At a glance.
- Pegasus spyware found in phones used by US State Department personnel.
- Ransomware hits New York State school district.
- Identity thieves sentenced.
- Omicron phishbait as a threat to privacy.
Pegasus spyware used to target US officials.
Reuters reports that Israeli surveillance tech company NSO Group’s Pegasus spyware was used to hack into the iPhones of at least eleven US State Department employees either based in Uganda or tied to work related to the country. While some US numbers appeared on the list of presumed targets revealed by the Pegasus Project, the attacks are the widest known confirmed hacks of US officials with NSO tools.
NSO Group responded that the company does not have evidence their tech was abused, but (just in case) has canceled the relevant customers’ access and is conducting an investigation. It’s unclear which of NSO’s clients might be at fault, but as Vox explains, the incident shows that NSO’s previous claims that Pegasus could not be used on US phones were not entirely true. The phones affected didn’t have the familiar US country code of +1, so as far as that goes, NSO’s claim may still technically hold water, under a certain interpretation, but the tools’ use against US targets, even when phones are registered with another country code, remains disturbing.
Ars Technica adds that, as Pegasus silently infects devices without any action from the target, the impacted officials learned they’d been hacked when they received warnings from Apple alerting them their iPhones were being targeted.
The Washington Post notes that this news comes just a month after the US government blacklisted NSO Group in response to the revelations of the Pegasus Project. A US National Security Council spokesperson has responded “We have been acutely concerned that commercial spyware like NSO Group’s software poses a serious counterintelligence and security risk to U.S. personnel, which is one of the reasons the Biden-Harris Administration has placed several companies involved in the development and proliferation of these tools on the Department of Commerce’s Entity List.” Haaretz observes this latest news could spell the end for NSO, as any hopes of the company entering the US market are now dashed, and the Israeli government is unlikely to come to its defense.
New York school district suffers ransomware attack.
The Riverhead Central School District, located in the US state of New York, has disclosed that it was targeted by a ransomware attack that has resulted in shutting down the district’s computer system, RiverheadLOCAL reports. The outage, which officials say could last several days, impacts the district’s internet and email systems, but their phone lines remain operational. In a message on social media, the district stated, “At this time, it is unclear to what extent this has impacted our district but please know we are working diligently to investigate...We do not believe this incident has any impact on our student management systems, as that data is housed off campus.” The Riverhead News-Review adds that officials have informed local law enforcement and Homeland Security of the incident. Ironically, the Board of Education approved a Cyber Incident Response Plan just last week, but it’s unclear whether it was deployed before the attack.
Atlanta fraudsters sentenced.
On Thursday the US Department of Justice announced the sentencing of two Atlanta, Georgia, men charged with access device fraud and aggravated identity theft. Durrell Tyler and DeShawn Johnson purchased the personal identifiable information of elderly targets on the dark web, used the data to open fraudulent credit accounts in the victims’ names, and then had the targets’ phone, email, and postal mail forwarded to them so they could impersonate the victims keep them in the dark about their actions.
Each man was held accountable for more than $130,000 in actual and intended loss suffered by more than seventy-five victims, and they were sentenced to three years of supervised release and ordered to pay restitution. Tommy D. Coke, Inspector in Charge of the Atlanta Division, stated, “These defendants motivated by greed targeted our most vulnerable population by seeking the identities of older individuals to violate their personal and financial well-being. Postal Inspectors and our law enforcement partners will continue to work every day to protect our elderly neighbors from financial exploitation.”
Omicron phishbait angling for personal information
As usual, the news cycle serves as chum for phishing expeditions, and the outbreak of the Omicron variant of COVID-19 has proven no different. Threatpost reports that people in the UK are receiving scam emails misrepresenting themselves as coming from the National Health Service, and offering equally bogus offers of testing for the new variant. The goal is to harvest personal information from unwary recipients. The consumer watchdog organization, Which?, alerted people to the campaign. BleepingComputer describes the scam: "The victims are then directed to enter their full name, date of birth, home address, mobile phone number, and email address. Finally, they are requested to make a payment of £1.24 ($1.65), which is supposed to cover the delivery cost of the test results. The purpose of this is not to steal the amount itself but the payment details of the victim, like the e-banking credentials or their credit card details."
Erich Kron, Security Awareness Advocate at KnowBe4 wrote to offer some perspective on the techniques of fraud and why they sometimes work:
"Phishing attacks and other scams often exploit emotions to get people to react quickly and without thinking things through. This new COVID-19 variant has some significant emotional weight for people who are tired of lockdowns and the continuing impact of the pandemic, making it a powerful tool to get people to click.
"Over the last two years, people have become emotionally exhausted and easily frustrated by the potential restrictions related to the possibility of future lockdowns or restrictions, and by vaccine-related news. This makes it a prime topic to use in phishing and social engineering attacks.
"By using the NHS brand and making the emails appear very legitimate, the attackers make it look like it is coming from a legitimate and well-known organization, making people even more likely to click on the included link."