Cyber Security News Update – Week 52 of 2020

Yet again, cybersecurity becomes a sensational topic. With encrypted apps getting compromised and nations launching cyber espionage, the news headlines are filled with instances of ransomware protection getting overthrown by cyber adversaries. Here are some of the most crucial cyber headlines from this past week.

Beware Of Goontact Malware On Android And iOS Versions

A new malware strain has been targeting Android and iOS devices, which illegally collects data from victims. These include their contacts, texts, phone identifiers, photos, and location information. The spyware Goontact is spread through third-party sites providing escort services. Allegedly, Chinese threat actors are spreading Goontact in countries like Japan and Korea.

The malware is yet to reach Apple and Google app stores, which implies that affected users have probably downloaded Goontact from third-party sites. The compromised data will likely be used later for extortion campaigns. As a ransomware protection measure, Google and Apple have been notified of the new malware strain. While Apple has blacklisted the apps used to propagate Goontact, Play Protect shall warn Android users of Goontact variants installed on their phones. As internet users, we must regularly update all patches and only hope to escape such dreadful malware strains!

French & Russian Facebook Interference Campaigns Detected

The social networking giant Facebook has recently suspended 274 Facebook accounts, 18 Instagram accounts, and several groups and pages linked to the Russian Internet Research Agency and the French military. The three networks (two Russian and one French) were found launching interference campaigns in Africa.

Since the three networks violated Facebook’s cybersecurity norms and privacy policy against government interference, Facebook was quick to remove them altogether. The two campaigns mainly targeted countries in North Africa and the Middle East to mislead people about their identity and intentions. Law enforcement has been cued in about the security incident as part of Facebook’s endeavors to create a safe platform for its users.

Users on Guard As Cellebrite Announces Its Ability to Access Signal Messages

Products of the Israeli phone-hacking firm Cellebrite are used widely by law enforcement agencies to unlock devices and access data stored on them. However, Cellebrite has also been condemned for rendering services to nations with poor human rights records. China, for instance, used Cellerbite services to spy on democracy activists in Hong Kong.

In a recent blogpost, Cellebrite has announced its ability to decrypt the data exchanged on Signal. Signal is considered an impenetrable platform (with end-to-end encryption) for sharing data, often used by journalists. But Cellebrite’s new product – Physical Analyzer, comes with a feature that can decrypt even texts exchanged on Signal. Cellebrite says that criminals are using Signal to carry forward their destructive plans, and hence, this new product is their way of ensuring cybersecurity.

Avast Report Finds Malicious Extensions On Chrome & Edge

A recent Avast report has found that over three million internet users were redirected to malicious sites via Chrome and Edge extensions. Users unknowingly installed over 15 Chrome and 13 Edge extensions. These malicious codes usually lead users to ads and phishing sites and steal their personal information (DOB, email ids, etc.) and browsing history. In worst cases, they download more malware into a user’s system.

Avast has informed Google and Microsoft about the malicious extensions, but so far, only three Chrome extensions have been removed, and all the Edge extensions remain operational. Google and Microsoft are investigating the report from Avast and have made no comment so far. While the issue gets settled, users must consider using email security services and uninstall the extensions from their browsers for safety.

Kerberos Vulnerable To Bronze Bit Attacks

A variant to the Golden Ticket and Silver Ticket attacks, Bronze Bit is a new attack exploiting the CVE-2020-17049 vulnerability in network authentication protocol Kerberos. Exploiting this vulnerability, the adversaries can access hashed passwords and even compromise the login credentials of systems using the same network. However, this is subject to the systems being on the same Kerberos authentication protocol network.

The vulnerability is serious because Kerberos computer-network authentication protocol has been incorporated in all official Windows versions since 2000. What enhances the vulnerability further is that Kerberos cannot trace the tampered tickets because the Forwardable flag is not signed. It’s natural to be worried if you are a Windows user, but updating the Microsoft patch from 8th December 2020 should help fix the security flaw (CVE-2020-17049). Users must also consider investing in email authentication services for better cybersecurity.

ELCOM Innovations Loses Rs. 50 Crores (About $6.7M) To Cyber Attack

A Noida-based Indian tech company – ELCOM Innovations, recently underwent a significant cyberattack that compromised many of the company’s critical and classified data. A senior executive at ELCOM lodged a First Information Report with the authorities, informing them that a few of their employees’ email accounts were illegally accessed.

Elcom Innovations provides services mainly to Indian Para Military Forces, Defence Forces, and Intelligence Agencies. Although the nature of records breached hasn’t been specified, the company has lost several sensitive files with an estimated financial loss of around Rs. 50 Crore (~ $6.7 Million).

The Cyber Cell of the police has begun their investigations, and the results are what concern us. ELCOM may have used cybersecurity tools, but when an insider trades company information, there is not much security shields can do! ELCOM’s reputation is damaged, and there is a huge financial loss to recover.