Home
cover of episode Risky Biz News: Germany sues Microsoft for details on past hack

Risky Biz News: Germany sues Microsoft for details on past hack

2024/5/19
logo of podcast Risky Business News

Risky Business News

Chapters

Germany's cyber security agency sues Microsoft to reveal more details about a security breach by the Chinese APT group Storm 0558, focusing on double-key encryption handling.

Shownotes Transcript

Germany sues Microsoft for details about its hack. The SEC adopts stricter data breach notification rules. The first major deepfake hack incident has been confirmed. And VirusTotal releases a new version of the Yara query language. This is Risky Business News, prepared by Katalin Kimpanu and read by me, Claire Eyred. Today is the 20th of May and this podcast episode is brought to you by Proofpoint.

In today's top story, Germany's cyber security agency has sued Microsoft to get the American company to release more information about its security breach. The BSI has asked a court to force Microsoft to reveal more details about the hack of its internal systems by the Chinese APT group Storm 0558.

The BSI is specifically interested in how Microsoft handles double-key encryption, which the agency fears Microsoft may have failed to implement properly. The German agency sued Microsoft after the company refused to answer questions for months.

The SEC has adopted new rules for requiring financial institutions to have incident response plans. The IR plans will have to cover how the companies will deal with a cyber attack, how they'll recover and procedures for notifying affected customers. Companies will have to notify customers as soon as possible, but no later than 30 days after a breach. The new rules go into effect 60 days after publication in the Federal Register.

The Nigerian government has abandoned a cyber security tax it was planning to introduce in June. The tax was intended to collect a half percent fee from all domestic electronic banking transactions. Officials claimed the tax was needed to improve the security of banking transactions, hence the name. The government backed down after an intense backlash from the financial industry and consumers.

Hackers have stolen $7.3 million from the accounts of Flutterwave, a Nigerian company that creates software for banks and financial service providers. The incident took place in April, according to African tech news outlet Tech Cabal. The stolen funds were sent to multiple accounts at local banks and laundered onwards from there. This is Flutterwave's fourth hack over the past year, totaling $22 million.

British multinational design and engineering company Arup has confirmed that deepfake technology was used in a hack where it lost $25 million. A scammer tricked one of Arup's Hong Kong employees into sending funds to the wrong bank account in January of this year. The employee said he transferred the funds after the scammers invited him to a meeting with deepfake versions of his colleagues and the company's chief financial officer.

A threat actor exploited a vulnerability in a smart contract to steal $2 million worth of tokens from DeFi platform Pump.Fun. The hack took place on the 16th of May, and the company described the incident as a flash loan attack. A threat actor named Stack Overflow took public credit for the breach on Twitter. So far this year, hackers have stolen more than half a billion US dollars worth of crypto assets.

Hackers have stolen the personal data of over 2.4 million customers of health insurance provider WebTPA. The incident took place in April of last year, but was only discovered months later in December. WebTPA says the hackers made off with loads of personal details, but no financial information. An e-training platform operated by Andrew Tate has leaked the personal data of almost 1 million subscribers.

Reporters from CyberNews say the real-world platform leaked information via a misconfigured MongoDB database. The leaked data included user details, session tokens and more than 22 million private messages. CyberNews says the database was secured after they contacted the platform, but the company never acknowledged the leak. Microsoft is now blocking Russian customers from accessing its cloud services in compliance with EU and US sanctions.

The company is blocking access to over 50 services, ranging from Power BI to OneDrive and from Visual Studio to SharePoint. Microsoft was initially supposed to block access to the sites on the 20th of March, but delayed the action to give Russian companies more time to migrate.

The US government has arrested two Chinese nationals for their role in a pig butchering scheme. Darren Lee and He Chong Chang allegedly managed an international syndicate that laundered proceeds of cryptocurrency investment scams. Authorities say Lee and Chang directly laundered $73 million worth of crypto assets. Some of the accounts where they sent money held over $341 million in virtual assets, suggesting the duo's group was even more active.

Cryptocurrency phishing service Pink Drainer has shut down operations after stealing over $85 million from more than 21,000 victims. The service launched in July of last year and allowed threat actors to deploy phishing pages specialised in stealing from cryptocurrency accounts.

In a message posted on Telegram, the Pink Drainer administration said they would wind down service and delete past customer data. Pink Drainer is the third crypto phishing service to shut down over the past year after Monkey Drainer and Inferno Drainer. The Grandrero malware operation is back up and running after some of its members were detained earlier this year.

Security researchers at IBM say they've detected a massive wave of email spam spreading the gang's malware to users in 60 countries. The new operation is a departure from classic Grand Rero attacks that only targeted customers at banks in Brazil, Mexico and Spain. Five Grand Rero members were detained in January in Brazil.

Microsoft has released an out-of-band security update to fix a vulnerability in the Azure Monitor agent. The update fixes a bug that could have allowed authenticated attackers to delete files and gain system privileges. The Azure Monitor agent collects telemetry from Azure customer infrastructure and is enabled by default for all customers. Details about the vulnerability were disclosed and are available online.

Security firm Watchtower Labs has found 15 vulnerabilities in the firmware of QNAP network attached storage devices. Some of the vulnerabilities can be used for remote code execution attacks that don't require authentication. Watchtower reported the bugs in December of last year, but the vendor has only patched four of the 15 so far. The security firm has published proof of concept code for one of the worst of the 15 bugs.

China is launching a new hacking competition named the Matrix Cup, modelled after the infamous Tianfu Cup and Pwn2Own. The first edition is set to take place in the city of Shindao in June. The contest's prize pool is $2.8 million and the target list includes Chinese and Western products and also AI algorithms.

A leak from a Chinese cybersecurity contractor earlier this year claimed that exploits from the Tianfu Cup were regularly given out to Chinese cybersecurity contractors to use in APT and surveillance operations. And finally, VirusTotal has released a long-awaited new version of Yara, a query language designed to find malware and malicious content among normal files. The new version is named YaraX.

And it's a complete rewrite in the Rust programming language. VirusTotal says it rewrote the language for improved performance and user-friendly queries. Yara X should be 99% compatible with old Yara queries. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Proofpoint. Find them at proofpoint.com. Thanks to your company.