Security News

Facebook puts temporary ban on political ads post-election

Avast Security News Team, 16 October 2020

Plus, ransomware attackers pay to prey and students begin to feel the “digital divide”

Facebook posted in its Newsroom last week that it was preparing for the predicted chaos of the U.S. presidential election by taking certain steps and changing some of its rules, including a moratorium on political ads post-election.

“While ads are an important way to express voice,” Guy Rosen, Facebook VP of Integrity, wrote in the Newsroom post, “we plan to temporarily stop running all social issue, electoral or political ads in the US after the polls close on November 3, to reduce opportunities for confusion or abuse. We will notify advertisers when the policy is lifted.” 

Avast Security Evangelist Luis Corrons acknowledged that this is a wise move. “There are too many interests involved in the U.S. presidential election,” he commented. “We’re not just talking about candidates trying to gain voters, but also external parties hoping to influence the election and benefit from the result. Facebook knows that it’s the most popular social network and that it’s been abused in the past during election time, so it makes sense to cut the problem at the root with a temporary ban on political ads.”

According to Rosen, other steps Facebook has taken to protect the integrity of the election include the removal of 30 networks engaged in coordinated inauthentic behavior, displayed warnings on over 150 million pieces of content, and the deletion of 6.5 billion fake accounts. Some experts worry, however, that these moves are not enough. Wired reported this week that political strategists believe determined bad actors can still find ways to target voters through Facebook, particularly when used in conjunction with other data sources. 

Ransomware groups pay for network access

Cybersecurity researchers focusing on ransomware attacks have discovered that many ransomware groups are now purchasing network access through third parties in order to accelerate and simplify their attack procedures. InfoSecurity reported that the researchers claim to be tracking more than 25 persistent network access sellers, with more materializing on a weekly basis. Network access sellers and ransomware gangs exchange goods and services on the dark web. The researchers noted that one vendor is advertising access to 36 companies for between $2,000 and $20,000. 

Hackers gain access to U.S. elections support systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert last week in conjunction with the FBI that advanced persistent threat (APT) actors were actively exploiting multiple VPN and Windows vulnerabilities in a tactic known as “vulnerability chaining.” CISA called attention to the activity because typically these kinds of attacks are used to target federal, state, and local government networks. “CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised,” reads the report. CISA notes that the report is not comprehensive as the analysis is ongoing. 

School laptop shortage starts the “digital divide”

Ever since schools all over the planet began implementing distance learning in March, there has been a surge in worldwide demand for low-cost laptops and Chromebooks. The demand is up 41% from last year and, unfortunately, manufacturers have not been able to keep pace with the requests. The result is a widening gap between the haves and the have-nots. While the Los Angeles Unified School District spent $100 million on an order of Chromebooks in March and received it in full, other districts that waited until summer to put in their order were faced with months of delays. Alabama schools are still waiting for more than 160,000 devices, and Mississippi is just now beginning to receive the 320,000 computers they had requested. The New York Times reported that North American schools are likely to end the year with a shortage of more than five million devices, creating a “digital divide” that could result in entire classes of students falling behind their peers at other schools. 

Secret photo function found on kids’ smartwatch 

The X4 smartwatch, which sells for about $200 and runs on Android, is designed exclusively for children, but researchers have discovered that a backdoor exists that could make it possible for someone to remotely capture snapshots, wiretap calls, and track locations in real time. Xplora, the Norway-based company that markets the X4, responded to the discovery by stating that the found code belonged to a photo feature initially planned to be triggered by the child’s guardian should the child ever send out an SOS signal, but which ultimately did not make it into the final design. “The researcher found some of the code was not completely eliminated from the firmware,” Xplora stated. Read more on this story at Ars Technica.

This week’s ‘must-read’ on The Avast Blog

The online dangers that we were told to look out for as children are not the same as the dangers kids face today. Here's how parents can adapt to the ever-changing risks that today's children encounter online.