This week on TCE Cyberwatch weβre covering the different data breaches and vulnerabilities faced by different companies. Along with this, the rise of countries using AI and deepfake technology, some consensual and some not, adds depth to the conversation surrounding the security of it all.
TCE Cyberwatch aims to bring updates around large-scale and small-scale events to ensure our readers stay updated and stay in the know of cybersecurity news that can impact them. Keep reading to learn about whatβs currently trending in the industry.
Dropbox Sign data breached; Customers authentication information Stolen
Dropbox, a popular drive and file sharing service, revealed that they had recently faced a security breach which led to sensitive information being endangered. Specifically, Dropbox Sign, a service used to sign documents, was targeted. The
data stolen was of Dropbox Sign users, which had information such as passwords, account settings, names, emails, and other authentication information.
Rotation and generation of OAuth tokens and API keys are steps that have been taken by Dropbox to control fallout. Dropbox has assured that βfrom a technical perspective, Dropbox Signβs infrastructure is largely separate from other Dropbox services. That said, we thoroughly investigated this risk and believe that this incident was isolated to Dropbox Sign infrastructure, and did not impact any other Dropbox products.β
Read More
Cyberattacks on organizations in the UAE claimed by Five Families Alliance member, Stormous Ransomware
Stormous Ransomware has claimed responsibility for cyberattacks that have attacked several UAE entities. A ransomware group linked to the Five Families alliance which is known for targeting the UAE entities, Stormous Ransomware has targeted organisations like the Federal Authority for Nuclear Regulation (FANR); Kids.ae, the governmentβs digital platform for children; the Telecommunications and Digital Regulatory Authority (TDRA), and more.
After announcing alleged responsibility for the attacks, the ransomware group demanded 150 BTCs, which comes to around $6.7 million USD. They had threatened to leak stolen data if the ransom was not paid. The organisations targeted by the group are yet to speak up about the situation and tensions are high due to the insurmountable damage these claims could cause.
Read More
Russian bitcoin cybercriminal pleads guilty in the U.S. after arrest in France
Alexander Vinnik, a Russian cybercrime suspect, recently pleaded partially guilty to charges in the U.S. Previously arrested in Greece in 2017 on charges of money laundering of $4 billion through the digital currency bitcoin in France, Vinnik is now set to face a trial in California.
Vinnikβs lawyer, Arkady Bukh, predicted that Vinnik could get a prison term of less than 10 years due to the plea bargain. The U.S. Department of Justice accused Vinnik of having "allegedly owned, operated, and administrated BTC-e, a significant cybercrime and online money laundering entity that allowed its users to trade in bitcoin with high levels of anonymity and developed a customer base heavily reliant on criminal activity."
Read More
Many Android apps on Google Play store now have vulnerabilities that infiltrate them
Popular Android applications have faced a path traversal-affiliated vulnerability. Called the Dirty Stream attack, it can be exploited by one of these flagged applications leading to overwriting files. The Microsoft Threat Intelligence team stated that, βthe implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application's implementation.β
The apps who have faced this vulnerability are popular, with 500 million to 1 billion downloads. Exploitation would have led to the attacker having control of the app and being able to access the userβs data, like accounts used. Microsoft is worried about it being a bigger issue and has asked developers to focus on security to protect sensitive information.
Read More
Department of Social Welfare, Ladakh, in India, allegedly hacked, but no proof provided
Recently, a threat actor had allegedly hacked the database of the Department of Social Welfare Ladakh, Government of India. Their claims, however, seemed to have no support. No information was disclosed from their side and no breaching of sorts was sensed on the departmentβs website.
However, if the claims are true, the fallout is predicted to be very damaging. Investigations into the claims are currently happening. As no motive or even the authenticity has been confirmed, for the individuals whose data resides in the departments database and national security, itβs important to detect and respond in a swift manner as to preserve the nationβs
cyber security.
Read More
U.K. military data breach endangers information of current, veteran military personnel
The U.K. military faced a data breach where the information of serving UK military personnel was obtained. The attack was of Ministry of Defenceβs payroll system and so information like names and bank details, sometimes addresses, were gathered. The
hacker behind it was unknown until now but the Ministry has taken immediate action.
The "personal HMRC-style information" of members in the Royal Navy, Army and Royal Air Force was targeted, some current and some past. The Ministry of Defence is currently providing support for the personnel whose information was exfiltrated, and this also requires informing veteransβ organisations. Defence Secretary Grant Shapps is expected to announce a "multi-point planβ when he updates the MPs on the attack.
Read More
Indiaβs current election sees deepfakes, Prime Minister Modi calls for arrests of political parties responsible
Indiaβs current Prime Minister Modi has announced that fake videos of him and other leaders making βstatements that we have never even thought ofβ, have been circulating. This election, with its new name of being Indiaβs first AI election, has led to police investigations of opposition parties who have made these videos with Modi calling for arrests.
Prior to this, investigations regarding fake videos of Bollywood actors criticising Modi were also taking place. However, in this situation, around nine people have been arrested - six of whom are members of Congressβ social media teams. Five of them have managed to be released on bail, but arrests of higher-ranking social media members have been made. There has been a trending tag #ReleaseArunReddy for Congress national social media co-ordinator, Arun Reddy, who had shared the fake videos.
Germany and Poland accuse Russian Military Service of cyber-attacks
Germany has come out stating that an attack on their Social Democratic Party last year was done by a threat group believed to be linked to Russian Military Services. German Foreign Minister Annalena Baerbock said at a news conference in Australia that APT28, a threat group also known as Fancy Bear, has been βunambiguouslyβ confirmed to have been behind the
cyberattack.
Additionally, Poland has joined in support of Germany and said that they were targeted by ATP28 too. Poland has not revealed any details about the attack they faced but Germany shares that they are working to rebuild damage faced by it. Baerbock stated that, βit was a state-sponsored Russian
cyber-attack on Germany, and this is absolutely intolerable and unacceptable and will have consequences.β
Ukraine unveils new AI-generated foreign ministry spokesperson
Ukraine has just revealed an AI spokesperson who has been generated to deliver official statements for the foreign ministry. The messages being delivered are written by humans, but the AI is set to deliver them, moving animatedly and presenting herself as an individual through introducing herself as Victoria Shi.
Victoria is modelled based on a Ukrainian celebrity, Rosalie Nombre, who took part in her development and helped to model the AIs appearance and voice after her. Ukraineβs foreign minister has said that she was developed for βsaving time and resources,β along with it being a βtechnological leap that no diplomatic service in the world has yet made.β
Read More
Singapore passes new amendment to their cybersecurity bill which regulates temporary, high-risk attacks
A new amendment to Singaporeβs Cybersecurity Law was made by its Parliament to keep up with the countryβs evolving critical infrastructure and to adapt to technological advancements. The changes made regulate the Systems of Temporary Cybersecurity Concern (STCC), which encompass systems most vulnerable to attacks in a limited period.
This means the Cyber Security Agency of Singapore (CSA) can oversee Entities of Special Cybersecurity Interest (ESCIs), due to their error disposition affecting the nationβs security as a whole. With the countryβs defence, public health and safety, foreign relations, and economy in danger, the Bill is set to target critical national systems only, leaving businesses and such as they are.
Read More
Eurovision becomes susceptible to cyberattacks as the worldβs largest music competition takes place during conflict
The 68th Eurovision Song Contest is being held in Sweden, MalmΓΆ, this year due to current tensions surrounding conflicts like Israel and Gaza, and Russia and Ukraine. Security has been tightened as in 2019, hackers had infiltrated the online stream of the semi-finals in Israel by warning a missile strike and showed images of attacks in Tel Aviv, the host city. There are several reports about hackers hijacking the broadcast as over 167 million people tuned in to watch last year.
The voting system can also be an issue with the finals coming up, but MalmΓΆβs police chief claims to be more worried about disinformation. The spokesperson for the contest stated that βWe are working closely with SVT's security team and the relevant authorities and expert partners to ensure we have the appropriate measures in place to protect from such risks.β
Read More
Wrap Up
This week weβve seen militaries and governments being cyber-attacked and that truly reminds us how interconnected everything is. If big organisations are vulnerable to attacks, then so are we.
TCE Cyberwatch hopes that everyone stays vigilant in the current climate of increased cyberattack
risks and ensure they stay protected and are on the lookout for any threats which could affect them.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.