Robin’s Newsletter #232

27 November 2022. Volume 5, Issue 48
Massive UK fraud crackdown. Russia designated state sponsor of terrorism by EU Parliament. Cyber Partisans claim compromise of Roskomnadzor agency.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

UK authorities arrest 100 people in massive fraud crackdown

  • Over 100 people connected to a “one-stop spoofing shop” have been arrested in the UK’s ‘biggest ever’ counter-fraud operation. The Metropolitan Police’s cybercrime unit seized the ‘iSpoof’ website, used by scammers to steal ‘tens of millions of pounds’ from an estimated 200,000 potential victims.
  • The iSpoof site charged fraudsters for a service that helped them to disguise their phone number and pretend to be calling from a victim’s bank or government agency. It’s believed the site’s operators raked in £3.2 million over the 20 months they were running, with around 10 million scam calls being made globally, of which 3.5 million were made in the UK.
  • On average, victims were conned out of £10,000, though in one extreme case, the scammers netted themselves £3 million.
  • According to police, Teejai Fletcher, 34, lived a “lavish” lifestyle in east London while masterminding the iSpoof site. Fletcher is charged with making or supplying articles for use in fraud, participating in activities of an organised crime group and proceeds of crime matters.
  • The Met will send text messages to 70,000 victims, where these can be identified, warning them they have fallen victim and how to take action, which will always be via the ActionFraud website: https://www.actionfraud.police.uk

theguardian.com, zdnet.com

The EU declared Russia a state sponsor of terrorism

  • The European Union designated Russia a state sponsor of terrorism. The move is largely symbolic, reports Reuters, compared to the unprecedented sanctions already imposed. The Russian Killnet group launched a seemingly retaliatory distributed denial of service (DDoS) attack, flooding the EU Parliament website with traffic and causing it to be temporarily unreachable. Meanwhile, the Wagner Group, a Russian private military organisation, sent the EU Parliament a ‘bloodied’ sledgehammer in a violin case, reports The Times. reuters.com, therecord.media, thetimes.co.uk
  • Ukraine’s energy infrastructure continues to be a target for Russian missile strikes, causing power outages in Ukraine and neighbouring Moldova and degrading telecommunications and internet access. therecord.media

Interesting stats

6.7% of IT spend is spent on information security by operators of essential services and digital service providers, according to new figures published by ENISA, with €600,000 the median information security spend, compared to €10 million on information technology.

€30,000 the minimum direct cost of a major security incident, with €200,000 the median cost (€369,000 average) of such events.

Lots of other interesting trends and stats in this report, too (H/T Mikko!) europa.eu

Other newsy bits / in brief

Attacks, incidents & breaches

  • Belarusian hacktivist group the Cyber Partisans claim to have compromised the Russian General Radio Frequency Center (GRFC), part of telecommunications and media regulator Roskomnadzor. GRFC confirmed the breach, saying it was “under control” and no confidential information was stolen. The Cyber Partisans claim to have downloaded over 2TB of data — including employee identity and medical data, internal emails and reports on surveillance projects — and leapt at the claim that no confidential information was stolen. Posting to a Telegram channel, the hacktivist group claims that “we believe that we can make [non-classified data] public with a clear conscience”. therecord.media
  • A continuity plan to “carry out the essential missions of the administration” has been enacted by the French island of Guadeloupe following a wide-ranging cyberattack. All government computer networks have been shut down in the French overseas department, which has a population of 385,000. [therecord.media](https://therecord.media/guadeloupe-kickstarts-continuity-plan-after-wide-ranging-cyberattack/
  • A suspected ransomware attack is impacting services at one of India’s largest hospitals. The All India Institute of Medical Services (AIIMS) in New Delhi has a capacity of over 2,200 beds, and medical staff are having to revert to manual processes that are “prone to errors” and causing long delays. techcrunch.com
  • $300,000 stolen from customer accounts at betting company DraftKings. Paul Liberman, DraftKings Cofounder, attributed the compromise to credential stuffing while announcing the company intends to ‘make whole’ any affected customer. bleepingcomputer.com
  • The Ragnar Locker ransomware group has published stolen data from a local Belgium police force after mistakenly believing they had compromised a local municipality of the same name. Zwijndrecht police attempted to downplay the breach as only affecting an ‘administrative’ network amidst fears that personal data of those reporting crimes or abuse and ongoing investigations may be exposed. [bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/ransomware-gang-targets-belgian-municipality-hits-police-instead/

Threat intel

  • WithSecure says a suspected Vietnamese group dubbed Ducktail has adapted their tactics to try and avoid detection in a campaign focussed on stealing access to Facebook business accounts that have run adverts worth up to $600,000. bleepingcomputer.com
  • RansomExx has created a variety of malware in the Rust programming language, according to IBM, to avoid detection. therecord.media
  • Android phones are not receiving patches to resolve high-security issues identified by the Google Project Zero team earlier this year. Google’s Pixel lineup, as well as phones from Samsung, Xiaomi and Opportunities, among others, have not followed out updated Arm Mali GPU drivers, despite being available from Arm for months. Consumers will have to wait for their vendor to test and release patches for their devices, which are apparently ‘undergoing testing’ by Android and Pixel teams. zdnet.com

Vulnerabilities

  • Google has issued an update for a 0-day vulnerability in its Chrome web browser. CVE-2022-4135 is the eighth such vulnerability reported this year, and an exploit “exists in the wild”. bleepingcomputer.com

Cyber defence

Security engineering

  • Elon Musk has promised end-to-end encrypted (E2EE) messaging for Twitter DMs. In messages to CyberScoop, Alec Muffett pointed out it took the rival social network 18 months to build and, five years on, policy, privacy, and engineering teams are still struggling to balance privacy and safety issues. Muffet led Facebook’s efforts to launch a similar feature. cyberscoop.com

Privacy

  • PC Repair shops lack policies and controls to safeguard customer data, says a University of Guelph study of national, regional and local shops in Canada. Almost all required customers to hand over passwords, even when not required, such as with a battery replacement, while 3/8 snooped on customer data, and 1/8 went so far as to take copies (often trying to cover their tracks while doing so). Female customers were more like to have their privacy violated. arstechnica.com, arxiv.org (PDF)
  • US tax filing websites sent sensitive financial data to Meta and Google via their website visitor trackers. There’s a difference between ‘sending data’ to these services and those services using that data (both Meta and Google claim to have policies of disregarding such data), but it’s not a good look either way. themarkup.org

Public policy

  • The UK Cabinet Office has told government departments to stop using Chinese-made CCTV and surveillance systems on ‘sensitive sites’. The decision follows a ‘security review’ that raises concerns over the risk from these systems’ increasing capability and connectivity, especially when combined with China’s National Intelligence Law, which can compel citizens and organisations to support intelligence operations. ft.com, theregister.com

Law enforcement

  • Interpol has announced 975 arrests and seizure of $130 million cash and virtual assets as the result of the ‘Haechi III’ operation. The operation, which ran between June and November this year, has allowed investigators to resolve more than 1,600 cybercrime and money laundering cases. bleepingcomputer.com

And finally

  • The International Bureau of Weights and Measures has agreed to abandon leap seconds for a century from 2035. Since their introduction in 1972, 27 extra seconds have been used to align the Earth’s slightly variable rotation with ultra-precise atomic timekeeping. In doing so, they have caused outages at firms such as Qantas, Cloudflare and Reddit. Hopefully, during the 100 years without them, scientists will have found a way to synchronise human measurement of time with our planet’s orbits of the sun. arstechnica.com
Robin

  Robin's Newsletter - Volume 5

  Cybercrime Fraud iSpoof Russia European Union Killnet Roskomnadzor Cyber Partisans General Radio Frequency Center (GRFC) Leap seconds