The SolarWinds Hackers Are Looking for Their Next Big Score
The endless cybercriminal cat and mouse game continued this week with a collaborative international law enforcement operation, Dark HunTor, that resulted in 150 arrests of alleged dark web vendors plus seizure of $31.6 million in cash and cryptocurrency and 230 kilograms of drugs. The action focused on sellers who had hawked their wares on the dark web marketplace DarkMarket, which German police shuttered in January. Meanwhile, ransomware gangs continued their rampage. The Russian group Grief, seemingly a front for the sanctioned ransomware gang Evil Corp, claimed to have hit the National Rifle Association this week. The apparent incident is the latest in a string of attacks in which victims have to consider the potential ramifications of violating sanctions if they want to pay their way out.
British digital identity company Yoti says its machine learning-based image analysis tool can predict the ages of people between 6 and 60. The tool could be used to enforce age minimums on platforms and keep kids safer online, but it raises questions about just how much digital surveillance is too much. Blind and vision-impaired individuals have once again won a DMCA exemption that allows them to break digital rights management protections on ebooks and create accessible versions. But the exemption is still temporary, and advocates will need to fight to win it again in three years. They say the measure should be permanent.
Google’s Pixel 6 and 6 Pro have some advanced security features, thanks to their Tensor processors, the first Pixel system-on-a-chip to be custom-built by Google. If you need some security tips for Windows instead, though, we’ve rounded up 11 of the most important settings to focus on. Plus, we’ve got updated recommendations if you’re looking for a trustworthy VPN.
And there’s more! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories, and stay safe out there.
The Russian SVR foreign intelligence service hacking group known as Nobelium and Cozy Bear has been targeting a new wave of international IT companies embedded in the global supply chain, according to a warning from Microsoft this week. As it infamously did with the network management services firm SolarWinds in 2020, the group looks to compromise key—but often relatively obscure—tech companies as an inconspicuous springboard to attack the target company’s own customers. This time, Tom Burt, Microsoft vice president of customer security and trust, says that Nobelium is going after managed cloud services providers and tech resellers. Burt says Nobelium has been prolific all summer. Between July 1 and October 19 the company informed 609 customers that they had been attacked 22,868 times by the group—roughly the same number of attacks Microsoft saw from Cozy Bear in the three previous years combined. Burt adds, though, that all of this recent targeting had a “success rate in the low single digits.”
“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling— now or in the future—targets of interest to the Russian government,” Burt wrote. Spies gonna spy.
A hack on Tuesday targeting gas stations in Iran knocked out virtually every subsidized payment terminal at pumps for days, leading to long lines and upheaval. “There should be serious readiness in the field of cyberwar, and related bodies should not allow the enemy to follow their ominous aims,” said Iranian president Ebrahim Raisi. No one has claimed responsibility for the attack and Raisi did not attribute it, but he indicated that he believes anti-Iranian actors were behind the assault. During the attack, payment terminals reportedly read “cyberattack 64411,” a reference to a religious hotline run by Supreme Leader Ayatollah Ali Khamenei’s office. The number “64411” also showed up in a July attack on Iran’s national railroad.
Europol announced the arrest of 12 people on Friday with alleged links to ransomware attacks on corporations and critical infrastructure that apparently impacted more than 1,800 people in 71 countries. Law enforcement from eight countries collaborated on the action and seized more than $52,000 in cash, five luxury vehicles, and a slew of electronic devices. The attacks used an array of ransomware, including LockerGoga, MegaCortex, and Dharma.
A bug in the medical records app Docket exposed the data of New Jersey and Utah residents vaccinated against Covid-19. The two states specifically endorsed the app, which lets people download a digitally signed version of their paper vaccination card. Like other “vaccine passports,” Docket lets users access their immunization record as a visible card or a scannable QR code. The vulnerability let anyone access other users’ QR codes and corresponding personal data. This included names, dates of birth, and immunization information like date of vaccination and brand used. TechCrunch discovered the bug on Tuesday and notified the company that day. Docket said within hours that it had fixed the bug by making server-level changes. The company is in the process of reviewing its logs to see whether anyone visibly abused the flaw before its disclosure.
More Great WIRED Stories