At a glance.

  • The commercialization of surveillance vulnerabilities.
  • Brazil’s leading online retailer discloses extortion attack.
  • Update on Covenant Care breach.
  • Ransomware shifts from encryption to extortion.

The commercialization of surveillance vulnerabilities.

Last week Google’s Threat Analysis Group publicly disclosed the 2021 discovery of seven zero-day vulnerabilities developed by commercial providers and sold to government-backed actors. In an attack developed by Italian surveillance firm RCS Labs and targeting users in Italy and Kazakhstan, the threat actors sent victims a link directing them to install a malicious app, and in some cases the scammers used an ISP to disable the user’s data connectivity, tricking them into downloading the app to recover their connection. 

Though the zero-day exploits used in these hacks have been patched by Apple, Computer World notes that the incidents demonstrate how surveillance technologies have been commercialized, making capabilities typically only available to governments accessible to private contractors, and increasing the risk that highly confidential tools could be abused. As Google explains, “This makes the Internet less safe and threatens the trust on which users depend.” The tech giant’s report notes that Google is tracking at least thirty spyware makers, indicating the expansiveness of the commercial surveillance-as-a-service industry, and by helping these dangerous hacking tools to proliferate, these companies could be making such spyware more available to governments looking to track dissidents, journalists, and human rights activists.

Brazil’s leading online retailer discloses extortion attack.

Brazilian retailer Fast Shop has confirmed it was hit with an “extortion” cyberattack last week that led to network disruption and the temporary closure of its online store. The nation’s largest online retailer has nearly six million visits to its app monthly, and the attack impacted the Fast Shop main website, mobile apps, and online ordering system, Bleeping Computer reports. The attackers also took over the retailer’s Twitter account, posting an announcement boasting that they’d been actively extorting Fast Shop after infiltrating databases on the retailer’s AWS, Azure, GitLab, and IBM cloud and obtaining source code and user and corporate data. After regaining control of the Twitter account, Fast Shop posted a response saying there was no evidence the threat actors had compromised customer data or the firm’s “entire information base.”

Update on Covenant Care breach.

In early May, health services provider Covenant Care California reported a data breach at its Wagner Heights Nursing and Rehabilitation Center resulted in an intruder gaining unauthorized access to an employee’s email account as the result of a phishing scam. 

In mid-May Covenant Care found that another of its facilities, RehabFocus Home Health, had also been breached through a successful phishing attack. Just last week, LegalScoops reports, Covenant Care’s latest data breach notice expanded the scope of the incident, indicating that all patients who had received services from its Home Health services division might have been impacted. It’s worth noting that Covenant Care suffered a similar data breach in 2019, also as the result of a compromised employee email account. 

Ransomware shifts from encryption to extortion.

At the annual RSA Conference earlier this month, cybersecurity experts discussed how to fight the surge in ransomware. While ransomware is nothing new, in recent months experts have seen cybercriminals increasingly ditching the traditional encryption aspect of their attacks, focusing instead on data theft and extortion. The reason: exfiltrating data and demanding a ransom for its “safe” return is just as lucrative, while avoiding the tedious work of scrambling files and distributing decryption keys. Mandiant Intelligence VP Sandra Joyce told The Register the practice has become so common that some attackers are offering discounted ransoms to corporations who agree to expedite payment, while others offer “sliding-scale payment systems” that provide the victim with services or data based on how much they’re willing to pay. Ryan Olson, the VP of threat intelligence for Palo Alto Networks, agrees, “The cyber-extortion crisis continues because cybercriminals have been relentless in their introduction of increasingly sophisticated attack tools, extortion techniques and marketing campaigns that have fueled this unprecedented, global digital crime spree.” Security firm Splunk Surge’s research team have found that indeed some ransomware families are conducting marketing campaigns to beat out the competition in the underground software-as-a-service market.