Lead image courtesy of J (Creative Commons).
In this week’s Cyber Blurbs Roundup, we take a look at how Apple’s privacy policy is impacting Snapchat, the FBI turning the tables on a notorious ransomware group, and a reminder of Cybersecurity Awareness Month.
A New Hope: Snapchat Says Apple’s Privacy Measures are Working
We’ll start off with a bit of social media news. Snap, parent company of Snapchat, saw its stock drop more than 20% earlier this month after announcing it fell short of its quarterly goals by $3 million. But don’t feel too bad — Snap’s results show that it still brought in $1.067 billion in revenue in its most recent quarter. That’s good for a 57% increase when compared to the same period last year.
The bigger problem may lie in why the company didn’t meet its revenue goals. Snap officials say the shortcomings result directly from some of the big privacy changes Apple instituted earlier this year. As part of iOS 14, Apple began limiting the sort of tracking on its iOS devices by requiring applications to ask for user permission for cross-app tracking. Virtually all in the mobile advertising industry expected an impactful number of users to opt out of the now-optional tracking, ultimately hurting revenue.
“We’re now operating at the scale necessary to navigate significant headwinds, including changes to the iOS platform that impact the way advertising is targeted, measured, and optimized, as well as global supply chain issues and labor shortages impacting our partners,” Snap co-founder and CEO Evan Spiegel said in a statement.
The company says it is working on potential workarounds that will allow advertisers to better adapt to Apple’s privacy shift. Last month, we wrote about some loopholes that exist in Apple’s privacy policy, and how some companies are circumventing the rules to gather user data anyway.
Empire Strikes Back: FBI Hacks the Hackers
Notorious ransomware group REvil has found itself on the opposite end of a cybersecurity breach. Known for some of the more relentless and expensive cyber attacks in recent memory, REvil has been hacked in an FBI-led operation, as originally reported by Reuters. The FBI partnered with the Secret Service, as well as law enforcement agencies across the globe, to infiltrate the ransomware group responsible for some of the biggest corporate headaches of 2021.
REvil has since gone offline. The group’s “Happy Blog” website — leveraged to leak its victim’s data and add fuel to its ransomware demands — has also gone dark.
“The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” Tom Kellermann, an adviser to the U.S. Secret Service on cybercrime investigations, told Reuters. “REvil was top of the list.”
According to Reuters, law enforcement officials even went so far as to inject code into REvil’s backups — a tactic the ransomware group often employs when going after victims of its own. When hit with a ransomware attack, victims typically resort to restoring their systems using backup data. Except, considering it serves as such a logical first step to being ransomware-d, hacking groups often inject code into the backups to prevent them from working to further their own financial demands.
FBI Reminds Us October is Cybersecurity Awareness Month
Listen, we had every intent on rounding out the whole Star Wars theme for our subheads this week. But we couldn’t find anything that would even remotely fit the narrative belonging to the final chapter of the OG saga. And despite a usual Monday publication, this weekly blog is prepared on a Friday afternoon. You get it.
Now onto more important things.
October is a month of many things: breast cancer awareness, Halloween, and the official start to Pumpkin Spice Season. It’s also known as Cybersecurity Awareness Month — going on 18 years now.
The FBI is here to help you celebrate, though with neither tricks nor treats. Here are some tips to ensure your cyber safety:
Keep your software up to date and don’t cut corners on your anti-virus protection.
Pay attention to the email addresses and URLs in anything that hits your inbox. Scammers are clever, but they almost always include slight variations in the spelling of names of organizations you typically trust.
Treat sketchy texts, emails, and phone calls with the sort of skepticism that they deserve. Don’t click on any links they provide, and be sure to go to the company’s website to verify that the message being sent is legitimate. A quick Google search goes a long way, too.
Don’t open email attachments from accounts you don’t know.
Don’t just give people money when they ask for it.
Companies rarely urge immediate action without prior warnings. Know that.
Employ two-factor authentication to any wire transfers (in person or over the phone).