October cyber news round-up

The House Committee on Oversight and Reform has requested a briefing to understand why the FBI decided to delay providing the victims of the Kaseya REvil ransomware with a universal decryption key for three weeks.

"Although the Federal Bureau of Investigation (FBI) reportedly obtained a digital decryptor key that could have unlocked affected systems, it withheld this tool for nearly three weeks as it worked to disrupt the attack, potentially costing the ransomware victims—including schools and hospitals—millions of dollars," stated Committee Chairwoman Carolyn B. Maloney in a letter to FBI Director Wray.

Last week, FBI Director Christopher A. Wray testified before Congress, saying that they withheld the decryption for almost three weeks because it was planning an operation to disrupt the Russian REvil ransomware gang. But before the FBI could act, REvil shut down operations and disappeared and its leak sites went offline overnight.

33 cyber criminals were arrested across Northern and Eastern Texas for conducting Business Email Compromises (BECs) and Romance scams that robbed victims of more than $17 million. The criminals were found to be members of Black Axe, a criminal group originating from Nigeria and linked to the Neo Black Movement, a Nigerian college fraternity originally founded to fight racism but which is now regarded as a cult, secret society and confraternity.

The group had been active since 2017 and had stolen money through BEC and romance scams on popular sites such as Match.com, ChristianMingle, JSwipe, and Plenty of Fish

Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020.

The GriftHorse malware has been distributed via benign-looking apps. After installing an infected app, GriftHorse starts showing users notifications that offer various prizes. Users who tap on these notifications are redirected to an online page where which signs the user up to premium SMS services that charge over €30 (£25) per month.

Researchers of the campaign described it as “one of the most widespread campaigns the zLabs threat research team has witnessed in 2021.” The researchers estimated that the GriftHorse gang is currently making between £1 million to £3 million per month from their scheme. Zimperium contacted Google about all the GriftHorse infected apps and they have since been removed from the Play Store.

Missouri governor, Mike Parson is threatening to prosecute a journalist for responsibly reporting a serious security lapse in the state’s website.

Post-Dispatch journalist Josh Renaud recently reported that the website for the state’s Department of Elementary and Secondary Education (DESE) was exposing over 100,000 teachers’ Social Security numbers. After reporting, the DESE promptly disabled the tool and fixed the vulnerability. But since, Missouri’s Republican Governor Mike Parson described the journalist who uncovered the vulnerability as a "hacker", and said the newspaper uncovered the flaw in "an attempt to embarrass the state".

The governor’s response to the Post-Dispatch report has sparked criticism, even from within his own party. Republican lawmaker Tony Lovasco wrote on Twitter that it was “clear the governor’s office has a fundamental misunderstanding of both web technology and industry-standard procedures for reporting security vulnerabilities”.