Cyber Week in Review: February 18, 2022

State of Texas sues Meta alleging facial recognition software breached privacy law  

The Texas attorney general filed a privacy lawsuit against Meta on Monday, citing violations of state consumer protection law. The suit alleges that Facebook collected and retained biometric data for the platform’s facial recognition tool without securing users’ informed consent. Last year, Meta settled a similar case in Illinois, where consumers won a $650 million class-action lawsuit after Meta’s use of biometric data without permission. This follows the news Tuesday that Facebook agreed to pay $90 million to settle a separate privacy lawsuit for tracking users' internet searches in violation of privacy and wiretapping laws. Meta is facing additional privacy-related challenges, including Google’s announcement Tuesday that it will increase limits on third-party access to user data, following Apple’s lead. 

The CIA’s mass data collection comes under scrutiny 

A recently declassified letter by senators Ron Wyden (D-OR) and Martin Heinrich (D-NM) claims that the CIA has been mass collecting data that affects Americans’ privacy without a warrant, though the nature of the data remains classified. Redacted recommendations from the Privacy and Civil Liberties Oversight Board were also declassified, advising that intelligence agencies should be required to provide written justification when requesting Americans’ data. Previous scandals, including the Snowden revelations, led Congress to ban bulk collection of telecommunications metadata under the Patriot Act in 2015, but the data in question was collected under Executive Order 12333. The release of this news comes as American and European policymakers are working to forge a new agreement on the transfer of European citizen’s data into the United States. 

Threat actor targeting aviation and transportation industry identified  

Analysts from the security firm Proofpoint uncovered a threat actor responsible for targeting dozens of businesses from industries including aviation, transportation, and defense with remote access trojans for the past five years. Labeled TA2541, the group has been active since at least 2017, and employs relatively unsophisticated but persistent tactics. Crime, rather than espionage, appears to be the primary motivation behind the attacks, given TA2541’s choice of victims and use of commodity malware. In the past, other researchers have noted activity now ascribed to TA2541 targeting the aviation industry by actors located in Nigeria. 

Cyber attacks hit Ukrainian banks and government agencies 

Ukraine was hit by a series of attacks against banks and government agencies earlier this week, which top Ukrainian cybersecurity officials have said were the largest cyberattacks ever to hit the country. The officials also said that the attacks bore the hallmarks of an operation by a foreign intelligence service, although they declined to single out Russia. The distributed denial of service (DDoS) attacks were primarily targeted at banks and government websites and managed to take down most services, including ATMs and websites, for at least two hours. U.S. intelligence officials have warned that Russia has likely infiltrated far deeper into Ukrainian systems. Some cybersecurity officials suggested that the relatively obvious DDoS attacks could be a distraction while Russian hackers lay the foundations for much more serious attacks. 

Russian hackers infiltrated U.S. defense contractors for past two year 

Russian operatives targeted U.S. defense contractors for at least the past two years according to an alert issued by the Critical Infrastructure and Security Agency (CISA), FBI, and National Security Agency. The CISA alert outlines the tools and compromises used by the hackers, which align closely with the profile of APT28, also known as Fancy Bear. The hackers maintained persistent access to defense contractor’s networks for the past two years and were able to steal designs to weapons which are on the export control list. The hackers stole emails and data from the contractors but were not able to access any classified material.