Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security. Okay, I have a confession to make. Despite covering security day in and day out, I realized I don’t exactly practice what I preach. I have written extensively about the importance of two-factor authentication (2FA) just through this very newsletter several times before. Every time the issue of personal online privacy has come up in here, I’ve urged you to turn on 2FA for an extra layer of security. I thought I have been doing this 2FA thing right until my phone got stolen a couple of days ago. The phone — on which I had installed an authenticator app — was, needless to say, a gateway to dozens of services I had signed up for. So what went wrong? Short answer: backup codes, or lack thereof. Although I had jotted down the backup codes for most of my accounts, I noticed, to my shock and horror, that I had missed out a few others. The result? I was locked out and I ended up spending way too much time trying other laborious ways to recover access to my accounts. As they say, lesson learnt. If you want to avoid being in my position, use a cross-platform authenticator app like Authy that can synchronize your tokens between your various devices. Here are some other tips: While SMS is not a reliable solution for 2FA, it doesn’t hurt to add a second phone number to your account in case you lose access to your main number. Also set up 2FA on two different devices so that one can act as a backup. Finally, if all else fails, contact customer service. But be warned that the recovery process can take several days, and in some cases, may even require you to create a brand new account (such as Discord). This is why it’s essential to have backup options, so in case the worst happens, you can easily get access to your accounts back.
What’s trending in security?
The US Treasury department is keeping a close watch on ransomware payments, Facebook shut down a malware groupthat hijacked users’ accounts to buy malicious ads, and Tesla finally added support for 2FA.
The FBI is joining hands with the CIA and NSA to hunt foreign hackers. [Reuters] Law enforcement agencies arrested 179 people across Europe and the US in an operation named “DisrupTor” for carrying out illicit sales of drugs and guns on the dark web. In a similar development, Polish police shut down a hacker super-group involved in bomb threats, ransomware, and SIM swapping attacks. [BBC / ZDNet] The European Court of Justice, the EU’s highest legal authority, ruled that member states cannot collect citizens’ mobile and internet data en masse. [CNBC] Checkm8, an unpatchable flaw in iOS kernel that was used to develop a Jailbreak for iPhones, has been exploited in Macs to bypass Apple’s trusted T2 security chip and gain deep system access. [WIRED] Singapore became the first country in the world to use facial verification for its national ID scheme called SingPass, allowing citizens secure access to both private and government services. [BBC]
The US Department of Homeland Security admitted that 184,000 photos from a facial recognition pilot program were hacked from a Customs and Border Control subcontractor, and at least 19 were posted on the dark web last year. [Motherboard] Facebook shut down “SilentFade” Chinese malware gang that hijacked accounts to purchase malicious ads, ultimately defrauding users of $4 million to buy ads for diet pills and fake designer handbags between late 2018 and February 2019. [WIRED] Popular dating app Grindr fixed a flaw in its password reset process that allowed anyone with knowledge of a user’s email address to take over the account. [TechCrunch] Clark County School District in Las Vegas found itself in a spot after private information of 320,000 students, including Social Security numbers and student grades, were leaked in an underground forum after school officials chose not to pay the ransom demanded in return for unlocking district computer servers. [The Wall Street Journal]
But the US Treasury is keeping a close watch. The department said those who facilitate payments on behalf of ransomware victims, including digital forensics firms, could be subjected to hefty fines if the attackers are on the US sanctions list. This comes after wearables maker Garmin paid a ransom to the previously sanctioned EvilCorp gang. [US Dept of Treasury] As hospitals fall victim to ransomware attacks, a group of volunteers called the Cyber Threat Intelligence League have stepped in to monitor threats in the medical sector and level up their cyber defenses. [WIRED] Twitter suffered its biggest hack in July, and with the US elections around the corner, it’s preparing itself to avert another one. The social media platform has hired Rinki Sethi as its new chief information security officer. [WIRED] A hack-for-hire cyberespionage group known as BAHAMUT has been linked to a “staggering” number of ongoing attacks against Saudi diplomats, Sikh separatists, and Indian business executives in the Middle East and South Asia, while also engaging in wide-ranging disinformation campaigns. [Blackberry] The last fortnight in data breaches, leaks and ransomware: Arthur J. Gallagher & Co, Blackbaud, Chowbus, KuCoin, Microsoft Windows XP, Swatch, and Universal Health Services.
Data Point
With ransomware attacks escalating everywhere frequency and intensity, there has been a 50% increase in the daily average of attacks over the last 3 months compared to the first half of 2020. They have emerged as one of the most profitable means for baddies to make money, and it’s unlikely to disappear anytime soon. According to Check Point Research, “US ransomware attacks doubled (98.1% increase) in the last 3 months, making it the #1 most targeted country for ransomware, followed by India, Sri Lanka, Russia and Turkey.” The reason for the surge? Threat of double extortion, gaps in IT infrastructure due to the global shift to remote work, and the return of the Emotet botnet for ransomware campaigns.
Tweet of the week
That’s it. See you all in two weeks. Stay safe! Ravie x TNW (ravie[at]thenextweb[dot]com)