SAN MATEO, CA, December 9, 2024 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Sponsored by NetworkTigers.
Americans should communicate with end-to-end encryption
The FBI and CISA, in response to Salt Typhoon’s attack on major telecoms, are warning Americans to stop communicating via text or voice using services that don’t feature end-to-end encryption because the hackers responsible may be able to access their communications. Specifically, users are encouraged not to send communications from Apple to Android devices and vice versa, as messages between the two product types are insecure. “Encryption is your friend,” said Jeff Greene, executive assistant director for cybersecurity at CISA. “Whether it’s on text messaging or if you can use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.” Officials have yet to say how many Americans have been vulnerable to compromise in the attack. Read more.
Windows 11 requires “non-negotiable” TPM 2.0 support
Microsoft has said that those using Windows 10 cannot upgrade to Windows 11 without their system having TPM 2.0 support. “TPM 2.0 (Trusted Platform Module 2.0) is a dedicated processor on modern computers that provides hardware-based security functions and serves as a trusted hardware component for storing sensitive data, including encryption keys and other security credentials.” Calling the requirement “non-negotiable,” Microsoft has made TPM 2.0 mandatory in orto systems more resilient to sophisticated hacks and cyberattacks. While some users have found workarounds that pass the requirement, Microsoft senior product manager Steven Hoskins cautions that “TPM 2.0 is essential to counteracting present-day cyber risks… One way it does so is by helping to protect sensitive information as more AI capabilities come to physical, cloud, and server architecture.” 61% of all Windows systems worldwide are still using Windows 10, despite it reaching the end of its support in less than a year. Read more.
Financial fraud boosted by generative AI
The FBI is warning that generative AI is being used by fraudsters to enhance their scams, prompting the agency to issue new guidance that the public can use to protect themselves from criminals. Generative AI has been observed being used to create more convincing messaging, create fake images, documents, and photos, and impersonate a person’s voice and likeness via audio and video recordings. The tools have also been used to create fake celebrity endorsements for crypto scams and build AI-powered chatbots that encourage visitors to click malicious links. The FBI urges the public to create a secret word or phrase that can be shared with family to verify their identity, make social media profiles private, never share sensitive information with people you haven’t met, and never send money or gift cards to people you do not know. Read more.
Manson Market fraud marketplace shut down by Europol
In an operation led by German authorities, Europol has shut down Manson Market. Believed to have launched in 2022, Manson Market “operated as a central hub for the trade of illegally obtained information,” making it a popular destination for criminals committing online fraud. “The marketplace allowed its thousands of users to buy stolen data sorted by region and account balance,” said Europol. “This customization enabled criminals to carry out targeted fraud with greater efficiency.” The operation also involved authorities from Austria, Czechia, Finland, the Netherlands, and Poland. In addition to the shutdown, two individuals connected to the marketplace were arrested in Germany and Austria. Read more.
Data brokers banned from selling sensitive data
The FTC has come down on data brokers Mobilewalla and Gravy Analytics, banning them from “harvesting and selling Americans’ location tracking data linked to sensitive locations, like churches, healthcare facilities, military installations, and schools.” The agency said both companies illegally collected and sold consumer data for their customers to search through “at least three years of historical data (including raw, precise mobile location data).” The FTC also says that government agencies such as the IRS, DEA, FBI, Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE) could obtain lists of data that would indicate what individuals may have been present at a certain location during a specific period, allow them to track devices, and more. Both companies have also been ordered to erase all historical data and any products built using it. Read more.
Salt Typhoon hackers persist within telecom networks
The massive telecom breach carried out by Chinese state-sponsored hacker group Salt Typhoon continues, as the U.S. government reports that the threat actors have yet to be completely evicted from the networks they attacked. Making a complete removal challenging is the fact that the hackers used different means to compromise each of their targets, meaning that no one-size-fits-all solution can be applied to every telecom. “Each victim is unique. These are not cookie-cutter compromises in terms of how deeply compromised the victim might be or what the actor has been able to do,” said Jeff Greene, executive assistant director for cybersecurity at CISA. “So it really is case-specific in terms of how to mitigate the specific activity.” Officials are still investigating the full scope and details of the breach, which appears to have been motivated by espionage. Read more.
Organizer of Hydra Market sentenced to life in prison
Stanislav Moiseyev, the leader of Hydra Market, has been sentenced to life in prison by a Moscow court. He has also been ordered to pay a fine of four million rubles. Fifteen of his accomplices were also given sentences ranging from 8-23 years and ordered to pay 16 million rubles. Hydra Market, believed to have started operating in 2015, was one of the largest online black markets before being taken down by authorities from the U.S. and Germany. The market made $1.3 billion in 2020 alone and had 17 million registered customer accounts and more than 19,000 seller accounts. The severity of the punishment for those involved is noteworthy, “given that most cybercriminals operating in the region are tacitly allowed to continue their activities as long as they’re directed outside the country, at victims in the West and other nations hostile to Russia.” Read more.
MATRIX encrypted chat service shut down
An international law enforcement operation codenamed “Passionflower” has shut down MATRIX, an encrypted chat platform that cybercriminals rely on to conduct illegal activities. The operation, which was coordinated by Europol and Eurojust and involved France, the Netherlands, Italy, Lithuania, Spain, and Germany, was able to tap into MATRIX via the phone of an individual who attempted to assassinate journalist Peter R. de Vries in 2021. For three months, authorities could monitor 2.3 million messages in 33 different languages on the platform. Simultaneous raids resulted in the shutting down of MATRIX servers in Germany and France and the arrests of five suspects in Spain and France. One individual arrested is believed to be the owner and primary operator of the platform. Read more.
Amazon launches AWS Security Incident Response service
Amazon Web Services (AWS) has launched a new service called AWS Security Incident Response. The service is intended to help companies respond to and recover from cyberattacks faster and more efficiently. “We’ve received feedback from customers that implementing effective security incident response programs is challenging due to a reliance on various tools, services, and people that are difficult to scale as organizations and business needs evolve,” said Hart Rossman, VP of global services security at AWS. “AWS Security Incident Response can now be used as a […] single source of truth for security incident response.” While other similar services exist, this offering from AWS “includes support from AWS’ dedicated customer incident response team” because many companies already rely on other AWS products, is likely to be the most convenient option to turn to. “AWS Security Incident Response works with all AWS detection and response services,” Rossman said, “by continuously identifying and prioritizing security issues.” Read more.
New Google Chrome feature check websites with AI
Google is set to unveil a new feature for its Chrome browser called “Store reviews” that can assess a website’s trustworthiness. The security feature will use AI to summarize views from trusted, independent platforms such as Pilot, Scam Advisor, and Trust Pilot to assess whether or not a website the user is visiting is potentially dangerous. The information will be shown in a “page info bubble” after clicking the lock icon in the address bar. The feature is one of several AI-powered enhancements that Google is developing for the browser to help users avoid falling into malicious traps or succumbing to online scams. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
