This week, hacktivism entered a new phase as a group known as Cyber Partisans used ransomware to stop trains in Belarus. The hackers demanded the release of political prisoners and a promise that Belarusian Railways would not transport Russian troops amid rising tensions in Ukraine. While nation-state actors have used fake ransomware for political purposes before, this appears to be the first large-scale, politically motivated use of an attack method typically reserved for cybercrime.
This week, Google abandoned FLoC, its controversial cookie replacement system. Instead, the search and advertising giant will use Topics, a way to determine what broad categories you’re interested in based on your browsing history. Google then shares these inferred preferences with websites that show you relevant ads. While it’s seen as an improvement over the cookie that follows you around the web, it doesn’t completely address privacy advocates’ concerns about Google’s dominance of the ad market and its ability to track its users.
Security researcher Ryan Pickren this week revealed some very bad flaws in Apple’s Safari browser that could allow an attacker to hijack a Mac’s microphone or camera, or gain access to accounts the victim is already signed into. The vulnerabilities have since been patched, but this is the second major Apple bug Pickren has discovered in the past year, and it’s serious enough for the company to award a $100,500 bug bounty when he reports it.
And as you work your way through your New Year’s resolutions, take a moment to update your account recovery email addresses. Nothing worse than having your digital future depend on an early Yahoo! address for which you lost this password years ago.
And there’s more! Each week, we round up all the security news that WIRED hasn’t covered in depth. Click on the headlines to read the full stories.
A distributed denial-of-service attack hit Andorra’s only internet provider last weekend, effectively knocking the entire country offline for hours on end over four days. Who would do such a thing? The Minecraft community, obviously. The timing of the attacks is ordered by a Squid game– themed Minecraft a tournament hosted by Twitch that attracted several participants from the small sanctuary nation. Over a dozen players had to drop out due to the outages. And while this may seem extreme for a block-building game, remember that the infamous Mirai botnet began as Minecraft stampede too.
Take a few minutes to read this exclusive in-depth report from New York Times about the FBI’s purchase of the controversial Pegasus spyware from Israel-based NSO Group. The FBI ultimately decided not to use the powerful surveillance tool against domestic targets, but the fact that it’s even considering doing so raises serious questions about the agency’s intentions. It’s yet another spotlight on the NSO Group, whose malware has been found on the phones of dozens of activists and journalists — including 9 US State Department employees — targeting authoritarian regimes.
Speaking of DDoS: Microsoft battled a record-breaking attack in November. The attack peaked at 3.47 terabits per second collected from more than 10,000 sources. Although it lasted a few minutes, Microsoft also saw slightly smaller, but still aggressive, attacks in the following weeks that were more persistent. This Ars story also includes a nice summary of how DDoS attacks have evolved on a technical level over the past few years, for anyone who wants to get into the weeds a little more.
The past few years have seen serious threats to US water systems from both insiders and third-party hackers. While no real-world damage appears to have occurred yet, the intent is clear, as is the inability of many municipal water utilities to protect themselves against these attacks. The Biden administration took an important step toward a solution this week by adding the water sector to a cybersecurity initiative that encourages utilities to upgrade their ability to detect attacks. It’s a voluntary program, but at least it is somethingand makes clear that protecting the water supply is as much a priority as the grid, oil pipelines and natural gas pipelines.
More great stories on WIRED