Cyber Security Headlines – January 10, 2022

Hackers have been sending malware-filled USB sticks to U.S. companies disguised as gifts

On Thursday, the FBI warned that a hacker group has been using the US mail to send malware-laden USB drives to companies in the defense, transportation and insurance industries. The criminals’ hope is that employees will be gullible enough to stick them into their computers, thus creating the opportunity for ransomware attacks or the deployment of other malicious software, The Record reports. Some of these sent apparently by a group called FIN7 and were dressed up as if they were sent by the US Department of Health and Human Services, with notes explaining that the drives contained important information about COVID-19 guidelines. The FBI says it originally began receiving reports about such activity as far back as last August.

(Gizmodo)

Swiss army asks its personnel to use the Threema instant-messaging app

The Swiss army has banned foreign instant messaging apps such as Signal, Telegram, and WhatsApp and only allows its members to use the Threema messaging app, which is developed in Switzerland. Threema is the instant messenger designed to generate as little user data as possible. All communication is end-to-end encrypted, and the app is open source. Threema does not require users to provide a phone number or email address upon registration, this means that it is impossible to link a user’s identity through this data. This apparently follows on from a revelation from the FBI that shows how data can be extracted from other encrypted messaging apps.

(Security Affairs)

Norton 360 faces blowback for crypto feature

Antivirus software company Norton 360 installed a cryptocurrency mining program on its customers’ computers, which it says allows customers to profit from the scheme, while keeping 15 percent of any currencies mined for itself. This feature is described as being “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove. According to the FAQ posted on its site, “Norton Crypto” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle. The FAQ also says Norton Crypto will only run on systems that meet certain hardware and software requirements (such as an NVIDIA graphics card with at least 6 GB of memory). Norton Crypto lets users withdraw their earnings to an account at cryptocurrency platform CoinBase, but as their FAQ points out, there are coin mining fees as well as transaction costs to transfer Ethereum.

(KrebsOnSecurity)

FBI issues warning about Google voice authentication service scamming users

The federal agency stated that Google Voice authentication scams target people who share their contact details, especially in online marketplaces or social media platforms. Scammers are now using Google Voice, a service that allows users to set up a virtual phone number, which they exploit to launch various scams and frauds. In expressing interest in buying your sofa, or finding your lost pet, they tell victims that they will send a Google authentication code in the form of a voice call or a text message, and then ask the victim to repeat the number back to them. In doing this they are able to set up a Google Voice account with the victim’s name and phone number, using the “authentication” code as the two-step verification code needed to complete the set-up process.

(ThreatPost)

Thanks to our episode sponsor, BlackBerry

Cybersecurity Professionals… Listen up. Ransomware is on the rise and you can’t afford to rely on ineffective endpoint technology to PREVENT attacks. With BlackBerry’s 7th generation Artificial Intelligence(AI) and Machine Learning(ML) technology powered by Cylance, malicious attacks are detected and prevented on average of 25 months BEFORE appearing online.   With our prevention-first approach, Cylance technology neutralizes malware before the exploitation stage of the kill-chain. Can your cyber solution do that? Get Prevention-First security. Visit BlackBerry.com to see the Cylance AI/ML demo prevent malware.

Detecting evasive malware on IoT devices using electromagnetic emanations

Cybersecurity researchers have proposed a novel approach that harnesses electromagnetic field emanations from the Internet of Things (IoT) devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation techniques have been applied to hinder analysis. The findings were presented by a group of academics from the Research Institute of Computer Science and Random Systems (IRISA) at the Annual Computer Security Applications Conference (ACSAC) held last month. The goal is to take advantage of the side channel information to detect anomalies in emanations when they deviate from previously observed patterns and raise an alert when suspicious behavior emulating the malware is recorded in comparison to the system’s normal state.

(The Hacker News)

Trojanized dnSpy app drops malware cocktail on researchers, devs

Hackers targeted cybersecurity researchers and developers this week in a sophisticated malware campaign distributing a malicious version of the dnSpy .NET application to install cryptocurrency stealers, remote access trojans, and miners. dnSpy is a popular debugger and .NET assembly editor used to debug, modify, and decompile .NET programs. Cybersecurity researchers commonly use this program when analyzing .NET malware and software. This week, a threat actor created a GitHub repository with a compiled version of dnSpy that installs a cocktail of malware, including clipboard hijackers to steal cryptocurrency, the Quasar remote access trojan, a miner, and a variety of unknown payloads.

(Bleeping Computer)

Chinese scientist pleads guilty to stealing US agricultural tech

Xiang Haitao, formerly living in Chesterfield, Missouri, assumed a post at Monsanto and its subsidiary, The Climate Corporation, between 2008 and 2017, the US Department of Justice (DoJ) said on Thursday. Monsanto and The Climate Corporation developed an online platform for farmers to manage field and yield information in a bid to improve land productivity. One aspect of this technology was an algorithm called the Nutrient Optimizer, which US prosecutors say was considered “a valuable trade secret and their intellectual property.” While boarding a flight back to China in 2017, investigators found copies of the Nutrient Optimizer stored on his electronic devices. He now faces up to 15 years behind bars, a maximum of three years supervised release — and a fine of up to $5 million.

(ZDNet)

How ‘feature bloat’ is driving the chip shortage

CES 2022, which wrapped this week, provides a glimpse of what the future car might hold. Panasonic showed off an augmented reality head-up display with eye tracking, plus a 1,000 watt, 25 speaker sound system, and BMW unveiled a car that can change color and comes with a 31-inch Theater Screen with built-in Amazon Fire TV. According to Mike Juran, CEO and co-founder of Altia, which provides GUI tools to automakers. “There is way too much unnecessary software out there.” Michael Hill, vice president of engineering at Altia adds, a 2011 model year Chevrolet Volt had more than million lines of code. Today’s mid- to high-level vehicles have something like 100 million lines. And it is this, they say, rather than an actual chip shortage that is causing the chip shortage.

(TechCrunch)