Security Bytes - Issue 20

I know this newsletter is a bit about doom and gloom, loss of privacy, and the never-ending battle against threats… but this week I show that there are times where technology can save lives, and I’m not talking about medical equipment or remote surgery, but your iPhone. This week two people crashed their car over a 250-foot cliff in California. With no cell service, they used iPhone’s new SOS service, which eventually led to a rescue helicopter saving them. The interesting part is that the underlying technology permitted passersby to unknowingly triangulate the position of the downed vehicle as they drove by, in concert with satellite features on the new and updated iPhone 14. The two made it out ok, just moderate injuries – which is amazing given they fell over 250 feet to the bottom of a canyon. A similar situation happened in Alaska, where a phone helped in a crash. Just goes to show, there are sometimes when having a phone on you that’s tracking your every movement and conversation can actually be a good thing! :)

Report - https://abc13.com/iphone-rescue-sos-on-angeles-national-forest/12575865

Driving Mrs. Malware

Without getting deep into the details, history, and technical aspects, I’ll summarize by saying, “here we go, again.” Meaning, “driver signing” and other malicious uses of the signing process are far too common. In summary, there was an attack performed that permitted hackers to deploy system drivers for Microsoft platforms that appeared to be signed by Microsoft, lending vast amounts of trust and credibility to the hacker’s nefarious software. Through this ill-gotten trust, the driver is permitted kernel level access, meaning you can do absolutely anything because you’re acting as part of the operating system and not a user, so you have more control than even the administrator. Although recently discovered and eventually announced this week, there is evidence to suggest it’s been in the wild since February, and certainly active since August. Now, although true, MS’s comment highlighting that the attacker would need administrative level access to use the driver doesn’t perfectly reflect the risk, how this can be used to build botnets, or be used to embed much more sinister hooks into the system. Admittedly, it comes across a touch dismissive, but I’m certain that wasn’t the intent. Nevertheless, its deeply entrenched malware such as this that makes it very difficult to be secure.

Article - https://www.bleepingcomputer.com/news/microsoft/microsoft-signed-malicious-windows-drivers-used-in-ransomware-attacks/

Research - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware

Twelve Billion

Police in China arrested 63 people for laundering as much as 12 billion Chinese yuan ($1.7 billion) via cryptocurrency. This story is interesting to me because it highlights how we’re inundated with huge crypto numbers in the news with virtually all of them attached to crime and criminal enterprising groups and even countries. Moreover, in this case they attempted to use a “stablecoin”, specifically Tether (USDT), which is ironically tied to the US dollar created by a company in Hong Kong, iFinex. This arrest is tied to the publicized crackdown on crypto in China, but simultaneously proves that crypto is the new currency of crime and is not going away anytime soon. Well, at least until quantum computing gets to about 1000 qubits, then game over.

Report - https://www.cnbc.com/2022/12/12/chinese-police-arrest-gang-who-laundered-1point7-billion-via-cryptocurrency.html

Qubit - https://en.wikipedia.org/wiki/Qubit

iSpy4U, Inc.

This has been going on for a long time in pockets – the use of cyberweapon-level spyware (e.g., Pegasus) and even a small collection of providers for spying services popped up. Now, we have well-formed organizations acting as surveillance-for-hire and empowered with an extensive capability that is further enabled with networks comprised of fake social media accounts being used in CIB (coordinated inauthentic behavior). In short, it’s a sophisticated covert operation that you can buy as easily as you would a credit card number on the dark web.  

Although I’ve covered this extensively, here’s an article this week that gives new information - https://therecord.media/spyware-and-surveillance-for-hire-industry-growing-globally-report/

Meta’s report including CIB - https://therecord.media/after-more-than-200-takedowns-meta-confirms-covert-online-campaigns-have-gone-global/

Downunder

This is another in a long and growing list of physical manifestations of cyber attacks that threaten people. Just posted today in Australia, the Fire Rescue Victoria is suffering an attack that has impacted networks, email, and importantly, dispatch. While they’ve moved to using phones, radios, and pagers, the fact remains that computer systems expose new forms of risk due to reliance issues.

Post - https://www.frv.vic.gov.au/update-frv-outage

A Chat about Rudolph with Chat

I asked ChatGPT, “Why is Rudolph's, the red nosed reindeer, nose red?”

“According to the story, Rudolph's nose is red because it glows brightly in the dark, which makes it easier for Santa Claus to guide his sleigh on foggy nights. In the story, Rudolph is teased and excluded by the other reindeer because of his unusual nose, but eventually he becomes a hero when his bright red nose helps guide Santa's sleigh through fog on Christmas Eve.”

I added, “Rudolph seems like a pretty cool Reindeer.”

To which, ChatGPT replied, “Yes, Rudolph is definitely a cool character! His unique ability to guide Santa's sleigh through foggy nights with his bright red nose has made him a beloved and iconic figure in the world of Christmas. Despite facing challenges and being teased because of his difference, Rudolph becomes a hero and helps make Christmas a special time for children around the world. Many people enjoy the story of Rudolph the Red-Nosed Reindeer for its positive message about the importance of being true to oneself and embracing one's differences.”

I commented, “That’s a great message for us all. Happy holidays, ChatGPT”

“Thank you! Happy holidays to you as well. Is there anything else you’d like to discuss?”

“Um, sure. What will I get for Christmas?”

“I'm sorry, but as an AI language model, I don't have access to any information about your holiday plans or what you might receive for Christmas.”

“Humbug”