At a glance.
- CDRThief: spyware adapted to VoIP telephony.
- Facebook told to stop moving EU users' data to the US.
- Ransomware attack on Equinix apparently misses PII.
ESET describes CDRThief.
Researchers at security firm ESET this morning released a study of CDRThief, malware that attacks certain Chinese-manufactured voice-over-IP switches. CDRs are call detail records, data like “caller and callee IP addresses, starting time of the call, call duration, calling fee, etc.” CDRThief, as its name suggests, is an information stealer. ESET doesn’t know for sure what the spyware’s purposes is, but the fact that it exfiltrates sensitive information, including metadata, suggests to the researchers that it’s probably a cyberespionage tool. It could also be used for voice-over-IP fraud, specifically for International Revenue Share Fraud, a scam in which grifters get access to an operator’s network in order to bring traffic to phone numbers they’ve obtained from an International Premium Rate Number provider.
Facebook is informed that it will soon be required to halt transfer of European user data to the US.
Ireland’s Data Protection Commission, the EU’s one-stop GDPR shop for many American companies, has told Facebook to stop transferring data about its European users to the US, the Wall Street Journal reports. The directive was issued pursuant to the July ruling by the European Court of Justice that invalidated the Privacy Shield arrangement between the EU and the US. The Independent writes that the directive, while preliminary, is "well-advanced," and that it will ultimately cancel the validity of the "standard contractual clauses" hitherto used by many European companies to transfer data.
Ransomware hits data center provider, but personal information was apparently unaffected.
Ransomware continues to hit large and potentially lucrative targets. Late yesterday the data center giant Equinix disclosed that it had sustained a ransomware attack. The company said that the incident, which it says left its customers’ data and operations untouched, “involves ransomware on some of our internal systems.”
ZDNet says that Equinix statements to the effect that customers haven’t been impacted seem correct. In any case, there are no reports of service outages, and the usual drumfire of social media complaints about problems hasn’t begun. The company is working with law enforcement to investigate the incident, and it says it's contained the damage.