#SocialSec – Hot takes on this week’s biggest cybersecurity news (Dec 13)

US government claims Evil Corp is up to no good; in praise of the githubification of infosec; and Jack Dorsey wants to tear down Twitter's walled garden

From ‘Fancy Bear’ to ‘Nomadic Octopus’, the names attributed to cybercrime threat groups often belie their nefarious activities – but that’s not the case with a group subject to charges brought by The US Department of Justice (DoJ).

BBC News Home Affairs correspondent Daniel Sandford recently revealed that the DoJ has accused two Russia-based men of complicity in the activities of one Evil Corp, a cybercrime syndicate that’s apparently lived up to its moniker by waging a lucrative global phishing campaign since 2011.

Harnessing the Bugat keylogging trojan, Evil Corp is said to have stolen banking credentials and siphoned money out of countless bank accounts in dozens of countries.

Following an investigation by the FBI and the UK's National Crime Agency, the DoJ is offering a bounty of $5 million for information about Maksim Yakubets, who it believes masterminded operations that defrauded victims of millions of dollars.

The second suspect, Igor Turashev, is believed to have headed up the group’s administrative operations.

The US Treasury has indicted 15 other Moscow-based individuals in relation to Evil Corp’s alleged activities.

Babatunde Martins was indicted on charges of conspiracy to commit wire fraud, money laundering, computer fraud, and aggravated identity theft in August 2017.

Along with seven co-conspirators, who have all pleaded guilty, Martins stands accused of involvement in a series of intrusions into the servers and email systems of a Memphis-based real estate company in 2016.

Using spoofed email addresses and virtual private networks, the defendants are alleged to have identified large financial transactions, initiated fraudulent email correspondence, and funneled funds through US-based money mules to various destinations in Africa.

The DoJ estimates that victims of the deceptions, which also include romance, credit card, and gold-buying scams, collectively suffered losses running to millions of dollars.

Elsewhere, John Lambert, a distinguished engineer at the Microsoft Threat Intelligence Center, has lauded the ‘githubification of infosec’ as a route to ensuring that “every defender can be as good as the best defender”.

In a post on Medium – tweeted to acclaim on Twitter and Reddit – he called for a “more open, contributor-friendly, vendor neutral model for accelerated learning”.

Summarising the post, he said: “Attack knowledge curated in the MITRE ATT&CK framework, detection definitions expressed in Sigma rules, and repeatable analysis written in Jupyter notebooks form a stackable set of practices.”

In social media news, Twitter founder Jack Dorsey signaled an about-turn in Twitter’s web development philosophy.

Defending the platform’s early embrace of a centralized model as reasonable at the time, he announced (on Twitter, naturally) that the social media giant “is funding a small independent team of up to five open source architects, engineers, and designers to develop an open and decentralized standard for social media.”

He added that “the goal is for Twitter to ultimately be a client of this standard.”

The proprietary paradigm currently in the ascendant – whereby social media platforms are like walled gardens – could not provide scalable solutions to the modern internet’s biggest challenges, namely disinformation and personal abuse.

Dorsey also said a decentralized approach to recommendation algorithms could shift the dial away from “content and conversation that sparks controversy and outrage” towards “conversation which informs and promotes health.”

From one tech giant to another, Google has added SMS verification and spam protection features to Messages, its Android SMS app.

As of yesterday (December 13), Android users in the US and selected countries will see verified SMS senders’ business name and logo plus a verification badge.

Google believes the feature will help to combat SMS phishing attacks – a topic covered at Black Hat Europe last week – that seek to deceive users with “things like one-time passwords, account alerts, or appointment confirmations”.

Spam Protection, meanwhile, will flag SMS bearing the hallmarks of spam text with a notification bar at the top of the Messages app.

Users on a technical support forum have apparently discovered a way to circumvent Microsoft’s planned discontinuation of Windows 7 support.

Free security updates for the venerable Windows operating system, which was launched in 2009, are due to cease after its January 2020 Patch Tuesday.

While small businesses and enterprises can pay to extend support for up to three years, home users who persist with Windows 7 will be at the mercy of newly discovered bugs thereafter – or so we thought.

Writing on ghacks.net, Martin Brinkmann said a small archive of two batch files that disable the bypass is available for download on the My Digital Life forum.

However, while the bypass works with Microsoft’s test update, he said it’s unclear if it will work with updates launched beyond January 2020.

Finally, timed perfectly to coincide with today’s Christmas Jumper Day, Microsoft has once again released a limited number of festive sweaters emblazoned with one its iconic logos.

Following last year’s fetching Windows 95-themed sweater, this year’s number features the logo of Windows XP, which still has a 2.29% share of the OS market more than a decade after its final release.

Verge journalist Tom Warren took a snap of himself sporting the suitably kitsch number in a Tweet that also featuring images of the item’s ‘softwear’ box.