Security Summary – June 202010-07-2020 Autor: DSwiss
Our short monthly review summarizes important news and blog posts, which focus on IT security, cloud computing and privacy protection.
1. Social credit systems widely accepted
A new study by Kaspersky shows that 51% of respondents worldwide are in favor of state supervision of social media activities in an effort to ensure "better security for citizens". They would therefore agree to reveal their personal and sensitive data to secure a positive evaluation, which would then work to their advantage, for example when looking for a new job or applying for an attractive loan. Here we are speaking of so-called social rating systems. However, despite offering consumers a range of benefits, these systems may also pose a number of risks such as the violation of data protection, discrimination and prejudice. They can also be susceptible to manipulation. One country that has introduced a social credit system is the People's Republic of China.
2. Phishing attack hits German coronavirus task force
More than 100 senior executives of a German multinational firm and their suppliers have been the target of an ongoing phishing attack. Although the company’s identity is not currently known, it has been confirmed that it is part of the German Coronavirus Task Force and is a manufacturer of medical protective equipment. It is unknown how many attacks were successful and who exactly is behind them. However, connections to the Russian email service Yandex have been exposed. According to researchers, a spread of attacks against other members of the German CoronaVirus Task Force cannot be ruled out.
3. Australia targeted by cyber attacks
China is suspected of launching a large-scale cyber attack on Australian institutions, including both government agencies and private companies. Although the attacks don’t seem to have been very successful thus far, Australia's ASD news service has released useful information for vulnerable institutions to help counter hacker attacks.
4. Encrypted phone service hacked by law enforcement agencies
According to the online magazine Motherboard, law enforcement agencies have managed to hack Encrochat's infrastructure. The provider of secure Android smartphones and communication services is very popular among organized criminals. As a result of the breakthrough, users with a criminal background – including a British contract killer and several drug gangs – have now been arrested across Europe. Encrochat is said to have announced the termination of its services.
5. TrickBot through Black Lives Matter email
Once again, cybercriminals exploit the latest zeitgeist, distributing a survey on Black Lives Matter to smuggle the well-known TrickBot malware onto their victims' computers. The attackers are using a popular trick, taking advantage of a current event to make money fast. In the past, in addition to widespread movements, political or sporting events were also exploited for similar reasons.
6. Twitter removes accounts of a far-reaching political disinformation campaign
DerThe short message service Twitter has removed more than 32,000 accounts to protect its users from three different influencing campaigns attributed to China, Russia and Turkey. The accounts were bogus and bot accounts that generated content as well as various repeater accounts that retweeted the respective content.
7. TikTok is becoming increasingly political
TikTok is the app with the fastest growing user base in the world. According to the Chinese owner company ByteDance, its main purpose is to create fun. However, TikTok is also being increasingly used for political messages, both by private users and young female politicians, although the latter are still represented by a very small proportion. However, it is now being said that the company may want to shorten the reach of its political contributions. They have also been talking about censorship. The relevance of the link with China and the extent to which this has an impact is somewhat controversial.
8. Large number of printers can be controlled openly
Around 80,000 IPP printers are exposed to hackers online every day, accounting for around 11.5% of all IPP-compatible devices. These printers were either set up incorrectly or without sufficient security. IPP, which stands for Internet Printing Protocol, should actually prevent reading without rights, since the protocol supports functions such as encryption and authentication of TLS (Transport Layer Security, more commonly known under the previous name SSL) and is compatible with the Internet protocol HTTPS.
9. SensibleSensitive data from dating apps exposed online
Security researchers were able to access sensitive data from eight specialized dating apps, for example targeting people with venereal diseases or certain sexual preferences. Unprotected images and voice recordings with suggestive content were downloaded over the internet. Although the data does not contain names or email addresses, the information is sufficient to be able to identify the app users. It is not clear how many people are affected, but researchers assume hundreds of thousands, if not millions, of users.