This week on TCE Cyberwatch we’re covering the different data breaches and vulnerabilities faced by different companies. Along with this, the rise of countries using AI and deepfake technology, some consensual and some not, adds depth to the conversation surrounding the security of it all.
TCE Cyberwatch aims to bring updates around large-scale and small-scale events to ensure our readers stay updated and stay in the know of cybersecurity news that can impact them. Keep reading to learn about what’s currently trending in the industry.
Dropbox Sign data breached; Customers authentication information Stolen
Dropbox, a popular drive and file sharing service, revealed that they had recently faced a security breach which led to sensitive information being endangered. Specifically, Dropbox Sign, a service used to sign documents, was targeted. The data stolen was of Dropbox Sign users, which had information such as passwords, account settings, names, emails, and other authentication information.
Rotation and generation of OAuth tokens and API keys are steps that have been taken by Dropbox to control fallout. Dropbox has assured that “from a technical perspective, Dropbox Sign’s infrastructure is largely separate from other Dropbox services. That said, we thoroughly investigated this risk and believe that this incident was isolated to Dropbox Sign infrastructure, and did not impact any other Dropbox products.” Read More
Cyberattacks on organizations in the UAE claimed by Five Families Alliance member, Stormous Ransomware
Stormous Ransomware has claimed responsibility for cyberattacks that have attacked several UAE entities. A ransomware group linked to the Five Families alliance which is known for targeting the UAE entities, Stormous Ransomware has targeted organisations like the Federal Authority for Nuclear Regulation (FANR); Kids.ae, the government’s digital platform for children; the Telecommunications and Digital Regulatory Authority (TDRA), and more.
After announcing alleged responsibility for the attacks, the ransomware group demanded 150 BTCs, which comes to around $6.7 million USD. They had threatened to leak stolen data if the ransom was not paid. The organisations targeted by the group are yet to speak up about the situation and tensions are high due to the insurmountable damage these claims could cause. Read More
Russian bitcoin cybercriminal pleads guilty in the U.S. after arrest in France
Alexander Vinnik, a Russian cybercrime suspect, recently pleaded partially guilty to charges in the U.S. Previously arrested in Greece in 2017 on charges of money laundering of $4 billion through the digital currency bitcoin in France, Vinnik is now set to face a trial in California.
Vinnik’s lawyer, Arkady Bukh, predicted that Vinnik could get a prison term of less than 10 years due to the plea bargain. The U.S. Department of Justice accused Vinnik of having “allegedly owned, operated, and administrated BTC-e, a significant cybercrime and online money laundering entity that allowed its users to trade in bitcoin with high levels of anonymity and developed a customer base heavily reliant on criminal activity.” Read More
Many Android apps on Google Play store now have vulnerabilities that infiltrate them
Popular Android applications have faced a path traversal-affiliated vulnerability. Called the Dirty Stream attack, it can be exploited by one of these flagged applications leading to overwriting files. The Microsoft Threat Intelligence team stated that, “the implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation.”
The apps who have faced this vulnerability are popular, with 500 million to 1 billion downloads. Exploitation would have led to the attacker having control of the app and being able to access the user’s data, like accounts used. Microsoft is worried about it being a bigger issue and has asked developers to focus on security to protect sensitive information. Read More
Department of Social Welfare, Ladakh, in India, allegedly hacked, but no proof provided
Recently, a threat actor had allegedly hacked the database of the Department of Social Welfare Ladakh, Government of India. Their claims, however, seemed to have no support. No information was disclosed from their side and no breaching of sorts was sensed on the department’s website.
However, if the claims are true, the fallout is predicted to be very damaging. Investigations into the claims are currently happening. As no motive or even the authenticity has been confirmed, for the individuals whose data resides in the departments database and national security, it’s important to detect and respond in a swift manner as to preserve the nation’s cyber security. Read More
U.K. military data breach endangers information of current, veteran military personnel
The U.K. military faced a data breach where the information of serving UK military personnel was obtained. The attack was of Ministry of Defence’s payroll system and so information like names and bank details, sometimes addresses, were gathered. The hacker behind it was unknown until now but the Ministry has taken immediate action.
The “personal HMRC-style information” of members in the Royal Navy, Army and Royal Air Force was targeted, some current and some past. The Ministry of Defence is currently providing support for the personnel whose information was exfiltrated, and this also requires informing veterans’ organisations. Defence Secretary Grant Shapps is expected to announce a “multi-point plan” when he updates the MPs on the attack. Read More
India’s current election sees deepfakes, Prime Minister Modi calls for arrests of political parties responsible
India’s current Prime Minister Modi has announced that fake videos of him and other leaders making “statements that we have never even thought of”, have been circulating. This election, with its new name of being India’s first AI election, has led to police investigations of opposition parties who have made these videos with Modi calling for arrests.
Prior to this, investigations regarding fake videos of Bollywood actors criticising Modi were also taking place. However, in this situation, around nine people have been arrested – six of whom are members of Congress’ social media teams. Five of them have managed to be released on bail, but arrests of higher-ranking social media members have been made. There has been a trending tag #ReleaseArunReddy for Congress national social media co-ordinator, Arun Reddy, who had shared the fake videos.
Germany and Poland accuse Russian Military Service of cyber-attacks
Germany has come out stating that an attack on their Social Democratic Party last year was done by a threat group believed to be linked to Russian Military Services. German Foreign Minister Annalena Baerbock said at a news conference in Australia that APT28, a threat group also known as Fancy Bear, has been “unambiguously” confirmed to have been behind the cyberattack.
Additionally, Poland has joined in support of Germany and said that they were targeted by ATP28 too. Poland has not revealed any details about the attack they faced but Germany shares that they are working to rebuild damage faced by it. Baerbock stated that, “it was a state-sponsored Russian cyber-attack on Germany, and this is absolutely intolerable and unacceptable and will have consequences.”
Ukraine unveils new AI-generated foreign ministry spokesperson
Ukraine has just revealed an AI spokesperson who has been generated to deliver official statements for the foreign ministry. The messages being delivered are written by humans, but the AI is set to deliver them, moving animatedly and presenting herself as an individual through introducing herself as Victoria Shi.
Victoria is modelled based on a Ukrainian celebrity, Rosalie Nombre, who took part in her development and helped to model the AIs appearance and voice after her. Ukraine’s foreign minister has said that she was developed for “saving time and resources,” along with it being a “technological leap that no diplomatic service in the world has yet made.” Read More
Singapore passes new amendment to their cybersecurity bill which regulates temporary, high-risk attacks
A new amendment to Singapore’s Cybersecurity Law was made by its Parliament to keep up with the country’s evolving critical infrastructure and to adapt to technological advancements. The changes made regulate the Systems of Temporary Cybersecurity Concern (STCC), which encompass systems most vulnerable to attacks in a limited period.
This means the Cyber Security Agency of Singapore (CSA) can oversee Entities of Special Cybersecurity Interest (ESCIs), due to their error disposition affecting the nation’s security as a whole. With the country’s defence, public health and safety, foreign relations, and economy in danger, the Bill is set to target critical national systems only, leaving businesses and such as they are. Read More
Eurovision becomes susceptible to cyberattacks as the world’s largest music competition takes place during conflict
The 68th Eurovision Song Contest is being held in Sweden, Malmö, this year due to current tensions surrounding conflicts like Israel and Gaza, and Russia and Ukraine. Security has been tightened as in 2019, hackers had infiltrated the online stream of the semi-finals in Israel by warning a missile strike and showed images of attacks in Tel Aviv, the host city. There are several reports about hackers hijacking the broadcast as over 167 million people tuned in to watch last year.
The voting system can also be an issue with the finals coming up, but Malmö’s police chief claims to be more worried about disinformation. The spokesperson for the contest stated that “We are working closely with SVT’s security team and the relevant authorities and expert partners to ensure we have the appropriate measures in place to protect from such risks.” Read More
Wrap Up
This week we’ve seen militaries and governments being cyber-attacked and that truly reminds us how interconnected everything is. If big organisations are vulnerable to attacks, then so are we.
TCE Cyberwatch hopes that everyone stays vigilant in the current climate of increased cyberattack risks and ensure they stay protected and are on the lookout for any threats which could affect them.
