With the temperatures plummeting this week you could be forgiven for going into hibernation mode and missing everything happening in the world of I.T. and Tech. However, it’s been a busy week with WhatsApp hitting the headlines again, the biggest ever cyber-attack on Georgia and the launch of new POS malware. So, in case you missed all that, here is our roundup of the week’s biggest stories.
WhatsApp to sue Israeli tech group
WhatsApp is seeking an injunction against the Israeli group, NSO. The Facebook owned company claims that the group was behind cyber-attacks against 1,400 phones in April and May of this year. Those targeted included; journalists, human rights activists, political dissidents, and diplomats.
The NSO, whose purpose is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime, strenuously denies the allegations.
However, WhatsApp claims the NSO developed their malware specifically to access messages and other communications after they were decrypted on target devices. It said the group created various WhatsApp accounts and caused the malicious code to be transmitted over the WhatsApp servers for the purpose of surveillance. "We believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse," WhatsApp said in a statement. Read more here.
Georgian cyber-attack of unprecedented scale
Over 2000 websites in Georgia, Western Europe have been knocked out in one of the country’s biggest ever cyber-attacks. In addition, the attack targeted two of the country’s TV stations – including the state owned station Imedi – knocking one of them out for almost an hour and destroying and damaging equipment at another. Court websites containing case materials and personal data were also attacked.
The origin of the attack is as yet unknown; however, it has been speculated that Russia was behind the attack and security experts believe that an attack of this magnitude is likely to be state sponsored.
Prof Alan Woodward, cyber-security expert at Surrey University said: "The scale of this attack is something we haven’t seen before. With the scale and the nature of the targets, it’s difficult not to conclude that this was a state-sponsored attack."
He added that while the disruption caused had been "significant", critical national infrastructure did not appear to have been affected.
Experienced malware hacker selling POS malware
It was reported this week that the malware first discussed in February this year is now available to purchase on crimeware forums. The makers of the malware, GlitchPOS have even created and posted a marketing video promoting its ease of use to potential buyers.
The malware’s main purpose is to allow cybercriminals to steal payment card numbers from an infected system. It has been connected to those who previously pushed the DiamondFox L!NK botnet, which is one of the reasons why the GlitchPOS team is considered experienced.
The first post referring to GlitchPOS was seen in February 2019 in a malware forum posted by an account called “edbitss” announcing that GlitchPOS was under development. It was then spotted for sale just a few weeks ago. A report by our partner Check Point alleged that edbitss developed the DiamondFox L!NK botnet in 2015/2016 and 2017.
Those were some of this week’s top stories but if you want more content, follow us across our four social media channels: