Cyber Bakery Chronicles

Your Weekly Cybersecurity Update (30 August 2024)

Gurvinder Pal Singh, The CyberChef Edwin Kwan

Gurvinder Pal Singh, The CyberChef, Edwin Kwan

6 min read
Cyber Bakery Chronicles

Your Weekly Cybersecurity Update (30 August 2024)

  • French authorities have charged the CEO of Telegram with facilitating criminal activities on the platform.
  • Cybersecurity: The Need for a Wake-Up Call
  • Digital Banks: Boon for Customers, Target for Scammers?
  • ASD Warns of Phishing Emails Targeting Australians
  • New Guidance Released on Best Practices for Event Logging and Threat Detection
  • Local Networks Exposed: A Flaw in Domain Naming Creates Security Nightmare

French authorities have charged the CEO of Telegram with facilitating criminal activities on the platform.

French prosecutors on Wednesday formally charged Telegram CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday.

The 39-year-old was detained at Le Bourget airport north of Paris at 8 p.m. local time on Saturday after disembarking from a private jet. To avoid pretrial detention, Durov has been ordered to pay a €5 million bail, but he is barred from leaving the country and must report to the authorities twice a week.

The arrest is in connection with a judicial investigation into an unnamed person that was opened in France on July 8, 2024. The investigation was primarily driven by Telegram's lax moderation policies, which have allowed extremist and malicious activity to thrive on the platform. A preliminary probe is said to have commenced in February 2024.

"The almost total lack of response from Telegram to judicial requisitions was brought to the attention of the cybercrime fighting section (J3) of JUNALCO (National Jurisdiction for the Fight against Organized Crime, within the Paris prosecutor's office), in particular by OFMIN (National Office for Minors)," Paris prosecutor Laure Beccuau said.

"When consulted, other French investigative services and public prosecutors as well as various partners within Eurojust, particularly Belgian ones, shared the same observation. This is what led JUNALCO to open an investigation into the possible criminal liability of the managers of this messaging service in the commission of these offenses."

Other charges against Durov include -

  • Supply of cryptographic services designed to ensure confidentiality without a declaration of conformity
  • Supply and import of a cryptographic means that does not exclusively ensure authentication or integrity control functions without prior declaration

The recent development is a rare instance of a company's top executive being held responsible for content posted by users on a major platform with over 950 million monthly active users. Durov was formerly the CEO of the Russian social media platform Vkontakte, which he founded in 2006. He then launched Telegram in 2013.

Cybersecurity: The Need for a Wake-Up Call

Despite the significant consequences of cyberattacks, many organisations neglect cybersecurity best practices. This procrastination stems from a tendency to prioritise immediate gratification over long-term benefits.

The article suggests a more forceful approach through enhanced government action to address this issue. By implementing stricter regulations and imposing significant penalties for noncompliance, organisations would be more motivated to prioritise cybersecurity.

The article draws parallels between the automotive and food industries, where mandatory safety standards and accountability have significantly improved product safety. It argues that the software industry needs a similar regulatory framework to ensure the security of its products.

While guidance and best practices exist, the challenge lies in overcoming procrastination. Policymakers and industry leaders must work together to foster a security culture within the software ecosystem. By implementing incentives and disincentives, organisations can be motivated to prioritise cybersecurity and mitigate the risks of cyberattacks.

Digital Banks: Boon for Customers, Target for Scammers?

Digital banks have revolutionized how we manage our finances, offering convenience and accessibility. However, a recent scam case highlights this digital revolution's dark side, exposing online banking's vulnerability to fraud.

Amy, a ubank customer, fell victim to a common scam when she received a fraudulent call from someone claiming to be from her bank. Using a script familiar to Amy, the caller convinced her to authorise a fraudulent push payment, draining her savings in a matter of minutes.

This incident underscores the challenges faced by digital banks in combating scams. While the ability to make instant payments is convenient for legitimate transactions, it also makes it easier for scammers to move stolen funds quickly. Additionally, the lack of physical branches and limited call centre support can make it difficult for customers to seek help in a crisis.

Moreover, the casual language used by many online banks to appeal to younger customers can be easily mimicked by scammers, making it difficult for unsuspecting consumers to differentiate between legitimate and fraudulent communication.

The impact of such scams can be devastating, both financially and emotionally. Amy's loss of $16,000 and the subsequent struggle to recover her funds highlight the need for increased vigilance and stronger security measures.

While digital banks offer convenience and accessibility, it is essential for consumers to be aware of the risks and take steps to protect themselves. This includes being cautious of unsolicited calls or messages, verifying communication directly with the bank, and avoiding sharing personal information with unknown individuals.

Industry and regulators must also play a crucial role in addressing the challenges of online banking security. Banks need to invest in robust security measures to detect and prevent fraudulent activity. Additionally, regulators can help by setting standards for online banking security and holding banks accountable for their practices.

In conclusion, digital banks offer a convenient and accessible way to manage finances. However, the recent scam case demonstrates the need for increased vigilance and stronger security measures. By understanding the risks and taking appropriate precautions, consumers can enjoy the benefits of digital banking while minimizing the potential for fraud.

ASD Warns of Phishing Emails Targeting Australians

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued a warning about a new wave of phishing emails impersonating the agency.

Cybercriminals are sending emails from spoofed accounts using the ASD’s ACSC logo, with varying subjects and content. The emails often claim to be informing recipients about increased cyber threats and urge them to download "antivirus" software through a malicious link.

If clicked, the link can lead to the installation of malicious software on the victim's computer. In other cases, recipients are falsely accused of having a compromised email address or IP address and are similarly pressured to download the fraudulent antivirus software.

The ASD’s ACSC emphasizes that it will never send emails asking recipients to download software or provide personal information. If you receive an email claiming to be from the ASD’s ACSC and are unsure of its legitimacy, contact the agency directly on 1300 CYBER1 (1300 292 371).

New Guidance Released on Best Practices for Event Logging and Threat Detection

The Australian Cyber Security Centre (ACSC) has released new guidance on best practices for event logging and threat detection. This comprehensive resource outlines essential steps for organisations to enhance their cybersecurity posture by effectively collecting, analyzing, and responding to security events.

The guidance covers a wide range of topics, including:

  • Developing an enterprise-approved logging policy: Establishing clear guidelines for log retention, collection, and analysis.
  • Centralizing log collection and correlation: Implementing systems to gather and analyze logs from various sources, identifying potential threats and security incidents.
  • Maintaining log integrity: Ensuring the security and reliability of log data through secure storage and access controls.
  • Developing a detection strategy: Identifying relevant threats and creating strategies to detect and respond effectively.

To develop this guidance, the ACSC collaborated with international partners, including the United States, United Kingdom, Canada, New Zealand, Japan, South Korea, Singapore, and the Netherlands.

By following the best practices outlined in this publication, organisations can improve their ability to detect and respond to cyber threats, protecting their valuable assets and data.

Local Networks Exposed: A Flaw in Domain Naming Creates Security Nightmare

A major security vulnerability has been discovered that exposes the credentials of countless organisations worldwide. The issue stems from a "namespace collision" where internal domain names used by companies clash with publicly available ones on the internet.

Here's how it works: Many organisations built their internal networks using domain names in top-level domains (TLDs) that didn't exist at the time, such as .llc or .cloud. These domains are now freely available for anyone to register.

For instance, a company using "company.llc" for their internal Active Directory (Microsoft's authentication system) might have assumed it was secure since the .llc TLD wasn't available back then. However, with the introduction of new TLDs, anyone who registers "company.llc" can potentially intercept or even redirect employee login credentials.

Researcher Maps the Problem:

Philippe Caturegli, a security consultant, has been investigating the scope of this issue. He scanned the internet for self-signed security certificates referencing domains in TLDs attractive to businesses. This revealed thousands of potentially vulnerable domains across various TLDs like .ad, .inc, and .cloud.

Real-World Example:

Caturegli purchased the domain "memrtcc.ad" after discovering it was being used by the Memphis Police Department for internal authentication. This allowed him to intercept a flood of login attempts containing usernames and hashed passwords from police laptops.

Why is this a Problem?

  • Widely Used Protocols: Technologies like Active Directory and Web Proxy Auto-Discovery Protocol (WPAD) were designed for closed, trusted network environments. They are not secure when used with publicly accessible domain names.
  • Difficult to Fix: Rebuilding Active Directory around a new domain is complex and disruptive, making organisations hesitant to address the issue.

The Fallout:

  • Credential Theft: Cybercriminals could use namespace collisions to steal login credentials for large-scale attacks, including ransomware.
  • Unpatched Vulnerability: This issue has been known for years, but many organisations haven't prioritized fixing it.

Recommendations:

  • Use Reserved Domains: Domain administrators should use ".local" for internal networks as it's not routable on the public internet.
  • Be Vigilant: Companies need to be aware of potential namespace collisions and take steps to mitigate them.
  • Consider Alternatives: Explore more secure authentication methods that don't rely on vulnerable domain names.

This widespread vulnerability highlights the importance of using secure protocols and staying vigilant in today's ever-evolving cyber threat landscape. Organisations must prioritize addressing this issue to protect their sensitive data and employee credentials.

Read more