Tag Archive for: Spyware

Google Confirms Massive Increase In Zero-Day Vulnerabilities Exploited In Attacks Due To Spyware Vendors

/in


Google has published a new report that speaks about the significant rise in zero-day vulnerabilities that continue to be exploited in attacks from 2023.

Both its Threat Analysis Group, as well as the company’s subsidiary firm Mandiant, mentioned how the figures continue to grow as we speak and a lot of that has to do with spyware vendors.

The figures reached 97 zero-days and that stood for more than a 50% rise when you compare it to the past which was just 62. But despite such an increase, the numbers are still much lower than the rise of 106 seen back in the year 2021.

Both entities collectively witnessed 29 out of the 97 vulnerabilities. They even spoke about 61 impacted end users who made use of Google’s products and services such as mobile phones, browsers, and social media apps.

Furthermore, the rest of them were utilized to attack tech like security software and a host of other leading devices in this regard. As far as the enterprise side is concerned, there’s a mega array of vendors as well as products under target and we’re seeing more specific tech getting impacted as a result of this.

Let’s not forget how they’ve seen that as the years pass by, the faster they’re discovering the patch featuring bugs from attackers and this means shorter lifespans arising due to the exploit in question.

In 2023, plenty of threat actors made use of zero-day vulnerabilities that went up to Figure 10. And interestingly, it was China that was highlighted as being behind most of the attacks that had support from the government. Some of those entailed espionage groups from the country which was a trend moving upward.

In 2023, it was all thanks to commercial surveillance that seemed to be the culprit of these attacks that kept on targeting both Android as well as Google devices.

They include up to 75% of all those zero-day exploitations that kept on hitting the platforms. In addition to that, there were vendors

Other than that, most of the 37 zero-day vulnerabilities found on browsers as well as devices that were exploited in 2023 had Google linking close to 60% of all CSVs that keep on selling spyware to clients in the government.

Way back in February, Google revealed how so many…

Source…

US imposes sanctions on spyware group members

/in


US imposes sanctions on spyware group members

by AFP Staff Writers

Washington (AFP) March 5, 2024






US authorities announced sanctions Tuesday on parties associated with Intellexa Consortium, citing their role in making and distributing commercial spyware used to target US officials, journalists and others.

Commercial surveillance tools “increasingly present a security risk to the United States and our citizens,” said Treasury Under Secretary for terrorism and financial intelligence Brian Nelson.

In particular, the Intellexa Consortium was founded in 2019 and served as a “marketing label” for companies offering commercial spyware and surveillance tools.

The tools, the Treasury Department said, are packaged as a suite under the brand-name “Predator” spyware, able to infiltrate devices without user interaction.

“The Predator spyware has been deployed by foreign actors in an effort to covertly surveil US government officials, journalists, and policy experts,” the Treasury said.

Among those targeted on Tuesday were Intellexa Consortium founder Tal Jonathan Dilian and Sara Aleksandra Fayssal Hamou, who has provided managerial services to the group.

Five companies were also hit with sanctions, over activities such as exporting Intellexa’s surveillance tools to authoritarian regimes and working as a developer of the Predator spyware.

In July last year, Washington blacklisted Greece- and Ireland-incorporated units of Intellexa.

They were placed on the Commerce Department’s Entities List, which tightly restricts Americans from doing business with them.

Related Links

Cyberwar – Internet Security News – Systems and Policy Issues

Source…

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

/in


Spyware Firms

Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry.

The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices.

“Their various malware included capabilities to collect and access device information, location, photos and media, contacts, calendar, email, SMS, social media, and messaging apps, and enable microphone,camera, and screenshot functionality,” the company said.

The eight companies are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries.

These firms, per Meta, also engaged in scraping, social engineering, and phishing activity that targeted a wide range of platforms such as Facebook, Instagram, X (formerly Twitter), YouTube, Skype, GitHub, Reddit, Google, LinkedIn, Quora, Tumblr, VK, Flickr, TikTok, SnapChat, Gettr, Viber, Twitch and Telegram.

Specifically, a network of fictitious personas linked to RCS Labs, which is owned by Cy4Gate, is said to have tricked users into providing their phone numbers and email addresses, in addition to clicking on bogus links for conducting reconnaisance.

Another set of now-removed Facebook and Instagram accounts associated with Spanish spyware vendor Variston IT was employed for exploit development and testing, including sharing of malicious links. Last week, reports emerged that the company is shutting down its operations.

Cybersecurity

Meta also said it identified accounts used by Negg Group to test the delivery of its spyware, as well as by Mollitiam Industries, a Spanish firm that advertises a data collection service and spyware targeting Windows, macOS, and Android, to scrape public information.

Elsewhere, the social media giant actioned on networks from China, Myanmar, and Ukraine exhibiting coordinated inauthentic behavior (CIB) by removing over 2,000 accounts, Pages, and Groups from Facebook and Instagram.

While the Chinese cluster targeted U.S. audiences with content related to criticism of U.S. foreign policy towards…

Source…

Spyware behind nearly 50% of zero-days targeting Google products

/in


Google on Tuesday reported that commercial surveillance vendors (CSVs) are behind nearly 50% of the known zero-day exploits targeting Google products.

The news brought to light the increased prevalence of CSVs and the potential threat of spyware being used against not just famous journalists, politicians and academics, but ordinary citizens and businesspeople.   

Google’s 50-page report found that from mid-2014 through 2023, security researchers discovered 72 in-the-wild zero-day exploits affecting Google products with the Google Threat Analysis Group (TAG) attributing 35 of the zero-days to the CSVs.

“The commercial surveillance industry has emerged to fill a lucrative market niche: selling cutting edge technology to governments around the world that exploit vulnerabilities in consumer devices and applications to surreptitiously install spyware on individuals’ devices,” wrote the Google researchers. “By doing so, commercial surveillance vendors (CSVs) are enabling the proliferation of dangerous hacking tools.”

Morgan Wright, chief security advisor at SentinelOne, said Google’s new information means that anyone, anywhere, any place, is at risk.

The proliferation of mobile computing, along with continuous discoveries of zero-day exploits, means spyware will become a booming market that will continue to grow because there’s demand for these capabilities, Wright said. What’s of most concern, Wright continued, is that the spyware capabilities that were once the exclusive province of nation-state intelligence organizations are available off-the-shelf to anyone with a big enough bank account.

“The number of threat actors will grow exponentially, making it a very challenging exercise to identify and defend against these threats,” said Wright. “For the security community, this means there is no rest. Ever. The vectors of attack will change minute-by-minute and hour-by-hour. Once a threat pops up and is identified and dealt with, many more will develop to take its place. This will force certain decisions about open versus closed platforms. To have more freedom and security, it may require tighter controls.”

Marina Liang, threat intelligence engineer at Interpres, said…

Source…