WhatsApp Troubles, $150 Million for Ryuk Operators and Other Cybersecurity News

We’ve gathered the most important cybersecurity news from the past two weeks.

Signal and Telegram expanding user bases amid WhatsApp policy changes

At the start of January, the popular messenger WhatsApp updated its Terms of Service and privacy policy. Now users cannot opt out of data sharing with Facebook, which owns the service. If they disagree, their profile will be deleted.

Will Cathcart, head of WhatsApp, stressed that this does not concern chats or calls, as they are protected byend-to-end encryption.

With end-to-end encryption, we cannot see your private chats or calls and neither can Facebook. We’re committed to this technology and committed to defending it globally. You can read more here: https://t.co/YpR5RaGoW1

— Will Cathcart (@wcathcart) January 8, 2021

Later, due to widespread user discontent, WhatsApp pushed back the start date of the updated terms of service from February 8 to May 15.

However, amid WhatsApp news, a substantial influx of users for other messengers was observed — privacy-focused Signal downloads rose by 4200% over a week , while Telegram’s active users exceeded 500 million.

«Millions of people are outraged by the latest WhatsApp terms, under which users must hand over all their personal data to Facebook’s advertising system. It’s not surprising that the migration from WhatsApp to Telegram, which has been ongoing for years, has accelerated,»— wrote Pavel Durov.

Another reason behind Telegram’s rapid user growth could be the migration of Donald Trump supporters to the platform. The former U.S. president was blocked on Twitter and Facebook after the Capitol riot, and the popular network Parler was effectively taken offline.

Nevertheless, Durov noted that Telegram has also begun blocking calls to violence in the United States, and the channel named “Donald J. Trump” has been flagged as fraudulent.

Media: Moscow authorities may shut down tracking project for citizens’ movements

Moscow authorities may abandon the idea of launching a system to monitor passenger traffic via MAC addresses of devices.

As reported by «Ъ», citing sources in the mayor’s office, implementing such a project could be hindered by the dynamic MAC address replacement feature implemented in the latest Android and iOS updates.

The Road Traffic Management Center, the client for the project, has not disclosed any plans to abandon it.

Ryuk ransomware operators received around $150 million

The operators behind Ryuk ransomware reportedly collected about $150 million in total, according to Advanced Intelligence researchers in collaboration with HYAS, a cybersecurity company.

They identified 61 addresses tied to Ryuk and found that most of the Bitcoins were sent to exchanges for cashing out via intermediaries. The attackers mainly use two platforms — Huobi and Binance.

Recall that last year it was reported that the creators of Ryuk moved over $1 million in Bitcoin via Binance.

DuckDuckGo hit 102 million search queries in a day

Officials from the privacy-focused search engine DuckDuckGo said that in 2020 the average daily search volume grew by 62%.

DuckDuckGo also reported a record — on January 11 the search engine processed 102,251,307 queries.

Biden proposed $10 billion for cybersecurity

The new Biden administration included in its preliminary plan for economic recovery and pandemic relief IT and cybersecurity funding exceeding $10 billion.

As reported by Business Insider, such attention to cybersecurity may be a response to the SolarWinds breach, which affected many government agencies.

Report: ransomware operators stepped up attacks on state agencies and companies in 2020

In 2020, ransomware attacked at least 2,354 U.S. government, medical, and educational institutions, according to Emisoft researchers.

Over the year 58 government organisations and 1,300 private companies faced data breaches as a result of ransomware attacks. The researchers noted this is not a complete list since attackers often target software vendors and companies do not always disclose incidents.

Distributed Denial of Secrets published 1 TB of ransomware-victim data

The activist group Distributed Denial of Secrets published on its website 1 TB of data collected by ransomware operators and found on the dark web.

In addition to encrypting devices, hackers often steal user data and threaten to publish it if the ransom is not paid. In many cases, victims refuse to pay and hackers carry out their threats, landing the data on the dark web.

Distributed Denial of Secrets believes that some information from the leaked documents holds public value and should be disclosed.

Researcher gained access to Russia Railways surveillance system

A researcher going by the handle LMonoceros told on «Habr» that he managed to breach the RZhD network, including access to surveillance cameras.

RZhD stressed that personal data of customers were not leaked, and LMonoceros said that RZhD specialists contacted him and together closed the vulnerabilities.

Data allegedly stolen during the SolarWinds attack surfaced for sale

On a site called SolarLeaks data began to be traded, allegedly stolen from several companies in the SolarWinds breach. Among them are Microsoft, Cisco, FireEye and SolarWinds itself.

Customers can buy the data individually or in a “bundle” for $1 million.

To obtain a sample, buyers are asked to send 100 XMR to the address provided.

As a result the breach of the software supplier SolarWinds allowed hackers to infiltrate the systems of numerous U.S. agencies, as well as major corporations. The attack investigators suspect Cozy Bear (APT29), linked to Russian intelligence, may be responsible.

Google Project Zero researchers revealed vulnerabilities in messaging apps enabling user surveillance

Natalie Silvanovich of Google Project Zero found logic bugs in several apps, including Signal, Google Duo, Facebook Messenger, JioChat and Mocha, that could allow audio or video to be transmitted without user consent.

I found logic bugs that allow audio or video to be transmitted without user consent in five mobile applications including Signal, Duo and Facebook Messenger https://t.co/PlB0PzLzjJ

— Natalie Silvanovich (@natashenka) January 19, 2021

They allowed access to audio and video without user knowledge. All vulnerabilities have been fixed.

Silvanovich also checked Telegram and Viber for similar bugs, but none were found.

Data breach: Nitro PDF user database with 77 million records leaked

The Nitro user data database, a tool for working with PDFs, turned up online.

The 14 GB database contains 77,159,696 records, including email addresses, names, bcrypt hashed passwords, IP addresses and other data.

New Zealand’s central bank hit by a hack

The Reserve Bank of New Zealand came under attack, with hackers allegedly gaining access to commercial and personal confidential information.

The breach occurred via a third‑party data-sharing service used by the regulator to store confidential data.

Also on ForkLog:

• Atlas VPN researchers calculated that in 2020 the blockchain industry lost $3.8 billion due to hackers’ attacks.
• Brave added IPFS support.
• Jack Dorsey called the Bitcoin network a standard for the Internet, and Trump’s ban a dangerous precedent.
• A hidden miner was discovered, which had attacked macOS for more than five years.
• Germany closed the world’s largest dark net marketplace DarkMarket. Joker’s Stash also claimed closure, earning $1B in Bitcoin.
• Data of 1.3 million Russian Hyundai owners leaked
• A free decryptor for files attacked by the Darkside ransomware has been published
• Moscow authorities will bolster collection of personal data about residents

What to read this weekend?

We recall the most extensive and high-profile hacks the crypto industry faced in 2020.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news stream, ForkLog — the most important news and polls.