Cyber Security Headlines – February 9, 2021

A look at Iranian spyware operations

Researchers at Check Point recently outlined two Iranian surveillance operations, targeting more than 1000 dissidents across 13 countries including the US and the UK. The operators attempted to install novel malware on phones and PCs in order to steal call recordings and other media. APT-50 focused on mobile phones, packaging malware as a lookalike game on the Google Play Store, offering a fake security app, providing an infected wallpaper app, and impersonating a third-party app store. A second group, known as Infy, uses more traditional email phishing attempts to install malware on PCs. Infy has operated since at least 2007, while APT-50 has operated 10 campaigns since 2017.

(BBC)

Florida water treatment plant hacked to distribute harmful chemicals

Pinellas County Florida sheriff Bob Gualtieri said Monday that someone gained remote access to the Oldsmar, Florida water treatment plant at 8 AM February 5th, attempting to increase sodium hydroxide, otherwise known as lye, to a dangerous level. A plant operator first thought a supervisor had accessed the system from home. After the intruder raised the lye level, a monitoring operator immediately reduced it, with the remote access system now disabled. The Sheriff noted other fail-safes and alarm systems would have also prevented the dangerous adjustment had the operator not noticed. 

(AP News)

Microsoft to add ‘nation-state activity alerts’ to Defender

Microsoft updated its Microsoft 365 roadmap to show its working on adding the notifications to Defender for Office 365, it’s recent rebrand of Office 365 Advanced Threat Protection. The company began tracking nation-state hacking groups and the attacks they orchestrated against Microsoft email accounts in 2016, saying it was emailing an average of 10,000 users a year advising of activity back in 2019. These notifications will now live in the Microsoft Defender for Office 365 dashboard, allowing administrators to act on them without waiting for employees to read email. 

(Bleeping Computer)

Google pays $6.7 million in bug bounties

2020 marked the third consecutive year that Google increased its bug bounty payouts, up 3% to $6.7 million on the year. These bounties went to 662 security researchers across 62 countries. Chrome’s Vulnerabilities Rewards Program handed out the most bounties, getting over 300 bug submissions and paying out $2.1 million. Android bugs paid out $1.74 million, including the first-ever Android 11 developer preview bonus, while Google Play bugs accounted for $270,000.

(ZDNet)

Thanks to our episode sponsor Altitude Networks

Remember that time when someone at work accidentally shared a Google document to your personal email? Well, that happens a lot and it leaves a backdoor to cloud data for former employees or contracts. Altitude Networks is the only solution that will protect you from this and many other data leak risks on G Suite and Office 365! Check it out at AltitudeNetworks.com and be sure your sensitive data isn’t shared with the wrong people!

New survey looks at changes in facial recognition datasets 

A new paper from Mozilla fellow Deborah Raji and US Congressional Technology Fellow Genevieve Fried looked at 130 different facial recognition datasets over several decades to examine how data was collected and labeled. The survey found four distinct phases of datasets, with datasets from 1964 through the mid-90s characterized by relatively small size, manual metadata entry, and 100% consent for images used. Phase two saw increased size as in 1996the US Department of Defense funded the creation of a then large 14,000 image set, although real world accuracy remained low. About 83% of the images had consent. Phase three started in 2007 and saw companies begin to scrape the web for images, with consent going down to 38%. Phase four was marked by the use of deep learning and auto-captioning of images to support multi-million image datasets, with Facebook’s DeepFace leading the charge in 2014. Images in datasets with user consent stood at 8.7%.

(MIT Technology Review)

Myanmar hit with internet blackout

We reported last week about the Myanmar military government temporarily suspending Facebook access in the country. Now the monitoring group NetBlocks Internet Observatory reports that internet traffic in Myanmar fell to 16% of typical usage as the military government instituted a wide internet blackout. Prior to this blackout, the government also announced temporary blocks on other social networks, including Twitter and Instagram. 

(BBC)

Don’t sleep on Emotet

This warning comes from Microsoft, who said that they have seen a dramatic drop in Emotet activity since the botnet’s infrastructure was disrupted in January. Despite this drop, Microsoft warns that the breadth and scale of Emotet’s operations means that customers should still monitor for and protect against it. Law enforcement agencies have seized critical Emotet C2 server and distributed a new update that will effectively uninstall the botnet on April 25th. However if Trickbot is any lesson, a good botnet is hard to keep down. 

(Bleeping Computer)

When a legit app suddenly becomes malware

Google delisted and will proactively disable the popular Chrome extension The Great Suspender as version 7.1.8 contains an exploit that could let remote code run without a user’s knowledge. 

Similarly, Malewarebytes reports that the popular Android app Barcode Scanner started distributing malware after an update on December 4th, causing ads to open in a browser without user interaction. This version was signed by the same certificate as previously versions. Google has removed the app from the Play Store, but it will need to be uninstalled from devices as well. 

(ZDNet, Dark Reading)


Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.