Cybersecurity

cross-posted from: https://lemmy.sdf.org/post/42496551

Original report (pdf, only in German language available)

• Damage caused by data theft, industrial espionage and sabotage increases to 289.2 billion euros in Germany in the last 12 months, 9 in 10 companies (87%) were effected
• The largest part of the 289.2 billion euros in damages reported by the 1,002 companies polled came from concrete production losses or theft, but legal and remediation costs were also substantial
• Cyberattacks: Almost three out of four companies register increase in attacks

[...]

The survey by Germany industry group Bitkom found that almost half of all companies that could identify the sources of attacks had traced them to Russia and China, while about a quarter traced them to other European Union countries or the United States.

In detail, of the companies affected, 46 percent have detected at least one attack from Russia (2024: 39 percent), as many from China (2024: 45 percent). Attacks from Eastern Europe outside the EU (31 percent, 2024: 32 percent), from the USA (24 percent, 2024: 25 percent), from EU countries (22 percent, 2024: 21 percent) and Germany (21 percent, 2024: 20 percent).

[...]

cross-posted from: https://lemmy.sdf.org/post/42362500

Archived

• Poland is increasing its cyber security budget to a record €1bn this year, after Russian sabotage attempts targeted hospitals and urban water supplies

• Dariusz Standerski, deputy minister for digital affairs, told the Financial Times that #Poland was facing between 20 and 50 attempts to damage critical infrastructure every day, most of which are thwarted

• In those cases, attackers reportedly managed to breach digital records and gain access to sensitive medical data. Analysts warned that even short-term disruptions in healthcare could have dangerous consequences for patient safety, while data theft raised questions about long-term privacy risks.

cross-posted from: https://programming.dev/post/37577921

Archived

A Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads. The core component, EggStremeAgent, is a full-featured backdoor that enables extensive system reconnaissance, lateral movement, and data theft via an injected keylogger.

[Edit typo.]

cross-posted from: https://programming.dev/post/37353211

cross-posted from: https://programming.dev/post/37265353

cross-posted from: https://programming.dev/post/37271383

Translated and Republished under Open License, V2.0. Originally published in CERT-FR as Threat and Incident Report.

Since 2021, Apple has been sending notification campaigns to individuals targeted by spyware attacks.

These software programs, such as Pegasus, Predator, Graphite or Triangulation, are particularly sophisticated and difficult to detect.

These complex attacks target individuals because of their status or function: journalists, lawyers, activists, politicians, senior officials, members of management committees in strategic sectors, etc.

Receiving a notification means that at least one of the devices linked to the iCloud account has been targeted and is potentially compromised.

The notification results in the receipt of an iMessage and an alert email sent by Apple (from threat-notifications[at]email.apple.com or threat-notifications[at]apple.com). When logging into the iCloud account, an alert is displayed. The time between the compromise attempt and the receipt of the notification is several months, but remains variable.

The notifications sent report highly sophisticated attacks, most of which employ zero-day vulnerabilities or require no user interaction at all.

The following best practices help to better protect the phone against this type of attack:

• Update your devices to the latest version as soon as possible. Apple updates often fix vulnerabilities exploited by spyware;
• Enable automatic updates, including security updates;
• Separate personal and professional uses as much as possible, ideally by using different devices;
• Enable "Isolation Mode" to enhance the security of your Apple devices;
• Restart your device regularly, ideally once a day.

More generally, the following measures contribute to your good IT hygiene:

• Do not click on suspicious links or attachments; Set up a strong and unique access code;
• Use two-factor authentication whenever possible;
• Avoid installing unknown apps or apps from alternative app stores.

cross-posted from: https://scribe.disroot.org/post/4501921

China has exported its village surveillance model to the Solomon Islands in the Pacific, where Chinese police are piloting fingerprint and data collection to curb social unrest, officials and locals confirmed.

...

China's "Fengqiao" monitoring model -- started under Mao Zedong in the 1960s to help communities mobilise against reactionary "class enemies" -- has been reinvigorated by Chinese President Xi Jinping to ensure stability in local communities.

In the Solomon Islands, a security partner of Beijing, Chinese police have visited several villages this year promoting the Fengqiao concept, familiarising children with surveillance drones by playing games, pictures posted to social media by Solomon Islands police show.

...

A community leader in the Solomon Islands, Andrew Nihopara, confirmed to Reuters that the village of Fighter 1 on the fringe of the capital Honiara had begun working with the Chinese police on a Fengqiao pilot, but declined to comment further.

The Royal Solomon Islands Police Force said in a statement this month the Fengqiao model of "grassroots governance" in Fighter 1 would collect population data to improve security.

Chinese police had introduced residents to population management, household registration, community mapping, and the collection of fingerprints and palm prints, the statement said.

“The Fighter One community is the first attempt, and it will be expanded to a larger area across the country in the future,” the statement quoted Chinese police inspector Lin Jiamu as saying, explaining the initiative would enhance safety.

The move has stirred human rights concerns.

...

cross-posted from: https://lemmy.sdf.org/post/42077068

• Nokia CEO urges Europe to consider banning Huawei and ZTE amid over security reasons and a shrinking China market share for European vendors
• Nokia, along with Ericsson, has faced significant barriers in China, where authorities have reportedly told Nordic vendors that they will be excluded on national security grounds
• European operators still rely heavily on Huawei, raising geopolitical and security concerns
• Huawei has already been banned or restricted from supplying 5G equipment to 10 European Union (EU) countries, as well as the U.K.
• Most recently, both Huawei and ZTE components were barred from 5G networks in Germany

Archived

“Why do we [Europeans] allow high-risk vendors in Europe when we have less than 3% of the market share in China?” Hotard questioned. “European operators should provide European vendors with the same opportunities that Chinese companies receive at home," Nokia CEO Justin Hotard.

[...]

The CEO’s remarks come amid mounting geopolitical tensions and growing scrutiny of Chinese telecom equipment in Europe, where several countries have already imposed partial or full bans on Huawei and ZTE products.

[...]

cross-posted from: https://programming.dev/post/37193710

• Hacker News.