IT Security Newsletter - 10/7/2019
Microsoft Discovers Iranian Hacking Campaign Targeting U.S. Politics
Microsoft says that a state-sponsored Iranian cyber-espionage group tracked as Phosphorus by the Microsoft Threat Intelligence Center (MSTIC) attempted to get account info on over 2,700 of its customers, attack 241 of them, and compromised four accounts between August and September. The attacks conducted by the Phosphorus hacking group (aka APT35, Charming Kitten, or Ajax Security Team), tracked by MSTIC since 2013, were observed by Microsoft for over 30 days as they targeted accounts related to U.S. politics, Iranian expats, and journalists.
FBI, DHS advise states on potential Russian voter suppression tactics in 2020
The FBI and Department of Homeland Security have issued an advisory to state election officials that the Russian government could use voter suppression tactics in an attempt to interfere in the 2020 U.S. election, according to U.S and state officials familiar with the memo. The advisory sent this week to states’ secretaries of state and security advisers cautions that Moscow could try to keep Americans away from the polls next year by, for example, trying to breach voter registration databases or fanning political tensions online.
Virus Bulletin 2019: VoIP Espionage Campaign Hits U.S. Utilities Supplier
A recent attack aimed at a U.S.-based oil, gas and chemical supplier leverages the company’s use of the enterprise-class Asterisk open-source PBX software, used for VoIP services. According to research from Check Point, presented here at Virus Bulletin 2019 on Friday, the attack was first identified early last year when researchers spotted scanning activity targeting 1,500 unique gateways tied to 600 companies. This reconnaissance activity stopped abruptly five months later, only to resume in February of this year, with one difference.
HildaCrypt Ransomware Developer Releases Decryption Keys
The developer behind the HildaCrypt Ransomware has decided to release the ransomware's private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free. When a new ransomware or a variant is discovered, it is very common for researchers to post about them on Twitter. This week, researcher GrujaRS discovered a new ransomware variant and identified it as a STOP variant.
Wi-Fi signals let researchers ID people through walls from their gait
Can Wi-Fi signals be used to identify the person in the house? Can off-the-shelf hardware determine if whoever’s in the house is one of the people in the video surveillance footage police are scrutinizing? Yes. UC Santa Barbara researchers are back again to show that they’ve built on their previous work: It can be done by analyzing people’s walking gaits and comparing them to the gait of whoever’s in the CCTV footage.
UAE, Egypt, Nigeria cited as sources of latest information operations blocked by Facebook
Facebook has removed hundreds of pages and accounts spreading propaganda on behalf of marketing agencies in Egypt, Nigeria and the United Arab Emirates, in the latest takedown demonstrating how so-called coordinated inauthentic behavior is not just a tactic of governments. The company scrubbed 211 accounts, 107 pages, 43 groups and 87 accounts for engaging in information operations, according to a blog post Thursday from Nathaniel Gliecher, head of cybersecurity policy.