Scattered Spider Leader Arrested

Plus: TikTok apps to create deepfakes

Here’s a fun new relationship test for you. Do you willingly share passwords and location data with your partner? A recent Malwarebytes report found that 43% of couples experienced “pressure” to share the information, with 7% threatening to break up if their partner didn’t share the information.

Even better, 30% of the respondents regretted sharing their location data with their partners. I can only imagine the story behind that regret. Yikes

This week in cyber, we’re covering:

  • TikTok creators getting into the deepfake game

  • A hacker’s ruined vacation

  • Russia is concerned about fighting hamsters

-Jason

AI Spotlight
TikTok Deepfakes

Some deepfake artists (can we call them that) really have a thing for British politicians. Hopefully, not in a weird way. In the latest deepfake, Nigel Farage, a British politician, was shown playing Minecraft as if he were a live streamer. Okay, innocent enough.

But this is the Internet. Of course, we can’t have anything nice on it.

The fake Nigel Farage said he found the UK Prime minister’s virtual Minecraft house and blew it up with Minecraft TNT. Another video shows the fake Nigel Farage doing the same to another British politician’s Minecraft “base.”

Here’s the deepfake video…it looks pretty good (though the lip-syncing isn’t great), and the audio is okay, a bit choppy, but it would definitely trick people who aren’t paying attention.

While this is innocent enough, here’s the crazy thing: The deepfake was created using a free TikTok app called PodcastPilot, which generated the AI voice and talking head. That was then combined with a Minecraft video to play everything out.

Great, now any TikTok user has the ability to create believable deepfakes…what could possibly go wrong?

Security Deep Dive
Squished Spider

What has hacked over 130 companies, including MGM Grand, controlled over $27 million in Bitcoin, and enjoys Louis Vuitton luggage? OH GOD, SPIDER! Oh, sorry, that was an overreaction to the answer, which is the alleged leader of the Scattered Spider hacking collective.

Police in Spain arrested Tyler Buchanan, a 22-year-old British national and hacker mastermind, while he was traveling through Spain on his way to Italy. Video of the arrest has surfaced online, though the individual face has been hidden.

If this kid, who went by the super original handle of tylerb (his hacking skills are better than his naming creativity), was really the “boss” of the group, it could finally put a dent in the group’s momentum which has steadily been growing steam, despite arrests of other individuals. This law enforcement activity helps show hackers that they aren’t immune from the repercussions.

It reminds me of a previous notorious group known as LulzSec, which, over ten years ago, went on a rampage hacking into companies and leaking data. They claim to have done it for the “lulz.” Adorable.

The FBI caught the leader of that group, turned him into an informant, and then found and arrested other members of the group. And that was the end of that.

Of course, the LulzSec leader wasn’t videotaped being arrested with his Louis Vuitton luggage, so they had the luxury of turning him. Maybe we won’t be so lucky this time.

Security News
What Else is Happening?

🐹 Russia, Uzbekistan, and Ukraine are afraid of fighting hamsters. Well, to be more specific, the game Hamster Kombat. It’s a game that has you repeatedly click the screen to earn in-game currency to buy clothes and accessories for your hamster…naturally. This is no security-related concern. The countries are just concerned about teens spending countless hours on something worthless. I just had to include it because it was called Hamster Kombat.

🌧️ Home routers are not feeling the hot girl summer vibes. Asus just released details on a slew of new vulnerabilities, one of which allows an attacker to take control of a router with zero user interaction. Threat actors, especially nation-states, like to use these vulnerabilities to build botnets they can use to route their network traffic through in attacks, hiding the origin of an attack.

🏴󠁧󠁢󠁳󠁣󠁴󠁿 The residents of Dumfries and Galloway in Scotland found out they all have something in common…their personal information was leaked in a ransomware attack tied to the INC Ransom group. I guess nothing brings people closer together than having their data stolen.

🐡 A 35-year-old Nigerian man is facing over 100 years in prison after hacking companies’ email accounts and tricking them into sending wire transfers. The individual made over $1.5 million in the process. It’s nice to see some hefty punishment being handed down to those who cause so much damage to companies.

🏋️ UK residents asked Total Fitness, “do you even secure our data, bro?” A security researcher found an exposed database that contained over 474K pictures of gymgoers. These pictures were tied to the always awkward process of taking a picture for a new membership. Analysis of how many people smiled in their pictures is still ongoing.

📱Here’s a short explanation of how attackers use Android overlays to trick users into giving up their passwords. The TLDR is that overlays are an Android feature that allows one application to layer on top of another. Attackers use them to add an overlay over password prompts to steal your credentials. So don’t go downloading sketchy apps.

🚙 CDK Global, a SaaS provider to car dealerships, experienced a cyber attack that has crippled thousands of car dealerships. This is an example of how dependent businesses are on their third parties. Car dealers are now reverting to paper and pen to do business.

If you enjoyed this, forward it to a fellow cyber nerd.

If you’re that fellow cyber nerd, subscribe here.

See you next week!

Reply

or to participate.