By Daniel Haltmeier
Welcome to the eighth bi-weekly Tech News Digest, provided by the GISA Technology and Security Initiative (TechSec). Our goal here is to give you an easy-to-read update of what has been happening lately in the world of technology and security. To do so, we pick the top news stories from the last two weeks and present a short summary. Should you be interested in knowing more, just follow the links below the respective paragraphs.
ZuoRat: No, this is not a mutated rodent
Another week, another cyber threat. ZuoRat is a remote-access Trojan that has infected several dozens of targets and now, finally, experts are raising the alarms. The trojan infects routers and devices connected to the router and it has, so far, mostly attacked targets in North America and Europe. One problem: Nobody’s safe; the trojan targets all operating systems from Linux to Windows. What’s worse, ZuoRat is only one element in a larger hacking campaign that has been going on for several years now.
The remarkable thing about ZuoRat is its sophistication. It has a surprisingly big range of capabilities because it can not only infect routers but also their connected devices, it can collect DNS lookups and surveil network traffic, all while remaining undetected. This is serious business. Because of this sophistication, security researchers believe it is highly likely that the trojan originated from a nation-state threat actor.
As said above, ZuoRat seems to be part of a larger cyber campaign. It is complemented by three other types of malware which can be installed once ZuoRat “opens a door” to the infected networks.
What is the solution? It’s a lot easier than you’d think. Router malware is usually unable to survive a simple reboot. Hence, the good old “have you tried turning it off and on again” is the most effective way to remove ZuoRat malware from any device. However, even more secure would be a complete factory reset.
Cryptoqueen gone missing: The FBI joins the hunt
There was once a Queen called Ruja Ignatova and she reigned over the kingdom of… crypto? However you want to start this story, it ends in a real thriller (I promise). The “Cryptoqueen” Ruja Ignatova has gone missing (or should we say “gone into hiding”?). She had good reasons to disappear, given that she is wanted by the police for running a cryptocurrency scam known as OneCoin.
OneCoin, which was invented and promoted by Ignatova, paid commissions to buyers if they sold the cryptocurrency to more people. What sounds like a snowball or pyramid scheme is precisely that because as it turned out, OneCoin was absolutely worthless, not safeguarded by blockchain technology and its only value lay in the people participating. With this cryptocurrency Ponzi scheme, Ignatova stole a total of $4bn. (At least now I believe the crypto geeks who say you can get rich with this nonsense).
What may have started as an advanced-level hide and seek between Ignatova and the feds has now turned into a public hunt with the FBI adding Ignatova to the list of the 10 Most Wanted fugitives. The reward for information about her is $100’000… so, if you see her in the streets you might just be able to pay-off your student loan debt (yay!).
Remember when we laughed about the US Space Force?
We were all young once and made mistakes. President Trump and his “Space Force” (I know you just read that in his hilarious voice and pronunciation) might just have been one of these mistakes. With China and Russia amping up their anti-satellite capabilities, defending space has become a central element for future warfare. Given that our modern life depends on satellite technologies (from navigation to the global internet and almost everything else), “Space Force” (you did it again, didn’t you?) could become the backbone of the US Armed Forces.
It is for this reason that the US Space Force has just created a new unit called Space Delta 18, which has the purpose of “providing critical intelligence on threat systems, foreign intentions and activities in the space domain”. The unit will also be responsible to guide Space Force’s innovation and technology acquisition for both kinetic and non-kinetic threats.
Why does there seem to be a sense of urgency in all of this? Because recently the Chinese have demonstrated how they are able to drag a defunct navigation satellite into a graveyard orbit. What is to stop them from using these capabilities against fully functioning satellites? Other forms of threats against satellites are advanced electronic jamming or cyber attacks against ground infrastructures that support satellite operations.
If the US Air Force and other traditional branches want to be able to fight future wars, they must be able to rely on GPS and other satellite enabled systems. Hence, the creation of the US Space Force was not just a crazy idea but could have a long-term strategic impact.
Read more about this on Tech Times.
Biometric Data – New legal rules urgently needed
Your face, fingerprints, voice, DNA, and other data related to your body is biometric data and it is currently not sufficiently protected. With everyday technologies increasingly relying on this data (for example facial recognition to unlock your IPhone), the question of laws and regulation around biometric data protection has to be raised.
A review has now found that in England and Wales, data protection regulation has not kept up with modern technology which increasingly uses these new types of data. The situation is likely the same in many other places. This is mostly due to the fact that regulation dates from a time when biometric data was almost exclusively used by law enforcement. With this fact changing, the time has come for updated data protection which includes biometric data.
One of the problems in England and Wales is that the regulation landscape is highly fragmented with at least 8 different laws applying more or less to this topic. Each one of those would therefore need to be updated or replaced by a unified law about the use and protection of biometric data. The review does not only call for a regulation of private sector uses of biometric data but also for that of law enforcement agencies, which are using more and more automated facial recognition in public places.
It’s getting harder to distinguish between nation-state hackers and citizen hacktivists
I won’t go into too much detail here as this is a transcript of an interview conducted by NZZ with cybersecurity specialist Jen Miller-Osborn of Palo Alto Networks. What she (as a professional hacker hunter) observes is a multiplication of threat origins for companies, especially critical infrastructures. With the Russia-Ukraine war, critical infrastructures are no longer only threatened by advanced persistent threats (APTs), but also by politically motivated groups or hacktivists who either work for or against Russia and are less technically sophisticated but can still cause significant damage. However, not only Russian and anti-Russian groups are more active in cyberspace; there is also increased activity from other nation-states such as China. This time of confusing threat actors is made even more confusing by the fact that criminal groups, hacktivists and nation-states all increasingly rely on zero-day vulnerabilities. This leads to a situation where distinguishing between the different actors becomes more and more difficult for defenders worldwide.
If you’re interested in the work of a threat intelligence specialist, her daily business and what she is currently observing in cyberspace, go read this interesting interview.
Read more about this on NZZ (English Version).
If you would like to hear more tech news, participate in events related to technology and security or learn practical technology skills, consider following us on Instagram, LinkedIn or join our Initiative as a member!