October cyber news round-up
FBI delays support for ransomware victims, Android users hit hard by GriftHorse malware, and over 30 BEC scammers arrested
Another month, another bundle of cyber events – and in the spirit of Halloween, October's seem to be particularly horrifying. 10 million Android phones infected with malware? Yikes!
To help keep you up to speed with the latest goings-on in the cyber risk world, we've compiled some of the major news from the month here.
US Congress asks FBI to explain delay in helping Kaseya attack victims
The House Committee on Oversight and Reform has requested a briefing to understand why the FBI decided to delay providing the victims of the Kaseya REvil ransomware with a universal decryption key for three weeks.
"Although the Federal Bureau of Investigation (FBI) reportedly obtained a digital decryptor key that could have unlocked affected systems, it withheld this tool for nearly three weeks as it worked to disrupt the attack, potentially costing the ransomware victims—including schools and hospitals—millions of dollars," stated Committee Chairwoman Carolyn B. Maloney in a letter to FBI Director Wray.
Last week, FBI Director Christopher A. Wray testified before Congress, saying that they withheld the decryption for almost three weeks because it was planning an operation to disrupt the Russian REvil ransomware gang. But before the FBI could act, REvil shut down operations and disappeared and its leak sites went offline overnight.
FBI arrest 33 BEC scammers
33 cyber criminals were arrested across Northern and Eastern Texas for conducting Business Email Compromises (BECs) and Romance scams that robbed victims of more than $17 million. The criminals were found to be members of Black Axe, a criminal group originating from Nigeria and linked to the Neo Black Movement, a Nigerian college fraternity originally founded to fight racism but which is now regarded as a cult, secret society and confraternity.
The group had been active since 2017 and had stolen money through BEC and romance scams on popular sites such as Match.com, ChristianMingle, JSwipe, and Plenty of Fish
GriftHorse malware infects over 10 million Android phones
Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020.
The GriftHorse malware has been distributed via benign-looking apps. After installing an infected app, GriftHorse starts showing users notifications that offer various prizes. Users who tap on these notifications are redirected to an online page where which signs the user up to premium SMS services that charge over €30 (£25) per month.
Researchers of the campaign described it as “one of the most widespread campaigns the zLabs threat research team has witnessed in 2021.” The researchers estimated that the GriftHorse gang is currently making between £1 million to £3 million per month from their scheme. Zimperium contacted Google about all the GriftHorse infected apps and they have since been removed from the Play Store.
Missouri governor threatens to sue a reporter who flagged a security flaw
Missouri governor, Mike Parson is threatening to prosecute a journalist for responsibly reporting a serious security lapse in the state’s website.
Post-Dispatch journalist Josh Renaud recently reported that the website for the state’s Department of Elementary and Secondary Education (DESE) was exposing over 100,000 teachers’ Social Security numbers. After reporting, the DESE promptly disabled the tool and fixed the vulnerability. But since, Missouri’s Republican Governor Mike Parson described the journalist who uncovered the vulnerability as a "hacker", and said the newspaper uncovered the flaw in "an attempt to embarrass the state".
The governor’s response to the Post-Dispatch report has sparked criticism, even from within his own party. Republican lawmaker Tony Lovasco wrote on Twitter that it was “clear the governor’s office has a fundamental misunderstanding of both web technology and industry-standard procedures for reporting security vulnerabilities”.