This week, hacktivism entered a new phase, as a group known as Cyber Partisans used ransomware to disrupt trains in Belarus. The hackers demanded the release of political prisoners and a promise that Belarus Railways wouldn’t transport Russian troops amid mounting tensions in Ukraine. While nation state actors have deployed fake ransomware for political ends before, this appears to be the first large-scale, politically motivated use of an attack method typically reserved for cybercrime.
Google this week backed away from FLoC, its controversial system to replace cookies. Instead, the search and advertising giant will use Topics, a way to determine what broad categories you’re interested based on your browsing history. Google then shares those presumed preferences with websites, who serve you relevant ads. While it’s seen as an improvement over a cookie that follows you around the web, it doesn’t fully allay the concerns privacy advocates have about Google’s dominance of the ad market and its ability to track its users.
Security researcher Ryan Pickren this week disclosed some very bad flaws in Apple’s Safari browser that would have let an attacker take over a Mac’s mic or camera, or access any accounts the victim was already logged into. The vulnerabilities have since been fixed, but it’s the second major Apple bug that Pickren has discovered in the last year, and was severe enough for the company to award a $100,500 bug bounty when he reported it.
And as you work your way through your New Year’s resolutions, carve out a little time to update your account recovery email addresses. Nothing worse that your digital future being reliant on an early-aughts Yahoo! address you lost that password for years ago.
And there’s more! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories.
A distributed denial of service attack hit Andorra’s sole internet provider last weekend, effectively knocking the entire country offline for hours-long stretches over four days. Who would do such a thing? The Minecraft community, apparently. The timing of the attacks lined up with a Squid Game-themed Minecraft tournament, hosted by Twitch, that attracted several participants from the small tax-haven nation. Over a dozen players had to drop out due to the disruptions. And while this may seem extreme for a block-building game, remember that the infamous Mirai botnet started as a Minecraft hustle as well.
Take a few minutes to read this deeply reported exclusive from The New York Times about the FBI’s purchase of controversial Pegasus spyware from Israel-based NSO Group. The FBI ultimately decided not to use the powerful surveillance tool against domestic targets, but the fact that it even considered doing so raises serious questions about the agency’s intent. It’s also yet another spotlight on NSO Group, whose malware has been found on the phones of dozens of activists and journalists—including 9 US State Department officials—targeted by authoritarian regimes.
Speaking DDoS: Microsoft fought off a record attack in November. The assault peaked at 3.47 terabits per second, corralled from more than 10,000 sources. While it lasted on a couple of minutes, Microsoft also saw slightly smaller—but still aggressive—attacks over the following weeks that were more sustained. This Ars story also includes a nice summary of how DDoS attacks have evolved on a technical level over the last several years, for anyone looking to get a little more into the weeds.
The last few years have seen serious threats to US water systems from both insiders and third-party hackers. While none appears to have caused real-world harm yet, the intent has been clear, as has the inability of many municipal water utilities to defend against these attacks. The Biden administration took an important step toward a remedy this week, adding the water sector to a cybersecurity initiative that encourages utilities to upgrade their ability to detect attacks. It’s a voluntary program, but it’s at least something, and makes clear that protecting the water supply is every bit as much a priority as the grid and oil and natural gas pipelines.
More Great WIRED Stories