Israel creates task force to look into NSO spyware
Reuter’s sources say Israel has created a senior inter-ministerial team to look into allegations that spyware sold by NSO Group has been abused on a global scale. We’ve covered the impacts of this spyware for the last several days on the show. Conflicting sources say the task force is either being headed by the National Security Council or by senior defence, intelligence and diplomatic officials. NSO Group requires an export license to sell its spyware products, and sources say the investigation is “doubtful” to curb future exports.
Bill could increase the FTC’s role in fighting ransomware
The bill is sponsored by Representative Gus Bilirakis and would update a 2006 law to require the Federal Trade Commission to report the number of cyberattack-related complaints it receives, including ransomware. The agency would also be required to detail how it notified and coordinated with international law enforcement to respond to issues. The bill also empowers the agency to suggest legislation and best practices to defend against ransomware. There are a number of options being considered to combat ransomware in the US, from a bill requiring critical infrastructure owners to report incidents to CISA within 24 hours, to new policy proposals created by an interagency White House task force.
NPM package stealing saved browser passwords
An analysis by ReversingLabs researcher Karlo Zanki found that the “nodejs_net_server” package, available from the official NPM repository, was actually a front for a tool designed to steal passwords saved in Chrome. The malicious package seems to have been last updated seven months ago, and has been downloaded 1,283 times since February 2019. ReversingLabs reached out to NPM’s security team on July 2 and again on July 15 but no action has been taken as of this recording.
Google Cloud launches new security tools to combat evolving threats
These new security solutions are aimed at both private and public sector customers. Autonomic Security Operations is a turnkey solution, offering access to products, integrations, blueprints, technical content and an accelerator program to help customers emulate a best-in-class Security Operations Center. The company also launched Cloud IDS in public preview, a managed Intrusion Detection System using Palo Alto Networks technology. GCP’s cloud-native security analytics platform Chronicle also now integrates with Google’s analytics platforms Looker and BigQuery. The company’s public sector offers are aimed at helping agencies come into compliance with President Biden’s recent executive order aimed at improving cybersecurity.
Thanks to our episode sponsor,
Open source tool detects signs of NSO Pegasus
Amnesty International researchers have provided a toolkit to help identify phones that have been targeted by NSO Group’s Pegasus spyware. The Mobile Verification Toolkit (MVT) works on the command line and will take an entire iPhone backup and look for any indicators of compromise, even if the backup is encrypted. On Android, MVT scans the device backup for text messages with links to domains known to be used by NSO. The toolkit can also scan for potentially malicious apps installed on your device. It’s available on Amnesty’s Github page.
DuckDuckGo launches Email Protection feature
The privacy-focused search engine launched an invite-only beta of a new Email Protection feature, providing a free @duck.com email address that will analyze messages and strip away trackers before forwarding to a primary email. The feature also supports unique, disposable forwarding addresses that can be generated through DuckDuckGo’s mobile browser or browser extensions. Users can sign up for a waiting list to be invited into the beta.
Alleged high-profile Twitter hacker arrested in Spain
At the request of US authorities, Spanish National Police arrested UK citizen Joseph O’Connor over alleged involvement in hacking 130 Twitter accounts in July 2020. He’s also been charged with taking over TikTok and Snapchat accounts as well as cyberstalking a minor. It’s unclear what role O’Connor played in the 2020 Twitter attack, which saw accounts from Apple, Uber, Elon Musk and eventual US President Joe Biden taken over through a social engineering scheme. O’Connor faces ten charges in the arrest. Self-proclaimed mastermind of the attack, Graham Ivan Clark, already pled guilty to 30 charges related to the incident.
Ransomware negotiation logs published
Over 100-pages of ransomware negotiation transcripts from the now defunct Egregor operators were analyzed by IBM Security X-Force and its partner company Cylera, accounting for 45 different negotiations. While Egregor operated as a ransomware-as-a-service model, it is believed negotiations were handled by its core team. These chats revealed potential roles by the internal Egregor team and how the operators derived initial ransom demands. The chats showed occasional empathy, like offering to decrypt a charity’s systems without a ransom, but otherwise always leaked stolen data if a ransom wasn’t paid. Overall analysis showed that negotiating with the operators resulted in lower ransoms overall.