A new batch of security news from award-winning cybersecurity scribe Davey Winder.
The US presidential election is over, or at least it is bar the shouting and court cases. Politics apart, I have been keeping a close eye on the election process both before and after voting from a cybersecurity viewpoint. The good news is that there was no major incident; plenty of threats, plenty of intelligence warnings, but no smoking gun. Apart, that is, from the $1 billion worth of Bitcoin that was emptied from a notorious cryptocurrency wallet on election day. The wallet, dormant since 2013, has long since been the focus of hackers trying to brute force the passcode and grab that payday. That’s because it was connected to the shutting down of the equally notorious Silk Road criminal marketplace eight years ago. As it emptied, rumours started that someone had pulled of the cyber-heist of the century and got very rich very quickly. The truth, as is often the case, was somewhat less exciting. You can read about it in my article: Whodunit? The $1 Billion Bitcoin Election Day ‘Heist’ Mystery Solved.
Maybe not as intriguing, but of more concern from the cybersecurity perspective, was the confirmation of an unpatched zero-day Windows vulnerability that is being actively targeted in the wild. Disclosed by the Google Project Zero team, the vulnerability affects every version of Windows from Windows 7 onwards. Microsoft has confirmed the vulnerability, but was only given seven days to fix it before the public disclosure. Unsurprisingly it failed that monumental task. Expect a fix to be included in the Patch Tuesday rollout.
And sticking with Windows, there’s some threat intelligence news that should be of concern to any Linux system admin: the first ransomware threat to jump from Windows to Linux has been spotted by Kaspersky researchers. Not the first Linux ransomware threat, of course, nor the first to compromise Linux servers using Windows as an attack gateway for that matter. But this is important nonetheless as it’s the first time a ransomware group has taken the time to port a successful Windows threat to a dedicated Linux one. That means that the cybercriminal groups are evolving to target Linux directly, and threat defence needs to take this into account.
Not such an imminent threat, but interesting research instead, is the news that security researchers have discovered a way of grabbing data, including passwords, just by watching how your shoulders move during a Zoom call. The keystroke inference attack uses an anatomy algorithm to turn upper-arm movements into keyboard strokes, and with a remarkably high success rate. Real-world implications are few, in my never humble opinion, for now.
And finally, never underestimate just how good Chinese hackers are. In the case of iOS 14, Windows 10 and a Samsung Galaxy S20 all being hacked in less than 300 seconds, thankfully they were ethical hackers. The exploits were undertaken at the Tianfu Cup hacking challenge, and all vulnerabilities have been disclosed to the respective vendors. The trouble is, if the good hackers can do this, you better be sure that the bad ones can as well…