At a glance.
- Cyber crime and cyber diplomacy in Ireland's HSE breach.
- Going after TikTok influencers.
Kaspersky’s views on Russian cyber crime and cyber diplomacy, as on display in the HSE data breach.
Ireland’s healthcare system was rocked earlier this year by a ransomware attack targeting the Health Service Executive. Eugene Kaspersky, head of Russia’s top cybersecurity firm, assisted with the investigation and quickly determined that the attackers’ internet provider was in Moscow, meaning the perpetrators were likely Russian.
But as Kaspersky told the Irish Times, it’s unlikely justice will be served, as cooperation between the Kremlin and the West is stymied by bad relations and legal complications. “It’s about all crime, not just cybercrime – if the crime is done abroad, then the Russian police don’t have any reason to start an investigation,” he said. However, he alleges the obstacles come from both directions, stating that the US and UK likewise ignore Russian requests to penalize Western cybercriminals. It’s worth noting that Kaspersky’s products have been blacklisted since 2017 by the US and UK for fear they could be exploited by Russian intelligence. Kaspersky denies all claims the company is tied to the Russian government, explaining that their data is stored in Switzerland and is not subject to Russian regulations.
Phishers target TikTok’s top influencers.
Abnormal Security details a phishing operation targeting influencers on social media platform TikTok. In October and November, the scammers sent emails to one hundred twenty-five companies including talent agencies, brand-consultant firms, and social media production studios, as well as individual creators like models and actors with large TikTok followings. Designed to mimic a copyright violation notice from TikTok, the email informed the target their account would be deleted if they didn’t respond. The victim was then directed to a WhatsApp chat with a hacker impersonating a TikTok representative.
Though unable to determine the end goal of the scam, researchers speculate the attackers are likely attempting to hijack these lucrative accounts, forcing the user to pay a ransom in order to regain control. For many influencers, their account and the content it contains is their main source of income, and TikTok’s terms of service state that any content loss is not their responsibility, so the pressure to pay up is steep.
One might object that this perhaps represents an attenuated privacy issue, given the extent to which influencers put themselves out there (that is, of course, their profession), but still, impersonation is impersonation, and ransomware usually entails a threat to privacy. We heard from Purandar Das, Co-founder and President at Sotero, who commented and the style and technique evident in the scams:
“This form of attack seems to be an attempt at a “ransomware” attack on social media platforms. Given the minimal amount of information that is available at this moment, it appears that this could be an attempt to extort “influencers” to regain access to their platforms. Obviously, this could hurt certain types of users who generate revenue based on their activity or advocacy of certain products and services. They could also suffer from negative postings on the platforms around negative accounts.
"Something else that is apparent is the use of multiple mechanisms proven and past mechanisms to drive the scam. The use of the traditional phishing email, coupled with a stolen content and fake url/website. They have all been seen and used in the past. The use of WhatsApp as a communication platform is a new twist.”