Google has made 2-Factor Authentication easier than ever

May 08 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s the cyber bump you need to see you through hump day πŸ’ͺ

Today’s hottest cybersecurity news stories:

  • πŸŽ‰ Google has made 2-Factor Authentication (2SV) easier than ever πŸ”

  • πŸ’± BTC-e crypto exchange operator pleads guilty to money laundering πŸ’Έ

  • 🎎 Chinese hackers used ROOTROT webshell in MITRE network attack 🌐

1 2 3, it’s easy as 2SV πŸ•ΊπŸΎΒ 

🚨 Google Enhances 2-Factor Authentication for Personal, Workspace Accounts πŸ”’

Google introduces streamlined two-factor authentication (2FA), also known as 2-Step Verification (2SV), for both personal and Workspace accounts, enhancing protection against takeover attacks and unauthorised access. πŸ›‘οΈ

πŸ“± Simplified Activation Process

Users can now enable 2FA with a second-step method, such as an authenticator app or a hardware security key, without the need for less secure SMS-based authentication, offering enhanced security measures. πŸ”

πŸ”‘ Hardware Key Integration

Users with hardware security keys can easily register FIDO1 credentials or assign passkeys (FIDO2 credentials) to their accounts, ensuring robust authentication methods. πŸ’»

πŸ”„ Improved User Experience

Turning off 2FA no longer automatically removes enrolled second steps, facilitating smoother account management processes and ensuring user off-boarding workflows remain unaffected.

πŸ’‘ Rapid Adoption of Passkeys

Google reports a significant surge in passkey usage, with over 400 million accounts embracing passwordless authentication over the past year, underscoring the growing importance of modern authentication standards like FIDO2. πŸ”‘

πŸ” Vulnerability Alert

Despite advancements in authentication methods, recent research reveals a potential threat posed by adversary-in-the-middle (AitM) attacks targeting single sign-on (SSO) solutions, highlighting the need for robust security measures. 🚨

πŸ”’ Protective Measures

To mitigate risks associated with session hijacking, adopting techniques like token binding and leveraging security features such as Device Bound Session Credentials (DBSC) in browsers like Chrome is crucial. πŸ”’

As cyber threats evolve, Google remains committed to bolstering account security and implementing advanced authentication mechanisms to safeguard user data and privacy. πŸŒπŸ›‘οΈ

Another one bytes the dust! πŸ’€

🚨 BTC-e Operator Pleads Guilty to Money Laundering Charges πŸ’°

Russian operator Alexander Vinnik, mastermind behind the now-defunct BTC-e cryptocurrency exchange, pleads guilty to money laundering charges spanning from 2011 to 2017. βš–οΈ

πŸš” International Arrest and Extradition

Vinnik, 44, was apprehended in Greece in July 2017, extradited to the U.S. in August 2022, and charged for his role in managing BTC-e, a platform notorious for enabling cybercriminals to launder illicit proceeds through Bitcoin transactions. 🌐

πŸ’Έ Billions in Illicit Transactions

BTC-e facilitated over $4 billion worth of Bitcoin transactions, with over $9 billion processed, serving over one million users worldwide, including criminal elements engaged in ransomware scams, identity theft, and narcotics distribution. πŸ’»

🚫 Lack of Regulatory Compliance

Despite conducting significant business in the U.S., BTC-e failed to register as a money services business with the Department of Treasury and neglected anti-money laundering (AML) and Know Your Customer (KYC) protocols, attracting criminals seeking to obfuscate their illegal funds. πŸ›‘

⚠️ Legal Consequences

Vinnik faces multiple charges, including operating an unlicensed money service business, conspiracy to commit money laundering, money laundering, and engaging in unlawful monetary transactions, with a significant loss amounting to at least $121 million. βš–οΈ

πŸ”’ Continued Crackdown on Criminal Operations

Following Vinnik's arrest, another BTC-e operator, Aliaksandr Klimenka, faced charges for money laundering and operating an unlicensed money services business, highlighting ongoing efforts to dismantle illicit cryptocurrency networks. πŸ›‘οΈ

πŸ’‘ Enforcement Actions

The U.S. Department of the Treasury imposed substantial civil money penalties against BTC-e and Vinnik for violating AML regulations, reinforcing the government's commitment to combating financial crimes and safeguarding the integrity of the financial system. πŸ’Ό

As authorities intensify efforts to combat cryptocurrency-related crimes, perpetrators face severe legal consequences, underscoring the importance of regulatory compliance and accountability in the digital asset ecosystem. πŸŒπŸ”’

It’s time to strike at the ROOTROT of the problem 🎯

🚨 MITRE Cyber Attack Unveiled: Intrusion Timeline Revealed πŸ“…

New insights from The MITRE Corporation unveil that the cyber attack targeting its Networked Experimentation, Research, and Virtualization Environment (NERVE) traces back to December 31, 2023, expanding the intrusion timeline. πŸ•΅οΈβ€β™‚οΈ

πŸ›‘οΈ Exploitation of Zero-Day Vulnerabilities

Exploiting two zero-day vulnerabilities in Ivanti Connect Secure (CVE-2023–46805 and CVE-2024–21887), threat actors infiltrated MITRE's research network, leveraging compromised administrator accounts and deploying backdoors and web shells to maintain access and harvest credentials. πŸ’»

πŸ”’ Sophisticated Adversarial Tactics

Using a Perl-based web shell dubbed ROOTROT, embedded in a legitimate Connect Secure .ttc file, the adversary gained initial access, with subsequent deployment of Golang backdoors (BRICKSTORM) and other web shells (BEEFLUSH, WIREFIRE), enabling persistent control and arbitrary command execution. πŸ› οΈ

🌐 Attribution to UNC5221 Cyber Espionage Cluster

The attack is attributed to UNC5221, a China-linked cyber espionage group, known for deploying various web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and LIGHTWIRE, emphasising the group's sophisticated tactics and extensive toolkit. πŸ‡¨πŸ‡³

πŸ” Persistent Activity and Lateral Movement

Despite detection efforts, the threat actor continued covert activities within MITRE's environment, attempting lateral movement and maintaining persistence within NERVE from February to mid-March, highlighting the adversary's determination and agility. πŸ”„

πŸ’‘ Lessons Learned and Ongoing Mitigation

MITRE emphasises the importance of continuous monitoring, enhanced network defence mechanisms, and timely patching to mitigate cyber threats effectively, underscoring the evolving nature of cyber warfare and the need for proactive cybersecurity measures. πŸ›‘οΈ

As organisations navigate increasingly sophisticated cyber threats, transparency about attack details and collaborative efforts in threat intelligence sharing remain essential to bolstering cyber resilience and safeguarding critical infrastructure. πŸŒπŸ”’

🎣 Catch of the Day!! 🌊🐟🦞

Stay ahead of the curve with Presspool.ai! πŸš€ Subscribe to their newsletter for the latest buzz in the information technology space, with a special focus on AI. Their slogan says it all: "Actionable marketing insights for the visionary AI executive." πŸ€“πŸ’‘ That’s us, alright! 🀡 How about you? Visionary AI executive, much? πŸ‘€

And if the newsletter gets your motor running then you can take a butchers at their cool AI marketing product too which is sure to help you make the most of our new artificial overlords and put them to work for your business πŸ€–πŸ‘©β€πŸ’»πŸŒ

Rest assured, the process is very straightforward.

You simply:

πŸ†• Sign Up & Create Campaign

πŸ“Š Define your audience, budget, and message to captivate your audience.

πŸš€ Launch your campaign, as Presspool’s AI matches it with ideal newsletter audiences for optimal reach and conversions. 🎯

πŸ•΅οΈ Finally, you leverage real-time analytics to track performance and refine future strategies. πŸ“ˆ Elevate your marketing game and stay informed with Presspool.ai! 🌟 Simples! 🦦

Presspool.aiΒ πŸ“°πŸŠπŸ€– may just have what you need to succeed. And if the product isn’t for you, the newsletter alone is a gamechanger. And we know newsletters πŸ˜‰

Today’s newsletter is enough to turn you into a Paranoid Android… user πŸ€–

🚨 Alert: Android Malware Threat Targets Finnish Bank Accounts πŸ“΅

Finland's Transport and Communications Agency (Traficom) raises the alarm on an Android malware campaign aimed at breaching online bank accounts. 🚨

πŸ“² Sophisticated Scam Tactics

Scammers deploy SMS messages, purportedly from banks or payment service providers, instructing recipients to call a number for "protection" via a McAfee app. πŸ“±

πŸ›‘οΈ Deceptive McAfee App

Unsuspecting victims are lured into downloading a malicious McAfee app, masquerading as antivirus software, but instead serving as a gateway for threat actors to access bank accounts. 😱

πŸ’³ Financial Impact

Multiple cases reported to the Cyber Security Center reveal victims losing substantial sums, with one individual falling prey to a 95,000 euro ($102,000) loss. πŸ’°

🚫 Android Exclusivity

The campaign exclusively targets Android devices, posing a significant threat to users' financial security. No separate infection chain has been identified for Apple iPhone users. πŸ“±

🦠 Vultur Trojan Suspected

While the specific malware type remains undisclosed, similarities to the Vultur trojan suggest a hybrid smishing and phone call attack strategy, highlighting the evolving sophistication of cyber threats. πŸ•΅οΈβ€β™‚οΈ

πŸ›‘οΈ Protective Measures

Victims are advised to contact their bank immediately, restore factory settings on infected devices, and report suspicious activity to authorities. Activation of Android's Play Protect feature is crucial for ongoing defence against known malware variants. πŸ›‘οΈ

Remain vigilant against unsolicited requests for app installations or sensitive information and prioritise cybersecurity measures to safeguard personal and financial data. πŸ“΅πŸ”’

πŸ—žοΈ Extra, Extra! Read all about it! πŸ—žοΈ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles