Widespread hacking continued to be on everyone's minds this week as countless companies and organizations continued to struggle with a slew of major hacks. Now that Microsoft's patches have been out for a while, an array of nation-state and criminal actors are getting more aggressive about exploiting a set of Microsoft Exchange Server bugs that were already under active attack by the Chinese group Hafnium. Meanwhile, the White House is mulling a response to Russia's recent, high-profile SolarWinds espionage campaign that compromised data at numerous United States government agencies and private companies around the world. For the Biden administration, the risk is that too strong a retaliation could erode norms and be seen as hypocritical given that the US and virtually every government engages in digital espionage.
Criminal hackers have also continued their extortion rampage related to a breach of the network equipment and firewall maker Accellion. The world of digital chess is in an uproar, and stooping to digital harassment, over accusations from a Twitch and YouTube chess star that an upstart challenger cheated in a match the master lost. And Google researchers developed a proof-of-concept browser exploit to raise awareness about the threat that speculative execution attacks, like those exploiting the infamous “Spectre” vulnerability, still pose to the web three years later.
The privacy-focused Brave browser launched its own search engine this week that's meant to give Google a run for its money without vacuuming up so much user data. And we took another look at the five best password managers to use right now. Now's a good time to brush up on them, especially given that Netflix may be cracking down on sharing passwords.
And there's more! Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
Hackers breached the video surveillance services company Verkada on Monday, Bloomberg reported, gaining access to a “super admin” account that let them see more than 150,000 live feeds as well as video archives from Verkada’s customers. Exposed organizations included jails, schools, and hospitals—like the Madison County Jail in Huntsville, Alabama, and Sandy Hook Elementary School—as well as tech companies like Tesla and Cloudflare. More than 100 Verkada employees had access to thousands of customers' streams—an additional surprising and likely disturbing revelation for the clients' customers. Tillie Kottman, a hacker who claimed responsibility for the breach, said in a Mastodon post on Friday that officials raided their apartment in Lucerne, Switzerland, and confiscated their electronic devices. The search warrant was apparently related to an alleged hack from last year and not the Verkada breach.
Security researchers warned this week that a full, public proof-of-concept exploit for recently-patched Microsoft Exchange Server vulnerabilities would further roil a hacking frenzy that had already escalated in recent days. On Wednesday, independent security researcher Nguyen Jang uploaded one such exploit on the code repository platform Github. Within hours, Github had removed the post. The incident stoked controversy within the security community, because Microsoft owns both Github and Exchange Server. The idea that a corporate overlord might police content on Github, or otherwise encroach on the open source community, caused major controversy during Microsoft's acquisition of the service.
"We understand that the publication and distribution of proof-of-concept exploit code has educational and research value to the security community, and our goal is to balance that benefit with keeping the broader ecosystem safe," a Github spokesperson told Motherboard on Thursday. "In accordance with our Acceptable Use Policies, we disabled the gist following reports that it contains proof of concept code for a recently disclosed vulnerability that is being actively exploited."
Jang told Motherboard that Microsoft sent an email notification about the action and that "it's OK to take down the proof of concept."
The US brewing giant Molson-Coors confirmed on Thursday that it was the target of a digital attack that caused delays and disruption to its “brewery operations, production, and shipments.” The company said in a Securities and Exchange Commission disclosure that some of the impacts could persist into the weekend. It is working on remediation and has retained both an incident response firm and legal counsel to advise during the process. Though the company was not specific about what type of attack it suffered, the situation seems consistent with a ransomware attack. Technicians rebooted productions systems while employees were told to simply leave their computers and, in some cases, were sent home.
The FBI issued a warning on Wednesday that foreign actors will “almost certainly” use deepfakes, or “synthetic content,” as part of misinformation and influence operations in the next 12 to 18 months. The FBI says that such actors are already using deepfakes in their campaigns and that adoption will only rise among nation-state and criminal actors. Such manipulated materials could be used in targeted spearphishing attacks or for social engineering. The alert specifically notes that Chinese and Russian actors are already actively deploying deepfakes.