Daily NCSC-FI news followup 2020-10-12

Exposing covert surveillance backdoors in children’s smartwatches

www.mnemonic.no/blog/exposing-backdoor-consumer-products/ This blog post provides a technical description of how we discovered a backdoor in a smartwatch made for children. The device is a wearable smartphone, and the backdoor enables remote and covert surveillance through wiretapping, taking pictures, and location tracking. Also:

arstechnica.com/information-technology/2020/10/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor/

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

krebsonsecurity.com/2020/10/microsoft-uses-copyright-law-to-disrupt-trickbot-botnet/ A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. However, it appears the operation has not completely disabled the botnet. Cyber intelligence firm Intel 471 says fully taking down Trickbot would require an unprecedented level of collaboration among parties and countries that most likely would not cooperate anyway. “As a result, it is highly likely a takedown of the Trickbot infrastructure would have little medium- to long-term impact on the operation of Trickbot, ” Intel 471 wrote in an analysis of Microsoft’s action. Also:

www.bleepingcomputer.com/news/security/trickbot-botnet-targeted-in-takedown-operations-little-impact-seen/

Five Eyes governments, India, and Japan make new call for encryption backdoors

www.zdnet.com/article/five-eyes-governments-india-and-japan-make-new-call-for-encryption-backdoors/ Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications.

BazarLoader used to deploy Ryuk ransomware on high-value targets

www.bleepingcomputer.com/news/security/bazarloader-used-to-deploy-ryuk-ransomware-on-high-value-targets/ The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware. In a new report, Advanced Intel security researchers explain that instead of burning victims with the highly-detected TrickBot trojan, threat actors now favor BazarBackdoor as their tool of choice for high-value enterprise targets.

Ransomware Attackers Buy Network Access in Cyberattack Shortcut

threatpost.com/ransomware-network-access-cyberattack/159998/ Network access to various industries is being offered in underground forums at as little as $300 a pop and researchers warn that ransomware groups like Maze and NetWalker could be buying in. In September, researchers tracked more than 25 persistent network-access sellers with more entering the scene on a weekly basis. These sellers are operating on the same forums as actors associated with the ransomware gangs Maze, Lockbit, Avaddon, Exorcist, NetWalker, Sodinokibi and others, they said.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.