International Operation Knocks Notorious REvil Ransomware Group Offline -

International Operation Knocks Notorious REvil Ransomware Group Offline


the endless drumbeat of high-profile ransomware attacks continued this week, but Google’s Threat Analysis Group also raised awareness of tricky “pass-the-cookie” attacks that hackers have used in recent years to hijack prominent YouTube channels. While this type of attack isn’t new, Google has taken significant coordinated action to curb the trend. Compromised YouTube channels have been used to broadcast cryptocurrency scams and disseminate other misinformation.

Meanwhile, the International Organization for Standardization released its first set of sex toy manufacturing guidelines last week in a major step for establishing minimum safety standards across the industry. Dubbed ISO 3533 or “Sex Toys: Design and Safety Requirements for Products in Direct Contact with Genitalia, the Anus, or Both,” the document, while significant, does not establish clear guidelines for digital security or privacy, both areas where sex toys have already had significant and impactful stumbles.

If you’re thinking about account security and want an easy weekend project to help shore things up, double-check that you have two-factor authentication enabled everywhere it’s offered. And if you want to move between authenticator apps, say from Google Authenticator to Twilio Authy, we’ve got a guide to doing it easily without losing access anywhere.

But wait, there’s more. Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories, and stay safe out there.

The notorious Russia-based ransomware gang REvil, which was responsible for the JBS Meat attack in June and the Kaseya managed software compromise in July, was itself hacked and knocked offline by a consortium of government law enforcement groups. The FBI, US Cyber Command, and Secret Service worked with partners in other governments on the project of sabotaging REvil’s infrastructure. After the Kaseya breach and resulting ransomware attacks in July, the FBI was able to grab a universal decryptor from REvil itself. But officials withheld the tool so they would not reveal their access to REvil’s infrastructure. After some of the gang’s platforms went offline in July, members restored them from backups in September, and inadvertently reestablished law enforcement’s system access in the process, opening the door for a takedown. REvil’s website and data-leaking platform “Happy Blog” is now inaccessible.

The second-largest television station operator in the United States, Sinclair Broadcast Group, was hit with a ransomware attack early this week that impacted the company’s operations and broadcasts. The malicious encryption tool used in the attack is similar to one used previously by the sanctioned Russian criminal gang Evil Corp. The malware has been attributed to the gang in the past. Sinclair struggled to stabilize its operations all week, and employees reported a chaotic situation as stations worked to maintain their broadcasts. “Our focus remains on continuing to work closely with a third-party cybersecurity firm, other incident response professionals, law enforcement, and governmental agencies as part of our investigation and response to this incident,” Sinclair said in a statement on Thursday.

A hacker apparently compromised Argentina’s Registro Nacional de las Personas, stealing personal data on all Argentinians. The trove is now circulating privately for sale in criminal circles. The breach took place last month and targeted the government’s IT networks to access the database, which is also known as RENAPER. The agency issues national identification cards, and other government agencies can query its database. Government officials said in a statement that attackers comprised a legitimate user account to access the database rather than hacking it by exploiting a vulnerability. The first signs of the breach came in early October when a newly created Twitter account posted ID card photos and other personal information about 44 prominent Argentinians, including President Alberto Fernández and soccer stars Lionel Messi and Sergio Aguero.

On Thursday, the Federal Trade Commission called out six major US-based internet service providers for their shady data management practices and lack of meaningful privacy and security controls. The study focused on AT&T Mobility, Cellco Partnership (Verizon Wireless), Charter Communications Operating, Comcast (Xfinity), T-Mobile US, and Google Fiber. The ISPs do not make their privacy practices clear, the FTC found, and don’t adequately disclose how they use customer data. The investigation also indicated that the services make it challenging for their customers to opt out of data collection. 

The issues have been well known for years, but government and private sector efforts to curb such abuses have clearly not gone far enough. “While consumers certainly expect ISPs to collect certain information about the websites they visit as part of the provision of internet services, they would likely be surprised at the extent of data that is collected and combined for purposes unrelated to providing the service they request,” the FTC wrote in the report, “in particular, browsing data, television viewing history, contents of email and search, data from connected devices, location information, and race and ethnicity data.”


More Great WIRED Stories



Source link

Subscribe to Infrabuddy Newsletter
Subscribe