FBI access to messaging apps, mandatory 2FA at Facebook and other cybersecurity developments

We have gathered the most important cybersecurity news of the week.

Report: More than 300,000 devices infected by trojans through Google Play Store

Banking trojans are being distributed via the Google Play Store, ThreatFabric researchers found.

According to experts, trojans masquerade as various apps, including crypto-related ones. They steal user credentials. Such apps have been installed over 300,000 times.

Activists learned which data from different messaging apps the FBI can access

The organization Property of the People published the FBI training manual, which reveals exactly which data law enforcement can request from messaging apps.

• iMessage: message contents are restricted. With a subpoena it is possible to obtain basic information about the user, and with a warrant — iCloud backups, which may contain archives of chats.
• WhatsApp: message contents are restricted. A warrant allows access to contacts from the address book. Provides a so-called pen register and transmits data about source and destination for each message every 15 minutes. If the messenger is installed on an iPhone and iCloud backups are enabled, the transmitted data may include information from WhatsApp, including the contents of messages.
• Telegram: access to messages is not possible, information is not provided even with a court order (except IP addresses and phone numbers in investigations of confirmed cases of terrorism).
• Signal: access to messages is not possible; provides account creation date and last login date.
• Viber: access to messages is not possible; provides phone number and IP address at registration, as well as the overall history of messages.

The document also contains information about Line, Threema, WeChat and Wickr.

Media: Facebook to mandate two-factor authentication under threat of blocking

Facebook will make two-factor authentication mandatory for all accounts that the social network deems at risk of being hacked. Until users enable 2FA, their accounts will be blocked, TechCrunch reports.

This will form part of the Facebook Protect program, designed to safeguard accounts of people who may be at particular risk, such as human rights defenders, journalists and public officials.

Group-IB explains causes behind the rise of ransomware attacks

Group-IB analysts named one of the main reasons for the rise in ransomware attacks—the alliances between operators of cyber extortion software and sellers of access to compromised networks under RaaS programs. The number of offers to access corporate networks is increasing rapidly.

“Most brokers are Russian-speaking, which makes Russia and the CIS the least attacked region, as criminals try not to operate “on the street” to avoid arrest,” the experts noted.

There has also been a substantial rise in dark-net sites through which victims are coerced to pay ransoms under the threat of publishing stolen data. In 2020, 1,335 companies were victims of ransomware on such sites, while in the first three quarters of 2021—1,966.

At the same time, the carding market is losing its popularity. Its volume fell from $1.9bn to $1.4bn.

Panasonic reports data breach

Panasonic said that unauthorized access to its servers occurred in November, resulting in a data breach, though details of the incident have not been disclosed.

Media: The charge against Group-IB founder may be linked to transfer of data on Russian hackers to the U.S.

The treason case against Group-IB founder Ilya Sachkov may be connected to allegations that he provided information about Russian hackers Fancy Bear to the United States, who participated in cyberattacks ahead of the 2016 presidential election, Bloomberg reports, citing sources.

According to the publication, the data provided by Sachkov helped the United States identify 12 “GRU agents” involved in the attacks.

As reported in September, Sachkov was arrested on suspicion of treason, facing up to 20 years in prison.

The price of personal data breaches rose substantially in 2021

Data Leakage & Breach Intelligence specialists released a report analyzing the black market for personal data breaches in 2021.

Experts noted that the price of such “services” rises annually. The cost of purchasing banking customer data ranges from 15,000 to 40,000 roubles depending on the bank. In 2021 it rose significantly.

As for the “mobile breach,” the price for detailing calls and subscriber messages per month ranges from 5,000 to 30,000 roubles.

One of the cheapest options in this spectrum remains the purchase of data from government databases. However, a search of a person by photo through city-wide facial recognition cameras in Moscow and Saint Petersburg would cost the buyer 30,000 roubles.

Also on ForkLog:

• FBI seized over 39 BTC from a wallet linked to REvil.
• Hacked DeFi protocol Badger DAO. In the community they linked the address that lost 900 BTC due to the protocol’s hack to Celsius Network.
• Developers of dYdX discovered a vulnerability in a “recently deployed smart contract”.
• Experts stated that 86% of hacked Google Cloud accounts were used for mining.
• DeFi platform MonoX lost $31 million as a result of the hack.
• Roskomnadzor intends to restrict the operation of another six VPN services.
• Users and experts reported Tor access blocked in Russia.

What to read this weekend?

We explain how data leaks occur in the darknet, who buys them and how it all works in ForkLog’s feature.

Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.