Tag Archives: Pegasus

Security News for the Week Ending May 13, 2022

Chinese Sponsored OPERATION CUCKOOBEES Active for Many Years

Researchers with cybersecurity firm Cybereason briefed the FBI and Justice Department as early as 2019 about Operation CuckooBees, an alleged espionage effort by Chinese state-sponsored hackers (named Winnti or APT41) to steal proprietary information from dozens of global defense, energy, biotech, aerospace and pharmaceutical companies. The companies compromised include some of the largest companies in North America, Europe and Asia. These attacks go back to at least 2019 and they have stolen intellectual property, R&D, diagrams of fighter jets, helicopters, missiles and more. Credit: The Record

Spain’s Spy Chief Fired After News She Hacked Spanish Politicians

I guess they don’t like it when you use the laws they created against them. It doesn’t appear that she did anything illegal. Got a court order and everything. But, it was them she was spying against. The other problem she had was that there were dozens of other government officials who were also spied on, but it is not clear by whom. That includes the PM and Defense Minister. Their phones were declared spyware-free – but were not. Credit: Security Week

EU Proposes to Kill Child Abuse by Killing Privacy

The challenge of curbing kiddie porn, sometimes referred to by the more polite term child sexual abuse material (CSAM), is hard. End-to-end encryption makes that even harder. One current EU proposal would require companies to scan all communications, meaning that end-to-end encryption would be banned. It won’t technically be banned, it would just be impossible to allow and comply with the proposed regulations. The stupid pedophiles might be caught by this, but the smart ones would just encrypt the material before it is uploaded or use other methods. If we have learned one thing over the years is that bad guys adapt much more quickly than the law does. Of course, that material might stand out, but if they intentionally create a lot of chaff to hide what they are doing, it might not. A Botnet could create terabytes of encrypted garbage in no time, making the carriers’ job impossible. It also requires that providers read the text of every message and email, looking for signs of prohibited content. Credit: The Register

Colorado’s CBI Warns of Fraudulent Real Estate Transactions

My guess is that this is not limited to Colorado and this is not really a new scam, but the CBI says it is quickly ramping up. The scam is that a supposed out-of-state seller wants to sell a property, either with a house or vacant land, that currently doesn’t have a mortgage. The fraudster impersonates the owner looking for a buyer that wants a quick close. The whole transaction is being done remotely by mail with a fraudulent deed. Do your due diligence whether you are an agent or a buyer. Credit: CBI and Land Title Association

Mandiant Says Hackers Are Dwelling Inside for Fewer Days

Security firm Mandiant (soon to be part of Google) says that the number of days that hackers are lurking inside your systems continues to decrease. The time now stands at just 21 days. This is likely because hackers are worried about being detected before they can detonate their attack as companies and governments get more serious about fighting crime. That means you don’t have as much time to detect the bad actors. Are you prepared? Credit: Data Breach Today

Security News for the Week Ending May 6, 2022

Tomorrow is the one-year anniversary of the Colonial Pipeline attack. The government has done more to improve cybersecurity in the last year than it had done in the last 10 years. But there is still a lot more to do.

Jury Finds Norton/Lifelock Infringed on Two Columbia University Patents

Even in the world of cybersecurity, patent infringement is a problem. A jury decided that Norton’s use of emulators to detect malicious behavior violated patents owned by Columbia. Norton says they will stop using the technology and appeal the verdict. Among the Norton products affected are Norton Security and Symantec Endpoint Protection. Since the infringement was deemed to be willful, the judge could triple the $185 million judgement. The suit goes back to 2013. Credit: Data Breach Today

Data Broker Stops Selling Location Data of Planned Parenthood Visitors One Day After Being Outed

Yesterday I read a piece that one of the security trade magazines bought data on visitors to all Planned Parenthood visitors, including where they went after (home) and where they came from before (work). They paid $160. I think the company, SafeGraph, decided the incredibly negative PR wasn’t worth $160, so today they decided to stop selling it. That doesn’t mean other greedy data brokers will do the same – In the U.S. there is nothing illegal about it. Credit: Motherboard by Vice

Cryptocurrency Projects Are As Secure As a Screen Door

In just four days hackers stole over $100 million in cryptocurrency. Who pays for that? Fei Protocol lost $77 million, Saddle Finance $10 million, Deus Finance $13 million and Bored Apes $6 million. There is no government insurance for cryptocurrency owners. Credit: Metacurity

Ukrainians Figure Out How to Beat Russia – Shut Off its Booze

Ukraine’s army of hackers have figured out how to hit Russia where it hurts. Russia requires the booze industry to use a government run portal call EGAIS. Hackers have kept it out of commission, so stores can’t “receive” alcohol, factories can’t accept tanks of alcohol, and distributors can’t ship or receive products. As a result, factories are reducing or stopping production. Interesting attack. Credit: Bleeping Computer

Spain Admits It Hacked Some of its Politician’s Phones

After a week of public reporting that some Spanish politician’s phones had been hacked using the Pegasus spyware, a leading Catalan separatist politician said that Spain’s top intelligence official said that her agency did, in fact, hack some opposing politician’s phones. But, she said, it was all legal. Reports say that the court orders were for far fewer people than Citizen Labs found infected, so who hacked the rest of the phones? If you are high profile in any way you should assume your phone is not secure. Even secure message apps like Signal or iMessage would not be secure since the phone itself is compromised. This follows the disclosure, earlier in the week, that Spain’s Prime Minister and Defense Minister’s phones were both infected with Pegasus spyware by someone. Pegasus is so stealthy that even the government’s cyber sleuths did not detect it until the facts were reported in the media. Credit: ABC News

Treasury Sanctions Cryptocurrency Mixer BLENDER

Mixers are apps that are designed to obfuscate cryptocurrency transactions, to make them harder to track. I am not sure that sanctioning one of the hundreds of these mixers will really help, but I guess it can’t hurt. Credit: The Register

How to Defend Against NSO Spyware

Or at least try!

The NSO Group is the Israeli company that sells spyware to governments. And which evidence suggests also sells to all forms of unsavory characters, although they deny that.

Evidence also says that they target journalists, activists, business executives and lawyers around the world.

But they come from the Werner Von Braun school of rocketry – once they go up, who cares where they come down. They say that how their customers use the software is not their business.

While iPhones are usually good at stopping malware, in this case they are about as secure as a screen door against NSO’s Pegasus software.

While there is no such thing as perfect security, that doesn’t mean that you should just give up and allow the hackers in. The Pegasus software gives the hackers unlimited access to a target’s mobile device. It allows the hacker, which may be a government, to:

  • Remotely and covertly collect information including
  • – location
  • – relationships
  • – phone calls
  • – plans
  • – activities
  • Monitor Voice and VoIP phone calls in real time
  • Siphon contacts, passwords, files and encrypted content from the phone
  • Use it to monitor the room around the phone by turning on the microphone
  • Monitor the phone’s location
  • and, monitor connections through apps like WhatsApp, Facebook, Signal and other apps

All that being said, it is just an old fashioned remote access trojan.

So, what can you do to even the odds?

  1. Avoid click bait – text messages or WhatsApp messages that try to get you to click on a link (and install the malware). The messages may appear to come from your bank, for example.
  2. Separate sensitive work from non-sensitive work on different devices. I know that is a pain, but so is getting hacked.
  3. Use out of band verification if you get a link that you are not expecting

That is just one form of attack. Another is to intercept unencrypted web traffic and redirect it to malicious sites. To help thwart this:

  1. Always type the HTTPS:// in front of the URL
  2. Bookmark known sites and only go there from the bookmarks
  3. Use a VPN

Unfortunately, there are also zero-click exploits, ones that you don’t have to interact with to get infected. There was a recent iMessage attack that worked like that. Just send you a malformed iMessage and you were infected. To reduce the odds of this working:

  1. UNINSTALL **ALL** apps that are not absolutely essential
  2. Regularly audit your apps to make sure there are none there that you don’t need
  3. Regularly install all patches to the OS and apps – but only do that when you are on a trusted network
  4. Use a tamper bag to stop a phone from communicating with its handler when you are not using it

Obviously, the simplest attack is physical access. To help thwart this:

  1. Keep your phone under your control at all times
  2. Do not believe the myth that hotel room safes are secure. They are not.
  3. Put your device in a tamper-evident bag if you need to leave it somewhere. At least that way you will know if someone attempted to get into it.
  4. Use burner phones and change them like underwear

I know that all of this is a pain in the rear. You have to decide what your level of paranoia is.

Remember: Security or convenience, pick one.

Credit: The Intercept