Blog
Cybersecurity Industry News Review – March 14, 2023
The U.K. Online Safety Bill triggers a security rebuke from WhatsApp, the Czech Republic concerned about TikTok, an international law enforcement effort shuts down the NetWire RAT infrastructure, while a study suggests workforce malaise towards reporting security incidents.
By Joe Fay
WhatsApp Would Leave U.K. Rather Than Break Encryption
WhatsApp would pull its end-to-end encrypted messaging service in the U.K., rather than submit to any requirement to weaken its privacy stance to comply with the U.K. government’s Online Safety Bill. WhatsApp chief Will Cathcart said that 98 per cent of its users were outside the U.K., and ALL users wanted privacy, the BBC reported. Lowering its security in the U.K. would have implications for all its users, he continued, and it would rather be blocked from the country than do this.
Czechs Mark Out TikTok as a Threat
The Czech Republic’s NUKIB has become the latest cyber security agency to warn about the threat posed by TikTok. The agency said it had concerns about the amount of data the app collects and how it is handled and warned it should not be installed on phones used to access critical or other significant infrastructure. It also said that politicians and officials should not use it, while the public at large should be wary of using it. TikTok owner ByteDance said the move was unwarranted – just as it did when the likes of the U.S., E.U./E.C., and Canadian government made similar warnings.
NetWire RAT Operators Snagged By FBI-Led Investigation
International law enforcement authorities have seized the domain allegedly used by the operators of the NetWire remote access trojan (RAT). The operation saw Swiss authorities seize control of the server allegedly hosting the NetWire RAT infrastructure, while Croatian authorities arrested a Croatian national believed to be the site’s administrator and US authorities seized the actual domain used. The action was the culmination of an investigation started by the U.S. Federal Bureau of Investigation (FBI) in 2020. The FBI said the malware had been used to “hijack computers in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cyber criminals.”
FBI Investigating Hack of Personal Info of Members Of Congress
The FBI is also investigating after a data breach at online health marketplace DC Health Care Link resulted in personal details of members of the U.S. Congress, their families and their staff, were touted on the dark web. Thousands of DC Health Link employees’ data was also exposed. The same may have also exposed the data of U.S. senators, and their family and staff. In a rare across the aisle move, the Republic and Democrat House leaders said in a joint letter that “The size and scope of impacted House customers could be extraordinary.”
ESET Researchers Unearth Black Lotus Malware
Security researchers have unveiled the first known instance of malware that can bypass protections such as Secure Boot to hijack a device’s boot process. The malware was discovered by researchers at ESET and has been dubbed BlackLotus. It targets the Unified Extensible Firmware Interface (UEFI), using a Windows vulnerability that was patched in 2022. The malware can reportedly disable Secure Boot, as well as BitLocker, HVCI and Windows Defender. The bootkit is being sold for $5000 a time on the dark web, plus $200 for updates, the researchers said.
Less Than Bothered About Cybersecurity? That’s Good Enough for Government Work
One in five government workers are blasé about whether their organization is hacked or not. According to research by Ivanti the “not my job” attitude also means that over a third (36%) of government workers polled wouldn’t bother reporting a phishing email at work, while almost as many don’t believe their actions impact their organization’s overall safety. This attitude isn’t confined to time servers, the research found, with Gen Z and millennial workers twice as likely to reuse passwords, including classics such, pet names, birthdays and that golden oldie 12345.