This tool can find the exact location of a drones operator
WIRED: The Breakdown of the Ukraine Cyber Security Campaign During the Summer 2018 Season of Cyber Breeches and Leaky Technicolor
Here is WIRED’s look back on the year’s worst breeches, leaks, and attacks. If the first years of the 2020s are any indication, the digital security field in 2023 will be more bizarre and unpredictable than ever. Stay alert, and stay safe.
For years, Russia has pummeled Ukraine with brutal digital attacks causing blackouts, stealing and destroying data, meddling in elections, and releasing destructive malware to ravage the country’s networks. Since invading Ukraine, things have changed for some of Russia’s most prominent and most dangerous military hackers. Shrewd long-term campaigns and grimly ingenious hacks have largely given way to a stricter and more regimented clip of quick intrusions into Ukrainian institutions, reconnaissance, and widespread destruction on the network—and then repeated access over and over again, whether through a new breach or by maintaining the old access. The Russian playbook on the physical battlefield and in cyberspace seems to be the same: one of ferocious bombardment that projects might and causes as much pain as possible to the Ukrainian government and its citizens.
Over the summer, a group of researchers dubbed 0ktapus (also sometimes known as “Scatter Swine”) went on a massive phishing bender, compromising nearly 10,000 accounts within more than 130 organizations. The majority of the victim institutions were US-based, but there were dozens in other countries as well, according to researchers. The attackers primarily texted targets with malicious links that led to fake authentication pages for the identity management platform Okta, which can be used as a single sign-on tool for numerous digital accounts. The goal of the hackers was to gain access to a number of accounts and services at the same time.
As if that wasn’t enough, Twilio added in an October report that it was also breached by 0ktapus in June and that the hackers stole customer contact information. The incident highlights the true power and menace of phishing when attackers choose their targets strategically to magnify the effects. We are very disappointed and frustrated by the incident.
Several countries around the world and the industry are focused on counteracting Ransome attacks. While there has been some progress on deterrence, ransomware gangs were still on a rampage in 2022 and continued to target vulnerable and vital social institutions, including health care providers and schools. The Russian-speaking group Vice Society, for example, has long specialized in targeting both categories, and it focused its attacks on the education sector this year. The Los Angeles Unified School District defiantly refused to pay the attackers even as its digital networks went down, in a particularly memorable standoff at the beginning of September. LAUSD was a high-profile target, and Vice Society may have bitten off more than it could chew, given that the system includes more than 1,000 schools serving roughly 600,000 students.
The FBI, the Department of Health and Human Services, and the US Cybersecurity and Infrastructure Security Agency all released warnings in November about the HIVE group which is linked to Russia. The agencies said the group’s methods resulted in around $100 million in payments from victims. The agencies said that threat actors have used Hive to target a wide range of businesses and critical infrastructure sectors.
The digital extortion gang Lapsus$ was on an intense hacking spree at the beginning of 2022, stealing source code and other sensitive information from companies like Nvidia, Samsung, Ubisoft, and Microsoft and then leaking samples as part of apparent extortion attempts. Lapsus$ was able to get access to Okta in March and has a talent for phish. The British police arrested seven people in association with the group at the end of March and charged two of them at the beginning of April. The group came back to life in September, by breaching both the ride-share platform and the developer of Grand Theft Auto. The UK police said on September 23 that they had arrested a 17-year-old in Oxford, who they believe to be one of the people who were arrested in March in connection with Lapsus$.
Invading Consumer Drones in the War on Terror: The Last Pass-Based Attack and a New Smartphone Launch Strategy to Prevent Defensive Attacks
In the later attacks, hacktivists got a copy of a backup that contained customer password vaults, according to the CEO of LastPass. It is not clear when the backup was made. The data is stored in something called a “proprietary” format and it contains both unencrypted and stenography data. The company did not provide technical details about the proprietary format. Even if LastPass is strong, a hacker will attempt to brute- force their way into the password troves by trying to guess the master passwords users set to protect their data. This is not possible with a strong password, but a weak password could make it hard to defeat them. LastPass users can’t change their password since the vaults have already been stolen. Users should instead confirm that they have deployed two-factor authentication on as many of their accounts as they can, so even if their passwords are compromised, attackers still can’t break in. And LastPass customers should consider changing the passwords on their most valuable and sensitive accounts.
Consumer drones have evolved from an expensive toy into a tool of war because their operator can be hidden far away, making them a valuable weapon in the war on terror. But hacks show that the operators of drones sold by the world’s largest manufacturer aren’t kept in the dark. In fact, these small flying machines are continually broadcasting their pilots’ exact locations from the sky, and anyone with some cheap radio hardware and a newly released software tool can eavesdrop on those broadcasts and decode them to extract their coordinates.
Chinese hackers proved themselves to be as prolific and invasive as ever this week with new findings revealing that in February 2022, Beijing-backed hackers compromised the email server of the Association of Southeast Asian Nations, an intergovernmental body of 10 Southeast Asian countries. The security alert, first reported by WIRED, comes as China has escalated its hacking in the region amidst rising tensions.
Meanwhile, as the war in Ukraine rages on and Russia faces an array of economic sanctions from international governments, the Kremlin is working to address gaps in its tech sector by scrambling to get a home-brewed Android phone off the ground this year. The National Computer Corporation is an IT company that says it will be able to produce 100,000 tablets by the end of the year. There are steps that could be taken by Mountain View to restrict the license of the Russian phone in order to have a different mobile operating system.
A long-awaited United States national cybersecurity plan from the White House finally debuted on Thursday. It focuses on priorities like improving digital defenses for critical infrastructure and and expanding efforts to disrupt cybercriminal activity, but also includes proposals to transition legal liability for cybersecurity vulnerabilities and failures onto the companies who cause them, like software makers or institutions that don’t make an effort to protect sensitive data. ‘
If you want to make a difference this weekend, check out our list of the most pressing software patches. We’ll wait here if you install them now.
And there’s more. We round up the security news that we didn’t cover. Click the headlines to read the full stories, and stay safe out there.