We collected the most important cybersecurity news from the past two weeks.
- Data from 1.2 million WordPress users leaked in a GoDaddy breach.
- Kraken Security Labs bypassed biometric security using a fingerprint.
- INTERPOL carried out a large-scale operation and arrested over 1,000 suspects in cybercrime.
Ukraine identifies Phoenix hackers
The Security Service of Ukraine (SBU) identified alleged members of the Phoenix hacking group.
According to investigators, five Ukrainian nationals were part of the group. They gained access to users’ devices via phishing sites impersonating Apple and Samsung.
Subsequently, the attackers could control funds on victims’ accounts and sell their personal data. The SBU noted that the average price for unauthorized access to a smartphone was $200.
Experts bypass biometric security using glue
In Kraken Security Labs they showed how a fingerprint—often used as an authentication factor—can be copied.
All that is needed is a photograph of the fingerprint on a surface the person touched. The researchers then sharpened it with photo editing, printed it on a laser printer, and applied carpenter’s glue.
Kraken Security Labs claims that this method allowed access to most devices tested.
Apple warns activists about possible surveillance via spyware
Apple issued alerts to Thai activists critical of the government that their iPhones may be compromised by government-sponsored attackers.
This week Apple filed a lawsuit against NSO Group and sought to bar him from accessing its devices.
As reported in July, governments of several countries used NSO Group software to surveil journalists and activists.
Experts name the main ransomware groups targeting Russian business
Group-IB analysts compiled a list of the most aggressive ransomware families operating in Russia in 2020–2021: Dharma, Crylock, Thanos — each of them carried out more than 100 attacks on Russian business, according to ForkLog with Group-IB.
The number of ransomware attacks in Russia in 2021 rose by more than 200%, and the maximum requested ransom reached 250 million rubles.
«There is a Russian-specific pattern: the lack of information about successful cyberattacks by ransomware and their victims is explained by the attackers not publishing data on companies that refused to pay the ransom on public websites, and victims themselves strive to avoid publicity», the experts noted.
GoDaddy reports breach and data leakage of 1.2 million WordPress users
The hosting provider GoDaddy told the U.S. Securities and Exchange Commission about the breach and data leak of customers.
Hackers had access to GoDaddy’s servers for more than two months—they breached the company’s network as far back as September. As a result, data of 1.2 million customers of the managed WordPress hosting were compromised.
Earlier, unknown individuals duped GoDaddy employees and gained control over the domains of several cryptocurrency platforms.
INTERPOL reports arrest of over 1,000 cybercrime suspects
During Operation HAECHI-II, coordinated by INTERPOL, law enforcement arrested 1,003 cybercrime suspects and gained access to illicit funds totaling nearly $27 million.
Interpol noted that criminals’ methods continually evolve. During the operation, authorities also piloted a new mechanism for suspending payments — the so-called rapid-response protocol for money laundering.
Conti ransomware operators themselves were affected by a data leak
Prodaft, a cybersecurity firm, managed to pinpoint the IP address of one of Conti’s servers, which they had access to for more than a month.
By infiltrating a server used by hackers to negotiate ransoms, researchers monitored the attackers’ traffic for weeks.
After the report was published, Conti hackers briefly took down their payment portal.
As August, Conti ransomware-afflicted Nokia subsidiary in the United States.
End-to-end encryption rollout delayed in Facebook and Instagram
Meta (formerly Facebook) postponed the rollout of end-to-end encryption for messages in Facebook Messenger and Instagram until 2023.
According to reports, the delay stems from concerns raised by child-safety advocates that encryption would hinder the identification of online abusers and wrongdoers.
DuckDuckGo takes on Android app trackers
The privacy-focused DuckDuckGo team unveiled a beta version of blocking hidden trackers in Android apps.
DuckDuckGo noted that today more than 96% of free Android apps contain trackers.
Earlier, DuckDuckGo launched a mail service that eliminates trackers in incoming emails. It is currently in closed beta.
Also on ForkLog:
- Avast analysts forecast a rise in hacker attacks on Bitcoin holders.
- An Indian hacker claimed responsibility for attacks on Bitfinex and BTC-e.
- Brave browser integrated its own cryptocurrency wallet.
- In Russia, there has been a rise in fraud involving fake cryptocurrency launches.
- The long-awaited Taproot upgrade has been activated on the Bitcoin network.
What to read this weekend?
Ransomware has become a major threat to companies, and governments worldwide are considering countermeasures. We explain how this happened and what it means for the cryptocurrency industry.
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analytics.