Antivirus used to spread malware, White House ransomware summit
Threat group rides antivirus software to install malware
Researchers at Kaspersky discovered the China-based threat group Cicada targeting Japanese organizations. The group used a spear-phishing email to prompt the install of the legitimate K7Security Suite. However it also included a malicious DLL to install it’s custom LODEINFO backdoor. Because Cicada effectively uses a legitimate security app to sideload the DLL, other security apps may not detect it. Targeted organizations span across media groups, diplomatic agencies, and public sector organizations, indicating the group plans to use the backdoor for cyberespionage.
White House organizes ransomware summit
The White House hosted its second International Counter Ransomware Summit starting on October 31st, bringing together three dozen nations as well as private-sector companies. The Summit focused on how to make systems more resilient to attacks overall and disrupting threat actors in the planning stages. Private companies attending included Microsoft, Maniant, Crowdstrike, and Palo Alto Networks. The Biden administration cited the recent ransomware attack on the Los Angeles school district as a factor in deciding to call the summit now.
Ed tech company exposed user data
The Federal Trade Commission filed a complaint against the ed tech company Chegg, alleging “careless” security practices that compromised personal data. Based on the filing, these practices data back to 2017. In 2018, sensitive information on about 40 million customers became exposed after a former contractor accessed a third-party database. This included names, emails, passwords, sexual orientation, and parents’ income. SInce then, this dataset appears for sale online. The company also reportedly exposed information of employees, including social security numbers. The complaint chided Chegg for not requiring multi-factor authentication, storing personal data in plain text, a lack of any written security policy until 2021, and using “outdated and weak” encryption.
Twitter exploring paid verification
According to documents seen by and sources speaking to The Verge, Elon Musk’s Twitter wants to expand its existing Twitter Blue subscription into a more expensive offering that also verifies users. Currently Twitter Blue costs $4.99 a month, and plans call for the expanded offering to cost $19.99. As currently constituted, already verified users would have 90 days to subscribe or lose their verified status. Musk reportedly informed employees working on the project they must launch the feature by November 7th or lose their jobs. Twitter only recently reintroduced account verification after holding the process for review. It’s generally meant to establish that a notable or famous person’s account belongs to that actual person. It’s unclear if paid verification changes that functionality.
Thanks to today’s episode sponsor, Votiro
Telegram disables private channels on iOS
Telegram founder Pavel Durov said on his Telegram channel that Apple claimed it wouldn’t allow content creators to use third-party payment methods. Telegram allows content creators to offer access to channels or posts through a paywall that users can pay for with a third-party payment method, bypassing Apple’s in-app purchasing system. As a result, Durov says Telegram must disable paid posts and channels on its iOS app. Apple recently changed it’s App Store guidelines to state that social media page boosts, a form of advertising, must use Apple Pay.
Most customers would leave retailer after data leak
According to an Akamai survey of UK consumers, 59% of respondents would leave a retailer if they suffered a major cyber security compromise. The same amount of respondents said they would advise friends and family to avoid the retailer as a result. Just under half of respondents, 49%, said they don’t trust retailers to keep data safe in general. Customers might not have much of a choice of retailers if this survey carries over into practice. A Sophos survey last month found ransomware attacks compromised 77% of global retailers. 76% of respondents expected retailer s to approach cybersecurity by focusing on data protection and security tooling, rather than with educational campaigns.
India introducing CBDC pilot
The Reserve Bank of India will launch a wholesale central bank digital currency pilot as of November 1st. The State Bank of India, HSBC, and Union Bank of India are among the nine banks participating at this initial phase. The digital rupee will be used for the “settlement of secondary market transactions in government securities” with reduced transaction costs. A retail pilot will launch within a month at select locations. The retail pilot will involve closed user groups of customers and merchants.
Instagram having some issues
Many Instagram users received notifications that accounts were suspended. This occurred seemingly without any change in user behavior. People also reported seeing “user not found errors” while others said they were asked to provide feedback to Instagram to log in. Suspended accounts cited violations of community guidelines. It’s not clear if users should go through Instagram’s suspension appeals process to regain access or wait until Instagram fixes something on their end. Users able to log in noticed reduced subscriber numbers, although it’s not clear the two are related. Instagram acknowledged the issues and said it began investigating.