End to End Encryption Comes Facebook Messenger

Facebook has recently announced an important addition to its Facebook Messenger app. Most popular communications platforms utilize end-to-end encryption (E2EE). These include Zoom, Microsoft Teams, and even Facebook’s WhatsApp.

Until recently Facebook’s Messenger app was a notable holdout. Although popular it simply wasn’t as secure as the others mentioned above. Facebook has now changed that by finally adding E2EE to their offering.

Ruth Kricheli is the Director of Product Management for Messenger.

Kricheli had this to say about the recent addition:

“The content of your messages and calls in an end-to-end encrypted conversation is protected from the moment it leaves your device to the moment it reaches the receiver’s device. This means that nobody else, including Facebook, can see or listen to what’s sent or said. Keep in mind, you can report an end-to-end encrypted message to us if something’s wrong.”

The Covid-19 pandemic ultimately played a major role in the change. Since the pandemic began, Facebook Messenger users have been increasingly relying on it as their communications tool of choice. In recent months Messenger users have logged an average of one hundred and fifty million video calls a day using the app.

Given the huge surge in growth the company realized that they needed to upgrade and modernize their offering. They need to offer better security to their massive user base.

Adding E2EE to Messenger’s video calls is the change that has received the most attention. However it is not the only thing Facebook has done to bolster security. The company has also given users the flexibility to decide how long it takes for their text based messages to disappear.

The company has also been experimenting with a limited opt-in end to end encryption feature for Instagram’s Direct Messages (DMs).

These are excellent changes that serve as a clear indication that internet communications providers have embraced the notion of user security and privacy. They are taking meaningful steps to increase user safety and security. That is very good news indeed.

Change Your NAS Device Password To Avoid Ransomware Attacks

A NAS manufacturer based in Taiwan called Synology recently issued a warning to its customers relating to the StealthWorker botnet. This botnet has been targeting a wide range of NAS (Network Attached Storage) devices using simple brute force tactics. Anytime the botnet succeeds in breaching the security of a NAS it will deploy a ransomware payload to encrypt any files on that device.

The botnet also stores working credentials so that its controllers can use them later to try and breach other devices on the same network. This is on the thinking that many people reuse passwords. It is a simple and effective strategy that could have devastating consequences for anyone with weak admin credentials and recycled passwords in use across multiple devices.

Synology alerted its customers to the threat itself. They are also urging all of their customers to immediately change any weak passwords and to update passwords that are in use on multiple devices. That is whether they’re on on the same or a different network. This is all to be done in order to mitigate risk.

If possible the company is also urging the use of two-factor authentication to make it more difficult for the Botnet to gain traction when it makes an attack.

This Botnet and this particular line of attacks seems to favor Synology NAS devices. So if you use them at your company you should review your passwords to make sure they’re sufficiently robust right away. Also, you should enable other any other network security protections you can.

The hackers could easily shift gears and target NAS devices made by some other vendor or even target other types of devices entirely. So now would be a good time to do a general password security review just to make sure you’re not caught off guard.

Coalition Of Big Names Coming Together To Fight Ransomware

If you’re worried about ransomware attacks know that help is on the way.

The CISA (Cybersecurity & Infrastructure Security Agency) has announced a partnership with some of the biggest names in tech. The specific purpose of this collaborative effort called the Joint Cyber Defense Collaborative is to put an end to ransomware and other serious cyber threats.

In recent years ransomware has emerged as one of the favored tools of hackers around the world. It allows hackers to profit in two ways from networks they break into. They can sell any data that they collect prior to locking files and they can charge the victim a hefty fee to get their files unlocked.

The collaborative effort has gained global attention and the following companies have joined the government to assist:

  • Amazon
  • Google
  • Microsoft
  • Crowdstrike
  • AT&T
  • FireEye
  • Mandiant
  • Lumen
  • Palo Alto Networks
  • And Verizon.

The Collaborative will be expanded as time goes by and will eventually include other companies as well per the CISA. Also note that the CISA is not the sole governmental agency participating in the Collaborative.

The other agencies involved include:

  • The FBI
  • The Office of the Director of National Intelligence
  • The Department of Justice
  • The NSA (National Security Agency)
  • And US Cybercommand

This isn’t a half measure. There is much width and depth of expertise in the two lists above. It is apparent that the Collaborative means business and has the resources to get the job done.

No one is expecting that the Collaborative effort will be able to put an end to cyber attacks. With the capabilities of this group they will undoubtedly be able to make some serious headway. The very existence of the Collaborative may be sufficient to give at least some hackers pause.

This is great news indeed if you’re at all concerned about cyber security and the threats that hackers around the world pose.

Even Computer Hardware Manufacturers Can Get Hit By Ransomware

Retailers, hospitals and financial institutions tend to be the targets of choice for the hackers of the world. Of course they’re not the only targets. The simple truth is that any company can find itself in the cross hairs of a hacker.

The most recent victim is Taiwanese motherboard manufacturer Gigabyte. In addition to shutting down manufacturing operations in Taiwan the attack also took a number of the company’s web-based systems. They include its online support and the Taiwanese website itself.

The investigation into the matter is ongoing. The early indications are that the company fell victim to the RansomEXX strain of ransomware. In addition to locking files on a number of Gigabyte’s network devices the hackers made off with some 112 GB of data. The hackers have published portions of this data on their own website on the Dark Web as proof that they were indeed behind the attack.

The Ransom EXX strain has an interesting history. It began life in 2018 as a strain called Defray. For the first couple of years of its life it gained little traction among the hackers of the world. It wasn’t used in many high profile attacks.

It seemed to go dormant and re-emerged in 2020 as RansomEXX with a raft of new capabilities. It is not clear whether it was abandoned and picked up by a new hacker group or the original Defray authors used their initial experiments to refine the code. In its current form RansomEXX is a dangerous threat indeed and is capable of infecting both Windows- and Linux-based systems

The group controlling the malware has used it to attack a number of high profile targets in recent weeks, including:

  • The Texas state Department of Transportation
  • The Brazilian Government
  • IPG PhotonicsAnd more.Be on your guard against this one. You definitely don’t want to be the hackers’ next victims.

Google Working On One Tap Solution To Password Issue

Internet users are notoriously bad at selecting secure passwords for the sites they frequently use that require a login.

Surveys reveal that more than a third of internet users are in the habit of using the same password across multiple sites. The danger is that if a hacker breaches one of your accounts then many of your others may be at risk.

A number of big tech companies have tried various approaches to solve the problem over the years. Google is the latest to do so.

The company recently introduced Google Identity Services. The new service allows users to sign in with a single tap using a secure token tied to one of their Google accounts. This is functionally similar to the ubiquitous “Sign in with Facebook” prompts you see on a wide range of websites. However it has the advantage of being more secure. It is more secure because the Facebook prompt simply recycles your password while Google Identity Services employs a secure token.

Developers have an easy time adding the new functionality to existing sites. The “One Tap” sign in routine can be made to simply scroll down from the top of an existing page or come in from the side. It vanishes once the user taps to sign in.

The hope is that this new functionality will help keep users from choosing the convenience of recycling a password so they have less to keep track. That is rather than the greater security that comes with maintaining a unique password on every site a user visits.

It’s too early to tell how successful the approach will be. On the surface it does seem like a good solution to a very real problem. Kudos to Google for taking steps to make us all safer. Even when that means keeping us safe from ourselves and our own bad habits.