It is nearly five years since I started curating this weekly Saturday cybersecurity news round-up. I hope you are finding this column useful.
[2022.03.17] Oops: – Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’ Something’s gone terribly wrong here. EDITED TO ADD (4/13): Details of what happened.
Police reportedly arrived on the scene last week and found the man crouched beside the woman’s passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the woman’s passenger side front car wheel and then used the Watch to track her movements. When police eventually confronted him, he admitted the Watch was his. Now, he’s reportedly being charged with attaching an electronic tracking device to the woman’s vehicle.
[2022.04.08] Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey:
Motherboard requested records mentioning AirTags in a recent eight month period from dozens of the country’s largest police departments. We obtained records from eight police departments.
Of the 150 total police reports mentioning AirTags, in 50 cases women called the police because they started getting notifications that their whereabouts were being tracked by an AirTag they didn’t own. Of those, 25 could identify a man in their lives — ex-partners, husbands, bosses — who they strongly suspected planted the AirTags on their cars in order to follow and harass them. Those women reported that current and former intimate partners — the most likely people to harm women overall — are using AirTags to stalk and harass them.
Eight police departments over eight months yielded fifty cases. And that’s only where the victim (1) realized they were being tracked by someone else’s AirTag, and (2) contacted the police. That’s going to multiply out to a lot of AirTag stalking in the country, and the world.
EDITED TO ADD (4/13): AirTags are being used by Ukrainians to track goods stolen by Russians and, as a nice side effect, to track the movements of Russian troops.
Original release date: April 18, 2022
CISA, the Federal Bureau of Investigation (FBI), and the U.S. Treasury Department have released a joint Cybersecurity Advisory (CSA) that details cyber threats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) actor known as the Lazarus Group.
CISA encourages organizations to review joint CSA: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies and apply the recommendations.
The Russian-linked Shuckworm espionage group (aka Gamaredon, Armageddon) is continuing to mount an intense cyber campaign against organizations in Ukraine.
Shuckworm has almost exclusively focused its operations on Ukraine since it first appeared in 2014. These attacks have continued unabated since the Russian invasion of the country. While the group’s tools and tactics are simple and sometimes crude, the frequency and persistence of its attacks mean that it remains one of the key cyber threats facing organizations in the region.
IOCs and more