There’s another week in the books! The passing of another week signals the need for another “Byte Sized News,” brought to you by PlexTrac. This week was a busy one for the cybersecurity industry! There are many interesting stories, new developments, and enormous breaches in the industry that are sure to both entertain and inform our readers. As always, this series isn’t intended to provide readers with details on every story and topic, but rather to fill busy professionals in on the most compelling developments in the field.
Without further ado, let’s get to this week’s top news stories!
Our first story from the week comes from InfoSecurity Magazine. This article discusses Zoom’s reversal of its controversial decision to restrict access to end-to-end encryption (E2EE) for some users. End-to-end encryption will now be available to every Zoom user, regardless of if they’re on the free or premium plan. “We are pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform,” Zoom’s CEO Eric Yuan said in a blog post. “This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe — free and paid — while maintaining the ability to prevent and fight abuse on our platform,” Yuan continued. The decision to offer E2EE for every user comes after many rights groups, tech firms, and internet users petitioned the firm to reverse its policy on E2EE.
The next article we want to highlight this week comes from Threatpost. This article discusses the 2016 CIA security breach and how the breach can largely be tied to the agency’s security measures. These measures can be described as focusing “more on building up cyber tools than keeping them secure.” This lack of strength in security led to a data breach, which ultimately led to a document drop of Vault 7 on WikiLeaks. This conclusion was reached as a part of an internal 2017 Department of Justice (DoJ) report on the CIA breach. At least 180 gigabytes (up to 34 terabytes of information) was stolen in the breach, the report said. This amount is equivalent to 11.6 million to 2.2 billion electronic document pages. The report also outlined several (heavily redacted) recommendations for the agency to take to bolster its security. The recommendations included enhancing its security guidelines and classified information handling restrictions for zero-day exploits and offensive cyber tools.
Our next article from the week comes from Krebs on Security, a popular pick of our staff. This article talks about Privnotes.com, a website that has been impersonating Privnote.com for the past year or so. Privnote.com is a legitimate company that offers free encrypted messaging for users. However, Privnotes.com is taking advantage of those using the platform by having any messages containing bitcoin altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same. The owners of the Privnote.com website have complained about this devious website for a while, claiming many of their users have fallen victim to the site. This mistake occurs easily as the appearance and spelling of the two addresses are so similar.
The next story from the week comes from Dark Reading. This article talks about the North Korean cybercrime group called the “Lazarus Group.” As reported, this group may have been behind a major cyber-espionage campaign that targeted high-profile military and aerospace companies in Europe between September and December of last year, a new analysis of the attack suggests. Researchers from ESET conducted a joint investigation of the campaign with two of its victims. This research unearthed new information on how the attacks unfolded, the malware used in the campaign, and the tactics the threat group used to avoid detection. One of the most important things discovered is the attacker’s use of social engineering via bogus job offers on LinkedIn in order to carry out a malware attack on victim’s devices. The overall goal of the attack was supposedly cyber-espionage, but in at least one case the attackers tried to monetize their access to a victim’s network.
Our last headline of the week also comes from Threatpost. InvisiMole is back, and is targeting Eastern Europe organizations in the military sector and diplomatic missions with an updated toolkit and new advanced persistent threat (APT) partnership. InvisiMole was first discovered back in 2018, with cyber-espionage activity dating all the way back to 2013 in operations in Ukraine and Russia. More recently, however, InvisiMole has been spotted attacking a few high-profile organizations in the military sector from late 2019 to the present. The more recent campaign run by InvisiMole allowed researchers to find the “missing pieces of the puzzle” relating to the organization’s tactics, techniques, and procedures (TTPs). This discovery facilitated finding additional “stealth” in InvisiMole’s operations that provided the organization more secrecy. The group now also operates off a “living off the land” technique, focusing on abusing legitimate applications to perform malicious operations while flying under the radar.