Byte Sized News has gone to video! Check out the newest episode in video form below. Don’t worry though, you can still read the transcript below if you prefer to get your news in text-form.
As always, this series isn’t intended to provide readers with details on every story and topic but rather to fill busy professionals in on the most compelling developments in the field.
Our first story of the week is a follow-up story from Cyberscoop about Microsoft and Trickbot.
Last week we reported on Microsoft’s legal battle that granted the technology juggernaut control over many of the domains that Trickbot uses to deploy botnets. After some initial doubts, it seems clear that the full-frontal assault by Microsoft and cyber command has taken root.
Microsoft reported on Tuesday that at the start of this week it had disabled 120 of the 128 command-and-control servers identified as Trickbot’s infrastructure, a 94% takedown rate. Microsoft’s takedown efforts have run parallel to efforts by Cyber Command, the cyber-offensive wing of the US Department of Defense. This effort has been made largely to ensure the cybersecurity of the 2020 Presidential Election.
Our next story from the week comes to us from SC Magazine, and details steps ransomware companies are taking to develop into corporate-minded entities.
Ransomware attacks have grown quickly and morphed into a billion-dollar business. With this growth, many ransomware companies are adopting many of the practices and tactics of the businesses they target. These practices include joint partnerships between ransomware companies, introducing tools to measure their group’s efficiency, creating playbooks and scripts in the negotiating phase, and adopting many customer service and PR tactics from the corporate world.
This shift has manifested itself quickly and can be seen from a more customer-friendly tone with victims all the way to widespread press releases and marketing content to drive more business. One quote from Brett Callow, a threat analyst at Emsisoft states that “You’ll get better service from some ransomware groups than the IRS, though that’s a fairly low bar.”
Our third article from the week comes from Threatpost and details threats made toward some American voters this past week.
Federal officials claim that email threats made towards Democratic voters claiming to be the violent extremist group “Proud Boys” actually came from IP addresses in Iran. The attacks, which targeted Democrats in Alaska, Arizona, and Florida, claimed they had “all of (the voter’s) information” and that if they didn’t vote for President Trump “there would be dire repercussions.”
These emails at first appeared to be from addresses linked to the far-right, male-only group Proud Boys. However, this attack did not come from the Proud Boys, and appears to be another attempt by Iran to mislead voters in America. Iran has been in the news previously for sending several campaign’s worth of spoof emails that were designed to intimidate Americans, mislead voters, and compromise our democratic process.
While our next story isn’t strictly related to cybersecurity, it is huge news about Google, one of the biggest tech companies in the world.
InfoSecurity Magazine reports that a civil antitrust lawsuit has been filed against Google by The United States Department of Justice and eleven state attorney generals. The complaint alleges that Google has unlawfully maintained monopolies in search and search advertising through anticompetitive and exclusionary practices.
One of the most high-profile claims is Google’s long-term agreement with Apple, an agreement for Google to be the default search engine for all of their devices. Another accusation details the force installation of many of Google’s search apps on devices, an installation that makes the apps un-deletable. Additionally, there’s a claim that Google has bought preferential treatment for its search engine on devices, web browsers, and other access points.
Many argue that these practices by Google have harmed their competitors by preventing them from gaining vital distribution and scale.
Our last article from the week comes from SC Magazine, and details a URL spoofing vulnerability that could take mobile phone victims to fraudulent sites without their knowledge.
The man who disclosed the vulnerability is Tod Beardsley, the director of research at Rapid7. Beardsley claims that most major browser vendors have snce patched the vulnerability. The vulnerability is an instance of CWE-451 from the Common Weakness Enumeration. This is cause for concern because victims on mobile devices cannot tell the difference between the real site and the fake site they land on.
In its most common form, the attack is carried out by having victims click a link on a forum or social media site, or by receiving a text on their mobile phone with a link to the website. Once on the site, victims would be prompted to enter in personal information, whether that’s login credentials or credit card information.