Cybersecurity

US Justice Department to investigate TikTok over child privacy complaint

The US Federal Trade Commission (FTC) has referred a complaint against TikTok and its parent company, ByteDance, to the Justice Department over potential violations of children’s privacy. The move follows an investigation that suggested the companies might be breaking the law and deemed it in the public interest to proceed with the complaint. The following investigation stems from allegations that TikTok failed to comply with a 2019 agreement to safeguard children’s privacy.

TikTok has been discussing with the FTC for over a year to address the agency’s concerns. The company expressed disappointment over the FTC’s decision to pursue litigation rather than continue negotiations, arguing that many of the FTC’s allegations are outdated or incorrect. TikTok remains committed to resolving the issues and believes it has already addressed many concerns.

Separately, TikTok is facing scrutiny from US Congress regarding the potential misuse of data from its 170 million US users by the Chinese government, a claim TikTok denies. Additionally, TikTok is preparing to file a legal brief challenging a recent law that mandates its parent company, ByteDance, to divest TikTok’s US assets by 19 January or face a ban.

USA pushes allies on China chip restrictions

A US official is heading to Japan following discussions with the Dutch government to strengthen efforts to limit China’s semiconductor production capabilities. Alan Estevez, the US export policy chief, aims to build on a 2023 agreement between the USA, Japan, and the Netherlands to prevent China from accessing advanced chipmaking equipment, which could enhance its military.

In 2022, the US imposed restrictions on advanced chip shipments to China, involving companies like Nvidia and Lam Research. Japan followed suit in 2023, restricting exports of 23 types of chipmaking equipment, while the Dutch government began regulating ASML’s semiconductor equipment sales to China. Washington is now seeking to add 11 more Chinese chipmaking factories to its restricted list and further control chipmaking equipment.

US officials have had ongoing discussions with allies, including visits to the Netherlands, to prevent ASML from servicing certain equipment in China. While ASML expects to service most of its equipment sold to China, US rules prevent using American spare parts.

The Chinese Embassy in Washington did not respond to requests for comment.

NATO to upgrade defence capabilities with cutting-edge technologies

In a bid to innovate in the area of defence, with the aim to replace the now old-school armoury, selected tech companies have received funds to begin work on upgrading key components of NATO’s defence system. Recipients include the British-based Fractile and German ARX Robotics, as well as a computer chip manufacturer and a robot designer.

Others include startups such as iCOMAT and Space Forge, which are companies that operate in the manufacturing space arena. This signals the first outlay of the €1.1 billion NATO Innovation Fund (NIF), which is slated to increase given partnerships with venture capitalists like Space Ventures, Squared Ventures, OTB Ventures and Join Capital. The project seeks access to key technologies to ensure a safe and secure future on the European continent.

National Cyber Director stresses the need for unified cybersecurity requirements in the US

The head of the US Office of the National Cyber Director (ONCD), Harry Coker, has urged the US Congress to harmonise cross-sector baseline cybersecurity requirements in regulated industries, following years of federal and international guidance. Coker highlighted that the lack of regulatory harmonisation poses significant challenges to both cybersecurity outcomes and business competitiveness, as reported by organisations representing the majority of critical infrastructure sectors.

Harry Coker, a Navy veteran and former executive director of the NSA (2017-2019), was confirmed by the US Senate as ONCD director in December 2023, following the resignation of former ONCD Director Chris Inglis in February 2023.

In August 2023, the Office of the National Cyber Director (ONCD) sought private sector input on the state of cybersecurity regulation. Feedback was received from 11 of the 16 critical infrastructure sectors, encompassing over 15,000 businesses, states, and other organizations in the US. The summary of these responses revealed several challenges, including the absence of reciprocity between state and federal regulators and international partners. Regulatory inconsistencies that create barriers to entry, especially for small and mid-sized businesses have also been mentioned among key issues for industry. Furthermore, organizations expressed confusion about which federal agencies are responsible for regulating the defence industrial base, noting that it is unclear which federal agency acts as the clearinghouse for cyber-related regulations and requirements.

In response to the feedback, Coker announced that ONCD has initiated new harmonisation projects, including a pilot reciprocity framework within a critical infrastructure subsector. The pilot project aims to provide valuable insights for designing a comprehensive cybersecurity regulatory approach. Coker emphasized the need for Congress’s assistance to bring all relevant government agencies together to develop a cross-sector framework for harmonisation and reciprocity of baseline cybersecurity requirements. ONCD has not yet provided further details about the pilot project or other ongoing initiatives aimed at driving regulatory harmonisation.

UnitedHealth discloses potential theft of data from one-third of Americans

The Centres for Medicare and Medicaid Services have announced the discontinuation of a program designed to assist Medicare providers and suppliers impacted by disruptions at UnitedHealth’s technology division, Change Healthcare. 

Initiated in response to a hack at Change Healthcare on February 21st by threat actor ‘BlackCat’, the program will now cease accepting new applications as of July 12. It has distributed over $2.55 billion in expedited payments to 4,200 providers such as hospitals and $717.18 million to suppliers including doctors, non-physician practitioners and durable medical equipment suppliers, with a significant portion of these funds already recovered. Providers are now able to effectively submit claims to Medicare.

The cyber incident in February affected a key player in processing medical claims. The US Change Healthcare handles approximately half of all medical claims in the United States, serving about 900,000 physicians, 33,000 pharmacies, 5,500 hospitals, and 600 laboratories, adding to the growing cyber threat posed to the healthcare industry.

Mediabank faces legal action in Australia over massive data breach

Following the 2022 Mediabank’s cyber incident, the Office of the Australian Information Commissioner has initiated legal proceedings against the company, alleging the significant data breach impacted a vast number of customers, including 5.1 million Medibank customers, 2.8 million ahm customers, and 1.8 million international customers, totalling 9.7 million individuals. 

While Mediabank initially blamed a third party contractor and a ‘misconfigured firewall’ for the incident, a federal court case in Australia has revealed that the breach originated from an IT service desk operator at Medibank who stored multiple account credentials on his work computer which provided a gateway for a hacker to illicitly access Medibank’s systems. The hacker exploited this access for nearly two months and managed to extract a substantial amount of personal data, estimated at around 520GB.

The breach was aggravated by the absence of multi-factor authentication on Medibank’s Global Protect VPN, a security loophole that had been previously flagged in reports by KPMG and Datacom in 2020 and 2021. The Office of the Australian Information Commissioner has criticised Medibank for failing to promptly address these known security vulnerabilities. Legal action has been taken against Medibank in response to the breach. Moreover, the government has identified the alleged perpetrator as a Russian citizen named Aleksandr Gennadievich Ermakov and will be imposing sanctions against him under the new autonomous sanctions law. The incident stresses the critical importance of proactive risk mitigation strategies to safeguard sensitive customer information from malicious cyber threats.

Report uncovers hackers now use emojis to command malware

Researchers from the cybersecurity firm Volexity have uncovered a sophisticated cyber threat that uses the popular Discord messaging service for command and control (C2) purposes. That was discovered during a targeted cyber attack on the Indian government this year, where a malicious software named Disgomoji was deployed. The attack was attributed to a suspected Pakistani threat actor known as UTA0137. The group uses emojis for C2 communication on the Discord platform, showcasing a new covert approach to conduct espionage campaigns against Indian government entities.

The Disgomoji malware, tailored to target Linux systems, specifically the custom BOSS distribution used by the Indian government is highly sophisticated in its design and execution. Initial access to the targeted systems was believed to have been gained through phishing attacks, leveraging decoy documents as bait. Once infiltrated, the malware established dedicated channels within Discord servers, with each channel representing an individual victim. That setup allowed the threat actor to interact with each victim separately, enhancing the precision and effectiveness of the attack.

Upon activation, Disgomoji initiated a check-in process, transmitting crucial system information such as IP address, username, hostname, operating system details, and current working directory to the attacker. The malware exhibited persistence mechanisms which ensured its survival through system reboots and allowed it to maintain a covert presence within the compromised systems. Communication between the attacker and the malware was facilitated through an emoji-based protocol or in other words, with commands issued via emojis. For instance, as Disgomoji executes the command, it responds with a “⏰” emoji, and upon completion, it shows the “✅.”

Why does it matter?

The malware’s capabilities extended beyond basic communication, including advanced functionalities such as network scanning using tools like Nmap, network tunnelling through Chisel and Ligolo, and data exfiltration via file sharing services. Disgomoji also employed deceptive tactics, masquerading as a Firefox update to deceive victims into sharing sensitive information like passwords. 

Volexity’s attribution to a Pakistan-based threat actor was supported by various indicators, including Pakistani time zones in the malware sample, infrastructure links to known threat actors in Pakistan, the use of the Punjabi language, and the selection of targets aligned with Pakistan’s strategic interests. The detailed analysis stresses the evolving sophistication of cyber threats and the critical importance of robust cybersecurity measures to safeguard against such malicious activities.

FCC names Royal Tiger as first official AI robocall scammer gang

The US Federal Communications Commission (FCC) has identified Royal Tiger as the first official AI robocall scammer gang, marking a milestone in efforts to combat sophisticated cyber fraud. Royal Tiger has used advanced techniques like AI voice cloning to impersonate government agencies and financial institutions, deceiving millions of Americans through robocall scams.

These scams involve automated systems that mimic legitimate entities to trick individuals into divulging sensitive information or making fraudulent payments. Despite the FCC’s actions, experts warn that AI-driven scams will likely increase, posing significant challenges in protecting consumers from evolving tactics such as caller ID spoofing and persuasive social engineering.

While the FCC’s move aims to raise awareness and disrupt criminal operations, individuals are urged to remain vigilant. Tips include scepticism towards unsolicited calls, utilisation of call-blocking services, and verification of caller identities by contacting official numbers directly. Avoiding sharing personal information over the phone without confirmation of legitimacy is crucial to mitigating the risks posed by these scams.

Why does it matter?

As technology continues to evolve, coordinated efforts between regulators, companies, and the public are essential in staying ahead of AI-enabled fraud and ensuring robust consumer protection measures are in place. Vigilance and proactive reporting of suspicious activities remain key in safeguarding against the growing threat of AI-driven scams.

X bans over 230,000 accounts in India for violations

Between April 26 and May 25, Elon Musk’s X Corp banned 229,925 accounts in India, primarily for promoting child sexual exploitation and non-consensual nudity. Additionally, 967 accounts were removed for promoting terrorism, bringing the total to 230,892 banned accounts during this period. In compliance with the new IT Rules, 2021, X Corp’s monthly report noted receiving 17,580 user complaints in India. The company processed 76 grievances appealing account suspensions but upheld all suspensions after review.

The report also mentioned 31 general account-related inquiries. Most user complaints involved ban evasion (6,881), hateful conduct (3,763), sensitive adult content (3,205), and abuse/harassment (2,815). Previously, between March 26 and April 25, X banned 184,241 accounts in India and removed 1,303 for promoting terrorism.

Why does it matter?

India, with nearly 700 million internet users, has introduced new regulations for social media, streaming services, and digital news outlets. These rules mandate firms to enable traceability of encrypted messages, establish local offices with senior officials, comply with takedown requests within 24 hours, resolve grievances within 15 days, and publish a monthly compliance report detailing received requests and actions taken.

International Criminal Court investigates cyberattacks on Ukraine as possible war crimes

The International Criminal Court (ICC) is examining alleged Russian cyberattacks on Ukrainian civilian infrastructure as potential war crimes, marking the first instance of such an investigation by international prosecutors. According to sources, this could lead to arrest warrants if sufficient evidence is collected. The investigation focuses on cyberattacks that have endangered lives by disrupting power and water supplies, hindering emergency response communications, and disabling mobile data services used for air raid warnings.

Ukraine is actively gathering evidence to support the ICC investigation. Although the ICC prosecutor’s office has declined to comment on specific details, it has previously stated its jurisdiction over cybercrimes and its policy of not discussing ongoing cases. It should also be noted that since the invasion began, the ICC has issued four arrest warrants against senior Russian officials, including President Vladimir Putin, for war crimes related to the deportation of Ukrainian children to Russia. Russia, which is not a member of the ICC, has rejected these warrants as illegitimate. Despite not being a member state, Ukraine has granted the ICC jurisdiction over crimes committed within its borders.

In April, the ICC issued arrest warrants for two Russian commanders accused of crimes against humanity for their roles in attacks on civilian infrastructure. The Russian defense ministry did not respond to requests for comment. Sources indicated that at least four major attacks on energy infrastructure are being investigated.

Why does it matter?

The ICC case could set a significant precedent in international law. The Geneva Conventions prohibit attacks on civilian objects, but there is no universally accepted definition of cyber war crimes. The Tallinn Manual, a 2017 handbook on the application of international law to cyberwarfare, addresses this issue, but experts remain divided on whether data can be considered an ‘object’ under international humanitarian law and whether its destruction can be classified as a war crime. Professor Michael Schmitt of the University of Reading, who leads the Tallinn Manual initiative, emphasised the importance of the ICC’s potential ruling on this issue. He argued that the cyberattack on Kyivstar could be considered a war crime due to its foreseeable consequences for human safety.