Fall is fast approaching, and by the time you read this NFL football will have started up again. While in any other year we would say that the year has “flown by,” the same can’t be said for 2020. It seems like last fall was 85 months ago. While the year has definitely gone by slowly, news continues to fly through the InfoSec industry as quickly as ever.
We’ve got a great lineup of stories this week. First off, we’ll talk about more security issues around the Tik Tok social media platform (this time, thankfully, not from the platform itself). Then we’ll discuss a couple of important vulnerabilities discovered this week. Lastly, our report will touch on a claim made this week that China’s cyber power is “neck and neck” with the United States’ power.
As always, this series isn’t intended to provide readers with details on every story and topic but rather to fill busy professionals in on the most compelling developments in the field.
Our first article from the week comes from Threatpost and talks about a devious new spyware that aimed to capitalize on people’s fear of TikTok inevitably being banned in the United States. The malware sent out was capable of taking over common device functions and creating Facebook pages in order to steal credentials from unknowing victims. Researchers discovered the Android spyware campaign pushing a “Pro” version of the popular application. This campaign was created to prey on the fear of the application’s primarily “young and gullible” user base. This rogue app, called “TikTok Pro” is being promoted by threat actors using a variant of a campaign that was already making the rounds. This campaign urged SMS and WhatsApp users to upgrade to the latest version of TikTok. The spoofed web address takes users to the fake address, which then asks them for login credentials and access to the Android device’s permissions, including the camera and phone. These permissions were then used to spy on the user and obtain large amounts of data.
Our next story from the week comes from InfoSecurity Magazine. The article discusses a new vulnerability in Bluetooth which could allow attackers to perform man in the middle (MITM) attacks and access authorized services. The vulnerability, coined “BLURtooth,” was discovered by a group of researchers at École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University. This specific vulnerability exists in the Cross-Transport Key Derivation (CTKD), which exists primarily in dual-mode devices like laptops and smartphones. “Vulnerable devices must permit a pairing or bonding to proceed transparently with no authentication, or a weak key strength, on at least one of the BR/EDR or LE transports in order to be susceptible to attack,” explained Carnegie Mellon University. Researchers also determined that devices that had been previously paired and are vulnerable to the exploit could still be exposed to the MITM attacks by attackers that are within a certain range. To make matters worse, there doesn’t appear to be a fix for the “BLURtooth” vulnerability at the moment, so many are still susceptible to attack.
Moving on with our next story brings us to another one from Threatpost talking about the resurgence of the Zeppelin ransomware. This malware has popped back up in the cybersecurity world after a hiatus that lasted several months. A new wave of attacks were spotted in August by researchers at Juniper Threatlab, this time using a new trojan downloader. This wave, much like the one discovered in late 2019, started with phishing emails based with Microsoft Office attachments. These attachments, which are disguised as invoices, had malicious macros on board. Once these macros are enabled, the infection process starts. The latest campaign from Zeppelin has affected around 64 victims and targets, the Juniper researchers observed. This campaign may have started back in June, as the command-and-control (C2) center that the malware uses was registered on that date. The DNS data also tells us that the campaign could have run up until August 28th, a long campaign.
Our second to last article from the week comes from CSO Online and discusses scammers that leverage user-generated content on legitimate websites to trick consumers into sharing sensitive data. This campaign, while not from these reputable sources, has done damage to the companies, causing both financial and reputational harm. Organizations with a focus on allowing users and third-parties to list products, post reviews, and more have come under major threats from scammers. These scammers, with the goal of stealing credentials and taking over accounts, have used this content against their victims. While scams of this sort are not new, there is new data available stating that the number and severity of these attacks have risen. A new study put out by Sift detailed a “109% increase in instances of attempted content abuse between January and May of 2020 over the same time period of last year.” Of these attacks, almost half (48.8%) are financially motivated and aim for the disclosure of the victim’s PII, including their payment data, banking info, etc.
Our last article from the week is one from Cyber Scoop. Many with “conventional wisdom” tend to believe that the United States is ahead of other countries like China, Iran, North Korea, and Russian in the cyber space. However, according to research from Harvard, China has closed the gap. The research has determined that in the three critical areas of surveillance, cyber defense, and commercial efforts, China is now “neck and neck” with the US. “A lot of people, Americans in particular, will think that the U.S., the U.K., France, Israel are more advanced than China when it comes to cyber power,” Eric Rosenbach, the Co-Director of Harvard’s Belfer Center, told CyberScoop. “Our study shows it’s just not the case and that China is very sophisticated and almost at a peer level with the U.S.” This research found that China actually ranks second in the world in cyber power, now only trailing the United States. But how was this conclusion drawn? A framework was created to measure the strength of a country’s cyber power. This framework measures a country on 27 indicators of the country’s cyber capabilities and on 32 indicators of the country’s intention to use their cyber power.