At a glance.
- Mandrake Android malware is highly targeted and human-operated.
- Increase in ransomware attacks correlated with higher recovery and payment rates.
- Maltese voter database exposed.
- Zoom's privacy challenges.
Mandrake malware active against Australian Android users.
Threat researchers at Bitdefender have offered ZDNet an update on the Mandrake strain of Android malware it discovered early this year. Mandrake focuses on Australian Android users, eschews mass automated attacks in favor of human-run operations against selected targets. Mandrake appears to be a criminal operation, probably a patient attempt at what Bitdefender characterizes as “credential stealing, information exfiltration to money transfers, and blackmailing.”
Fueling a bandit economy (and the bandits are a threat to personal data).
CyberEdge has studied 2019's increase in ransomware and found two mutually reinforcing trends. In 2018, only 49% of the victims who paid the ransom actually recovered their data. In 2019 that fraction increased to 61%, and it currently stands at 67%. This inevitably affects the victims' risk management calculations—increasingly, now in more than half the cases, it seems that paying the ransom is an acceptable deal, making it more likely that organizations affected by ransomware will pay their extortionists. The study shows that this in fact is happening. Whereas in 2019 only 39% of victims paid, in 2019 45% paid, and the portion of those who pay currently runs at what CyberEdge calls an "alarming" 58%. Thus ransomware is more attractive to criminals, and ransomware attacks in general have risen to unprecedented highs.
Since the end of 2019 cybercriminal gangs have been combining their ransomware attacks with data theft. This not only an additional goad to the victims, but it offers the gangs another revenue opportunity: they can sell stolen sensitive data. Since many of those data are personally identifiable information, the increased threat to privacy is obvious.
Malta voter database leaked.
A database containing personal information on 337,384 Maltese voters was inadvertently left exposed by an IT company. The information includes names, addresses, ID card details, phone numbers and whether the individual is likely to be a Labour or a Nationalist voter. Malta's Data Protection Commissioner is investigating, but the Times of Malta reports that preliminary indications are that the data originated with the Labour Party.
Zoom's privacy and security issues.
Rising with the rate of telework, Zoom’s daily active user count has increased by 378% from where it was a year ago, according to a MarketWatch report. So business is good, but problems with security and privacy have made the increase what Axios calls a “tarnished moment of glory.” WIRED thinks the issues—data-sharing that’s prompted a class action lawsuit, oversharing of user data, the relative ease with which unauthorized persons have been able to intrude into sessions (“Zoombombing”), and two new zero days—collectively mean that “the Zoom privacy backlash is only getting started.”
Zoom is working to fix its privacy and security issues. CEO Eric Yuan blogged that the company has frozen all updates other than those designed to enhance security. He’s also announced a variety of training and support initiatives, and has offered clarification (and, where appropriate, apologies) about certain Zoom features, notably its encryption, which turns out to have been less rigorous than marketing claims may have led users to believe.
The difficulties Zoom is experiencing are no doubt connected with its success: a sudden transformation from a reliable and user-friendly conferencing service to what amounts almost to a public utility. That’s Zoom’s view. As CEO Yuan wrote, “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”
Axios offers a speculative but plausible explanation of what’s happening: “The same design choices and default settings that made Zoom so easy to install and use are the ones that make it vulnerable. The level of trust that users within a large company assume as they work together breaks down among more heterogeneous groups in public environments.” And it's so easy to use that it almost constitutes an attractive nuisance, as a Wall Street Journal story about virtual happy hours suggests.