Security News

Did the Saudi crown prince hack Jeff Bezos?

Avast Security News Team, 24 January 2020

Plus, more news bytes of the week, including a Microsoft security breach and an FBI PSA cautioning against fake job and hiring scams

Analysts and United Nations officials investigating the 2018 hack into Amazon and Washington Post owner Jeff Bezos’ phone believe there is credible evidence that the infiltrating malware originated from a video file Saudi crown prince Mohammed bin Salman texted from his personal account. While Saudi Arabia denies any involvement in the hack, The Guardian reported that digital forensics found the allegation “highly probable.” 

“Although we do not have yet all the details about the hack, we can already learn some valuable lessons,” commented Avast security evangelist Luis Corrons. “It doesn't matter if you use an iPhone, or if you are the richest man in the world. We can all become victims. One thing worth noting is that in most cases – including this one – attackers rely on the unwilling collaboration of their victims, usually opening an attachment or clicking a link.”

Investigations into the hack began roughly nine months after it occurred, when the National Enquirer published text messages and intimate details about Bezos’ life. Sources close to Bezos noted that bin Salman (also known as MBS) had developed a close, personal relationship with Enquirer owner David Pecker in the months before the scandalous article was printed. Saudi experts have suggested that MBS targeted Bezos because of his ownership of The Washington Post, where journalist Jamal Khashoggi worked as a reporter, often criticizing MBS for repressing activists and intellectuals. Five months later, Khashoggi walked into the Saudi embassy in Istanbul and was never heard from again. 

This week’s stat

43% – The portion of Americans who aren’t aware their router has a web administrative interface where they can log in to view and change their router’s settings.

Microsoft breach exposes customer support database

In a blog post this week, Microsoft disclosed that a security breach exposed information from an internal customer support database. The company reported that all personal details stored on the servers had been automatically redacted, and therefore not breached, except in those cases where users entered their data in a non-standard format, such as inserting spaces in an email address. Microsoft stated that the servers in question had been exposed for a little over three weeks before the breach was discovered on Dec. 31, 2019. It was secured that same night. 

This week’s quote 

“The IoT is complicated – it’s not a simplistic Hollywood cliche. It’s a vast ecosystem of millions of unique vulnerabilities. But your part of it can be simple.” Ondrej Vlcek, Avast CEO 

FBI warns of fake job and hiring scams

The FBI issued a public service announcement cautioning jobseekers about a prevalent threat these days – fake job scams. The feds maintain that while hiring scams have been around for years, modern technology has made them easier to execute. Authorities cite numerous incidents reported in 2019 with an average loss of $3,000 per victim. The scam is difficult to detect initially, as the fake jobs are advertised alongside real jobs. Applicants for the fake jobs will typically be invited to a fraudulent teleconference interview where a cybercriminal poses as the potential employer. The applicants/victims are then asked to supply personally identifiable information and credit card numbers in order to purchase start-up equipment. Once the scammers have that info, they stop communicating with the victims.

Mitsubishi Electric possibly targeted for cyber-espionage

Tokyo police are looking into a cyberattack that hit Mitsubishi Electric last June. The Asahi Shimbun reported that the company was made aware of the attack when it occurred but did not publicly announce it until this week. Along with personal information on thousands of employees, the hackers accessed data on various government organizations as well as several major companies. Mitsubishi Electric is Japan’s leading manufacturer of defense, infrastructure, and transportation equipment. Dark Reading reported that cybersecurity researchers suspect that a notorious China-based cyber-espionage group was behind the attack. 

Over 2,000 WordPress sites hacked

Researchers found that certain common plugins used on WordPress sites have been compromised to redirect visitors to malicious URLs. Users falling victim to the hack are sent to sites pushing fake giveaways, phony surveys, malware-laced downloads, and unwanted browser notification subscriptions. The malware also creates new plug-in directories that in turn serve to upload even more malware to the exploited sites. More on Bleeping Computer

This week’s ‘must-read’ on The Avast Blog

Avast CEO Ondrej Vlcek has called the Internet of Things a ticking time bomb. In the interests of a more optimistic new decade, he’d like to amend that a bit.

Irish children’s hospital uses facial recognition tech

A new national children’s hospital being constructed in Dublin is facing controversy for installing facial recognition cameras. The Irish Times reported that proponents of the cameras argue that children’s hospitals need them to prevent baby-snatching, as there have been instances in the past where babies were kidnapped from hospitals. The Irish Council for Civil Liberties, however, raised concerns that the hospital’s facial recognition cameras are made by the Chinese company Hikvision, whose video surveillance systems have been banned from U.S. government buildings for fear of espionage. 


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.