Cyber Security Headlines – May 27, 2021

Belgium disrupts cyber-espionage campaign

In the wake of Microsoft’s recent disclosure of Exchange server vulnerabilities, Belgium’s Federal Public Service Interior launched an investigation in March with the help of the Centre for Cyber Security Belgium. The agency eventually discovered a cyber-espionage campaign underway that dated back to 2019, although it’s unclear if the campaign was related to exploits in the Exchange vulnerabilities that triggered the investigation. Authorities characterized the damage from the campaign as limited and contained, despite existing for years. The operators had “cyber capacities and extensive resources” with timing that suggested a state-actor. 

(Cyber Scoop)

Facebook says Russia is still the largest producer of misinformation

This comes from a new report the company released this week, detailing how the platform disrupted 150 different disinformation operations. Overall Facebook claims to have uncovered disinformation campaigns in more than 50 countries since 2017. Aside from Russia, Iran, Myanmar, the United States and Ukraine were the most identified originating countries of disinformation operations, while the United States, Ukraine, Britain, Libya and Sudan were the most frequently targeted.

Facebook isn’t just taking action against misinformation campaigns however. The company announced a new system that will reduce the distribution of all posts from individual accounts that routinely share misinformation. This policy had previously been in place for Pages and Groups, but is now extended to individual accounts. 

(Washington Post, Bloomberg)

WhatsApp sues over Indian IT laws

These laws were originally passed in February and effective on May 26th. The law requires messages to be put in a “traceable database” to identify “unlawful” content. This would require WhatsApp to no longer offer end-to-end encrypted messaging in order to be compliant. WhatsApp said the laws are unconstitutional and a violation of citizen’s right to the preservation of privacy, comparing the traceability requirement of the law to mass surveillance.

(The Guardian)

Darkweb marketplace a billion dollar business

According to a new report from Flashpoint and the blockchain analysis firm Chainalysis, the Russian-language dark web marketplace Hydra generated an estimated $1.37 billion in revenue in 2020, up from $9.4 million in 2016. Over a three year period from 2018 through 2020, the marketplace saw annual transaction volumes up 624% year-over-year. The site accounted for over 75% of darknet market revenue worldwide, selling narcotics, cryptocurrency cash-out services, as well as stolen credit cards and other credentials. 

(The Hacker News)

Thanks to our episode sponsor, Sumo Logic

It’s time to rethink your security for digital transformation success. Register for Sumo Logic’s Modern SOC Summit June 8-9 to debate, discuss and share best practices for modernizing security operations for the rapidly evolving threat landscape. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen.

Do bug bounties actually help security?

In a piece over at Dark Reading, Oleg Brodt wonders if the ecosystem around bug bounties is similar to the Cobra Effect seen in India under British Colonial rule, where a bounty on Cobras to reduce their population resulted in residents actively breeding them to cash in. While bug bounties cannot be bred in the same way, Oleg considers if bug bounties are just a way for vendors to transfer the liability of eliminating vulnerabilities in their products to bug hunters, rather than doing extensive secure-by-design development and testing. His point is not that there isn’t a role for bug bounties, but rather without addressing the source that creates these bugs, bounties themselves aren’t effective in reducing their number. 

(Dark Reading)

It’s like Netflix but for malware

Researchers at Proofpoint published a paper detailing a supposed new streaming service called BravoMovies which actually serves to download the BazaLoader malware. The threat actors maintain a web front end with legitimate looking movie posters and offerings, emailing potential victims that their credit card will be charged if they don’t unsubscribe from the service. When sent to the site or contacting support, victims are directly to an FAQ page, purportedly to unsubscribe, which actually triggers the download of a malicious Microsoft Excel file, which includes macros to download the BazaLoader. The researchers noted that having a complex chain of actions needed by a potential victim to successfully load the malware means less people do, but it also makes it harder for automated systems to detect. 

(Threat Post)

Google launches security program for mobile developers

The search giant launched a new program called Security by Design on Google Play Academy to provide resources to developers to identify, mitigate, and proactively protect against security threats. This points developers to tools to encrypt app data, APIs to identify malicious use patterns, and set up a vulnerability disclosure program for security researchers. The hope is that by providing a baseline of security resources before an app launches, developers can start thinking of how to mitigate security issues before they happen. 

(Google)

Andy Jassy to take over as Amazon CEO on July 5th

The CEO of Amazon Web Services had already been named as the successor to Amazon CEO Jeff Bezos, and now we know the date he steps into the role. Bezos will remain executive chair of Amazon’s board and remains a large shareholder. The date marks the 27th year since Amazon was incorporated. Jassy joined Amazon in the late 90s, and began leading the team that would become AWS in 2003. 

(The Verge)


Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.