Security News

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. This week, the world's police organizations announced 800 arrests based on text messages sent over the app.

In a huge sting operation, the U.S. Federal Bureau of Investigation and Australian Federal Police ran an "Encrypted chat" service called ANoM for almost 3 years to intercept 27 million messages between criminal gang members globally. "For almost three years, the AFP and the FBI have monitored criminals' encrypted communications over a Dedicated Encrypted Communications Platform," AFP said.

As FBI Special Agent Nicholas I. Cheviron wrote in the affidavit in support of a search warrant, while the FBI might have dented the supply of encrypted messaging devices, the demand didn't go away. "The continued for these encrypted device platforms by criminals is significant," he wrote.

In the "Largest and most sophisticated law enforcement operations to date," a joint international law enforcement created a fake end-to-end encrypted chat platform designed solely to catch criminals. The FBI and the Australian Federal Police started cooperating three years ago in Operation Ironside, creating a fake encrypted messaging platform called Anom that was sold exclusively to criminals, allowing law enforcement to listen in on their messages and conversations.

Police arrested more than 800 people worldwide in a huge global sting involving encrypted phones that were secretly planted by the FBI, law enforcement agencies said Tuesday. Australian police said the supposedly hardened encrypted devices were handed out to operatives within the mafia, Asian crime syndicates, drug cartels and outlaw motorcycle gangs as part of the elaborate FBI-led plot.

As more private data is stored and shared digitally, researchers are exploring new ways to protect data against attacks from bad actors. Current silicon technology exploits microscopic differences between computing components to create secure keys, but AI techniques can be used to predict these keys and gain access to data.

Whether you're a small business operating out of a single office or a global enterprise with a huge and distributed corporate network, not inspecting the encrypted traffic entering and leaving can be a costly mistake, as cybercriminals are increasingly using TLS in their attacks. "A large portion of the growth in overall TLS use by malware can be linked in part to the increased use of legitimate web and cloud services protected by TLS-such as Discord, Pastebin, Github and Google's cloud services-as repositories for malware components, as destinations for stolen data, and even to send commands to botnets and other malware," noted Sean Gallagher, Senior Threat Researcher at Sophos.

Following a wave of ransomware attacks, network-attached storage appliance manufacturer QNAP Systems says it is urgently working on finding a solution to remove malware from infected NAS devices. The Taiwanese company, which makes both NAS and professional network video recorder solutions, has long been urging users to improve the security of their devices.

British infosec biz Sophos reckons just under half of malware traffic it saw in the wild during the opening three months of 2021 alone was using Transport Layer Security to encrypt both its command-and-control traffic and data exfiltration. He was open about this only being traffic observed by Sophos, meaning the true worldwide figure for TLS-encrypted malware traffic could differ.

Q4 2020 also brought a 41% increase in encrypted malware detections over the previous quarter and network attacks hit their highest levels since 2018. "The attacks are coming on all fronts, as cybercriminals increasingly leverage fileless malware, cryptominers, encrypted attacks and more, and target users both at remote locations as well as corporate assets behind the traditional network perimeter. Effective security today means prioritising endpoint detection and response, network defences and foundational precautions such as security awareness training and strict patch management."