InfoSec Round-Up: Jan 29th

TikTok Flaws, Broken Botnet & Ransomware Gang Takedown

TikTok Flaw Exposed Profile Details

The technology company ByteDance has fixed a security vulnerability in the social media platform TikTok, which could have allowed attackers to steal the personal information of its users.

Uncovered by security researchers at Check Point, the flaw could have allowed malicious actors to bypass privacy protections by exploiting the platforms ‘Find Friends’ function, enabling access to, amongst other data, unique user IDs and users’ phone numbers.

One of several vulnerabilities discovered by researchers, last year a different flaw was also disclosed which would have made it possible for attackers to effectively hijack user accounts, as well as steal personal data.

The platform, which has surpassed 2 billion global downloads, launched a private bug bounty program back in April of 2020, encouraging security researchers to find and report bugs before they could be exploited by malicious actors.

In a statement, a TikTok spokesperson noted, “The security and privacy of the TikTok community is our highest priority, and we appreciate the work of trusted partners like Check Point in identifying potential issues so that we can resolve them before they affect users”.

Emotet Botnet Disrupted

As part of a Europol effort, police from the UK, EU, US, and Canada have seized thousands of computers running the global botnet known as Emotet.

Originally designed as a banking trojan, the Emotet botnet spread through infected e-mail attachments, exploiting users by prompting them to “enable macros” once they had opened a malicious Word document.

Utilising a new and unique approach, the botnets infrastructure was taken down “from the inside”, with infected machines of victims being redirected towards law enforcement-controlled infrastructure.

According to the press release, Emotet was far more than just a malware, labelling it “one of the most resilient malwares in the wild”. Going on to explain how the software facilitated additional attacks by acting as a ‘loader’ for other forms of malware.

“The EMOTET infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorised access was established, [this was] sold to other top-level criminal groups to deploy further illicit activities such [as] data theft and extortion through ransomware.”

Netwalker Ransoms Seized

Several dark web websites associated with the Netwalker ransomware syndicate have been seized as part of an international law enforcement effort, with one Canadian national being charged for his involvement in the criminal enterprise.

Believed to have generated tens of millions in ill-gotten gains, Netwalker is what is known as a ‘ransomware-as-a-service’ (RaaS) operation, whereby affiliates distribute the ransomware in return for a 60-75% share of ransom payments.

Sebastien Vachon-Desjardins of Quebec, an affiliate of the gang, is alleged to have obtained at least $26 million as a result of his elicit involvement in ransomware campaigns.

The website seizures and subsequent arrest were a coordinated effort between the US Department of Justice and Bulgarian agencies, with law enforcement also seizing approximately $454,000 in cryptocurrency as part of the operation.

Dealing a significant blow to the Netwalker syndicate, FBI Special Agent Michael F. McPherson stated on the matter, “This case illustrates the FBI’s capabilities and global partnerships in tracking ransomware attackers, unmasking them, and holding them accountable for their alleged criminal actions”.