Double standards from Apple, biometric data collection in Russia, and other cybersecurity developments

Here are the week’s most important cybersecurity headlines.

Europol reports breach of Sky ECC encrypted-messaging platform. Sky ECC denies.

Belgian, French and Dutch authorities, together with Europol, said Sky ECC, a platform for encrypted communications, was breached.

🚨#Breaking
MAJOR INTERVENTIONS TO BLOCK ENCRYPTED COMMUNICATIONS OF CRIMINAL NETWORKS:#Europol and @Eurojust have supported 🇧🇪🇫🇷🇳🇱 in a major international operation, disrupting #SkyECC, an encrypted network used by criminals. Read more: https://t.co/NeWio8bICP

— Europol (@Europol) March 10, 2021

According to Europol, they also gained access to ‘hundreds of millions of messages exchanged by criminals’. This allowed authorities to obtain information ‘on more than a hundred planned large-scale criminal operations’.

«By mid-February, authorities were tracking information flows of about 70 thousand Sky ECC users», — Europol said.

Meanwhile Sky ECC asserts that authorities hacked a counterfeit version of their platform, no authorised Sky ECC device has been compromised, and no investigative body has contacted the company.

Sky ECC also denies any claims that it is ‘the platform preferred by criminals’.

«The platform exists to prevent data theft and hacking, to protect privacy and to enable the secure conduct of legitimate personal and business operations», the company said.

Sky ECC positions itself as ‘the most secure messaging platform you can buy’ with end-to-end encryption. The provider offers subscriptions and Android and iOS phones, paid for in bitcoins and shipped worldwide, says ZDNet.

In Catalonia, four suspects arrested in FluBot botnet

Catalan police arrested four suspects in the FluBot botnet, which infected at least 60,000 devices.

FluBot, also known as FedEx Banker or Cabassous, has operated since late 2020. The malware is a banking trojan for Android devices.

To spread to new victims, the malware used SMS spam to targets among the contacts of already infected users. Catalan authorities said they identified at least 71,000 such messages. 

Despite the arrests, cybersecurity experts note that FluBot remains active.

Looks like it isn’t dead after all. Even after succesful police intervention #Flubot campaign is still going, eh? @B0rys_Grishenko @500mk500 @CERT_OPL @PPiekutowski

— Piotr Kowalczyk (@pmmkowalczyk) March 7, 2021

It remains unclear whether other members of the hacker group run the botnet or if the malware servers are operating “by inertia”.

Russia seeks to step up biometric data collection

Russian authorities want to encourage citizens to provide biometric data. As Kommersant reports, citing participants at a Ministry of Digital Development meeting on the issue, the ministry is considering closing remote access to a number of public services without biometric data.

Trend Micro: number of malware, phishing and credential theft attacks rose sharply in 2020

Trend Micro researchers detected and blocked 16.7 million threats in email in 2020. The number rose by nearly a third compared with 2019, ForkLog said.

Also in 2020, there was a double-digit increase in malware-based attacks, phishing attempts and credential theft.

In France, Apple accused of collecting user data without consent

France Digitale, representing most French IT entrepreneurs and startups, accused Apple of violating EU data-protection laws.

Although mobile apps request permission to collect data for targeted advertising, default settings allow Apple to run ad campaigns without user consent, France Digitale says.

Under European law, all organisations must seek user permission to collect data via trackers or other tools.

France Digitale also alleges that Apple’s tracking feature allows it to share collected data with affiliated companies without notifying users in advance.

Apple called the allegations false.

White House concerns over Microsoft Exchange vulnerabilities

The vulnerabilities in Microsoft’s Exchange email product “could have far-reaching consequences,” said White House Press Secretary Jen Psaki.

In early March, Microsoft released out-of-band fixes for four zero-day vulnerabilities found in the Exchange code. The company noted that the flaws were being exploited by the Hafnium group, believed to be China-sponsored.

Using them, hackers could gain administrator privileges and exfiltrate user data.

Thousands of organisations have reportedly been affected.

The US Cybersecurity and Infrastructure Security Agency (CISA) urged “all organisations across all sectors” to follow guidance to address the vulnerabilities in Microsoft Exchange Server.

CISA urges ALL organizations across ALL sectors to follow guidance to address the widespread domestic and international exploitation of Microsoft Exchange Server product vulnerabilities; see CISA’s newly released web page for details. https://t.co/VwYqAKKUt6. #Cyber #InfoSec

— US-CERT (@USCERT_gov) March 9, 2021

Ryuk ransomware attacked Spain’s government systems

Spain’s public employment service (SEPE) systems were taken offline following a Ryuk ransomware attack, affecting more than 700 SEPE offices across the country.

SEPE chief Gerado Guitérrez stressed that confidential data remained safe and the attack would not affect payroll or unemployment benefits.

Also on ForkLog:

• Roskomnadzor began slowing Twitter in Russia and threatened to block it.
• Hackers gained access to 150,000 cameras at Tesla factories, prisons and hospitals.
• Media reports that the US will carry out a series of cyberattacks against Russia.
• Telegram began removing bots for data probing at Roskomnadzor’s request.
• Russia identified several thousand publicly available cameras with public data.
• Czechia extradited to the US two members of a hacker group from Ukraine.

What to read this weekend?

How the personal data market on the dark web operates — how they get there, who buys it and why, read ForkLog’s exclusive.

Subscribe to ForkLog news on Telegram: ForkLog Feed — all the news, ForkLog — the most important news and polls.