its blood donation centres.

A ransomware attack on a small Indian software company is disrupting the activities of more than 300 Indian regional and cooperative banks.

The incident has hit SeaEdge Technologies, a company that makes financial software. The attack is preventing banks from making payments via four different payment protocols. The National Payments Corporation of India has temporarily blocked SeaEdge's software from interacting with the rest of the Indian retail payment system. The attack was allegedly the work of the Ransom EXX Group.

The world's largest silver producer says it's been hit by a cyber attack. Mexico's Fresnillo says it detected the unauthorized access to certain IT systems and its data. The company says it's investigating the incident and there's no impact on its mines. Fresnillo is the world's largest silver producer with an output of 1,600 tonnes per year.

The Terra blockchain lost $6.8 million worth of crypto assets in a security breach this week. The platform says an attacker exploited a vulnerability in the mechanism that interconnects with other blockchains. Terra has suspended operations while it patches the floor.

Security firm Clearfy has discovered a new Android malware that's being used to infect devices and steal funds from victims' accounts. Named BingoMod, the malware also contains a feature to wipe an infected device. Clearfy says attackers are using the feature to wipe devices after stealing funds. This keeps victims focusing on fixing their devices instead of looking at their bank accounts.

According to the comments identified within the malware's code, Clearfire believes the malware was developed by Romanian speakers. Security firm Zimperium has discovered a stealthy malware operation that's been infecting Android devices since February 2022.

The malware was unsophisticated and its primary feature was to intercept incoming SMS messages. Researchers believe the malware's main purpose was to infect devices and then abuse their phone numbers as a way to sign up for online services and bypass multi-factor verification. Symperium says it found traces of the malware on devices located in 113 countries. Most of the infections were located in Russia and India.

Threat actors are exploiting a new DNS attack named Sitting Darks to hijack domains and host malicious infrastructure. The attack affects misconfigured domains where the registrar and the authoritative DNS provider are different entities. Security firm Eclipsium and Inflow Blocks estimate the number of vulnerable domains to be one million.

Threat actors have used the attack to hijack more than 30,000 domains since 2019. Most have been used to host malware or phishing sites. Infoblox says it discovered the attack while investigating 404 TDS, a traffic distribution system operated by a Russian cybercrime group known as Vacant Viper.

A team of academics has discovered two major vulnerabilities in the voice over Wi-Fi protocol, also known as WLAN calling. The protocol has been around since 2016 and is offered by almost all major mobile networks.

Researchers say that 13 of 275 mobile networks they analysed used static encryption keys to establish Wi-Fi calls, allowing for easy interception. In addition, 5G smartphones using MediaTek chips can be forced to use weaker forms of WLAN calling encryption, also opening the door for interception attacks. Researchers say that more than 140 million mobile users are at risk, but that fixes are being rolled out.

An academic study from researchers in Belgium found that six of 15 popular dating apps leak precise user location data, exposing their users to stalking and harassment. The six include Bardo, Bumble, Grinder, Happn, Hinge and Hilly. The apps leaked location data through different versions of a triangulation attack. The research team said that apps like Tinder thwarted such attacks by reducing the accuracy of the reported location.

Besides location data, the 15 apps also leaked personal and sensitive information about users. And finally, the Swift programming language has added support for homomorphic encryption. Homomorphic encryption is a cryptographic technique that enables computation on encrypted data without decrypting or revealing the underlying data. Swift is a programming language developed at Apple and widely used for its iOS and macOS operating systems.

And that is all for this podcast edition. Today's show was brought to you by our sponsor, Times. Find them at times.com. Thanks for your company.