This Week In Security - 04/13/2020
Israeli Tech Firm Responds to WhatsApp Hacking Accusations
NSO Group Technologies hit back at WhatsApp and its parent company, Facebook, in its first filing on the case brought against the NSO Group in October last year.
In October last year, WhatsApp alleged that “the cyberweapons company was behind a series of highly sophisticated attacks that it claimed violated US law in an unmistakable pattern of abuse”.
NSO has now retaliated, accusing both Facebook and WhatsApp of being “safe spaces for terrorists and other criminals” and confused the actions of the NSO Group’s “sovereign customers” with the NSO itself.
Further on in the filing, the NSO argues that “permitting this litigation to proceed would infringe critical national security and foreign policy concerns of sovereign governments”.
WhatsApp responded by questioning the accuracy of the claims made by NSO Group and claimed it “was attempting to ‘avoid responsibility'”. Meanwhile, the NSO Group is hoping to make inroads into the West with its latest COVID-19 tracker tool, codenamed, Fleming.
It will be interesting to see how the case develops and whether the social media megalith manages to defeat the creators of mass surveillance technology when they have their day in court.
600,000 Users Exposed in Email.it Data Breach
Over half a million users’ data is up for grabs on the Dark Web after a hacking group infiltrated the databases of Italian email provider, Email.it.
The breach emerged on Sunday when hackers used the social media site, Twitter to promote the sale of the stolen data, which was said to include “plaintext passwords and contents of email messages”. The NN (No Name) Hacking Group claim the breach occurred over two years ago in January 2018 and that they had given Email.it “a chance to patch their holes” while “asking for a little bounty”.
According to the hackers, Email.it representatives refused to talk to them and failed to contact their users even after the breach came to light. Email.it denied this allegation, saying the company opted “not to pay the hackers, and instead contacted the Italian Postal Police (CNAIPIC)”.
The 48 databases the hackers claim to have infiltrated contained the sensitive data of 600,000 users who had signed up between 2007 and 2020. The stolen data allegedly includes “plaintext passwords, security questions, email content, and email attachments”.
Email.it has not contested any of these claims, saying that “no financial information was stored on the hacked server”.
Temperatures Rise at Microsoft as Emotet Causes Meltdown
Well-known malware developer, Emotet, has excelled itself with its latest hack which caused an entire network to overheat and shut down.
The identity of the affected company hasn’t been revealed, although Microsoft has published a case report detailing how the Emotet attack evaded antivirus software and spent 24 hours roaming the company’s system undetected.
The Microsoft Detection and Response Team (DART) said the attack began with “a swarm” of phishing emails. One recipient opened the email’s attachment, unknowingly handing over their credentials to “the attackers’ command-and-control server and granting the intruders machine access”.
The effect was far-reaching and devasting – “by day eight, the organization’s IT operations had shut down”. Microsoft said all systems were compromised by the attack which disrupted surveillance systems and left the finance department unable to complete external transactions.
DART said that the company’s failure to adopt the best cybersecurity practices had “contributed to the problem”. The lack of email filters and network visibility tools were pinpointed as two such errors, along with the fact that the organization’s administrative directories had been left open.
Microsoft’s cybersecurity team was called in on the eighth day and was able to remove the Emotet malware using buffer zones and by uploading new antivirus software.
Accenture Expands Cybersecurity Portfolio with New Start-Up
Multinational services company, Accenture, has boosted its cybersecurity capabilities once again with the acquisition of the Philadelphia-based tech start-up, Revolutionary Security.
The start-up specializes in cyber defense, risk assessment, and breach and attacking simulation testing and its acquisition, according to the head of Accenture Security, Kelly Bissell, “is another demonstration of our continued commitment to invest in areas to keep our clients safe from cyber threats”.
Founded in 2016, Revolutionary Security now “employs around 90 highly skilled cybersecurity professionals throughout the United States” and serves clients in various industries, including healthcare, communications, and manufacturing.
Jim Quinn II heads up Accenture’s cybersecurity for the chemical, energy, mining and utilities industries and believes, “Revolutionary Security’s extensive experience working with industrial companies and their specialized technical skillset will be incredibly valuable to our clients”.
The CEO of Revolutionary Security, Rich Mahler, is similarly confident about the future, saying, “The opportunity to become part of Accenture Security will enable us to deliver more complete solutions to our clients and expand our services”.
This isn’t the first cybersecurity acquisition Accenture’s made and it has a handful of similar business units, including identity management company, Redcore, and cybersecurity intelligence service providers, iDefense.