This is your easyDNS #AxisOfEasy Briefing for the week of October 28th, 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Lengend click here.

In this issue: 

• Google and Microsoft Clash Escalates: Allegations of Shadow Campaigns, Cloud Wars, and Regulatory Maneuvers
• French ISP Breach Exposes 19 Million Records Amid Rising Cyber Threat
• Tax Scammers Exploit CRA Weaknesses, Millions Paid in Bogus Refunds
• Global Law Enforcement Disrupts Major Infostealer Networks Targeting Millions
• China’s Evasive Panda Targets Cloud Services with New Hijacking Tool

Elsewhere Online:

• North Korean Group Expands Cyber Arsenal with Play Ransomware
• Russian Hackers Target Ukrainian Recruits with Malware-Laden Apps
• Critical WebGPU Vulnerability Found, Chrome Users Urged to Update
• Apple Rushes Security Update to Patch Major Vulnerabilities
• Dangerous AI Transcription Tool Used in Hospitals Despite Known Risks

Google and Microsoft Clash Escalates: Allegations of Shadow Campaigns, Cloud Wars, and Regulatory Maneuvers

Microsoft and Google are escalating their cloud war with fresh accusations of deceptive tactics. Microsoft’s Monday blog alleges Google funds groups like the soon-to-launch Open Cloud Coalition, disguised as an independent alliance of European cloud providers, but secretly orchestrated by Google through cash incentives and discounts. Microsoft claims this is part of Google’s broader campaign to mislead regulators and attack Microsoft’s cloud business under the guise of neutral advocacy. The Coalition for Fair Software Licensing (CFSL), active in the U.S., U.K., and EU, is named as another example. CFSL, led by Ryan Triplette, a former lobbyist connected to Google, has criticized Microsoft’s cloud practices, with Microsoft arguing that Google’s influence is hidden but pervasive.

Microsoft accuses Google of hiring academics and commentators to publish anti-Microsoft studies, aiming to distract regulators from 24 ongoing antitrust investigations targeting Google. A failed attempt to bribe the Cloud Infrastructure Service Providers in Europe (CISPE) with $500 million in cash and credits allegedly pushed Google to form the Open Cloud Coalition to challenge Microsoft directly in the EU and U.K. markets. Adding to the tension, Google recently filed a complaint with the European Commission, claiming Microsoft’s cloud licensing stifles competition. Microsoft insists Google’s actions are less about fairness than discrediting competitors amid mounting regulatory pressure.

Read: https://arstechnica.com/tech-policy/2024/10/google-accused-of-shadow-campaigns-redirecting-antitrust-scrutiny-to-microsoft/

French ISP Breach Exposes 19 Million Records Amid Rising Cyber Threat

Free, France’s second-largest ISP with over 22 million mobile and fixed subscribers, suffered a cyberattack over the weekend. A hacker known as “drussellx” infiltrated the company’s internal management system, extracting subscriber data. Two stolen databases, containing more than 19 million customer records and over 5 million international bank account details, were offered for sale on a cybercrime forum on the Dark Web. Despite the breach, Free stressed that no passwords, bank card data, emails, SMSs, or voicemails were compromised, and its services remain unaffected.

Free will notify affected customers via email and has filed a criminal complaint, informing both CNIL, France’s data protection authority, and ANSSI, the national cybersecurity agency. This attack fits a growing trend of ISPs becoming targets, as threat actors seek access to personal data or infrastructure. Recent examples include Salt Typhoon, which targets U.S. ISPs for billing and residential data, and Evasive Panda, known for DNS poisoning to exploit vendor updates.

This incident underscores the rising risks in telecom security. ISPs increasingly act as gateways for broader malicious campaigns, with attackers seeking both data and footholds. Free’s swift reporting and transparency reflect industry practices under growing regulatory and consumer scrutiny.

Read: https://www.darkreading.com/cyberattacks-data-breaches/french-isp-cyberattack-data-breach

Tax Scammers Exploit CRA Weaknesses, Millions Paid in Bogus Refunds

This tax season, hackers accessed Canadian Revenue Agency (CRA) accounts via stolen H&R Block credentials, exploiting taxpayer information to steal over $6 million through fraudulent returns. An investigation by The Fifth Estate and Radio-Canada revealed that hackers altered direct deposit details and filed false returns, pocketing taxpayer funds.

Tax expert André Lareau stated, “The CRA does not seem to have found the key to lock the door.” This breach highlights CRA’s struggles to secure taxpayer data amid a surge in cyberattacks.

Privacy Commissioner Philippe Dufresne acknowledged the issue, but delays in reporting breaches have left Parliament uninformed. The CRA admitted to more than 31,000 privacy breaches since 2020, impacting over 62,000 taxpayers.

The CRA’s “pay and chase” model expedites refunds but increases fraud vulnerability. Lareau suggests a parliamentary inquiry to assess CRA’s security practices, arguing for urgent improvements in safeguarding taxpayer data and restoring public trust.

Read: https://www.cbc.ca/news/canada/canada-revenue-agency-taxpayer-accounts-hacked-1.7363440

Global Law Enforcement Disrupts Major Infostealer Networks Targeting Millions

A coalition of international law enforcement agencies, led by the Dutch National Police, announced the takedown of two significant malware networks, Redline and Meta, on Monday. These infostealers targeted sensitive data from millions of people globally, stealing login credentials, financial information, and cryptocurrency wallet contents.

Through “Operation Magnus,” Dutch authorities reported gaining “full access” to the servers, source codes, and Telegram bots used to operate both malware strains. According to Simone van Wordragen, spokesperson for the Dutch National Police, more details are forthcoming, with “legal actions underway” against VIP users identified in the network.

Supported by the FBI and U.K. National Crime Agency, this takedown echoes recent actions against LockBit, a ransomware gang, as police continue efforts to dismantle cybercriminal networks worldwide.

Read: https://techcrunch.com/2024/10/28/police-operation-claims-takedown-of-prolific-redline-and-meta-password-stealers/

China’s Evasive Panda Targets Cloud Services with New Hijacking Tool

Chinese state-backed hacking group Evasive Panda recently launched CloudScout, a sophisticated tool to infiltrate cloud services like Microsoft Outlook and Google Drive, according to ESET researchers. This toolset, discovered in recent Taiwanese breaches, leverages stolen web session cookies to bypass authentication, allowing it to access and extract data from targeted accounts.

CloudScout works seamlessly with Evasive Panda’s malware framework, MgBot, using modules that hijack authenticated web sessions to retrieve sensitive data. “These modules are designed to access public cloud services … by hijacking authenticated Web sessions,” ESET stated.

Evasive Panda, also known as Bronze Highland, has evolved significantly since its 2012 start, targeting civil society groups across Asia and selectively in Africa. The group’s latest attack method reflects heightened sophistication, posing a notable threat to security across multiple sectors.

Read: https://www.darkreading.com/cloud-security/china-evasive-panda-apt-cloud-hijacking

Elsewhere Online:

North Korean Group Expands Cyber Arsenal with Play Ransomware
Read: https://thehackernews.com/2024/10/north-korean-group-collaborates-with.html

Russian Hackers Target Ukrainian Recruits with Malware-Laden Apps
Read: https://hackread.com/russian-malware-ukraine-military-recruits-telegram/

Critical WebGPU Vulnerability Found, Chrome Users Urged to Update
Read: https://www.securityweek.com/google-patches-critical-chrome-vulnerability-reported-by-apple/

Apple Rushes Security Update to Patch Major Vulnerabilities
Read: https://www.infosecurity-magazine.com/news/apple-security-update-macos-ios/

Dangerous AI Transcription Tool Used in Hospitals Despite Known Risks
Read: https://www.wired.com/story/hospitals-ai-transcription-tools-hallucination