At a glance.
- WhatsApp patches bug.
- Twitter updates its features to promote "social privacy."
- Labor Day threats to data privacy.
WhatsApp bug discovered hiding in image filters.
WhatsApp is in the news again, this time for a (now-patched) vulnerability that could have allowed an attacker to read a user’s private data. Exploitation of the bug would require both the user and the attacker to jump through a complex series of hoops, but experts at Check Point Research say that given the global messaging platform’s massive reach, the presence of the issue at all is worth noting. The attack hinges on the way WhatsApp filters and transmits images. Because filtering requires modification of the picture’s pixels, a hack could be triggered by the attacker sending the target a malicious image. When contacted about the glitch, WhatsApp responded, “This report involves multiple steps a user would have needed to take and we have no reason to believe users would have been impacted by this bug. That said, even the most complex scenarios researchers identify can help increase security for users.” WhatsApp version 22.214.171.124 includes a patch, complete with image checks to further safeguard against exploitation of the glitch.
New Twitter features promote social privacy.
In an attempt to make Twitter users feel more confident about tweeting freely, over the next few months Twitter will be testing new features that allow users to tighter control over who can view their app activity, Bloomberg reports. Aimed at improving what executives at the social media giant call “social privacy,” or the user’s ability to control their reputation on the app, the features are intended to help users limit which posts other users can or cannot see. Staff researcher Svetlana Pimkina explains, “When social privacy needs are not met, people limit their self-expression. They withdraw from the conversation.” The new tools will give users the power to remove followers, hide tweets they’ve liked, and exit public conversations they no longer want to participate in. One major change allows users to automatically archive old posts after a specific amount of time, saving users the chore of poring over old tweets and choosing the posts they wish to hide one by one.
Holidays and the heightened threat of cyberattack.
The Labor Day weekend is about to begin in the US, and authorities have urged people to be alert for the increased risk of cyberattack that comes with holidays. Reduced staffing and relaxed vigilance provide criminals with their opportunity. Much of the data at risk in ransomware attacks is of course personal, and so this form of cybercrime (especially in its now prevalent, double-extortion, data-stealing form) represents a threat to privacy. CISA and the FBI issued an alert on the subject earlier this week, and we've received comment on the risk from a number of industry sources.
Jim McGann at Index Engines took up several related topics. Backups have increasingly become a target for attackers. Their security and availability can no longer be taken for granted:
“We have seen some of the techniques attackers have started to use including making post-attack recovery more challenging by attacking and corrupting data backups. No doubt this will be more commonplace going forward as ransomware is being reinvented and will no doubt come back stronger and smarter."
“Organizations have relied on their disaster recovery software to restore their environment after an attack. Cyber criminals know this and are focused on making this process more challenging. This includes corrupting or encrypting content or even backup images to have severe impact on the recovery process. We have seen many weeks or months of backups being corrupted which often comes as a surprise to the organization. The only way to ensure reliable recovery is to continually check the integrity of the backup data, this will allow for a confident and rapid recovery process.”
“Cyber criminals want businesses to cease operations and pay exorbitant ransoms to recover. Their method of shutting down business operations is to encrypt or corrupt critical infrastructure like Active Directory, or product databases or key user content and intellectual property. This is their target. The best thing companies can do is to continually check the integrity of this content, make sure it is reliable and has not been tampered with”
Ilia Kolochenko, founder of ImmuniWeb and a member of Europol Data Protection Experts Network, wrote about the opportunistic nature of cybercrime:
“Ransomware is a pragmatic, result-driven [criminal] business that purposely targets the most vulnerable and solvent victims. Compared to banks or healthcare institutions, agriculture is much less patronized by national law enforcement agencies who are busy with countless ransomware campaigns targeting critical infrastructure. Moreover, a disruption in agriculture or food business oftentimes means loss of crop and subsequent multimillion losses. Thus, victims will probably rapidly pay the ransom to prevent colossal damages that will unlikely be covered by cybersecurity insurance.
"While cryptocurrencies allow anonymous payments in full impunity and the government does not provide intensive cybersecurity training and support to businesses of all sizes, ransomware is poised to grow as a stable, safe and overly profitable business model. Modernization of the cybercrime legislation is also required, as most of the penalties imposed on arrested hackers are tenfold shorter compared to criminals who caused identical damage by traditional non-computerized fraud.”
The National Cyber Security Alliance's Interim Executive Director, Lisa Plaggemier, thinks the US Government is right to bet on form, and to take the holiday track record of criminals seriously:
"As evidenced by attacks earlier this year on key pieces of global infrastructure, there is clearly a belief within the cybercriminal community that holidays and weekends provide an ideal opportunity to breach organizations – public or private. And unfortunately, given the success they have had so far this year, there is good reason to believe that we are likely to see a bevy of attacks launched this weekend as well. Therefore, if they haven’t done so already, organizations must engage in the health checks of their cyber protection protocols and deploy preventative measures to avoid being breached during what is sure to be yet another busy holiday weekend for cybercriminals."
And Brian Spanswick, CISO at Cohesity, puts the threat to data in the context in the context of enterprise risk:
"We know this story all too well — hackers up their attacks over holiday weekends. The FBI’s warning is no surprise following the three major attacks over Mother's Day, Memorial Day, and Independence Day U.S. holiday weekends. The simple fact is that if you deal with data, you are a target. Organizations operating in today’s digital economy are in an arms race with criminals. The key is prevention, proactivity protecting your data from attack, and action before you're targeted to ensure that when an attack happens, you are poised to recover your data in minutes. Limiting the damage and getting users and services back online are key. Do that right and it's an IT issue. Create a lengthy outage and it'll be a C-suite problem that can adversely impact the brand of the business and the revenue.”