Security

Head of Israeli cyber spy unit exposed ... by his own privacy mistake

Plus: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns


Infosec in brief Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20 years has found himself exposed after one basic error.

The spy is named Yossi Sariel allegedly heads Israel's Unit 8200 – a team of crack infosec experts comparable to the USA’s National Security Agency or the UK’s Government Communications Headquarters. Now he's been confirmed as the author of a 2021 book titled "The Human Machine Team" about the intelligence benefits of pairing human agents with advanced AI.

Sariel – who wrote the book under the oh-so-anonymous pen name “Brigadier General YS” – made a crucial mistake after an investigation by The Guardian which found an electronic copy of Sariel's book available on Amazon "included an anonymous email that can easily be traced to Sariel's name and Google account.”

The paper has since confirmed with Israeli Defense Force sources that the account was tied to Sariel, and noted multiple sources have confirmed him as the author.

Being outed after more than 20 years of anonymity isn't optimal for someone who's supposed to be a top spy, and the timing for Sariel couldn't be much worse. Criticism of the elite Unit 8200 has grown since Hamas attacked Israel last October, which has been considered an intelligence failure on the part of Sariel's unit.

Whether his public exposure will result in a reassignment for Sariel is unknown, but it does make one thing clear: If a spy who heads an elite unit can make a simple mistake that compromises his identity, what hope do the rest of us have?

Critical vulnerabilities of the week

Plenty of security issues were reported last week but thankfully few were rated Critical.

Most notable is a pair of vulnerabilities in Android Pixel devices (CVE-2024-29745 and CVE-2024-29748) that, respectively, allow an attacker to disclose information and escalate privileges. The pair haven't been given a score yet, but they're being abused, so best install the latest security updates, Pixel users.

Elsewhere:

  • CVSS 9.4 – Multiple CVEs: IOSix's IO-1020 micro-electronic logging devices are using default passwords for authentication and Wi-Fi, allowing an attacker to connect and potentially take over connected vehicle systems.
  • CVSS 8.2 – CVE-2024-21894: The IPSec component of Ivanti Secure Connect v9.x and 22.x contains a heap overflow vulnerability allowing an attacker to crash systems and execute arbitrary code.
  • CVSS 8.2 – CVE-2024-22053: A similar IPSec heap overflow vulnerability in Ivanti Secure Connect (same versions) can also allow an attacker to read contents from memory.
  • CVSS7.4-4.8 – CVE-2024-22246, CVE-2024-22247, CVE-2024-22248: The first of this trio of flaws in VMware SD-WAN products is the worst: 7.4-rated CVE-2024-22246 is an unauthenticated command injection vulnerability that can lead to remote code execution.

Another local US government falls prey to ransomware

Jackson County, Missouri revealed last week that it had fallen prey to a ransomware attack that has hobbled operations and left government offices closed as teams try to restore operations.

The county announced it was dealing with "operational inconsistencies across its digital infrastructure," and noted that "certain systems have been rendered inoperative," but said it had no indication that any data had been compromised. Impacted systems include tax payment and online property, marriage license and inmate search software.

According to local news the situation has led to problems as varied as disabled computer systems and inoperable phone lines to broken elevators at the county detention center.

And how did it all start? Surprise, surprise: Someone clicked on a phishing link.

"This is not how a government should be run – specifically a county situation," Jackson County legislator Manny Abarca told Fox 4 Kansas City. "So this is a true failure of leadership here."

The takeaway here is obvious: Keep training people not to click those phishing links!

Data stealing malware infections rose how much?

No, it's not an April Fool's joke: Kaspersky revealed last week that there were around ten million personal and corporate devices infected with data-stealing malware in 2023 – marking an increase of 643 percent over the past three years.

We've warned of the often overlooked risk of data-stealing malware before, but it obviously bears repeating – especially since "ransomware" attacks nowadays often don't involve encryption efforts, but just simple data exfiltration and digicash demands to stop publication.

Kaspersky reported that those data-stealer infections are reaping serious rewards for cyber criminals going after credentials, with an average of 50.9 login/password combos pilfered per infected device.

"Leaked credentials carry a major threat, enabling cyber criminals to execute various attacks such as unauthorized access for theft, social engineering, or impersonation," explained Kaspersky's Sergey Shcherbel. "This highlights how crucial it is both for individuals and companies … to stay alert."

To make matters worse, Kaspersky's data points to a serious issue: Employees who get infected don't appear to be learning from their mistakes. Around 21 percent of infection victims end up installing more malware, and nearly nine percent of them do so within three days.

Time to do more cyber security awareness training. ®

Send us news
19 Comments

Google's Privacy Sandbox more like a privacy mirage, campaigners claim

Chocolate Factory accused of misleading Chrome browser users

What's up with Mozilla buying ad firm Anonym? It's all about 'privacy-centric advertising'

Is such a thing possible for an industry that never respected people's wishes?

Snowflake tells customers to enable MFA as investigations continue

Also, industry begs Uncle Sam for infosec reg harmony, dueling container-compromise campaigns, and crit vulns

White House report dishes deets on all 11 major government breaches from 2023

The MOVEit breach and ransomware weren’t kind to the Feds last year

Ukrainian cops collar Kyiv programmer believed to be Conti, LockBit linchpin

28-year-old accused of major ransomware attacks across Europe

Frontier Communications: 750k people's data stolen in April attack on systems

Company says just names and SSNs affected, watering down RansomHub’s claims

Akira: Perhaps the next big thing in ransomware, says Tidal threat intelligence chief

Scott Small tells us gang's 'intent and capability' should get the attention of CSOs

Cybercrooks get cozy with BoxedApp to dodge detection

Some of the biggest names in the game are hopping on the trend

US senator claims UnitedHealth's CEO, board appointed 'unqualified' CISO

Similar cases have resulted in serious sanctions, and they were on a far smaller scale

Blackbaud has to cough up a few million dollars more over 2020 ransomware attack

Four years on and it's still paying for what California attorney general calls 'unacceptable' practice

Cops cuff 22-year-old Brit suspected of being Scattered Spider leader

Spanish plod make arrest at airport before he jetted off to Italy

FBI encourages LockBit victims to step right up for free decryption keys

The bad news? Gang wasn't deleting victim data after payments