Cyber Week in Review: March 25, 2022

Israeli Mossad chief and his wife targeted by hackers  

Hackers with purported ties to Iran released documents belonging to Mossad chief David Barnea on an anonymous Telegram channel called “Open Hands.” The materials included personal photos and videos, flight tickets, and the chief’s ID card. Barnea denied that his devices were hacked, claiming that the attack had only breached his wife’s old phone and that no sensitive information pertaining to state security was accessed. The hackers responded to the denial by releasing additional documents, including Barnea’s tax forms from 2020. This follows a major distributed denial of service (DDoS) attack last week against an Israeli telecommunication provider which took multiple government sites offline. 

The United States and United Kingdom release warnings about potential Russian cyberattacks 

With Russian and Ukrainian cyberattacks continuing as part of the war between Moscow and Kyiv, British and American leaders released alerts concerning Russian attacks aimed at Western targets. In a statement on Monday, President Biden encouraged companies to be vigilant in their cyber defenses and alluded to intelligence indicating that the Russian government is considering cyberattacks. The FBI also issued an alert about Russian scans of American energy companies' networks, urging companies to examine network traffic for known malicious Russian IP addresses. The United Kingdom’s National Cyber Security Centre echoed President Biden’s warning Tuesday, releasing a statement emphasizing the importance of security measures in the face of potential attacks. 

FBI report shows rise in cybercrime 

In its annual Internet Crime Report, the FBI revealed that it received over 800,000 cybercrime complaints in 2021. According to the report, estimated potential losses from cybercrime amounted to $6.9 billion, which represents a 64 percent increase from 2020. The report also noted some of the costliest scams, which include business email compromise, investment schemes, romance schemes, personal data breaches and real estate fraud. Though ransomware gained national attention after the Colonial Pipeline hack last year, it only accounted for 3,729 complaints and the loss of $49 million. This low number may be due in part to underreporting, which might be a thing of the past as a new federal law mandates that businesses disclose digital breaches to the government.  

Chinese report claims the United States is hacking users’ social media and email  

Qihoo 360, a Chinese cybersecurity firm, announced earlier this week that it had identified a series of tools allegedly used by the U.S. National Security Agency (NSA) to target Chinese users email and social media information. The tools allegedly could be used to monitor most communications and activate a computer’s microphone or camera. Some Chinese cybersecurity companies and agencies have been publicly releasing NSA spying tools recently; the National Computer Virus Emergency Response Center released a report stating it had discovered a Linux trojan used by the NSA, dubbed NOPEN. However, NOPEN had been leaked almost six years earlier as part of the Shadow Brokers disclosures. 

European Parliament nears deal on major digital competition law 

The European Parliament is expected to finalize a sweeping new digital competition law, the Digital Markets Act, in the coming week. The law, if passed, would represent one of the largest changes to digital regulation since the European Union (EU) General Data Protection Regulation (GDPR) was passed in 2018. The act identifies “gatekeepers”, companies that sit between buyers and sellers and control core services like search engines or app stores, and prevents them from engaging in certain types of behavior such as combining user data across platforms without permission or favoring their own services. Technology industry lobbyists and some U.S. lawmakers say that the law unfairly targets U.S. technology companies through provisions that affect only companies with a market capitalization of $82 billion. The bill would significantly alter the business models of major technology companies like Apple and Google in the EU, and would provide major advantages for smaller competitors.