Apologies to anyone who was hoping for a quiet December on the cybersecurity front. Late in the week, a vulnerability in Apache’s Log4j logging framework exposed large swaths of the internet to relatively simple hacking. There’s not much you can do to protect yourself here, since the issue is largely server-focused, but the full fallout will likely affect many services you use on a daily basis. Worse still, malicious hackers have already developed ways to exploit it, and are actively hunting for potential victims. Cheers!
This week also marked the one-year anniversary of the SolarWinds hack, or at least the first public hints of it. We took a look at the progress that has been made to prevent this sort of supply chain attack in the future, and all that’s still left to do. The good news is that the campaign served as a wake-up call that spurred real commitments from the public and private sector alike. The bad news? There’s no one fix, and the available options will take a long time to implement in a meaningful way.
In the good news department, Microsoft this week said it seized domains used by a Chinese hacking group, the latest in a series of actions by the company that have cumulatively resulted in over 10,000 sites being taken down. It’s part of Microsoft’s strategy to disrupt these groups through the legal system, gaining court orders that allow it to shut down domains used for command-and-control servers.
Russia took steps toward blocking the anonymous browser Tor this week, telling the country’s internet service providers to prevent access Tor’s website and disrupting some access points. It’s the latest in a series of moves the Kremlin has taken lately to isolate its internet from the rest of the world.
And if you’re a Verizon customer, you may have been opted into some gnarly data tracking even if you’d previously opted out. Surprise! Here’s how to turn it off for real this time.
But wait, there’s more. Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories.
Since his April 2019 arrest, Wikileaks founder Julian Assange has fought US attempts to extradite him to face hacking and Espionage Act charges. While he had previously won a lower court decision to deny sending him to the US based on the potential impact to his mental health, on Friday Britain’s Supreme Court overturned that order, putting Assange back on track for extradition. Assange can still appeal, but press freedom advocates universally decried the ruling, arguing that the charges should not have been brought in the first place and expressing skepticism over the Justice Department’s assertions that Assange would be treated humanely in US custody.
Brazil’s government delayed new pandemic-related requirements for travelers entering the country after a hack of its health ministry early Friday morning. The agency said on its website that several of its systems had been knocked offline by the attack including those that issue digital vaccine cards and track the country’s national immunization program. The statement said that the attack had “temporarily compromised some of its systems” and that they were unavailable. A ransomware gang known as Lapsus$ Group took credit for the attack on Friday, boasting that it stole and deleted about 50 terabytes of data from the ministry of health’s systems. “Contact us if you want the data back,” the group said in its ransom note, with email and Telegram details. The agency told reporters on Friday that it has backups of all the data that was deleted by the hackers.
The infamous Russian ransomware gang Conti listed the Australian electric utility CS Energy in its log of victims this week, undermining a flurry of media reports that Chinese state-backed hackers perpetrated the attack. “Chinese cyberattack almost shut off power for THREE MILLION Australians in terrifying demonstration of what the belligerent regime could do in wartime” The Daily Mail wrote on Tuesday. Australia and China have been locked in a trade war and relations have become increasingly cold in recent months, but CS Energy, which serves millions of customers in northeast Australia and is owned by the Queensland state, said on Tuesday that there is “currently no indication that the cyber incident was a state-based attack.”
On Monday, Politico led its West Wing Playbook newsletter with report that Vice President Kamala Harris is “Bluetooth-phobic,” and “insists on using wired headphones,” because of the risks associated with the decades-old wireless standard. It’s presented as a misguided quirk, but … she’s actually right! Bluetooth is a security nightmare and has been for years. We’ve been telling you to turn Bluetooth off when you’re not using it since 2017. The National Security Agency agrees with us. If the person next in line to be the US president wants to take a little extra precaution, well, let’s just say that’s a welcome improvement over the previous administration’s cybersecurity hygiene.
More Great WIRED Stories