Security News This Week: A Smartphone Botnet Army Keeps Growing Stronger

Security News This Week: A Smartphone Botnet Army Keeps Growing Stronger

Arguably the biggest news in security this week was also the strangest; a company barely a year old announced a series of AMD vulnerabilities, giving the chip company only a day or so advance notice before making the results public. And despite the hype, the bugs themselves were of questionable severity. It was almost as hard to make sense of as YouTube’s decision to add Wikipedia links to controversial videos. Almost.
On the international scene, the White House finally imposed sanctions against Russia—specifically, against the IRA troll factory for election meddling and the GRU intelligence agency for unleashing NotPetya malware on the world.
In other political news, the Florida Legislature voted for a bill that would bring unprecedented transparency to the cr iminal justice system. And a series of laws that want to curb porn online are picking the same fights that the government did decades ago. Meanwhile, voice chat app Zello has let ISIS accounts live on its platform for years without taking much action at all to stop them.
And in sadder news, hacker Adrian Lamo died this week at the age of 37. Best known now for tipping US authorities to Chelsea Manning’s leaks, he had previously been a renowned hacker, as featured in this 2002 WIRED profile.
But, wait, there’s more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Nearly 5 Million Android Phones Are Getting Enlisted In a Massive Botnet
Oh, dear. Five million Android smartphones are infected with a strain of Chinese malware called RottenSys, which is bad enough news if not that uncommon. It does normal smartphone malware things, like showing junk ads. But security firm Check Point now says that RottenSys has evolved to also conscript its victims into a botnet. It’s unclear what that botnet might be used for—other than the safe assumption of a some big ol’ DDoS attacks at some point—but because China has no Google Play Store running malware interference, it’s likely that its numbers are only going to grow from here.
A Former Equifax Exec Has Been Charged With Insider Trading
Somehow, even months later, the Equifax data breach scandal continues to snowball. On Wednesday, federal prosecutors charged Jun Ying, a former chief information officer at an Equifax business, with insider trading. The indictment alleges that Ying unloaded his Equifax stock between discovering that the company had suffered the breach and its eventual disclosure. The complaint says Ying sold the shares for just under $1 million. At this point, it seems like the only thing that will stay with us longer than Equifax breach news are the compromised accounts of its 145 million victims.
More Phantom Secure Indictments
Last week, the Department of Justice arrested Vincent Ramos, founder and CEO of secure smartphone company Phantom Secure, on charges including racketeering conspiracy to conduct enterprise affairs and conspiracy to distribute narcotics. Now, the feds have followed up with an indictment against four Phantom Secure associates, none of whom are currently in custody. The case seems to focus on whether Phantom Secure knowingly assisted drug traffickers and other criminals in the course of its business.


Saudi Arabian Petroleum Plant Hit With Malware That Tried To Cause An Explosion

Cyber attacks can cause headaches for businesses and loss of revenue. For one petrochemical operation in Saudi Arabia, a simple breach would have been preferred compared to what has been discovered. Malware found in the facility back in August was designed to damage equipment and potentially result in an explosion that would destroy the entire plant.
According to investigators looking into the matter, the only reason why the attack failed was due to a flaw in the offending code that caused a system shutdown. Had the malware been written correctly, there would be one less petroleum facility in existence. It is believed that political motives may be the reasoning for such an attack. Due to the complexity of the code, support from a government is somewhat likely.
There is fear that the same attack could be launched against other chemical processing facilities since the same industrial controllers are used across the industry. Schneider Electric has sold more than 13,000 systems that make use of Triconex safety controller susceptible to attack.
Software analysis has shown that the code used has not been discovered on any other systems to date. In order to design the malware used, it is almost essential that the developers had access to the Triconex safety system components ahead of time for testing. Investigators have stated that the parts required cost about $40,000 on eBay.
Some experts familiar with the Saudi Arabian oil and chemical industry believe that the attack may have been a way to put Crown Prince Mohammed bin Salman’s plans to diversify the local economy on hold.
United States government entities and private security firm Mandiant are all still working on the incident. The NSA, FBI, Department of Homeland Security, and also the Defense Advanced Research Projects Agency (DARPA) are all working to gather as much information as possible.
Although little information on how the attack actually works has been shared, it is believed that the malicious code can be injected remotely making the threat of another attack high.
Based on past history of attacks against Saudi Arabia and looking at the sophistication of the cyber attack leaves few likely perpetrators. The United States, Israel, Russia, China, and Iran are considered to have some of the best cyber capabilities related to industrial equipment. Out of those, only Iran has incentive to harm Saudi businesses.
Still, there is no evidence that has been shared that would be able to directly relate the attack back to a single entity. As researchers continue to gather information on the incident, it is not likely for further information to be made available.
Related Reads

Antivirus Giant McAfee Acquires VPN Provider TunnelBear

Internet security company McAfee has bought VPN provider TunnelBear. McAfee hasn’t announced how much the deal is worth, but in a statement the company said it plans to integrate TunnelBear’s services into its own VPN service, Safe Connect.
“We’re confident this acquisition will serve both our end users and partners by embedding its best-in-class, hardened network into our Safe Connect product,” said McAfee CEO Christopher Young.
The End of Free VPN?
There’s a chance this acquisition could spell the end of TunnelBear’s free service. It’s currently first in our roundup of the best free VPNs , but that could all change when it’s integrated into McAfee Safe Connect, which has a different pricing model.
McAfee Safe Connect offers a free seven-day trial, but after that there’s a subscription fee of $7.99 per month, or $47.88 per year.
There could also be a change in TunnelBear’s terms. The Canadian company is known for its clear privacy policy, which explains every piece of data it collects from its users and why, but once the McAfee purchase is complete, it’ll need to abide by US laws. If you currently use TunnelBear, it’s well worth keeping an eye out for anything new.
What’s Next for McAfee
The start of 2018 has been a busy time for McAfee. At last month’s Mobile World Congress, it demonstrated a new feature for Amazon Alexa that lets you check the security of your home network and change its settings with just your voice. For example, you can see how many devices are connected, set a time limit for your child’s iPad, and disconnect any devices you don’t recognize.
Last month, the company also announced a deal with European internet provider Telefonica, providing security software for home and mobile networks. McAfee Secure Home Platform will be integrated with Telefonica’s broadband routers, with extra protection for users’ phones when they’re out and about.
Could we soon see a voice-activated VPN from McAfee, or routers with TunnelBear tech built in? We’ll be keeping an eye out.
© 2018 T-break Tech under contract with NewsEdge/Acquire Media. All rights reserved.
Image credit: McAfee; Artist’s concept.
Posted: 2018-03-13 @ 4:20am PT
There’s a chance this acquisition could spell the end of TunnelBear’s free service. It’s currently first in our roundup of the best free VPNs, but that could all change when it’s integrated into McAfee Safe Connect, which has a different pricing model.
McAfee Safe Connect offers a free seven-day trial, but after that there’s a subscription fee of $7.99 per month, or $47.88 per year.
'If you don't rank, you don't pay'
Link Exchange | Products And Prices
The list of link building products and prices currently offerd at LinkMarket.Net.

Leave a Reply

Your email address will not be published. Required fields are marked *