Newsletter compiled by Jon Munshaw.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
Be sure to pay close attention Tuesday for some changes we have coming to Snort.org. We’ll spare you the details for now, but please bear with us if the search function isn’t working correctly for you or you see anything else wonky on the site.
And, as always, we have the latest Threat Roundup where we go through the top threats we saw — and blocked — over the past week.
Upcoming public engagements
Event: A World of Threats: When DNS becomes the new weapon for governments at Swiss Cyber Security Days
Location: Forum Fribourg, Granges-Paccot, Switzerland
Date: Feb. 12 - 13
Speakers: Paul Rascagnères
Synopsis: In this presentation, Paul will present two threat actors Cisco Talos has been tracking who are manipulating the DNS system. On Jan. 22, 2019, the U.S. DHS published a directive concerning this attack vector. We will present the timeline for these events and their technical details. One of the actors is behind the campaign we named “Sea Turtle.” This actor is more advanced and more aggressive than others we’ve observed in the past. They do not hesitate to directly target registrars and one registry. The talk will break down these two actors and the methodology used to target the victims.
Cyber Security Week in Review
- State-sponsored actors linked to Turkey are believed to be behind a recent wave of cyber attacks targeting governments in the Middle East and Asia. The attackers are using a technique called DNS hijacking that shows similarities to the Sea Turtle actor Cisco Talos discovered last year.
- Facebook executives backed the security of its WhatsApp messaging software, saying it could not have been at fault for the hacking of Amazon CEO Jeff Bezos’ phone. Reports state Bezos was sent a malicious video through WhatsApp and opened it, leading to the installation of spyware. However, Facebook laid the blame at the feet of Apple and iOS’ security.
- The Bezos incident has led to many wealthy individuals reaching out to cyber security vendors for private assistance with security. For example, one group is working on an information-sharing platform for cyber attacks targeting members of royal families across the globe.
- Dozens of United Nations servers and user accounts were breached during an August cyber attack, according to new leaked reports. Staff members working in the UN’s Geneva, Switzerland office were reportedly told to change their passwords but were not made aware of the breach.
- The Japanese government adopted a series of new policies this week designed to protect government services from a cyber attack during the upcoming Summer Olympics. A special panel called on infrastructure and public transportation services to investigate any potential vulnerabilities in their systems due to the use of internet-of-things devices, and report those flaws immediately to an administrator.
- Cisco launched a new security architecture platform for IoT devices this week. Cisco Cyber Vision provides users with software and services backed by Talos’ intelligence to identify threats and vulnerabilities in IoT assets in real-time.
- Facebook agreed to pay $550 million as part of a settlement of a class-action lawsuit in Illinois. The suit alleged Facebook violated a state law by using facial recognition technology to auto-tag users in photos without obtaining their consent.
- The actor behind the Maze ransomware dumped a large amount of victim data online this week, including information from an Ohio community college and a grocery store chain in Michigan. Administrators of Maze’s website said in a message that they were sparing recent victim Parkland, Florida, but still leaked some data to prove that they were hacked.
- The latest security update to iOS allows users to disable a location-tracking feature used by many apps. The latest patches also fixed a critical remote code execution vulnerability in the WebKit browsing engine.