Today’s cache | Google’s report on state-back phishing campaigns, and more

Google’s threat analysis team shares its report on state-backed phishing campaigns.

A Java-based ransomware PonyFinal is targeting organisations' system management server.

Following HBO’s new streaming app launch, Apple TV Channels users can’t subscribe to the channel on the platform.

President Trump is drafting an executive order that will remove the liability protection social media firms have under Section 230 of Communications Decency Act, 1996

Google to face antitrust charges for using its dominant position to showcase its payment app over its competitors's.

Microsoft shares PonyFinal threat data

Microsoft, in a series of tweets, shared data on a Java-based ransomware. Called PonyFinal, the human-operated ransomware gains access through brute force into a target company’s systems management server.

The malware then deploys a VBScript to run a PowerShell reverse shell to do data dumps. It also install a remote manipulator system to bypass event logging.

The attackers also deploy Java Runtime Environment, which is necessary to run PonyFinal.

Microsoft warned organisations that they should be worried about how the malware is delivered than the payload it installs.

The PonyFinal malware is delivered via an MSI file containing two batch files and ransomware payload.

The file creates a scheduled task named ‘Java Updater,’ and calls ‘RunTask.bat’ to run the payload, PonyFinal.JAR.

According to Microsoft’s analysis, the ransomware encrypts files at a particular date and time. And those files are appended with .enc file name extension.

PonyFinal is at the tail end of protracted human-operated ransomware campaign, which stay dormant until it finds the right time to deploy the payload, Microsoft said.

Google’s report on state-backed phishing campaigns

Google has been tracking over 270 government-backed attacker groups in more than 50 countries.

The team of security experts has been working on spotting and stopping phishing campaigns, zero-day vulnerabilities and hacking against the search giant’s product and users.

In its latest report, the threat analysis group has identified numerous COVID-themed cyber-attacks. One of the groups, Charming Kitten, continues to run hacking campaigns against medical and healthcare professionals, including WHO employees.

The cyber security team has discovered new campaigns by ‘hack-for-hire’ firms - - most of them are based in India. These hackers create Gmail accounts that imitate the WHO, and target business leaders in financial services, consulting and healthcare corporations based in several countries, including the US, Canada, India, UK, and Bahrain.

The hackers send malicious links asking users to sign up for notifications from the WHO to stay updated on COVID-19 related information. The links are hosted on the hacker’s website, which mimic the WHO’s official webpage.

Upon entering the website, users are asked to input their Google account login credentials in a fake login page.

Apart from this type of campaigns, state-backed attacks are interested in gathering intelligence or stealing intellectual property. Other cyber attacks target activists and dissidents in a country, or spread disinformation through coordinated influence operations.

Since March, Google has removed more than a thousand YouTube channels that they believed to be part of a large campaign that was exhibiting coordinated behaviour.

The removed channels were mostly uploading spam and non-political content. A small subset posted Chinese-language political content.

President Trump drafts executive order against Twitter

US President Donald Trump is expected to sign a draft executive order that will limit legal protection provided to social media and online platforms, the Wall Street Journal reported citing people familiar with the draft.

The draft executive order comes a day after Twitter fact checked President Trump’s two tweets on mail-in ballots.

Twitter had added a blue line under the two tweets, which is a link to getting facts about mail-in ballots.

In one of the several tweets after the fact checking incident, President Trump tweeted, “Twitter has now shown that everything we have been saying about them (and their other compatriots) is correct. Big action to follow!”

The draft executive order is still not final, and is subject to change, according to the people familiar with the matter.

In its current form, the order changes the way federal regulators view Twitter and other social media firms. They will be seen as large firms controlling the day-to-day experience of its users than as platforms that enable sharing of ideas, the people said.

Currently, social media companies have a legal protection under Section 230 of the Communications Decency Act, 1996. Under this provision, online firms are not liable for their users’ actions on their platforms. Also, they are not liable to police content.

The draft order seeks to remove Section 230 protection available to tech firms like Twitter and Facebook.

Google Pay under scanner for antitrust in India

The Competition Commission of India (CCI) is looking into allegations against Google for unfairly using its market position to promote its payment app, Reuters reported.

The complaint with CCI alleges that the Google Pay app is showcased in the Android app store in India. This positioning gives the app unfair advantage over its competitors in the market, according to an unnamed source.

Two other unnamed sources added that the competition regulator had reached out to Google about the case, Reuters reported.

Google did not respond to a request for comment.

This is Google’s third antitrust case in India. The search giant was find $21 million for search bias in 2018. The company’s appeal against the case is still pending.

Another case that CCI is investigating against Google involves the company using its dominant position to reduce phone makers from using an alternative version of Android’s mobile OS.

Android mobile OS powers over 98% of smartphones in India, according to data from Counterpoint Research.

HBO subscription won’t be available in Apple TV Channels

HBO launched on Tuesday its new streaming service HBO Max. Following that announcement, its Apple TV Channel will not be available for subscribers on Apple TV platform, TheVerge reported.

For existing Apple TV users who have subscribed to HBO, they can view old content, meaning it won’t be updated with exclusive HBO Max content. But, no new subscriptions are allowed.

The Apple TV Channels was built to act as a single stop shop to watch content from multiple service providers. This gave its users the option to just swipe through third-party content on a single platform.

But HBO is looking to add subscribers to its content via the HBO Max app.

Existing subscribers to HBO on Apple TV Channels can stream Max content for free as the deal between Apple and WarnerMedia enables users to view HBO Max content in Apple TV app.

Our code of editorial values

This article is closed for comments.
Please Email the Editor

Printable version | Jun 23, 2021 3:02:37 AM |

Next Story