« Back to Blog

This Week in Security: APTs Uncovered, Privacy Guides, and Authentication Woes

By Cylance Research and Intelligence Team

DOJ Indicts Chinese APT3 Hackers

The APT3 threat actor has been compromising targets for years, but they may have hit a stumbling block recently. The U.S. Department of Justice has indicted 3 employees of Boyusec, a Chinese cybersecurity firm that months ago was alleged to be the group known publicly as APT3.

This isn’t the first time that the U.S. has charged individuals for their participation in Chinese cyber-espionage, and like last time, the charges all stem from attacking corporate targets and allegedly stealing sensitive information that would be beneficial to competitors.

Similarly, the DOJ has also indicted an Iranian national on hacking charges, though not as clearly linked to state operations.

Yet Another Privacy Guide!

Every day there seems to be a new cloud-connected device, or “free” service to make our lives more convenient for the small fee of some precious personal data. There also seems to be a new breach every day, where that very same precious data is leaked to the online underworld. People have understandably grown quite concerned about their privacy and how to preserve it from greedy services, digital crooks, and state surveillance.

Luckily there are a lot of tools and techniques available, as well as information on how to select and use them. Most recently, Motherboard published a run-down of privacy tools and processes that are certainly of interest to journalists and activists. Another good resource which predates Motherboard’s is the EFF’s Surveillance Self Defense guide, delivering privacy concepts and tutorials in accessible packaging.

Awareness of tools and techniques and when to use them is a major issue for the non-expert, so more accessible guides that can reach different people are good to see, such as Teen Vogue’s guide to secure messaging.

Also of note is how many privacy-oriented tools also provide censorship resistance, which can come in handy when certain communications are suddenly blocked. However, this all only helps if you know about it ahead of time, so take a few minutes to install and try out some different tools!

Google Discovers 'Tizi' Android Malware

Just recently a new variety of Android malware, dubbed ‘Tizi' has been discovered by Google. Apparently targeting users in African countries, the spyware focuses on stealing data from social media applications such as Facebook, Twitter, WhatsApp and Telegram. Keeping with the data-stealing theme, the spyware could also nab contacts, Wi-Fi keys, SMSes, silently capture screencaps, and record ambient audio with the microphone. Essentially everything sensitive or important on the phone was susceptible to theft.

The malware was first spotted by Google Play Protect scans in September of this year, but further analysis traces it back to 2015. However, the malware wasn’t spread widely and appears to be more targeted, which likely accounts for it flying under the radar for so long. As an extra, and likely to enable access the sensitive materials listed above, the malware also uses multiple publicly available exploits to root devices. Thankfully, any Android phone that is up to date with security patches is not vulnerable to these.

The professionals at Google recommend the following to protect against spyware like Tizi:

1.  Check permissions. Don’t install apps that are greedy about access to data they don’t need.

2.  Enable a secure lock screen. A strong PIN or passphrase can protect your phone against physical attackers.

3.  Update your device. As always, stay updated to fix vulnerabilities as they’re discovered.

4.  Locate your device. Odds are better that you’ll lose your phone somewhere than install malware from the Play Store.

5.  Enable Google Play Protect.
 

About the Cylance Research and Intelligence Team

The Cylance Research and Intelligence team explores the boundaries of the information security field identifying emerging threats and remaining at the fore front of attacks. With insights gained from these endeavors, Cylance stays ahead of the threats. 

Tags: