Slack and Discord file sharing used to spread malware
This finding comes from Cisco Talos research, finding this an increasingly common attack vector. Threat actors upload malicious files to the platforms, which are then housed in their CDN and linked for access. These links are then shared on other outside platforms, with the malware served up by Discord or Slack infrastructure. The researchers warned that using legitimate infrastructure generally trusted by other users makes social engineering attacks much easier to pull off. Talos previously identified attackers using Discord to distribute Thanatos ransomware in 2018.
Facebook comments on recent user data leak
On Tuesday in a blog post, Facebook acknowledged the free posting of account information of more than 503 million individuals and provided a few more details. Facebook says this is a combination of data some of which was scraped from Facebook prior to September 2019 using a flaw in the contact importer tool that Facebook says it fixed in 2019. That tool was meant to let you use your contact list to find friends on Facebook. The company treated this dataset like a public collection of data not a data breach hence it’s lack of concern over reporting or notifying users.
(Wired)
Cring ransomware hits unpatched VPNs
A new report by Kaspersky found Cring ransomware impacting the European industrial sector, which have markedly increased throughout Q1 of 2021. Attackers were able to exploit an unpatched Fortinet VPN, disguise the Cring ransomware as an anti-virus product, before encrypting production servers that ultimately forced an unnamed firm to shut down two factories in Italy temporarily. Cring is a relatively new ransomware strain, with operators moving laterally on the targets’ enterprise network to gain administrator access, with ransomware payloads only encrypting specific files with strong encryption after removing backups.
(Cyberscoop, Bleeping Computer)
Lockdowns saw the rise of wine scammers
A new report by Recorded Future notes that the start of COVID-19 lockdowns saw a rise in wine-related domain registrations as people increasingly turned to virtual happy hours to keep in contact with friends and co-workers, up 2-3 times pre-pandemic levels from April 2020 and continuing through March 2021. The report found malicious domains followed a similar growth, delayed a month with a large spike in May 2020, with a total of 4,389 malicious wine-themed domains identified. Malicious wine-related domains as a percentage of all wine domains registered peaked in June 2020 at 7%.
Thanks to our episode sponsor, Sotero
Google Forms used for phishing toolkits
Security researchers at Group-IB found the service to be increasingly used to automate malicious phishing campaigns, letting attackers easily create and operate phishing web pages. The researchers found that free email services are commonly used to send phishing data automatically, with GMail making up 40%. Google Forms’ integration with GMail makes it the ideal front end, as it provides a URL that appears relatively trustworthy to click on. Threat actors using legitimate services to obtain compromised data makes it harder to detect and makes it easier for attackers to stand up replacements as phishing sites are taken down.
(CISO Mag)
UK launches new tech regulator
The UK launched the Digital Markets Unit, a new regulator that will review allegations of anticompetitive behavior by large technology companies, housed inside the existing Competition and Markets Authority. The UK government originally announced its intent to form the new agency last year. The regulator currently doesn’t have the power to levy fines until Parliament approves legislation governing its oversight power, expected to be approved by next year. Once obtained, it’s expected the Digital Markets Unit will have additional authority to reverse corporate mergers and force companies to comply with its new code of conduct.
(WSJ)
Huawei restructures AI and cloud business
The company formed its core cloud and artificial intelligence business group 14 months ago, but announced today it would be closing the unit, reflecting its struggles from going to a device-maker to a service provider. Server and hardware storage operations from the group will be subsumed into Huawei’s internet products department, which houses its R&D. Cloud business will become its own business unit. Huawei’s core business of carrier networks, enterprise business, and consumer products has been significantly disrupted by continuing US sanctions.
Apple details new tools for advertisers without user tracking
With Apple set to rollout its App Tracking Transparency in iOS 14.5, the company published details on two privacy-preserving ad measurement technologies that advertisers can utilize without tracking users. SKAdNetwork lets advertisers see how often an app was installed after seeing an ad without sharing device information, while Private Click Measurement provides a way to measure the impact of ads that lead users to a website. It’s unknown when Apple will release iOS 14.5, with the company only committing to an “early spring” release.
