US confronts ransomware, Gosuslugi account breaches, and other cybersecurity news
We’ve gathered the week’s most important cybersecurity news.
- Following several high-profile ransomware attacks on various companies and government bodies, the United States decided to tighten monitoring of cryptocurrency transactions. They also plan to treat hackers as terrorists.
- The State Duma approved in the first reading a bill to rein in social networks.
- The Ministry of Digital Development of the Russian Federation confirmed that Gosuslugi accounts were hacked and used to vote in the United Russia primaries.
The United States will step up its fight against ransomware and scrutinize cryptocurrency transactions
On May 30, the world’s largest meat processor JBS reported that it had fallen victim to ransomware.
Due to the breach, JBS paused operations temporarily, but by June 3 it had managed to restore all systems.
Whether the company paid the ransom has not been disclosed.
In the White House, officials said the breach was most likely the work of hackers based in Russia. Familiar sources attributed the attack to the REvil (also known as Sodinokibi) group.
Against the backdrop of a recent uptick in ransomware activity, the Biden administration may increase monitoring of cryptocurrency transactions. Ransomware operators often demand payment in cryptocurrency.
Later reports indicated that investigations into ransomware attacks in the United States have been given the same level of priority as terrorism cases.
Earlier this May, the Colonial Pipeline was attacked by ransomware, which stole about 100 GB of data and blocked computer systems.
The State Duma approves the rein-in social networks bill in the first reading
The State Duma deputies approved in the first reading a bill obliging foreign IT companies to open representative offices in Russia.
The document is aimed primarily at foreign social networks. If the law is adopted, they will be required \”to take responsibility for violations of Russian law, to cooperate with government authorities, and to restrict dissemination of information in Russia that violates Russian law.\”
Social networks in Russia are already fined for refusing to remove such content. Fines have hit Twitter, TikTok, VKontakte and the Telegram messenger.
ExaGrid paid Conti more than 50 BTC
ExaGrid, a company specializing in backup hardware, paid more than 50 BTC to Conti ransomware operators for decryptors/tools.
ExaGrid was hit by an attack in May. Hackers compromised the company’s computer systems and allegedly stole 800 GB of data, including client and employee personal information.
Android users will be able to opt out of ad tracking
Following Apple, Google will allow Android users to opt out of tracking their activity and data collection in apps.
The option will appear later in 2021 with an update to Google Play services. Developers will no longer be able to see a user’s unique identifier if they opt out of personalised advertising.
U.S. authorities seized domains used by the Nobelium hackers
The U.S. Department of Justice said that two domains used by the Nobelium hacking group during attacks on U.S. government agencies were seized by law enforcement.
Justice Department Announces Court-Authorized Seizure of Domain Names Used in Furtherance of Spear-Phishing Campaign Posing as U.S. Agency for International Developmenthttps://t.co/7HQ7NaLa61
— National Security Division, U.S. Dept of Justice (@DOJNatSec) June 1, 2021
The domains were used for phishing. The hackers sent malicious emails impersonating the United States Agency for International Development.
Earlier this year, Microsoft stated that Nobelium was also behind the SolarWinds breach. The hackers are linked to Russia.
TikTok will start collecting users’ biometrics
TikTok has made changes to its privacy policy, indicating the possibility of collecting biometric data from users in the United States.
While the new privacy policy states that the collected information will generally be non-identifying, it notes that the app may collect \”faceprints and voiceprints.\”
The Ministry of Digital Development confirms Gosuslugi accounts were hacked and used for voting in United Russia primaries
A number of Gosuslugi portal user accounts were hacked and used to access the United Russia primaries site.
The Ministry confirmed “attempts to carry out fraudulent activity against individual accounts.” According to the ministry’s investigation, the actions involved weak, simple passwords or passwords that matched those used on other resources.
The United Russia primaries ran from May 24 to 30, including online voting. To participate, users had to authenticate via Gosuslugi or mos.ru.
ForkLog also features:
- A Russian-language hacker forum held a contest for new ideas on hacking cryptocurrencies.
- The attacker stole $6.2 million from the Belt Finance DeFi protocol.
- Navalny’s team named the former employee who leaked the supporters’ database.
- Binance Smart Chain described a wave of attacks by \”well-organized hackers.\”
What to read this weekend?
Pressure on social networks in Russia is mounting daily. They are fined for disseminating information prohibited by Russian law and authorities want to require them to open offices in Russia to monitor compliance with these laws.
On February 1, a law came into force obliging social networks to independently identify and block illegal content. Lawyers explained its essence and implications for users and companies.
Read ForkLog’s bitcoin news on our Telegram — cryptocurrency news, rates and analysis.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!