Cyber Intelligence Weekly

Cyber Intelligence Weekly (May 7, 2023): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here:

Before we get started on this week’s CIW, I’d like to highlight a new article from Matt Donato, "To Hire, or not to Hire a CISO? That is the Question. Or is it though?" The article discusses the importance of cybersecurity for different types of organizations and the criteria to decide whether your company needs a full-time Chief Information Security Officer (CISO).

Read the full article here:

To Hire, or not to Hire a CISO? That is the Question. Or is it though?

Away we go!

1. Apple's Swift Response: First Rapid Security Fixes for iPhones, iPads, and Macs

Apple has recently released its first set of publicly available "rapid security" patches. These patches are aimed at addressing security vulnerabilities that are currently being exploited or pose significant risks to its customers. These "Rapid Security Responses" allow users to update their devices faster than a typical software update, and some can be installed without the need for a reboot.

This feature is enabled by default, and users running iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 will be able to install it. However, some customers have reported issues with the update not installing, and it is not yet clear what vulnerabilities this security update addresses. Recently, spyware makers QuaDream and NSO Group have been discovered exploiting previously undisclosed vulnerabilities in Apple's software to target iPhone owners globally.

No alt text provided for this image

Lockdown Mode, a feature introduced by Apple last year to prevent such targeted attacks, has successfully blocked at least one NSO-developed exploit that abused a vulnerability in Apple's smart home feature, HomeKit. Considering the seriousness of the recent security threats, it is recommended that users try to update their devices with the latest security patches as soon as possible.

2. Google Takes the Lead in Password-Free Authentication for All Accounts

Google is rolling out a new password replacement option called "passkeys" for all of its billions of users. A passkey is a digital credential, tied to a user account and a website or application. Passkeys allow users to authenticate without having to enter a username, password, or provide any additional authentication factor. This technology aims to replace legacy authentication mechanisms such as passwords.

This new feature aims to simplify the user experiences but also address security issues associated with traditional username and password logins, particularly phishing attacks that can lead to stolen passwords. Passkeys rely on cryptographic keys stored on users' devices for account authentication and can be accessed using biometric sensors, a smartphone's device lock PIN, or physical authentication dongles like YubiKeys.

No alt text provided for this image

Passkeys have been promoted by the FIDO Alliance, an industry association that includes major technology companies such as Google, Microsoft, and Apple. These companies have already launched the necessary infrastructure to support passkeys, and Google is now the first major service to offer them as a login option for its users. This is a significant step for the adoption of passkeys, as Google's scale and resources will likely encourage other companies to follow suit.

Google hopes that by offering passkeys, it can change the way users think about signing in and signal to the industry that passkeys are ready for prime-time adoption. While traditional username and password logins will still be available, Google is betting that passkeys will be easier to manage and more secure for its users. Once users create a passkey, Google will automatically detect it and prompt users to log in that way going forward. Early tests have shown higher sign-in success rates with passkeys than with traditional username and password logins.

3. Largest International Operation Against Darknet Drug Trafficking Recently Executed

Law enforcement agencies in at least nine countries, through coordination with the US Department of Justice and Europol, recently revealed Operation SpecTor, a collection of dark web investigations that led to the arrest of 288 people worldwide, 153 of whom were in the US. Through the operation, officials also announced the seizure of nearly 1 ton of drugs, $53 million in cash and cryptocurrencies, and 117 firearms. The operation is the most significant international action against drug traffickers on the dark web to date, with law enforcement agencies mining databases to relentlessly trace and arrest hundreds of dealers from those markets around the world.

Investigations began after the takedown of Monopoly Market, which had gone offline in late 2021 under mysterious circumstances, leaving many of its users to wonder if the market’s administrators had pulled an “exit scam” in which they absconded with users’ funds. Operation SpecTor exploited information obtained from Monopoly’s servers and data from other dark web market takedowns in recent years to find leads on hundreds of the dark web’s drug dealers and customers, on an unprecedented scale. “The Justice Department is cracking down on criminal cryptocurrency transactions and the online criminal marketplaces that enable them,” said US Attorney General Merrick Garland.

No alt text provided for this image

The use of cryptocurrency tracing has played a central role in expanding the targets of these operations. Historical databases obtained in previous dark web busts offer starting points for cryptocurrency tracers, who can follow the money across blockchains to cryptocurrency exchanges where drug profits have been cashed out and often subpoenaed for users’ identifying information. The databases can lead investigators not only to dealers on dark web markets, but also to buyers.

While the DOJ and Europol did not reveal if any of the 288 arrests in Operation SpecTor targeted buyers, FBI deputy director Paul Abbate referred in a press conference to the FBI’s 56 field offices around the country carrying out “knock-and-talks” for the first time, where agents warn drug buyers that they have been identified without necessarily making arrests or pursuing charges against them.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here:

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.
Latest Intelligence