Positive Security News - Edition 14
Hello all, another week another roundup! Welcome back to the Positive Security News where it's not all doom and gloom in the cyber security industry!
Raidforums marketplace shut down
The popular open web forum has been taken down in a global operation. Raidforums "served as a major online marketplace for hackers".
Founder and chief administrator Diego Santos Coelho was arrested in the UK in January. In addition, the National Crime Agency (NCA) have reported that the police had arrested another suspected founder in March. This suspect has since been released but is under investigation.
RaidForums launched in 2015 and quickly grew in popularity, with threat intelligence firm Recorded future estimating 530,000 registered members, amongst cyber criminals, gaining access to high-profile data leaks.
A big blow to cyber criminals!
Source: BBC Technology
2. Google Play Store removes a dozen apps for secretly harvesting data
More than a dozen apps have been removed by Google on their Play Store after learning these apps contained malicious code, harvesting data.
The apps included a QR code scanner, a weather app, and Muslim prayer apps, with some being downloaded around 10 million times! The issue lied within the apps containing a software development kit (SDK) which was sending private information to third parties.
One app harvesting this data was a QR and barcode scanner was downloaded over five million times. It had secretly been sending sensitive user data, such as IMEI numbers, to a Panama based firm, called Measurement Systems, and traced back to a US based firm, called Vostrom Holdings.
A Google spokesperson added that apps that have been banned as a result of harvesting user data can apply for reinstatement onto the Play Store, as long as the offending code is taken out. The majority of the apps are now available, if this SDK is no longer included.
A yellow card for the offenders!
Source: BBC Technology
3. Analysis of Industroyer, a malware framework targeting Ukraine’s power grid
Industroyer, also known as Crashoverride, is a malware framework considered to have been used behind Ukraine’s power grid attack back on December 17, 2016 - cutting a fifth of Kiev’s power for roughly an hour.
6 years later, Industroyer returned, being appropriately named Industroyer2- rearing its metaphorical head out the malware pool, partaking in a scheduled attack on August 8th 2022. Soon after, ESET researchers in conjunction with CERT-UA analysts, dissected this malware targeting Ukraine’s energy sector.
RoseSecurity, a cybersecurity analyst and researcher, put together a data article documenting the progress and discoveries of Industroyer2 including indicators of compromise and YARA rules to help with detection.
Similarly to our Conti blog article (found here), whilst not as extensive, the article provides insight and solutions on how to better protect against the malware.
And so that does it for this week's Positive Security News, be sure to stick around for next week's edition! Until then!