InfoSec Round-Up: Jan 29th
TikTok Flaws, Broken Botnet & Ransomware Gang Takedown
TikTok Flaw Exposed Profile Details
The technology company ByteDance has fixed a security vulnerability in the social media platform TikTok, which could have allowed attackers to steal the personal information of its users.
Uncovered by security researchers at Check Point, the flaw could have allowed malicious actors to bypass privacy protections by exploiting the platforms ‘Find Friends’ function, enabling access to, amongst other data, unique user IDs and users’ phone numbers.
One of several vulnerabilities discovered by researchers, last year a different flaw was also disclosed which would have made it possible for attackers to effectively hijack user accounts, as well as steal personal data.
The platform, which has surpassed 2 billion global downloads, launched a private bug bounty program back in April of 2020, encouraging security researchers to find and report bugs before they could be exploited by malicious actors.
In a statement, a TikTok spokesperson noted, “The security and privacy of the TikTok community is our highest priority, and we appreciate the work of trusted partners like Check Point in identifying potential issues so that we can resolve them before they affect users”.
Emotet Botnet Disrupted
As part of a Europol effort, police from the UK, EU, US, and Canada have seized thousands of computers running the global botnet known as Emotet.
Originally designed as a banking trojan, the Emotet botnet spread through infected e-mail attachments, exploiting users by prompting them to “enable macros” once they had opened a malicious Word document.
Utilising a new and unique approach, the botnets infrastructure was taken down “from the inside”, with infected machines of victims being redirected towards law enforcement-controlled infrastructure.
According to the press release, Emotet was far more than just a malware, labelling it “one of the most resilient malwares in the wild”. Going on to explain how the software facilitated additional attacks by acting as a ‘loader’ for other forms of malware.
“The EMOTET infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorised access was established, [this was] sold to other top-level criminal groups to deploy further illicit activities such [as] data theft and extortion through ransomware.”
Netwalker Ransoms Seized
Several dark web websites associated with the Netwalker ransomware syndicate have been seized as part of an international law enforcement effort, with one Canadian national being charged for his involvement in the criminal enterprise.
Believed to have generated tens of millions in ill-gotten gains, Netwalker is what is known as a ‘ransomware-as-a-service’ (RaaS) operation, whereby affiliates distribute the ransomware in return for a 60-75% share of ransom payments.
Sebastien Vachon-Desjardins of Quebec, an affiliate of the gang, is alleged to have obtained at least $26 million as a result of his elicit involvement in ransomware campaigns.
The website seizures and subsequent arrest were a coordinated effort between the US Department of Justice and Bulgarian agencies, with law enforcement also seizing approximately $454,000 in cryptocurrency as part of the operation.
Dealing a significant blow to the Netwalker syndicate, FBI Special Agent Michael F. McPherson stated on the matter, “This case illustrates the FBI’s capabilities and global partnerships in tracking ransomware attackers, unmasking them, and holding them accountable for their alleged criminal actions”.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Information Security Resolutions for the New Year: Part Two. Information security for 2021 blog post by Hut Six Security.
INTERPOL Warning, Leaked Pixlr Records & App Flaws - InfoSec Round-Up Jan 22nd
Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.
Ryuk Ransomware Gang, Cryptocurrency Fortunes & SolarWinds - InfoSec Round-Up Jan 17th
ISO 27001 vs SOC 2 Certifications - what's the difference? SOC 2 is a type of audit report focusing on security controls. ISO27001 is a compliance standard focused on high level information security.
Assange Extradition, Vaccine Scams, App Bans & SolarWinds Hack - InfoSec Round-Up Jan 10th
Inside Attacker Jailed, GDPR Fines Twitter & Trump’s Twitter Password - InfoSec Round-Up Dec 20th
The Five Biggest Breaches and Hacks of 2020. Information Security blog by Information Security Awareness provider Hut Six Security.
Foxconn Ransomware, FireEye Hacked & Google Fined €100M - InfoSec Round-Up Dec 13th
Preparing for SOC 2 Compliance. What are the 5 Trust Service Principles? Security · Availability · Processing Integrity · Confidentiality · Privacy