The academic threat of juice jacking
Last month, the US FBI and Federal Communication Commissions issued new warnings about so-called juice jacking attacks. These warned that public chargers could be used by malicious actors. Despite these warnings, Ars Technica’s Dan Goodin points out the complete lack of any documented juice jacking cases in the wild. Even if attempted, modern versions of both iOS and Android require clicking through clear warnings before starting a file transfer over a wired connection.
While devices like GrayKey do allow for extracting data from a fully locked modern phone, these can take multiple hours or even a few days to crack into a device, at the cost well into five-figures. Some devices can inject specific keyboard commands onto mobile devices, but require the phone to power the device, only work over USB, and require tailoring for specifically targeted devices. Security experts largely agree these types of attacks could find use against highly targeted individuals, but remain largely impractical for a more generalized target audience.
Data breach lawsuits on the rise
According to a new report from the law firm BakerHostetler found that more individuals impacted by data breaches are filing lawsuits against organizations, up from lawsuits filed in 1% of incidents in 2018 to 8.5%. Some of these lawsuits came from relatively small breaches, with about 10% filed impacting less than 1000 people. Overall the firm found company’s paying more on average in ransomware attack, up 17% on the year to roughly $600,000. The cost of investigating incidents also climbed, with the average cost to investigate the 20 largest network attacks up 25% on the year in 2022 to $550,000.
Telegram ban lifted in Brazil
Last week, a Brazilian court banned the messaging app Telegram in the country for noncompliance in sharing information regarding extremist groups. However Judge Flavio Lucas of the Federal Region Court of the 2nd Region overturned that ban over the weekend saying it “is not reasonable” to impact the freedom of communication for its numerous users. The judge did uphold a fine against Telegram for noncompliance. The initial ban came after Telegram failed to comply with an order to handover data on neo-Nazi groups accused on inciting school violence. Telegram maintains its encryption scheme means it keeps no centralized data on any users.
Generative AI posing as news sites
The news-rating group NewsGuard found 49 websites claiming to offer breaking news but instead using content from generative AI chatbots. Most appeared to be content mills designed to produce low-quality content en masse to get clicks for advertising. These ranged from generic sounding sites offering breaking news to those offering lifestyle tips or celebrity news. These often contained flat out falsehoods, ranging from claiming the death of President Biden to making up obituary details. Over half monetized using programmatic ads, many using Google’s adtech. In Google’s terms, it prohibits ads from appears on “low-value content.”
And now a word from our sponsor, TrendMicro
API security incidents extremely common
A new study from Data Theorem and TechTarget’s Enterprise Strategy Group found that 92% of surveyed organization experienced at least one security incident related to their APIs in the last year. Most organizations, 57%, experienced multiple incidents. The study found the fast moving nature of APIs likely played a role in this, with 75% of organizations updating APIs at least weekly. Not only does this expose the updated APIs as a potential attack surface with zero-days attacks, but also risks creating zombie APIs that can be exploited over time.
Iran using BouldSpy malware for surveillance
Researchers at Lookout Threat Lab reported a new piece of spyware in use by the Law Enforcement Command of the Islamic Republic of Iran. Dubbed BouldSpy, this spyware seems mostly use for internal surveillance, with exfiltrated data on a C2 server showing it being used against Iranian Kurds and other minority groups. Analysis shows BouldSpy also contains ransomware capabilities, but researchers didn’t find evidence of use. This could represent an in-development feature. A lack of operation security with its servers combined with relatively few samples in the wild indicates BouldSpy is a relatively new offering.
Malicious Windows Update guides targeting Ukraine
The Computer Emergency Response Team of Ukraine issued a warning that the Russian-backed APT28 began targeting various government bodies with malicious emails. These messages pose as system admins and offer instructions on updating WIndows against further attacks. Instead these point to a PowerShell command to deliver a secondary infostealer payload. The attackers used real employee names with @outlook.com email addresses to attempt to fool users. A recet Google Threat Analysis Group report estimates about 60% of all phishing messages targeting Ukraine in Q1 came from Russian actors.
Western Digital attackers leak further data
The ALPHV ransomware organization behind the recent attack on Western Digital revealed more leaked data. It now published screenshots of internal emails and video conferences, indicating it maintained access to Western Digital’s network even after it started responding to the breach. The attackers previously published files signed with the company’s code-signing keys. The newly leaked data shows Western Digital preparing a media statement about the attack. Last month Western Digital took down most of its cloud services for two weeks to respond to the attack. ALPHV now claims to have a complete backup of Western Digital’s SAP Backofffice implementation.