Pegasus spyware disclosure, tracking Bitcoin transactions in the United States, and other cybersecurity developments

We round up the most important cybersecurity news from the past fortnight.

Media reports reveal potential use of Pegasus spyware to surveil politicians and journalists worldwide

The week’s main scandal (and, in Edward Snowden’s view, the story of the year) was the disclosure of governments’ use of Pegasus spyware from the Israeli NSO Group to surveil human rights defenders, journalists and politicians worldwide by hacking iPhone and Android devices.

During the joint investigation, researchers found a database of 50,000 numbers that could have been Pegasus targets. The hacks of some devices on the list were confirmed. Detecting traces of spyware usage requires expert analysis, analysts say, so it is not possible to state with certainty which device was hacked and which was merely a potential victim.

In the database was the number of French President Emmanuel Macron and Telegram founder Pavel Durov. The latter confirmed the inclusion of his number on the list, and Macron changed his number.

Durov noted that Snowden had already in 2013 described Apple and Google as participants in a \”global surveillance system\” and urged action against their duopoly.

Media outlets pledged to publish details on other individuals on the list gradually.

One Israeli official stated that a parliamentary commission would review the NSO Group spyware’s use and may impose restrictions on its sale.

DuckDuckGo to launch a service to remove trackers from emails

The privacy-focused search engine DuckDuckGo has launched an email service that removes trackers from incoming messages. It is currently in closed testing.

Today we’re announcing the beta release of DuckDuckGo Email Protection! Get a free Duck Address, and we’ll forward emails to your current inbox after zapping hidden trackers and protecting your current email address.

That’s privacy, simplified.https://t.co/Bcgz5yB7nZ

— DuckDuckGo (@DuckDuckGo) July 20, 2021

Users will be able to forward emails that have already been stripped of trackers to their mailboxes, such as Gmail or Yahoo. The service will also offer the option to create disposable email addresses.

Russia fines Telegram, Facebook and Twitter again for failing to remove prohibited information

A Moscow court fined Facebook 6 million rubles for failing to remove information prohibited on the territory of the Russian Federation.

For the same reason, fines were imposed on Telegram and Twitter — 11 million and 5.5 million rubles respectively.

The United States, the United Kingdom and NATO allies accuse China of hacking Microsoft Exchange servers

The United States, together with the United Kingdom and NATO, accused state-sponsored Chinese hackers of cyberattacks on Microsoft Exchange servers.

The White House states that, in some cases, government-affiliated actors conducted ransomware attacks against private companies and demanded \”millions of dollars\” in ransom.

Britain’s National Cyber Security Centre said that the attacks were linked to the APT40 group.

The United States will begin tracking cryptocurrency transactions to combat ransomware

In 2021, more than $33 million in cryptocurrency was paid to addresses associated with ransomware operators, according to data from the Ransomwhere service, launched to track payments to ransomware operators.

According to Bloomberg, the White House has formed a ransomware task force. One of the main countermeasures against such threats is tracking ransom payments in cryptocurrencies.

Vulnerabilities found in Telegram’s encryption protocol

Researchers found several vulnerabilities in the MTProto cryptographic protocol used by Telegram to encrypt users’ correspondence.

The bugs were identified as far back as April; the messenger has since fixed all discovered issues. It is noted that the risk was low because exploiting the vulnerabilities in practice was nearly impossible, but it underscores the protocol’s imperfection.

Microsoft and Citizen Lab accuse the Israeli Candiru of selling tools to hack Windows

Researchers at Microsoft and the human rights group Citizen Lab said that an \”aggressive Israeli private company\” under the codename Sourgum created and sold a hacking tool to breach Windows. Microsoft did not name the company directly, but Reuters reports it is Candiru.

According to researchers, the tool was used by numerous clients worldwide to attack various organisations and users in several countries, including Iran, Lebanon, Spain and the United Kingdom.

In Spain, another hacker linked to Twitter’s hack was arrested

In Spain, a British national Joseph O’Connor was arrested for his alleged role in hacking Twitter accounts of celebrities and the subsequent cryptocurrency scam.

In July last year, hackers conducted a large-scale attack on numerous accounts of well-known people on Twitter and posted messages about a fake Bitcoin giveaway.

One of the perpetrators, 18-year-old Graham Clark, was sentenced to three years in prison.

Kaspersky Lab: 83% of phishing links in Russia spread via WhatsApp

Phishing links in Russia were most often distributed via WhatsApp in 83% of cases, Kaspersky Lab researchers reported. On the second place was Viber, which accounted for one in ten such attacks. Telegram accounted for 7%.

Also on ForkLog:

• The European Commission proposed to ban anonymous crypto transactions.
• The DeFi project THORChain halted operations due to a hacker attack.
• Reports say Russia held drills to isolate Runet.
• According to Kaspersky Lab, the value of cryptocurrency fraud reached $1 billion.
• Analysts found out how REvil hackers interact with victims. The group’s websites disappeared from the dark web the day before.
• Data of supporters of Trump who used cryptocurrency was leaked online.
• The U.S. State Department offered $10 million in cryptocurrency for information about the hackers.
• Telegram user data from Russia, Ukraine and Belarus was made public.
• Saudi Aramco, the world’s largest oil producer by daily output, was hit by a hacker attack, with 1 TB of confidential data stolen and being sold for Monero.

What to read this weekend?

Ransomware attacks have escalated recently. ForkLog investigates what lies behind the growing threat and what it might mean for cryptocurrencies that attackers demand as ransom.

Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.