Security Summary – July 202014-08-2020 Autor: DSwiss
Our short monthly review for July summarizes important news and blog posts, which focus on IT security, cloud computing and privacy protection.
1. Large-scale Twitter hack
In July, hackers implemented a social engineering attack, breaching Twitter employees to gain access to internal systems of the short message service and attack the accounts of 130 celebrities and high-ranking companies. Those affected included Bill Gates, Barack Obama, Elon Musk, Jeff Bezos, Apple, Uber, Kanye West and Joe Biden. The attackers advertised dubious cryptocurrency deals from 45 of the hacked accounts. In late July, a 17-year-old from Florida was arrested as a prime suspect.
2. Device fire caused by charger firmware
Smartphones connected to quick chargers with manipulated firmware can be damaged, destroyed or even set alight. A research group from Tencent has proven this in an experiment by manipulating the firmware of the quick chargers so that the voltage was too high.
3. Deleted databases – all that was left was a meow
A group of hackers deleted hundreds of unprotected databases, leaving nothing but a "meow". It is not known who was behind the attacks, but they are thought to originate from the security community as a kind of vigilante justice. Research teams are tired of discovering the same data leaks over and over, often without ever receiving an answer despite having notified the company, not to mention the fact that not all data is permanently protected even at close quarters.
4. Hacker attack on Garmin
The wearables and GPS tracker manufacturer Garmin fell victim to a ransomware attack in late July. Various services, the customer center and flyGarmin were not available for five days, and several production facilities in Asia were brought to a standstill. Users feared that their personal data and geolocations might also have been stolen, but apparently they were in luck: three cybersecurity companies suspect the attack was perpetrated by one of the few groups known for not stealing sensitive user data.
5. Tool to protect against face recognition
Face recognition by surveillance cameras or photo tagging in social media have long become common practices, and the controversy they stir up is not without reason. A group of researchers has now developed software designed to ensure individuals are able to protect their images against unauthorized facial recognition models. The images are manipulated in such a way that they are not visible to the eye, with face recognition services misdirected.
6. Emotet: data attachment theft for greater authenticity
The highly developed Windows malware threat, Emotet, has made significant progress and is now using file attachments from emails to further improve its authenticity. Emotet has been copying emails in full since 2018 in order to build on existing projects in companies and in some cases, to send highly credible emails to customers and partners. This credibility will now be reinforced by attachments that appear to be sent by your own boss. However, as soon as the document is clicked, it is too late and the Trojan horse spreads first to the computer and then widely across the network.
7. EU sanctions Russian and Chinese cybercriminals for the first time
The European Court of Justice has imposed sanctions against individuals and organizations from China, Russia and North Korea for cyberattacks on European citizens and companies. The measures include entry bans and the freezing of assets. In addition, EU citizens and companies are prohibited from providing funds to the named persons or organizations.