In today’s episode, we look into the recent compromise of celebrity TikTok accounts through a zero-click attack and discuss the exploited vulnerabilities. We then explore the potential security pitfalls of Microsoft’s Windows Recall feature, highlighting totalrecall.py by ethical hacker Alexander Hagenah. Finally, we examine the ransomware attacks executed by the Russian-speaking Qilin group on NHS medical services in London.
For more details, check out these sources:
- https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html
- https://github.com/xaitax/TotalRecall
- https://www.group-ib.com/blog/qilin-ransomware/
- https://www.google.com/search?q=why+should+people+delete+tiktok&oq=why+should+people+delete+tiktok
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/
Logo Design by https://www.zackgraber.com/
00:00 Introduction
01:18 TikTok’s Troubling History of Security Flaws
04:58 Exploring Microsoft’s Controversial Recall Feature
07:46 Quillin Ransomware: A Deep Dive
Tags: Zero-click attack, TikTok, hackers, vulnerability, ethical hacker, TotalRecall, Windows Recall, vulnerabilities, Qilin, ransomware, defend, security measures, sensitive data, critical sectors, Russian-speaking gang, NHS hospitals, cybersecurity, celebrity accounts, platform security
Search Phrases:
- How TikTok handles zero-click attacks
- Vulnerabilities in TikTok security
- Protecting TikTok accounts from hackers
- Ethical hacking and TotalRecall demonstration
- Securing data against Windows Recall threats
- Defending against Qilin ransomware
- Russian ransomware gang Qilin explained
- Health sector ransomware attacks prevention
- Cybersecurity tips for TikTok users
- Windows Recall vulnerabilities and precautions
https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html —`Flash Briefing: Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs
- Zero-Click Attack on TikTok: Threat actors have exploited a zero-click vulnerability in TikTok, allowing them to take over high-profile accounts via direct messages without user interaction. (Source: Semafor, Forbes)
- Actionable Insight: Stay vigilant even if you don’t interact with suspicious messages. Update your app regularly to ensure you have the latest security patches.
- Scope of the Compromise: TikTok has not disclosed the exact number of affected users but claims that only a “very small” number of accounts were compromised.
- Engagement: Ask listeners, “Have you noticed any unusual activity on your social media accounts lately? Share your experiences with us.”
- Response and Mitigation: TikTok has implemented preventive measures to stop the attack and is working directly with impacted users to restore account access.
- Actionable Insight: If you suspect your account has been compromised, contact TikTok support immediately and follow their guidance for recovery.
- Historical Context of TikTok Security Issues:
- January 2021: Check Point identified a flaw allowing attackers to build a user database with associated phone numbers. (Source: Check Point)
- September 2022: Microsoft found a one-click exploit in TikTok’s Android app that could take over accounts via a crafted link. (Source: Microsoft)
- Turkey Compromise: 700,000 accounts were compromised via intercepted SMS messages. (Source: Report)
- Invisible Challenge: Attackers used a viral challenge to spread information-stealing malware.
- Global Concerns and Actions:
- China Ties: Concerns about TikTok’s Chinese ownership have led to proposed and enacted bans in several countries, including the U.S., U.K., Canada, and Australia on government devices.
- Legal Actions: TikTok has filed a lawsuit in the U.S. challenging a proposed ban,`
TotalRecall shows how easily data collected by Windows Recall can be stolen
https://github.com/xaitax/TotalRecall —`- TotalRecall Tool: Ethical hacker Alexander Hagenah developed the TotalRecall tool to highlight security vulnerabilities in Windows’ newly announced Recall feature. This tool can easily extract and expose sensitive data collected by Recall.
- Actionable Insight: Be vigilant when using new features and tools that collect data, as they may have hidden security risks.
- Recall Feature Overview: Microsoft announced the Recall feature on May 20, 2024, as part of the Copilot+ line of Windows 11-powered PCs. Recall takes screen snapshots every few seconds, uses OCR to extract information, and stores this data in an unencrypted SQLite database.
- Actionable Insight: Encrypt sensitive data locally and regularly audit new features for potential security risks.
- Security Pitfalls: Security researcher Kevin Beaumont demonstrated that exfiltration of Recall databases can be automated, making it easy for malware and hackers to access the data. He criticized Microsoft for enabling Recall by default and allowing it to be reactivated without user knowledge.
- Actionable Insight: Immediately disable features that pose security risks and monitor for unauthorized reactivation.
- TotalRecall Functionality: The tool copies Recall databases, extracts information like passwords and search terms, and summarizes this data. Hagenah does not plan to update the tool further, leaving its functionality as a proof of concept.
- Actionable Insight: Regularly review and understand the tools being used within your system to prevent potential data breaches.
- Microsoft’s Response: Although Microsoft has emphasized security, their implementation of Recall falls short. The feature stores data locally in an unencrypted format, making it accessible to malware and unauthorized users.
- Actionable Insight: Push for vendors to improve security measures and hold them accountable for defaults that put user data at risk.
- Upcoming Release: Recall is`
—`scheduled for release on June 18, 2024. Security professionals hope Microsoft addresses the highlighted issues before the launch.
- Actionable Insight: Stay updated on new releases and security patches to ensure vulnerabilities are addressed before widespread adoption.
- Disabling Recall: Recall is enabled by default on Copilot+ devices, but users can disable it during initial setup or via Group Policy in enterprise environments.
- Actionable Insight: Ensure that all team members are aware of how to disable potentially risky features and implement these changes as part of security best practices.
Engagement Suggestion: “Have you ever encountered a new feature that seemed more risky than beneficial? Share your experiences with us and let’s discuss how to navigate these challenges together!”`
Who are Qilin, the cybercriminals thought behind the London hospitals hack?
https://www.group-ib.com/blog/qilin-ransomware/ —`Flash Briefing: Qilin Ransomware Group
- NHS Attack: Cybercriminal group Qilin, a Russian-speaking ransomware gang, attacked NHS medical services provider Synnovis, disrupting hospital trusts and GPs across London. If based in Russia, British law enforcement faces challenges due to Russia’s non-extradition policy and lack of cooperation on cybersecurity matters post-Ukraine invasion. [Source: The Guardian]
- Ransomware as a Service (RaaS): Qilin operates on a RaaS model, providing tools and infrastructure to independent hackers for a cut of the ransom, typically 15-20%. They demand ransoms ranging from $50,000 to $800,000, often using spear phishing for initial network access. [Source: Group-IB]
- Past Attacks: Since October 2022, Qilin has attacked over 50 organizations, including Robert Bernard in France and Dialog in Australia. Notable incidents include the Big Issue publisher attack, with 500GB of data leaked after a refused ransom. [Source: Group-IB]
- Rust and Go Languages: Qilin leverages Rust and Go programming languages for their ransomware, making it harder to detect and analyze. This allows them to customize attacks for different operating systems like Windows and Linux. [Source: Group-IB]
- Double Extortion Technique: Qilin uses double extortion, encrypting data and exfiltrating sensitive information to pressure victims into paying the ransom. They have a proprietary Dark Leak Site (DLS) for publishing stolen data. [Source: Group-IB]
- Affiliate Management: Qilin’s affiliate panel includes sections for managing targets, creating ransomware samples, and coordinating attacks. Affiliates get 80-85% of the ransom, depending on the amount. [Source: Group-IB]
- Security Recommendations:
- Multi-Factor Authentication (MFA): Implement MFA and credential-based access solutions.
- Regular Backups: Conduct regular data backups.
- Email Protection: Use tools like Group-IB’s Business Email Protection to
[---](<https://www.group-ib.com/blog/qilin-ransomware/>)
counter phishing. - Advanced Detection: Employ AI-based solutions for real-time intrusion detection.
- Patch Management: Regularly update and apply security patches.
- Employee Training: Educate employees about cybersecurity risks and phishing signs.
- Incident Response: Contact experts immediately if attacked; avoid paying ransoms. [Source: Group-IB]
Listener Engagement:
- Question for Listeners: Have you ever encountered a phishing email at work? How did you handle it? Stay vigilant and keep your systems secure!`