Cybersecurity Newsletter - Issue 11
Keeping an eye on cyber news and threats
Welcome back to another issue of my cybersecurity newsletter. As you can see it’s had a bit of a facelift, what do you think? It’s been a pretty interesting week for cybersecurity, so I’ve tried to whittle it down to a few interesting articles, including a ransomware attack on a popular video game company, so let’s start with that one first!
Makers of Cyberpunk 2077 and The Witcher saga CD Projekt Red hit by ransomware attack
Game makers CD Projekt Red, known for popular releases such as Cyberpunk 2077 and The Witcher trilogy have had their internal networks hacked by ransomware, which has encrypted some data servers.
The attackers claim to have stolen source code for several games including the aforementioned titles and future releases, and would release this data if the ransom was not paid. Source code is the human-readable version of the code behind the game, meaning that anyone with the code could modify it and create their own versions or hacks.
They also threatened to send the data to gaming journalists and also claim to have data relating to accounting, investments, HR and legal documents. They gave them 48 hours to respond but CD Projekt are not negotiating, in fact, they have dealt with the situation rather well.
CD Projekt are being praised by the cybersecurity world for how they’ve handled this, showing a great example of how to deal with cybercriminals by being open about it, not paying up and publishing as much info about it as possible including the ransom note (below) which was posted on Twitter.
They immediately began to restore data from secure back-ups and stated that no personal data had been breached and will not negotiate with the actor. They have also informed law enforcement and an investigation is underway.
Iran running spyware campaign through mobile apps
A report for a leading cybersecurity company suggests Iran is currently running two ‘surveillance operations’ directed at certain individuals in Iran and 12 other countries, including the UK.
It’s using mobile apps and various techniques to install spyware onto target devices and then stealing media files and call recordings.
One of the groups affiliated with the operation, Domestic Kitten, has been accused of tricking people into downloading malware onto their phones by creating fake apps such as games, security software, restaurant apps, wallpaper apps containing pro-Islamic state imagery and compromised local news apps.
Domestic Kitten were first identified in 2018 and have run several campaigns since 2017, with four still being active. It was using Telegram channels, text messages and an Iranian blog site to deliver its malware, known as ‘Furball’, which records calls and audio, tracks location, collects call logs and messages, steal media files and more.
The other group, Infy or ‘Prince of Persia’ is said to spy on home and work PC’s of dissidents in 12 countries, using phishing techniques with malicious email attachments.
The Iranian government haven’t commented on the report.
Barcode Scanner app turns evil
An old barcode scanner app from the Google Play store infected 10 million users with adware in one update. The app, simply named ‘Barcode Scanner’ has been around for years and many people still had this app on their phone when it was updated in December and used as adware to spam people’s phones with pop-up ads or open browsers to websites or ads.
Cybersecurity company Malwarebytes published a report on this and classified it as a trojan, as it was weaponized directly through code in the app update, and not aggressive ads from an ad providing company.
You can find out more detail, including a video of the virus in action here.
This week’s top tip – Antivirus on your smartphone
Most of us know that we should have antivirus software running on our PC’s to keep them protected, but our phones can be overlooked. Our phones have become handheld computers, some of the higher-spec models have more computing power and features than standard laptops these days, so it makes sense we should treat our phones like we treat our computers.
As highlighted in the previous article about Barcode Scanner, you can see how easy it is to infect a smartphone with a virus and considering most of us have these devices with us at all times and use them constantly, it makes them a juicy target for viruses and cybercriminals. Most antivirus software companies now offer mobile device security too, often part of their subscription. Make sure you have a trusted antivirus providers app on your phone and keep it protected.
That’s all for now, see you next week.