Roskomnadzor gains access to subscriber data, Telegram bots used to bypass 2FA, and other cybersecurity developments

We have gathered the week’s most important cybersecurity news.

\n\n

Cybercriminals devise a method to bypass two-factor authentication using Telegram bots

\n\n\n

Researchers at Intel 471 said that attackers have begun using Telegram bots to steal one-time passwords required to secure accounts protected by two‑factor authentication.

\n\n

\n\n

A number of services that bypass 2FA use Telegram either to create and manage bots, or as a host for a criminal ‘customer support’ channel.

\n\n

The bots send messages purportedly on behalf of banks or other services, prompting victims to disclose their 2FA one-time passwords. The attackers can then use the obtained credentials to access users’ funds.

\n\n

Roskomnadzor gains access to data on calls and messages of corporate-tariff subscribers

\n\n

On October 1, amendments to the Law on Communications came into force, obliging operators to provide Roskomnadzor with data on legal entities and individual entrepreneurs on demand.

\n\n

The new rules apply to subscribers on corporate tariffs. Roskomnadzor will be able to access information about incoming and outgoing calls, messages with timestamps of transmission and receipt, and data on the base station location to which the phone connected.

\n\n

Hydra banking Trojan spreads via fake Commerzbank app

\n\n

The Hydra malware operators are targeting customers of Germany’s Commerzbank, according to Bleeping Computer.

\n\n

MalwareHunterTeam found that the trojan spreads via malicious Android app files named Commerzbank Security, which uses the same icon as the official app. It requests numerous permissions that effectively grant full control of the device.

\n\n

SBU uncovers fraudulent call centres in Lviv. Operators extorted funds by posing as cryptocurrency investment schemes

\n\n

Ukrainian law enforcement identified in Lviv a network of illegal call centres through which criminals misappropriated funds from foreign nationals on the pretext of investments in cryptocurrencies and stock markets.

\n\n

Victims transferred money to the organisers’ bank accounts and cryptocurrency wallets, after which the fraudsters withdrew the funds. The scale involved thousands of victims.

\n\n

VTB reports a sharp rise in DDoS attacks in September

\n\n

In September, VTB repelled more than 80 cyberattacks — more than in the first eight months of the year combined. The bank noted that there were also record attacks, reaching up to 350 Gbps in power and lasting up to six hours.

\n\n

In September, Yandex said the company faced the largest DDoS attack in internet history.

\n\n

Chrome fixes another round of 0-day vulnerabilities

\n\n

Chrome developers fixed several bugs, including some serious vulnerabilities that were already being exploited.

\n\n

Medvedev proposes ban on foreign social networks in Russia

\n\n

Dmitry Medvedev, deputy head of Russia’s Security Council, said a ban on foreign social networks in Russia could be considered over alleged interference in the country’s politics.

\n\n

According to him, authorities could not only wag a finger at the companies but also restrict, block, throttle, or fine them:

\n\n

This could be a more serious measure, namely a ban on their activities.

\n\n

Medvedev reminded of the law, requiring social networks with a daily Russian audience of more than 500,000 to register offices within the country:

\n\n

I think this is a norm that will allow influencing the politics of these companies in our country. And they will have to comply with these decisions.

\n\n

Earlier, Medvedev suggested that Russia could be disconnected from the global network.

\n\n

Also on ForkLog:

\n\n

• There were searches at the Group-IB office. The founder of the company was arrested on treason charges.
• Roskomnadzor threatened to block YouTube.
• ESET researchers said that one in ten cryptocurrency fraud cases occurs in Russia.
• Cream Finance reported the return of 5152.6 ETH after a hack. The hacker received 10% of the amount.

\n\n

What to read this weekend?

\n\n

We recall the story of the Russian hacker group Lurk, blamed for stealing more than a billion rubles from Russians’ bank accounts.

\n\n

Follow ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.