Daily Digest (12/1)

Amazon, Apple Stay Away from French Initiative; German Court: Email Provider Must Create Surveillance Function; Pa. County Pays $500,000 in Ransomware Attack; State-Backed Hackers Targeting Apple Mac OS Users With New Malware

Amazon, Apple Stay Away From French Initiative 

Amazon and Apple have not joined a new French initiative to make global tech companies publicly commit to principles that include paying their share in taxes, government officials said Monday. 

French President Emmanuel Macron has asked tech companies to sign onto the “Tech for Good Call” initiative amid public outcry about the firms’ financial success during the COVID-19 pandemic, Reuters reports.

The French government released a list of 75 tech executives who signed up so far, including Google, Facebook and Microsoft. 

Apple and Amazon were not listed. 

Apple declined to comment, but French officials said that talks were ongoing, Reuters reports. A representative from Amazon, which French officials said declined to join, also did not comment. 

“The goal is also to … observe objectively those who decide to play ball and align their interest with individuals and societies and those who stay out of this joint movement,” a presidential adviser told a news briefing.

The signed-on companies have committed to “contribute fairly to the taxes in countries where (they) operate”; prevent the dissemination of “child sexual abuse material, terrorist or extreme violence online contents,” and “support the ecological transition.”

Sources (all links external): 

German Court: Email Provider Must Create Surveillance Function 

Tutanota, a German email provider who encrypts all incoming emails by default, has been forced by the Cologne Regional Court to install a function to allow investigators to monitor individual mailboxes and read emails in plain text. 

The Hanover-based email provider wants to file a complaint against the decision, a spokeswoman told the German online publication C’T Magazine. 

But, according to the spokeswoman, the complaint has no suspensive effect. 

“We therefore had to start developing the monitoring function,” she said.

The Cologne judgment differs from previous rulings from the Hanover regional court, which decided that Tutanota did not provide or participate in any “telecommunications services” in the legal sense and, therefore, could not be obliged to monitor telecommunications, C’T Magazine reports. 

But the court ruled that Tutanota was a “contributor” regarding telecommunications services and, as a result, must enable surveillance. 

The case concerns a blackmail email that was sent to an auto supplier from a Tutanota mailbox. The ruling will enable the State Criminal Police Office of North Rhine-Westphalia to monitor the mailbox.

Pa. County Pays $500,000 in Ransomware Attack

Delaware County, Pa., said Monday that it had paid $500,000 after its systems were hit by DoppelPaymer ransomware last weekend.

The county said that portions of its computer network were taken offline after discovering that its network was compromised, Bleeping Computer reports.

“The county of Delaware recently discovered a disruption to portions of its computer network,” officials said. “We commenced an immediate investigation that included taking certain systems offline and working with computer-forensic specialists to determine the nature and scope of the event.

“We are working diligently to restore the functionality of our systems,” officials said.

The county also said that the Bureau of Elections and the Emergency Services Department were not affected and were on a different network than the hacked systems.

But the ransomware operators had access to networks containing police reports, payroll, purchasing and other databases, 6ABC-TV in Philadelphia reports. 

The group behind the attack was the DoppelPaymer ransomware gang, who, after the attack, advised the county to change all of its passwords and modify its Windows domain configuration, sources told Bleeping Computer. 

State-Backed Hackers Targeting Apple Mac OS Users With New Malware

A new malware is targeting Apple Mac OS users in a campaign tied to nation-state backed hacking, researchers said Monday. 

Analysts at Trend Micro have linked the malware to OceanLotus, also known as APT32, a hacking group thought to have links to the Vietnamese government, ZDNet reports. 

The attacks have been linked to OceanLotus because of the similarities in code and behavior of the malware. 

“Threat groups such as OceanLotus are actively updating malware variants in attempts to evade detection and improve persistence,” the researchers wrote. 

The MacOS backdoor enables the attackers to snoop on and steal confidential information and sensitive business documents.

The attacks begin with phishing emails encouraging victims to run a Zip file disguised as a Word document. 

The malware evades detection by anti-virus scanners by using special characters inside a series of Zip folders, according to the researchers. 

— By DPN Staff