Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Cyber losses are increasing in frequency and severity

Research by a cyber insurance provider in North America shows cyber attacks have increased in number and severity since the onset of the coronavirus pandemic. The changes that organisations implemented to facilitate remote work have given cyber criminals new opportunities to launch campaigns exploiting mass uncertainty and fear.

The severity of ransomware attacks has increased since the beginning of COVID-19, with researchers having observed a 47% increase on top of a 100% increase in Q1 2020.

Researchers also found that newer strains of ransomware have been particularly malicious, with costly ransom demands and criminal actors threatening to expose an organisation’s data if they don’t pay. They report that the average demand from attackers using the Maze variety of ransomware is approximately six times larger than the overall average.

Researchers also reported a 35% increase in funds transfer fraud and social engineering claims filed by their policyholders since the pandemic began. Reported losses from these types of attack have ranged from the low thousands to well above $1 million per event.

Additionally, COVID-19 has resulted in a notable surge of business email compromise. The insurer observed a 67% increase in the number of email attacks during the pandemic.

Why this matters:

The report refers to North America but the findings are applicable to us all. They indicate that the most frequent types of losses incurred by victims were from ransomware (41%), funds transfer loss (27%), and business email compromise incidents (19%) — accounting for 87% of reported incidents and 84% of the insurer’s claim pay-outs in the first half of 2020.

Clearly with the landscape getting worse, firms more likely to fall victim, and with losses increasing all the time, firms should ensure they are taking these threats seriously.

Read more: https://www.helpnetsecurity.com/2020/09/14/cyber-losses-are-increasing-in-frequency-and-severity/

Hackers have revived a decade-old Microsoft Office exploit - and they’re having a field day

Hackers have ramped up attempts to abuse a decade-old Microsoft Office flaw with the help of creative new email scams, new research has found.

According to analysis commissioned by NordVPN, attempts to exploit the vulnerability (CVE-2017-11882) rose by 400% in the second quarter of the year - with further growth expected.

Why this matters:

If exploited successfully, the memory corruption bug could allow attackers to execute code on the target device remotely. This is especially problematic if the affected user’s account has administrative privileges, in which case the hacker could seize control of the system.

Read more: https://www.techradar.com/news/hackers-have-revived-a-decade-old-microsoft-office-exploit-and-theyre-having-a-field-day

Cerberus banking Trojan source code released for free to cyber attackers

The source code of the Cerberus banking Trojan has been released as free malware on underground hacking forums following a failed auction.

The leaked code, distributed under the name Cerberus v2, presents an increased threat for smartphone users and the banking sector at large. 

Why this matters:

Cerberus is a mobile banking Trojan designed for the Google Android operating system. In circulation since at least July 2019, the Remote Access Trojan (RAT) is able to conduct covert surveillance, intercept communication, tamper with device functionality, and steal data including banking credentials by creating overlays on existing banking, retail, and social networking apps.

The malware is able to read text messages that may contain one-time passcodes (OTP) and two-factor authentication (2FA) codes, thereby bypassing typical 2FA account protections. OTPs generated through Google Authenticator may also be stolen.

Read more: https://www.zdnet.com/article/cerberus-banking-trojan-source-code-released-for-free-to-cyberattackers/

Critical Bluetooth security vulnerability could affect billions of devices worldwide

A new security flaw in the Bluetooth software stack discovered over the summer has the potential to affect billions of smartphones, laptops and IoT devices using the Bluetooth Low Energy (BLE) protocol.

The new vulnerability has been given the name BLESA (Bluetooth Low Energy Spoofing Attack) by the team of seven academic researchers at Purdue University who first discovered it.

Unlike the recently discovered BLURtooth vulnerability that deals with how Bluetooth devices pair with one another, BLESA was found in the reconnection process. Reconnections occur when two BLE devices move out of range and then move back into range. Normally BLE devices check the cryptographic keys negotiated during the pairing process when reconnecting.

The research team found that the official BLE specification did not contain strong-enough language to describe the reconnection process properly leading to two systemic issues making their way into BLE software implementations.

The first deals with the fact that authentication during device reconnection is optional as opposed to mandatory while the second relates to how authentication can potentially be circumvented if a user's BLE device fails to force another device to authenticate the cryptographic keys sent while reconnecting.

Why this matters:

Billions of devices could be vulnerable to these BLESA attacks where a nearby attacker bypasses reconnection verification and sends spoofed data to a BLE device with incorrect information. This can lead both humans and automated processes to make incorrect decisions when it comes to allowing two devices to reconnect with one another.

Read more: https://www.techradar.com/news/critical-bluetooth-security-vulnerability-could-affect-billions-of-devices-worldwide

Coffee machines, cuddly toys and cars: The Internet of Things devices that could put you at risk from hackers

Connected teddy bears, connected coffee machines and connected cars are just some of the unusual Internet of Things (IoT) devices being insecurely connected to corporate networks that could leave whole organisations open to cyber attacks.

A research paper by Palo Alto Networks details the surge in IoT devices being connected to corporate networks and their wide variety.

Some of the most common irregular devices being connected to organisations' networks include connected vehicles, connected toys and connected medical devices, with connected sports equipment such as fitness trackers, gaming devices and connected cars also being deployed.

These devices are being connected because they can often help people through the working day or help manage aspects of their personal life, but they're also creating additional problems for the corporate network.

Why this matters:

In many cases, these 'shadow IoT' devices are being added to the network without the knowledge of the security team.

This could potentially leave the corporate network vulnerable because not only do some IoT devices have poor security that means they can easily be discovered and exploited, but some workplaces still have flat networks and if a device is compromised then an attacker can move from the IoT product to another system.

Read more: https://www.zdnet.com/article/coffee-machines-cuddly-toys-and-cars-the-internet-of-things-devices-which-could-put-you-at-risk-from-hackers/

DDoS Attacks Skyrocket as Pandemic Bites

More people being online during lockdowns and more people working from home has proven to be lucrative for DDoS type attacks.

The first half of 2020 saw a significant uptick in the number of distributed denial-of-service (DDoS) attacks compared to the same period last year — a phenomenon that appears to be directly correlated to the global coronavirus pandemic.

One firm’s Security Operations Centre (SOC) saw a 151 percent increase in DDoS activity in the period, including one of the largest and longest attacks they had has ever mitigated – that attack came in at 1.17 terabits-per-second (Tbps), and lasted five days and 18 hours.

These figures are representative of the growing number, volume and intensity of network-type cyber attacks as organizations shifted to remote operations and workers’ reliance on the internet increased.

Why this matters:

DDoS attacks are getting bigger, with a “noticeable spike” in volume: The number of attacks sized 100Gbps and above grew a whopping 275 percent. Emblematic of this is a 2.3Tbps attack targeting an Amazon Web Services client in February – the largest volumetric DDoS attack on record. And the aforementioned 1.17Tbps attack was 192 percent bigger than the largest attack mitigated during the first half of 2019.

Read more: https://threatpost.com/ddos-attacks-skyrocket-pandemic/159301/

US charges two Russians for stealing $16.8m via cryptocurrency phishing sites

The US Department of Justice has filed charges this week against two Russian nationals for orchestrating a multi-year phishing operation against the users of three cryptocurrency exchanges.

The two suspects stand accused of creating website clones for the Poloniex, Binance, and Gemini cryptocurrency exchanges, luring users on these fake sites, and collecting their account credentials. These phishing operations began around June 2017.

US officials said the Russian duo — made up of Danil Potekhin (aka cronuswar) and Dmitrii Karasavidi; residents of Voronezh and Moscow, respectively — used the stolen credentials to access victim accounts and steal their Bitcoin (BTC) and Ether (ETH) crypto-assets.

Why this matters:

In total, US officials estimated the victims in the hundreds. Court documents cite 313 defrauded Poloniex users, 142 Binance victims, and 42 users at Gemini. Losses were estimated at $16,876,000.

Whilst bitcoin has waned in popularity after its highs a few years back there is still value in holdings held in different exchanges and these holdings remain popular targets for attackers.

Read more: https://www.zdnet.com/article/us-charges-two-russians-for-stealing-16-8m-via-cryptocurrency-phishing-sites/

US charges two Iranian hackers for years-long cyber-espionage, cybercrime spree

The US has also filed charges against and is seeking the arrest of two Iranian nationals believed to have carried out cyber-intrusions at the behest of the Iranian government and for their own personal financial gain.

In an indictment unsealed this week, prosecutors accused Hooman Heidarian and Mehdi Farhadi, both from Hamedan, Iran, of launching cyber-attacks against a wide range of targets since at least 2013.

Past victims included several US and foreign universities, a Washington think tank, a defense contractor, an aerospace company, a foreign policy organization, non-governmental organizations (NGOs), non-profits, and foreign government and other entities the defendants identified as rivals or adversaries to Iran, with most targets located in the US, Israel, and Saudi Arabia.

US officials said Heidarian and Farhadi focused on gaining access to their victims' accounts, computers, and internal networks, from where they stole confidential data and communications pertaining to topics such as national security, foreign policy, nuclear energy, and aerospace.

Why this matters:

Financial data and personally identifiable information wasn't off-limits, and the two also stole intellectual property, such as unpublished scientific research.

In addition, the two also targeted and stole personal information and communications of Iranian dissidents, human rights activists, and opposition leaders, according to George M. Crouch Jr., Special Agent in Charge of the FBI Newark Division.

Prosecutors believe that some of the stolen data was handed over to Iranian government intelligence officials, but that other information was also sold on black markets for the hackers' personal gains.

Read more: https://www.zdnet.com/article/us-charges-two-iranian-hackers-for-years-long-cyber-espionage-cybercrime-spree/

Alert issued to UK universities and colleges about spike in cyber attacks

British universities and colleges have been warned about a spike in ransomware attacks targeting the education sector by the UK's National Cyber Security Centre (NCSC), a part of GCHQ.

Academic institutions are being urged to follow NCSC guidance following a sharp increase in attacks which have left some teachers fearing they won't be able to accept students when term begins.

Last week staff at Newcastle University warned Sky News they had "no idea how we are going to welcome students in three weeks' time" following one such ransomware attack, which has impacted IT services across the whole university.

Similar attacks in which criminal hackers infiltrated computer networks and stole data before encrypting the machines and demanding a ransom payment to unlock them again, have hit Northumbria University, Bolton Sixth Form College, Leeds City College and others in August alone.

Speaking to Sky News, NCSC's director of operations Paul Chichester said the agency had seen an increase in the "utterly reprehensible" attacks over the past 18 months and was concerned they would disrupt young people's education.

Why this matters:

There are more than a dozen criminal groups which are currently earning millions by encrypting their victim's computer networks and then leaking stolen documents online to pressure the victims into paying up.

Read more: https://news.sky.com/story/alert-issued-to-uk-universities-and-colleges-about-spike-in-cyber-attacks-12073450

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

If you’re pressed for time watch the 60 second quick fire video summary of the top Cyber and InfoSec stories from the last week:

Office 365 Phishing Campaign Exploits Samsung, Adobe and Oxford Servers

Over the last few years, the adoption of Office 365 in the corporate sector has significantly increased. Its popularity has attracted the attention of cyber criminals who launch phishing campaigns specifically to attack the platform. As 90% of cyber-attacks start with a phishing campaign, Office 365 is an attractive target for threat actors who work to evade the continuously introduced security solutions.

Recently, a seemingly unsophisticated Office 365 phishing campaign caught our attention. The attackers abused an Adobe Campaign redirection mechanism, using a Samsung domain to redirect victims to an O365 themed phishing website. The hackers took advantage of the fact that access to a reputable domain, such as Samsung’s, would not be blocked by security software.

To expand their campaign, the attackers also compromised several websites to inject a script that imitates the same mechanism offered by the Adobe redirection service. Further investigation revealed that the actors behind the campaign implemented a few other interesting tricks to hide the phishing kit and avoid detection at each stage of the attack.

Read more here: https://research.checkpoint.com/2020/phishing-campaign-exploits-samsung-adobe-and-oxford-servers/

Guernsey Police warn businesses in Guernsey using Office 365 also targeted by scammers

Guernsey Police are warning local businesses about an online scam targeting users of Office 365.

Officers have been in contact with several businesses using the service who have fallen victim to phishing scams which have allowed hackers access to their email inbox.

The hackers then distribute malicious links to their contacts.

Police say using multi-factor authentication can help keep personal data safe.

Anyone who receives an unexpected email from someone they trust containing a link should contact them directly to make sure they sent it.

Read more: https://www.itv.com/news/channel/2020-06-18/guernsey-businesses-using-office-365-targeted-by-scammers/

As Businesses Reopen, A New Storm Of Cybercrime Activity Looms

There is nothing ordinary about the amount of disruption that will impact our lives moving forward as countries and states reopen following the coronavirus pandemic. In the context of the cloud, disruptions caused by COVID-19 have opened the door to another type of virus: cybersecurity threats. Today we are witnessing a rapid rise of opportunistic cybercriminal activity taking advantage of the chaos created by COVID-19.

Focal concerns about economic recovery and a potential second wave of human infection are abounding. Still, the concern for many companies should also include heightened cybersecurity threats that can easily break companies before they have a chance to relaunch. For the many companies that are already fighting to remain afloat due to challenges faced during COVID-19, a cybersecurity breach could quickly mean the end. As businesses navigate this “new normal,” they must address weaknesses in their IT strategies exposed by COVID-19 and consider implementing a better preparedness plan to avoid long-term damage.

Read more: https://www.forbes.com/sites/emilsayegh/2020/06/18/as-businesses-reopen-a-new-storm-of-cybercrime-activity-looms/#44f38a9a1a4b

Microsoft: COVID-19 malware attacks were barely a blip in total malware volume

Microsoft says that despite all the media headlines over the past few months, malware attacks that abused the coronavirus (COVID-19) theme have barely been a blip in the total volume of threats the company sees each month.

These COVID-19 attacks included emails carrying malicious file attachments (also referred to as malspam) and emails containing malicious links that redirect users to phishing sites or malware downloads.

According to Microsoft's Threat Protection Intelligence Team, the first attacks abusing a COVID-19 lure started after the World Health Organization (WHO) declared COVID-19 a global pandemic on January 30.

As the world yearned to learn more about this new disease, attacks intensified, and they peaked in March when most of the world's countries enforced stay-at-home measures.

"The week following [the WHO] declaration saw these attacks increase eleven-fold," Microsoft said. "By the end of March, every country in the world had seen at least one COVID-19 themed attack."

Read more: https://www.zdnet.com/article/microsoft-covid-19-malware-attacks-were-barely-a-blip-in-total-malware-volume/

Cyber spies use LinkedIn to hack European defence firms

LONDON (Reuters) - Hackers posed as recruiters working for U.S. defence giants Collins Aerospace and General Dynamics (GD.N) on LinkedIn to break into the networks of military contractors in Europe, cyber security researchers said on Wednesday.

The cyber spies were able to compromise the systems of at least two defence and aerospace firms in Central Europe last year by approaching employees with pseudo job offers from the U.S. firms.

The attackers then used LinkedIn’s private messaging feature to send documents containing malicious code which the employees were tricked into opening.

The researcher declined to name the victims, citing client confidentiality, and said it was unclear if any information was stolen. General Dynamics and Collins Aerospace, which is owned by Raytheon Technologies RTX.N, declined immediate comment.

The researchers were unable to determine the identity of the hackers but said the attacks had some links to a North Korean group known as Lazarus, which has been accused by U.S. prosecutors of orchestrating a string of high-profile cyber heists on victims including Sony Pictures and the Central Bank of Bangladesh.

Read more here: https://uk.reuters.com/article/us-cyber-linkedin-hacks/cyber-spies-use-linkedin-to-hack-european-defence-firms-idUKKBN23O2L7

Australian PM says nation under serious state-run 'cyber attack' – Microsoft, Citrix, Telerik UI bugs 'exploited'

Australian Prime Minister Scott Morrison has called a snap press conference to reveal that the nation is under cyber-attack by a state-based actor, but the nation’s infosec advice agency says that while the attacker has gained access to some systems it has not conducted “any disruptive or destructive activities within victim environments.”

Morrison said the attack has targeted government, key infrastructure and the private sector, and was sufficiently serious that he took the courteous-in-a-crisis, but not-compulsory step, of informing the leader of the opposition about the incident. He also said that the primary purpose of the snap press conference was to inform and educate Australians about the incident.

But Morrison declined to state whether Australian defence agencies have identified the source of the attack and said evidence gathered to date does not meet the government’s threshold of certainty to name the attacker.

Read more here: https://www.theregister.com/2020/06/19/australia_state_cyberattack/

Google removes 106 Chrome extensions for collecting sensitive user data

Google has removed 106 malicious Chrome extensions that have been caught collecting sensitive user data.

The 106 extensions are part of a batch of 111 Chrome extensions that have been identified as malicious in a report published this week.

These extensions posed as tools to improve web searches, convert files between different formats, as security scanners, and more.

But in reality the extensions contained code to bypass Google's Chrome Web Store security scans, take screenshots, read the clipboard, harvest authentication cookies, or grab user keystrokes (such as passwords).

Read more here: https://www.zdnet.com/article/google-removes-106-chrome-extensions-for-collecting-sensitive-user-data/

AWS stops largest DDoS attack ever

Amazon has revealed that its AWS Shield service was able to mitigate the largest DDoS attack ever recorded at 2.3 Tbps back in February of this year.

The company's new AWS Shield Threat Landscape report provided details on this attack and others mitigated by its AWS Shield protection service.

While the report did not identify the AWS customer targeted in the DDoS attack, it did say that the attack itself was carried out using hijacked CLDAP (Connection-less Lightweight Directory Access Protocol) web servers and lasted for three days.

https://www.techradar.com/news/aws-stops-largest-ddos-attack-ever

Ripple20 Vulnerabilities Affect Hundreds of Millions of IoT Devices

Zero-day vulnerabilities have been discovered that could impact millions of IoT devices found in data centres, power grids, and elsewhere.

The flaws, dubbed Ripple20, includes multiple remote code execution vulnerabilities and affects "hundreds of millions of devices (or more)."

Researchers named the vulnerabilities Ripple20 to reflect the widespread impact they have had as a natural consequence of the supply chain "ripple-effect" that has seen the widespread dissemination of the software library and its internal flaws.

"A single vulnerable component, though it may be relatively small in and of itself, can ripple outward to impact a wide range of industries, applications, companies, and people," wrote researchers.

Ripple20 reached critical IoT devices involving a diverse group of vendors from a wide range of industries. Affected vendors range from one-person boutique shops to Fortune 500 multinational corporations, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, and Baxter.

Read more: https://www.infosecurity-magazine.com/news/ripple20-vulnerabilities-discovered/

Unpatched vulnerability identified in 79 Netgear router models

A whopping 79 Netgear router models are vulnerable to a severe security flaw that can let hackers take over devices remotely.

The vulnerability has been discovered by two security researchers independently, namely Adam Nichols from cyber-security GRIMM and a security researcher going by the nickname of d4rkn3ss, working for Vietnamese internet service provider VNPT.

According to Nichols, the vulnerability impacts 758 different firmware versions that have been used on 79 Netgear routers across the years, with some firmware versions being first deployed on devices released as far back as 2007.

This lack of proper security protections opens the door for an attacker to craft malicious HTTP requests that can be used to take over the router.

More here: https://www.zdnet.com/article/unpatched-vulnerability-identified-in-79-netgear-router-models/

New Mac malware uses 'novel' tactic to bypass macOS Catalina security

Security researchers have discovered a new Mac malware in the wild that tricks users into bypassing modern macOS app security protections.

In macOS Catalina, Apple introduced new app notarization requirements. The features, baked in Gatekeeper, discourage users from opening unverified apps — requiring malware authors to get more creative with their tactics.

As an example, researchers have discovered a new Trojan horse malware actively spreading in the wild via poisoned Google search results that tricks users into bypassing those protections themselves.

The malware is delivered as a .dmg disk image masquerading as an Adobe Flash installer. But once it's mounted on a user's machine, it displays instructions guiding users through the malicious installation process.

Read more: https://appleinsider.com/articles/20/06/18/new-mac-malware-uses-novel-tactic-to-bypass-macos-catalina-security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

60 second video flash briefing

UK NCSC and US CISA issue joint Advisory: COVID-19 exploited by malicious cyber actors

A joint advisory was put out from the United Kingdom’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) relating to information on exploitation by cyber criminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic. It includes a non-exhaustive list of indicators of compromise (IOCs) for detection as well as mitigation advice.

Read more here: https://www.ncsc.gov.uk/news/covid-19-exploited-by-cyber-actors-advisory

Download the advisory notice here: https://www.ncsc.gov.uk/files/Final%20Joint%20Advisory%20COVID-19%20exploited%20by%20malicious%20cyber%20actors%20v3.pdf

Travelex paid $2.3M in Bitcoin to get its systems back from hackers

Travelex paid hackers $2.3 million worth of Bitcoin to regain access to its computer systems after a devastating ransomware attack on New Year’s Eve.

The London-based company said it decided to pay the 285 BTC based on the advice of experts, and had kept regulators and partners in the loop throughout the recovery process.

Although Travelex, which manages the world’s largest chain of money exchange shops and kiosks, did confirm the ransomware attack when it happened, it hadn’t yet disclosed a Bitcoin ransom had been paid to restore its systems.

Travelex previously blamed the attack on malware known as Sodinokibi, a ‘Ransomware-as-a-Service’ tool-kit that has recently begun publishing data stolen from companies that don’t pay up.

Travelex‘ operations were crippled for almost all of January, with its public-facing websites, app, and internal networks completely offline. It also reportedly interrupted cash deliveries to major banks in the UK, including Barclays and Lloyds.

At the time, BBC claimed that Travelex‘ attackers had demanded $6 million worth of Bitcoin to unlock its systems.

Read more: https://thenextweb.com/hardfork/2020/04/09/travelex-paid-2-3m-in-bitcoin-to-get-its-systems-back-from-hackers/

Zoom sets up CISO Council and hires ex-CSO of Facebook to clean up its privacy mess

The ongoing coronavirus pandemic has seen people relying on work collaboration apps like Teams and Slack to talk to others or conduct meetings. Zoom, in particular, has seen incredible growth over the past few weeks but it came at a cost. The company has been under a microscope after various researchers discovered a number of security flaws in the app. To Zoom’s credit, the company responded immediately and paused feature updates to focus on security issues.

The company announced that it’s taking help from CISOs to improve the security and patch the flaws in the app. Zoom will be taking help from CISOs from HSBC, NTT Data, Procore, and Ellie Mae, among others. Moreover, the company is also setting up an Advisory Board that will include security leaders from VMware, Netflix, Uber, Electronic Arts, and others. Lastly, the company has also asked Alex Stamos, ex-CSO of Facebook to join as an outside advisor. Alex is a well-known personality in the cybersecurity world who left Facebook after an alleged conflict of interest with other executives about how to address the Russian government’s use of its platform to spread disinformation during the 2016 U.S. presidential election.

Read more here: https://mspoweruser.com/zoom-ciso-hires-ex-facebook-cso-clean-its-mess/

Researchers discover IoT botnet capable of launching various DDoS attacks

Cyber security researchers have found a new botnet comprised of more than a thousand IoT devices, capable of launching distributed denial of service (DDoS) attacks.

According to a report, researchers have named the botnet Dark Nexus, and believe it was created by well-known malware developer greek.Helios - a group that has been selling DDoS services and botnet code for at least the past three years.

Analysing the botnet through a honeypot, the researchers found it is comprised of 1,372 bots, but believe it could grow extremely quickly.

Dark Nexus is based on Mirai and Qbot, but has seen some 40 iterations since December 2020, with improvements and new features added almost daily.

Read the original article here: https://www.itproportal.com/news/researchers-discover-iot-botnet-capable-of-launching-various-ddos-attacks/

Microsoft: Cyber-Criminals Are Targeting Businesses Through Vulnerable Employees

Microsoft has warned that cyber-criminals are preying on people’s vulnerable psychological states during the COVID-19 pandemic to attack businesses. During a virtual press briefing, the multinational technology company provided data showing how home working and employee stress during this period has precipitated a huge amount of COVID-19-related attacks, particularly phishing scams.

Working from home at this time is very distracting for a lot of people, particularly if they are looking after children. Additionally, many individuals are in a stressful state with the extra pressures and worries as a result of COVID-19. This environment is providing new opportunities for cyber-criminals to operate.

“We’re seeing a significant increase in COVID-related phishing lures for our customers,” confirmed Microsoft. “We’re blocking roughly 24,000 bad emails a day with COVID-19 lures and we’ve also been able to see and block through our smart screen 18,000 malicious COVID-themed URLs and IP addresses on a single day, so the volume of attacks is quite high.”

Read the original article here: https://www.infosecurity-magazine.com/news/cybercriminals-targeting/

Stolen Zoom account credentials are freely available on the dark web

Loved, hated, trusted and feared in just about equal measure, Zoom has been all but unavoidable in recent weeks. Following on from a combination of privacy and security scandals, credentials for numerous Zoom account have been found on the dark web.

The credentials were hardly hidden -- aside from being on the dark web. Details were shared on a popular forum, including the email address, password, meeting ID, host key and host name associated with compromised accounts.

Read more: https://betanews.com/2020/04/08/zoom-account-credentials-dark-web/

Shadow IT Represents Major #COVID19 Home Working Threat

Rising threat levels and remote working challenges stemming from the COVID-19 pandemic are putting increased pressure on IT security professionals, according to new data.

A poll of over 400 respondents from global organisations with over 500 employees was conducted to better understand the current challenges facing security teams.

It revealed that 71% of security professionals had reported an increase in security threats or attacks since the start of the virus outbreak. Phishing (55%), malicious websites (32%), malware (28%) and ransomware (19%) were cited as the top threats.

These have been exacerbated by home working challenges, with 95% of respondents claiming to be under new pressures.

Top among these was providing secure remote access for employees (56%) and scalable remote access solutions (55%). However, nearly half (47%) of respondents complained that home workers using shadow IT solutions represented a major problem.

These challenges are only going to grow, according to the research.

Read more here: https://www.infosecurity-magazine.com/news/shadow-it-covid19-home-working/

'Unkillable' Android malware gives hackers full remote access to your phone

Security experts are warning Android users about a particularly nasty strain of malware that's almost impossible to remove.

A researcher has written a blog post explaining how the xHelper malware uses a system of nested programs, not unlike a Russian matryoshka doll, that makes it incredibly stubborn.

The xHelper malware was first discovered last year, but the researcher has only now established exactly how it gets its claws so deeply into your device, and reappears even after a system restore.

Although the Google Play Store isn't foolproof, unofficial third party app stores are much more likely to harbour malicious apps. App-screening service Google Play Protect blocked more than 1.9 million malware-laced app installs last year, including many side-loaded or installed from unofficial sources, but it's not foolproof.

xHelper is often distributed through third-party stores disguised as a popular cleanup or maintenance app to boost your phone's performance, and once there, is amazingly stubborn.

More here: https://www.techradar.com/uk/news/beware-the-unkillable-android-malware-lurking-on-third-party-app-stores

Decade of the RATs (Remote Access Trojan): Novel APT Attacks Targeting Linux, Windows and Android

BlackBerry researchers have released a new report that examines how five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and Android mobile devices while remaining undetected for nearly a decade.

The report comes on the heels of the U.S. Department of Justice announcing several high-profile indictments from over 1,000 open FBI investigations into economic espionage as part of the DOJ’s China Initiative.

The BlackBerry report, titled Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android, examines how APTs have leveraged the “always on, always available” nature of Linux servers to establish a “beachhead” for operations. Given the profile of the five APT groups involved and the duration of the attacks, it is likely the number of impacted organisations is significant.

The cross-platform aspect of the attacks is also of particular concern in light of security challenges posed by the sudden increase in remote workers. The tools identified in these ongoing attack campaigns are already in place to take advantage of work-from-home mandates, and the diminished number of personnel onsite to maintain security of these critical systems compounds the risks. While the majority of the workforce has left the office as part of containment efforts in response to the Covid-19 outbreak, intellectual property remains in enterprise data centres, most of which run on Linux.

Most large organizations rely on Linux to run websites, proxy network traffic and store valuable data. While Linux may not have the visibility that other front-office operating systems have, it is arguably the most critical where the security of critical networks is concerned. Linux runs nearly all of the top 1 million websites, 75% of all web servers, 98% of the world’s supercomputers and 75% of major cloud service providers (Netcraft, 2019, Linux Foundation, 2020).

More here: https://blogs.blackberry.com/en/2020/04/decade-of-the-rats

Bot traffic fueling rise of fake news and cybercrime

The coronavirus pandemic has disrupted daily life around the world and the WHO recently warned that an overabundance of information about the virus makes it difficult for people to differentiate between legitimate news and misleading information.

At the same time, EU security services have warned that Russia is aggressively exploiting the coronavirus pandemic to push disinformation and weaken Western society through its bot army.

A cyber security firm has been using its bot manager to monitor internet traffic in an attempt to track the “infodemic” that both the WHO and EU security services have issued warnings on.

According to the data, bots have upped their game and organisations in the social media, ecommerce and digital publishing industries have experienced a surge in bad bot traffic following the coronavirus outbreak.

The bots have been found to be executing various insidious activities including spreading disinformation, spam commenting and more. In February, 58.1 percent of bots had the capability to mimic human behaviour. This means that they can disguise their identities, create fake accounts on social media sites and post their masters' propaganda while appearing as a genuine user.

Read more here: https://www.techradar.com/news/bot-traffic-fueling-rise-of-fake-news-and-cybercrime

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

GFSC warns over increased risk of fraud and cyber crime

The GFSC has put out a warning to regulated firms on the Island around increased likelihood of fraud and other cyber crimes as a result of the COVID-19 pandemic.

The Commission has stated that they expect licensees to apply effective controls, including having suitable controls to prevent cybercrime.

Cyber-Attacks Up 37% Over Past Month as #COVID19 Bites

Online threats have risen by as much as six-times their usual levels over the past four weeks as the COVID-19 pandemic provides new ballast for cyber-attacks.

Analysis of UK traffic figures for the past four weeks compared to the previous month noted a sharp uptick in malicious activity.

Hacking and phishing attempts were up 37% month-on-month, while on some days, there were between four- and six-times the number of attacks it would usually see.

More here: https://www.infosecurity-magazine.com/news/cyberattacks-up-37-over-past-month/

Cybercrime spikes during coronavirus pandemic, says Europol

Just like everyone else in the face of a pandemic, criminals seem to be staying home — but they're just turning to different methods to make a buck.

That's the message from a new Europol report out this week, which reveals that criminals are adapting to exploit the global chaos.

While many police departments are reporting a lull in physical crime, other types of crime are having a heyday — and those numbers are only expected to increase.

Europol identified cybercrime, fraud, counterfeit goods and organised property crime as categories of particular concern.

Read more here: https://www.euronews.com/2020/03/27/cybercrime-spikes-during-coronavirus-pandemic-says-europol

Cybercriminal group mails malicious USB dongles to targeted companies

Security researchers have come across an attack where an USB dongle was mailed to a company under the guise of a Best Buy gift card. This technique has been used by security professionals during physical penetration testing engagements in the past, but it has very rarely been observed in the wild. This time it's a known sophisticated cybercriminal group who is likely behind it.

The attack was analysed after a US company in the hospitality sector received the USB sometime in mid-February.

The package contained an official-looking letter with Best Buy's logo and other branding elements informing the recipient that they've received a $50 gift card for being a regular customer. "You can spend it on any product from the list of items presented on an USB stick," the letter read. Fortunately, the USB dongle was never inserted into any computers and was passed along for analysis, because the person who received it had security training.

More here: https://www.csoonline.com/article/3534693/cybercriminal-group-mails-malicious-usb-dongles-to-targeted-companies.html

Top Email Protections Fail in Latest COVID-19 Phishing Campaign

Threat actors continue to capitalize on fears surrounding the spread of the COVID-19 virus through a surge in new phishing campaigns that use spoofing tactics to effectively evade Proofpoint and Microsoft Office 365 advanced threat protections (ATPs), researchers have found.

New phishing attacks were discovered that use socially engineered emails promising access to important information about cases of COVID-19 in the receiver’s local area.

The emails evade basic security checks and user common sense in a number of ways, to circumvent detection and steal the user’s Microsoft log-in credentials, he said. They also don’t include specific names or greetings in the body of the messages, suggesting they are being sent out to a broad target audience, according to the report.

More: https://threatpost.com/top-email-protections-fail-covid-19-phishing/154329/

Zoom Phishers Register 2000 Domains in a Month

Over 2000 new phishing domains have been set up over the past month to capitalise on the surging demand for Zoom from home workers, according to new data.

The report analysed data from a threat hunting system since the start of the year, and found 3300 new domains had been registered with the word “Zoom” in them.

The vast majority of these (67%) were created in March, as the COVID-19 pandemic forced lockdowns in multiple European countries and across parts of the US.

With surging levels of interest in Zoom and other video conferencing apps, comes renewed scrutiny from cyber-criminals.

Nearly a third (30%) of the new “Zoom” websites spotted activated an email server which indicates these domains are being used to facilitate phishing attacks.

More here: https://www.infosecurity-magazine.com/news/zoom-phishers-register-2000/

Across-the-board increase in DDoS attacks of all sizes

There has been a 168% increase in DDoS attacks in Q4 2019, compared with Q4 2018, and a 180% increase overall in 2019 vs. 2018, according to a report.

DDoS attacks grew across all size categories increase in 2019, with attacks sized 5 Gbps and below seeing the largest growth. These small-scale attacks made up more than three quarters of all attacks the company mitigated on behalf of its customers in 2019.

In 2019, the largest mitigated threat, at 587 gigabits per second (Gbps), was 31% larger than the largest attack of 2018, while the maximum attack intensity observed in 2019, 343 million packets per second (Mpps), was 252% higher than that of the most intense attack seen in 2018.

However, despite these higher peaks, the average attack size (12 Gbps) and intensity (3 Mpps) remained consistent year over year. The longest single, uninterrupted attack experienced in 2019 lasted three days, 13 hours and eight minutes.

Though the number of attacks increased significantly across all size categories, small-scale attacks (5 Gbps and below) again saw the largest growth in 2019, continuing the trend from the previous year.

More here: https://www.helpnetsecurity.com/2020/03/27/ddos-attacks-increase-2020/

Cybersecurity insurance firm Chubb investigates its own ransomware attack

A notorious ransomware gang claims to have successfully compromised the infrastructure of a company selling cyber insurance.

The Maze ransomware group says it has encrypted data belonging to Chubb, which claims to be one of the world’s largest insurance companies, and is threatening to publicly release data unless a ransom is paid.

The announcement by the cybercrime gang was published on Maze’s website, where it lists what it euphemistically describes as its “new clients”.

Maze’s normal modus operandi is to compromise an organisation, steal its data, infect the network with its ransomware, and post a pre-announcement on its website as a warning to the corporate victim that if they do not pay a ransom their stolen data will be published on the internet.

Read the full article here: https://hotforsecurity.bitdefender.com/blog/cybersecurity-insurance-firm-chubb-investigates-its-own-ransomware-attack-22753.html

Ransomware Payments on the Rise

More ransomware victims than ever before are complying with the demands of their cyber-attackers by handing over cash to retrieve encrypted files.

New research published this week shows that both the number of ransomware attacks and the percentage of attacks that result in payment have increased every year since 2017.

The report states 62% of organisations were victimised by ransomware in 2019, up from 56% in 2018 and 55% in 2017.

In 2017, just 39% of organizations hit by ransomware paid to retrieve their encrypted data. That figure rose to 45% in 2018, then shot up to 58% in 2019.

Read the full article here: https://www.infosecurity-magazine.com/news/rise-in-ransomware-payments/

Marriott hit by second data breach exposing “up to” 5.2 million people

Hotel chain Marriott International this week announced that it has been hit by a second data breach exposing the personal details of “up to approximately 5.2 million guests”.

The breach, which began in mid-January 2020 and was discovered at the end of February 2020, saw contact details, including names, addresses, birth dates, gender, email addresses and telephone numbers exposed. Employer name, gender, room stay preferences and loyalty account numbers were also exposed.

The hotel company has stressed that not all data was exposed for each person.

Marriott has also said that at present it does not believe passports, payment details or passwords were exposed in the data breach.

The data is believed to have been accessed by an unknown third party using the login credentials of two employees at a group hotel operated as a franchise. Marriott has said that it has notified relevant authorities, and has begun notifying those whose data was exposed in the breach. It has also set up a dedicated website to help those impacted by the breach.

More here: https://www.verdict.co.uk/marriott-second-data-breach/

Lawyers urged to switch off Alexa when working from home

Law firms are warning their employees to turn off their smart speakers while working from home due to security concerns.

Smart speakers such as Amazon’s Echo series and Google’s Nest range have become wildly popular in Britain with an estimated 34pc of households now using them.

But privacy and security experts have repeatedly said the devices may pose a security threat and now law firms have advised staff not to disclose sensitive details when they are in use nearby.

A spokesman from one firm of solicitors said that that hackers could access sensitive details through the speakers, telling their staff to check the default settings on the speaker and to the extent that you can, switch them off during the working day.

More here: https://www.telegraph.co.uk/technology/2020/03/30/lawyers-urged-switch-alexa-working-home/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

More coronavirus phishing campaigns detected

Caution required when accessing coronavirus-related emails.

Cybercriminals often use major global events to spread malware and steal data, and the recent coronavirus outbreak is no different.

Security experts have identified two phishing campaigns that take advantage of coronavirus concerns to infect devices with the Agent Tesla keylogger.

According to the report, cybercriminals are distributing emails that appear to originate from The Centre for Disease Control (CDC) or the World Health Organisation (WHO). The emails claim the virus is now airborne and that new cases have been confirmed in the victim’s vicinity.

Attached to the messages is a file named "SAFETY PRECAUTIONS", which looks like an Excel document, but is in fact an executable file (.exe) capable of sowing the trojan.

More here: https://www.itproportal.com/news/more-coronavirus-phishing-campaigns-detected/

How coronavirus COVID-19 is accelerating the future of work

The coronavirus is forcing enterprises to rethink the way they do business and dust off policies for security, business continuity, and remote workers. Chances are that some of these efforts will stick

The coronavirus outbreak may speed up the evolution of work and ultimately retool multiple industries as everything from conferences to collaboration to sales and commercial real estate are rethought.

Read the original article here: https://www.zdnet.com/article/how-coronavirus-may-accelerate-the-future-of-work/

Millions of UK businesses experience data breaches due to employee error

Employees often click on fraudulent links and can't spot a phishing email.

Employee error is the cause of 60 percent of all data breaches among UK businesses according to a new report from insurance broker Gallagher.

Polling 1,000 UK business leaders, Gallagher found the most common cause (39 percent) of employee-related breaches was malware downloaded accidentally via fraudulent links.

Phishing is also a major risk factor, responsible for 35 percent of infections. While employees pushing sensitive data outside company systems accounted for a further 28 percent.

The report also claims that almost a third of affected businesses (30 percent) have had their operations knocked out for four to five days as a result of employee error.

Respondents also reported reputational damage (14 percent) and financial consequences (12 percent), which included fines issued by data privacy regulators.

Most executives (71 percent) are aware of the problem and almost two thirds (64 percent) said they regularly remind employees about the risk of cyber crime.

Virtually all businesses are at risk of a cyber attack and as this research shows, it is often an employee mistake which causes the problem.

More: https://www.itproportal.com/news/millions-of-uk-businesses-experience-data-breaches-due-to-employee-error/

AMD processors going back to 2011 suffer from worrying security holes

Pair of freshly revealed attacks have not yet been patched

AMD’s processors from as early as 2011 through to 2019 are carrying vulnerabilities that are as yet unpatched, according to some freshly published research.

Known as ‘Take A Way’ (every security problem needs a snappy name, of course), security researchers said that they reverse-engineered the L1D cache way predictor in AMD silicon in order to discover two new potential attack vectors.

Given all the attention which has been focused on the flaws in Intel’s CPUs in recent times – vulnerabilities which haven’t affected AMD chips in a number of cases – this might just serve as a reminder that no one’s silicon is bulletproof.

More here: https://www.techradar.com/news/amd-processors-going-back-to-2011-suffer-from-worrying-security-holes

F-Secure reports a steep rise in hacking attempts

The latest Attack landscape H2 2019 report from F-Secure has found that there has been a jump in the volume of cyber attacks targeting internet users

In the report, F-Secure said that in the first half of 2019, the company’s global network of honeypots experienced a jump in cyber attack traffic.

The volume of such attacks rose from 246 million in H1 2017 to 2.9 billion in H1 2019. In the second half of the year, according to F-Secure, the pace of attack traffic continued but at a slightly reduced rate. F-Secure said there were 2.8 billion hits to its honeypot servers in H2 2019. Distributed Denial of Service (DDos) attacks drove this deluge, accounting for two-thirds of the traffic.

Its research found that the US is the country whose IP space played host to the greatest number of attacks, followed by China and Russia.

https://www.computerweekly.com/news/252479470/F-secure-reports-a-steep-rise-in-hacking-attempts

This ransomware campaign has just returned with a new trick

Paradise ransomware is back again - and the criminals behind it appear to be testing out new tactics ahead of what could be a more prolific campaign.

A ransomware campaign has returned with a new trick to fool the unwary into compromising their network with file-encrypting malware. And it's an attack that many Windows machines won't even recognise as potentially malicious.

The new variant of Paradise ransomware, which has been active in one form or another since 2017, spreads via phishing emails, but it's different from other ransomware campaigns because it uses an uncommon – but effective – file type to infiltrate the network.

This campaign leverages Internet Query files (IQY), which are text files read by Microsoft Excel to download data from the internet. IQY is a legitimate file type, so many organisations won't block it.

More here: https://www.zdnet.com/article/this-ransomware-campaign-has-just-returned-with-a-new-trick/

Ransomware Threatens to Reveal Company's 'Dirty' Secrets

Sticking with ransomware, the operators of the Sodinokibi Ransomware are threatening to publicly share a company's "dirty" financial secrets because they refused to pay the demanded ransom.

As organizations decide to restore their data manually or via backups instead of paying ransoms, ransomware operators are escalating their attacks.

In a new post by the Sodinokibi operators to their data leak site, we can see that attackers are not only publishing victim's data but also sifting through it to find damaging information that can be used against the victim.

In the above post, the attackers are threatening to sell the Social Security Numbers and date of births for people in the data to other hackers on the dark web.

They also intimate that they found "dirty" financial secrets in the data and threaten to disclose it.

Read the full article here: https://www.bleepingcomputer.com/news/security/ransomware-threatens-to-reveal-companys-dirty-secrets/

Microsoft Releases Emergency Patch for Wormable Bug That Threatens Corporate LANs

Microsoft released an emergency out-of-band patch to fix a SMBv3 wormable bug on Thursday that leaked earlier this week. The patch for the vulnerability is now rolling out to Windows 10 and Windows Server 2019 systems worldwide, according to Microsoft.

On Wednesday Microsoft warned of a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol – the same protocol that was targeted by the infamous WannaCry ransomware in 2017.

The critical bug affects Windows 10 and Windows Server 2019, and was not included in Microsoft’s Patch Tuesday release this week.

Read more here: https://threatpost.com/wormable-unpatched-microsoft-bug/153632/

Nearly all IoT traffic is unencrypted

IoT devices are considered "low-hanging fruit" among cybercriminals.

Practically all of the traffic flowing from Internet of Things (IoT) devices is not encrypted, consequently putting both businesses and their customers at unnecessary risk of data theft and all others that follow.

This is according to a new report which analysed 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organisations, finding that 98 per cent of all IoT device traffic is unencrypted.

That basically means that if intercepted, the data could be easily read and used.

So the question arises – how easy is it to eavesdrop on the data exchange between IoT devices and their respective servers? The report claims 57 per cent of IoT devices are vulnerable to either medium or high-severity attacks. IoT is perceived as “low-hanging fruit” for cybercriminals.

Read more here: https://www.itproportal.com/news/nearly-all-iot-traffic-is-unencrypted/

Microsoft takes down global zombie bot network

Microsoft has said it was part of a team that dismantled an international network of zombie bots.

The network call Necurs infected over nine million computers and one of the world's largest botnets.

Necurs was responsible for multiple criminal scams including stealing personal information and sending fake pharmaceutical emails.

Cyber-criminals use botnets to remotely take over internet-connected devices and install malicious software.

The software can be used to send spam, collect information about what activity the computer is used for or delete information without notifying the owner.

Tom Burt, Microsoft's vice-president for customer security and trust, said in a blog post that the takedown of Necurs was the result of eight years of planning and co-ordination with partners in 35 countries.

More here: https://www.bbc.co.uk/news/technology-51828781

Watch out for Office 365 and G Suite scams, FBI warns businesses

The menace of Business Email Compromise (BEC) is often overshadowed by ransomware but it’s something small and medium-sized businesses shouldn’t lose sight of.

Bang on cue, the FBI Internet Crime Complaint Center (IC3) has alerted US businesses to ongoing attacks targeting organisations using Microsoft Office 365 and Google G Suite.

Warnings about BEC are ten-a-penny but this one refers specifically to those carried out against the two largest hosted email services, and the FBI believes that SMEs, with their limited IT resources, are most at risk of these types of scams:

Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses from BEC scams targeting Microsoft Office 365 and Google G Suite.

As organisations move to hosted email, criminals migrate to follow them.

As with all types of BEC, after breaking into the account, criminals look for evidence of financial transactions, later impersonating employees to redirect payments to themselves.

For good measure, they’ll often also launch phishing attacks on contacts to grab even more credentials, and so the crime feeds itself a steady supply of new victims.

The deeper question is why BEC scams continue to be such a problem when it’s well understood that they can be defended against using technologies such as multi-factor authentication (MFA).

More here: https://nakedsecurity.sophos.com/2020/03/10/watch-out-for-office-365-and-g-suite-scams-fbi-warns-businesses/

Microsoft Exchange Server Flaw Exploited by multiple nation state (APT) groups

A vulnerability in Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn.

Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. If left unpatched, the flaw allows authenticated attackers to execute code remotely with system privileges.

The vulnerability in question (CVE-2020-0688) exists in the control panel of Exchange, Microsoft’s mail server and calendaring server, and was fixed as part of Microsoft’s February Patch Tuesday updates. However, researchers in a Friday advisory said that unpatched servers are being exploited in the wild by unnamed advanced persistent threat (APT) actors.

More: https://threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/

Cyberattackers are delivering malware by using links from whitelisted sites

Legitimate-looking links from OneDrive, Google Drive, iCloud, and Dropbox slip by standard security measures.

Bad actors have added a new snare to their bag of social engineering tricks— malicious OneDrive, Google Drive, iCloud, and Dropbox links. A new whitepaper asking "Is SaaS the New Trojan Horse in the Age of the Cloud?" describes this latest attack vector.

Links to these legitimate sites can often slip by standard security measures that stop malware and block access to suspicious sites. Many of these services are whitelisted by security products because they are approved services, meaning that an enterprise has few or no defences against these advanced attacks. These services are the latest tactic designed to dupe users into divulging their credentials or unknowingly download and install malware.

More here: https://www.techrepublic.com/article/cyberattackers-are-delivering-malware-by-using-links-from-whitelisted-sites/

Tech Firms Offer Free Remote Working Tools, as Coronavirus Cases Surge

Move comes as companies scramble to polish remote working processes

Six technology companies are rolling out free or upgraded enterprise collaboration tools under a new “Open for Business” hub, in a bid to capture new users – and support enterprises scrambling to implement remote working protocols as coronavirus cases surge.

In the US, Amazon, Microsoft and Facebook have advised Seattle-area employees to work from home for the next few weeks. In the UK most companies are holding fire for now, but are most are rapidly updating policies and assessing tools.

Large organisations might be able to work through some of the emerging provisioning issues that come with a surge of remote workers — i.e. by increasing the number of licenses for their firewalls and VPNs — many small businesses don’t have the ability to quickly provision the resources they need to support their employees when working remotely.

More here: https://www.cbronline.com/news/free-remote-working-tools

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Nasty phishing scams aim to exploit coronavirus fears

Phoney emails about health advice and more are being used to steal login credentials and financial details.

Cyber criminals are aiming to take advantage of fears over coronavirus as a means of conducting phishing attacks and spreading malware, along with stealing login credentials and credit card details.

Cybersecurity companies have identified a number of campaigns by hackers who are attempting to exploit concerns about the COVID-19 outbreak for their own criminal ends. Crooks often use current affairs to make their scams more timely.

Researchers have identified a Trickbot banking trojan campaign specifically targeting Italian email addresses in an attempt to play on worries about the virus. The phishing email comes with a Word document which claims to contain advice on how to prevent infection – but this attachment is in fact a Visual Basic for Applications (VBA) script which drops a new variant of Trickbot onto the victim's machine.

The message text claims to offer advice from the World Health Organization (WHO) in a Word document which claims to be produced using an earlier version of Microsoft Word which means the user needs to enable macros in order to see the content. By doing this, it executes a chain of commands which installs Trickbot on the machine.

Read more here: https://www.zdnet.com/article/nasty-phishing-scams-aim-to-exploit-coronovirus-fears/

Backdoor malware is being spread through fake security certificate alerts

Victims of this new technique are invited to install a malicious "security certificate update" when they visit compromised websites.

Backdoor and Trojan malware variants are being distributed through a new phishing technique that attempts to lure victims into accepting an "update" to website security certificates.

Certificate Authorities (CAs) distribute SSL/TLS security certificates for improved security online by providing encryption for communication channels between a browser and server -- especially important for domains providing e-commerce services -- as well as identity validation, which is intended to instill trust in a domain.

Read the full article here: https://www.zdnet.com/article/backdoor-malware-is-being-spread-through-fake-security-certificate-alerts/

Boots Advantage and Tesco Clubcard both suffer data breaches in same week

Boots has blocked all Advantage card holders from ‘paying with points’ after 150,000 accounts were subjected to attempted hacks using stolen passwords.

The news comes just days after Tesco said it would issue replacement Clubcards to more than 620,000 customers after a similar security breach.

Read more here: https://www.which.co.uk/news/2020/03/boots-advantage-card-tesco-clubcard-both-suffer-data-breaches-in-same-week/

Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums

Through the use of an automated testing toolkit, a team of South Korean academics has discovered 30 vulnerabilities in the file upload mechanisms used by 23 open-source web applications, forums, store builders, and content management systems (CMSes).

When present in real-world web apps, these types of vulnerabilities allow hackers to exploit file upload forms and plant malicious files on a victim's servers.

These files could be used to execute code on a website, weaken existing security settings, or function as backdoors, allowing hackers full control over a server.

Read the full article here: https://www.zdnet.com/article/academics-find-30-file-upload-vulnerabilities-in-23-web-apps-cmses-and-forums/

UK Home Office breached GDPR 100 times through botched management of EU Settlement Scheme

ID cards sent to the wrong addresses, third party data disclosures, and lost passports are only some examples of mishandling.

The UK Home Office has breached European data protection regulations at least 100 times in its handling of the EU Settlement Scheme (EUSS).

IDs have been lost, documents misplaced, passports have gone missing, and applicant information has been disclosed to third parties without permission in some of the cases, according to a new report.

Read more here: https://www.zdnet.com/article/uk-home-office-breached-gdpr-100-times-through-botched-handling-of-eu-settlement-scheme/

Legal services giant Epiq Global offline after ransomware attack

The company, which provides legal counsel and administration that counts banks, credit giants, and governments as customers, confirmed the attack hit on February 29.

“As part of our comprehensive response plan, we immediately took our systems offline globally to contain the threat and began working with a third-party forensic firm to conduct an independent investigation,” a company statement read. “Our technical team is working closely with world class third-party experts to address this matter, and bring our systems back online in a secure manner, as quickly as possible.”

The company’s website, however, says it was “offline to perform maintenance.”

A source with knowledge of the incident but who was not authorized to speak to the media said the ransomware hit the organization’s entire fleet of computers across its 80 global offices.

Read more here: https://techcrunch.com/2020/03/02/epiq-global-ransomware/

Android Patch Finally Lands for Widespread “MediaTek-SU” Vulnerability

Android has quietly patched a critical security flaw affecting millions of devices containing chipsets from Taiwanese semiconductor MediaTek: a full year after the security vulnerability – which gives an attacker root privileges – was first reported.

More here: https://www.cbronline.com/news/android-patch-mediatek-su

5G and IoT security: Why cybersecurity experts are sounding an alarm

Without regulation and strong proactive measures, 5G networks remain vulnerable to cyberattacks, and the responsibility falls on businesses and governments.

Seemingly everywhere you turn these days there is some announcement about 5G and the benefits it will bring, like greater speeds, increased efficiencies, and support for up to one million device connections on a private 5G network. All of this leads to more innovations and a significant change in how we do business.

But 5G also creates new opportunities for hackers.

There are five ways in which 5G networks are more susceptible to cyberattacks than their predecessors, according to the 2019 Brookings report, Why 5G requires new approaches to cybersecurity. They are:

1. The network has moved from centralized, hardware-based switching to distributed, software-defined digital routing. Previous networks had "hardware choke points" where cyber hygiene could be implemented. Not so with 5G.

2. Higher-level network functions formerly performed by physical appliances are now being virtualized in software, increasing cyber vulnerability.

3. Even if software vulnerabilities within the network are locked down, the 5G network is now managed by software. That means an attacker that gains control of the software managing the network can also control the network.

4. The dramatic expansion of bandwidth in 5G creates additional avenues of attack.

5. Increased vulnerability by attaching tens of billions of hackable smart devices to an IoT network.

Read the full article here: https://www.techrepublic.com/article/5g-and-iot-security-why-cybersecurity-experts-are-sounding-an-alarm/

Virgin Media apologises after data breach affects 900,000 customers

Virgin Media has apologised after a data breach left the personal details of around 900,000 customers unsecured and accessible.

The company said that the breach occurred after one of its marketing databases was “incorrectly configured” which allowed unauthorised access.

It assured those affected by the breach that the database “did not include any passwords or financial details” but said it contained information such as names, home and email addresses, and phone numbers.

Virgin said that access to the database had been shut down immediately following the discovery but by that time the database was accessed “on at least one occasion”.

Read more here: https://www.itv.com/news/2020-03-05/virgin-media-apologises-after-data-breach-affects-900-000-customers/

Do these three things to protect your web security camera from hackers

NCSC issues advice on how to keep connected cameras, baby monitors and other live streaming security tools secure from cyberattacks.

Owners of smart cameras, baby monitors and other Internet of Things products have been urged to help keep their devices safe by following three simple steps to boost cybersecurity – and making it more difficult for hackers to compromise them.

The advice from the UK's National Cyber Security Centre (NCSC) – the cyber arm of the GCHQ intelligence agency – comes as IoT security cameras and other devices are gaining popularity in households and workplaces.

1. Change the default password

2. Apply updates regularly

3. Disable unnecessary alerts

For more refer to the original article here: https://www.zdnet.com/article/do-these-three-things-to-protect-your-web-security-camera-from-hackers/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Coronavirus Scams: Prepare for Phishing Emails, Fake Alerts and Cyberthreats

As new global stories emerge by the hour on the coronavirus, bad actors are (again) trying to confuse online updates with phishing scams and destructive malware. Here’s why action is required now.

Wherever you turn for news coverage online, coronavirus alarm bells are ringing louder.

But users should not trust all of those bells, as fake news, phishing scams and even malicious malware is actively being distributed under the coronavirus umbrella.  

Sadly, a perfect storm may be brewing. As government officials and health experts appeal louder for calm, the public is actually getting more worried and searching the Internet for answers.

Read the original article here: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/coronavirus-scams-prepare-for-a-deluge-of-phishing-emails-fake-alerts-and-cyberthreats.html

Metamorfo Returns with Keylogger Trick to Target Financial Firms

The malware uses a tactic to force victims to retype passwords into their systems – which it tracks via a keylogger.

Researchers have discovered a recent spate of phishing emails spreading a new variant of Metamorfo, a financial malware known for targeting Brazilian companies. Now, however, it’s expanding its geographic range and adding a new technique.

Metamorfo was first discovered in April 2018, in various campaigns that share key commonalities (like the use of “spray and pray” spam tactics). These campaigns however have small, “morphing” differences — which is the meaning behind its name.

This newest variant, which targets payment-card data and credentials at financial institutions with Windows platforms, packs a new trick up its sleeve. Once executed, the malware kills the auto-suggest data entry fields in browsers, forcing victims to write out their passwords – which it then tracks via a keylogger.

Read more here: https://threatpost.com/metamorfo-variant-keylogger-financial/152640/

What's in your network? Shadow IT and shadow IoT challenge technology sensibilities

A couple of years ago, a survey found most CIOs thought they had roughly 30 to 40 apps running within their enterprises, but researchers at Symantec estimated that the average enterprise actually had at least 1,516 applications -- a number that has doubled over a three-year period.

It's not that CIOs are naive. It's just that shadow IT is a difficult thing to measure, since employees pull down apps outside the official channels, and off budget sheets. To some degree, it's even purposely overlooked, condoned, or even encouraged, as employees need the right tools to do their jobs, and IT can't always be there.

Now, it appears CIOs are battling shadow IT on two fronts. There's the user-initiated apps and clouds, and there's something more insidious -- "shadow IoT."

More here: https://www.zdnet.com/article/shadow-it-and-now-shadow-iot-challenge-technology-leaders/

Remote workers prime targets for cyber attacks

According to a study into the future of work, more than half of CIOs expect a rise in employees working remotely, while 97% say that soon their workforce will be widely dispersed across geographies and time zones. Businesses are being forced to adapt to the rising demand for a dynamic working environment, which can manifest as anything from workers bringing their own devices to work to employees using corporate machines at home as part of a flexible work schedule. However, this increases the security burden through the need for better identity management.

Read the full article here: https://www.techradar.com/news/remote-workers-prime-targets-for-cyber-attacks

Critical Cisco vulnerabilities put millions of network devices at risk

Five different critical vulnerabilities, collectively known as CPDwn, have been discovered in Cisco’s Discovery Protocol, potentially putting tens of millions of enterprise network devices such as desk phones, cameras, and network switches, at risk.

Cisco Discovery Protocol (CDP) is a level 2 protocol that is used to discover information about Cisco equipment that are directly connected nearby.

According to researchers, this flaw could allow hackers to control the products deep within the network without any human intervention. This could be done remotely by just sending a malicious CDP packet to the target device.

Read more: https://www.techradar.com/news/critical-cisco-vulnerabilities-put-millions-of-network-devices-at-risk

This latest phishing scam is spreading fake invoices loaded with malware - campaigns are launched against financial institutions in the US and UK.

A notorious malware campaign is targeting banks and financial institutions in the US and the UK with cyberattacks that are not only destructive in their own right, but could also be used as the basis for future intrusions by other hackers.

Emotet started life as a banking trojan, but has also evolved into a botnet, with its criminal operators leasing out its capabilities to those who want to distribute their own malware to compromise machines.

Such is the power of Emotet that at one point last year it accounted for almost two-thirds of malicious payloads delivered in phishing attacks.

Emotet activity appeared to decline during December, but it sprung back to life in January – and it currently shows no signs of slowing down as researchers have detailed yet another campaign.

Read more here: https://www.zdnet.com/article/this-latest-phishing-scam-is-spreading-fake-invoices-loaded-with-malware/

90% of UK Data Breaches Due to Human Error in 2019

Human error caused 90% of cyber data breaches in 2019, according to a CybSafe analysis of data from the UK Information Commissioner’s Office (ICO).

According to the cybersecurity awareness and data analysis firm, nine out of 10 of the 2376 cyber-breaches reported to the ICO last year were caused by mistakes made by end-users. This marked an increase from the previous two years, when respectively, 61% and 87% of cyber-breaches were ascribed to user error.

CybSafe cited phishing as the primary cause of breaches in 2019, accounting for 45% of all reports to the ICO. ‘Unauthorized access’ was the next most common cause of cyber-breaches in 2019, with reports relating to malware or ransomware, hardware/software misconfiguration and brute force password attacks also noted.

Read the full article here: https://www.infosecurity-magazine.com/news/90-data-breaches-human-error/

Police Warning: Cyber Criminals Are Using Cleaners to Hack Your Business

Criminal gangs are planting “sleepers” in cleaning companies so that they can physically access IT infrastructure, a senior police officer with responsibility for cyber crime has warned, urging businesses to bolster their physical security processes in the face of the growing threat.

Shelton Newsham, who manages the Yorkshire and Humber Regional Cyber Crime Team, told an audience at the SINET security event that he was seeing a “much larger increase in physical breaches” as cyber crime groups diversify how they attack and move laterally inside institutions.

Read more here: https://www.cbronline.com/cybersecurity/threats/cyber-criminals-cleaners/

The Mirai IoT botnet holds strong in 2020

The Mirai botnet has been a constant IoT security threat since it emerged in fall 2016. The subsequent release of its source code only extended Mirai's reach and is one of the many reasons it has been labelled the "king of IoT malware."

Mirai continues to be successful for a well-known reason: Its targets are IoT devices with hardcoded credentials found in a simple web search. Such devices listen for inbound telnet access on certain ports and have backdoors through which Mirai can enter. Once a device is subsumed in the botnet it immediately scans for other victims.

Read the original article here: https://searchsecurity.techtarget.com/feature/The-Mirai-IoT-botnet-holds-strong-in-2020

Governments Are Soft Targets for Cyber-criminals

New research has found that governments are more vulnerable to cyber-attacks than other organisations.

A report on the security of municipal governments and agencies identified three key factors that made governments particularly soft targets. Researchers found that governments had larger attack surfaces, lower usage rates of even the most basic email authentication schemes, and much higher rates of internal hosting than other organisations.

Government attack surfaces, consisting of open ports and applications, were found to be on average 33% larger than those risked by other organisations.

Read more here: https://www.infosecurity-magazine.com/news/governments-are-soft-targets-for/

BYO Hardware Driver: New Ransomware Attacks Kernel Memory and brings its own vulnerability

A ransomware strain dubbed “RobbinHood” is using a vulnerability in a “legitimate” and signed hardware driver to delete security products from targeted computers before encrypting users files, according to security researchers.

The ransomware exploits a known vulnerability in the driver from Taiwan’s GIGABYTE to subvert a setting in kernel memory in Windows 10, 8 and 7, meaning it “brings its own vulnerability” and can attack otherwise patched systems.

Read more here: https://www.cbronline.com/cybersecurity/threats/robbinhood-ransomware-gigabyte-driver/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Phishing: You're not as good at spotting scams as you think you are

Most people say they know about phishing and what it involves yet just 5% were able to correctly identify all types of scams according to a survey of nearly 1,000 people from Security.org.

Nearly everyone (96%) knew about phishing and 88% said they could accurately define it. Yet nearly half (47%) didn't know that phishing can happen through software, 43% thought that advertisements are safe; and nearly one-third (30%) didn't know that social media platforms can be sources of phishing.

Phishing has grown in terms of the number of people affected, expanding by 59% over a four-year period. The FBI counted more than 26,300 victims in 2018. It is in the FBI's top four cybercrimes, which includes extortion, non-delivery and identity theft.

More here: https://www.zdnet.com/article/phishing-is-becoming-more-sophisticated-only-5-can-spot-all-scams/

68% of organizations were victims of endpoint attacks in 2019, 80% as a result of zero-days

Organisations are not making progress in reducing their endpoint security risk, especially against new and unknown threats, a Ponemon Institute study reveals.

68% IT security professionals say their company experienced one or more endpoint attacks that compromised data assets or IT infrastructure in 2019, an increase from 54% of respondents in 2017.

Of those incidents that were successful, researchers say that 80% were new or unknown, they define them as “zero-day attacks.” These attacks either involved the exploitation of undisclosed vulnerabilities or the use of new malware variants that signature-based, detection solutions do not recognise.

Read the full article here: https://www.helpnetsecurity.com/2020/01/31/endpoint-security-risk/

Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

Cisco Systems has fixed a high-severity vulnerability in its popular Webex video conferencing platform, which could let strangers barge in on password-protected meetings – no authentication necessary.

A remote attacker would not need to be authenticated to exploit the flaw, according to Cisco. All an attacker would need is the meeting ID and a Webex mobile application for either iOS or Android.

Read the full article here: https://threatpost.com/cisco-webex-flaw-lets-unauthenticated-users-join-private-online-meetings/152191/

Average cost to Recover from Ransomware Skyrockets to over £64,000

It’s getting more and more expensive for victims of ransomware attacks to recover. The average cost more than doubled in the final quarter of 2019.

According to a new report, a typical total now stands at £63,757. That’s a little over double the previous figure of £31,227.

It’s not just the result of cybercriminals demanding steeper ransoms, though that’s certainly one factor. Others include hardware replacement and repair costs, lost revenues, and, in some incidents, damage to the victim’s brand.

Generally speaking, these costs all increase sharply in relation to the sophistication and duration of the attack.

Read the full article here: https://www.forbes.com/sites/leemathews/2020/01/26/average-cost-to-recover-from-ransomware-skyrockets-to-over-84000/#3c54c7c713a2

CEOs are deleting their social media accounts to protect against hackers

Cyberattacks are the biggest risk to businesses, with the prospect of falling victim to hacking and other cybercrime the threats that the majority of CEOs are most worried about, according to a new report on the views from the boardroom.

A professional services firm surveyed over 1,600 CEOs from around the world and found that cyberattacks have become the most feared threat for large organisations – and that many have taken actions around their personal use of technology to help protect against hackers.

A total of 80% of those surveyed listed cyber threats as the biggest risk to their business, making it the thing that most CEOs are worried about, ranking ahead of skills (79%) and the speed of technological change (75%).

Read more here: https://www.zdnet.com/article/ceos-are-deleting-their-social-media-accounts-to-protect-against-hackers/

UN hacked via unpatched SharePoint server

The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report.

The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which is a UN-founded publication that became independent in 2015 to report on the global aid community. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the “entire domain” was probably compromised by an attacker who was lurking on the UN’s networks.

Read more here: https://nakedsecurity.sophos.com/2020/01/31/un-hacked-via-unpatched-sharepoint-server/

UK proposes tougher security for smart home devices

The UK government plans to introduce a new law designed to improve the security standards of household products connected to the Internet of Things (IoT). The legislation stipulates that all consumer smart devices sold in the UK -- such as smart cameras and TVs, wearable health trackers and connected appliances -- adhere to three specific requirements.

Firstly, all IoT device passwords must be unique and unable to be reset to universal factory settings. Secondly, manufacturers must clearly provide a point of contact so anyone can get in touch to report a vulnerability, and finally, manufacturers must make it crystal clear how long their devices will receive security updates for, at the point of sale.

The proposed rules -- which are relatively straightforward from a manufacturers' point of view -- come after a long consultation period, whereby officials explored the potential impact of the growing popularity of connected devices: government research indicates there will be some 75 billion internet connected devices in homes around the world by the end of 2025. It's hoped such legislation will help prevent attacks that have, in the past, had widespread consequences. In 2016, for example, a Mirai botnet hacked into connected home devices and took down large chunks of the internet.

More here: https://www.engadget.com/2020/01/28/uk-proposes-tougher-security-for-smart-home-devices/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Welcome to this week's Black Arrow Cyber Tip Tuesday. This week James is talking about dangers from Internet of Things (IoT) and Shadow IT devices that may have crept onto your corporate networks. Do you know all the devices on your network? Do they introduce security risks to your business?

In an increasingly connected world, the security umbrella with which you protect your organisation’s information assets is constantly expanding. At the fringes and often overlooked by businesses, are the Internet of Things (or IoT) and Shadow IT.

The Internet of Things consists of an ever-increasing number of physical devices with network connectivity features. Often people associate IoT with smart consumer devices. However, there are many IoT devices which also exist in a corporate environment and they’re are often overlooked when a company evaluates its information assets. As such they remain invisible to your Vulnerability Management strategy and can seriously compromise your security posture.

Conversely, Shadow IT refers to software and applications that aren’t sanctioned by your company but have instead been installed by users (often to fulfill a single task and then they’re forgotten). This isn’t always a bad thing, except when these applications have access to company information but lack the controls and governance surrounding sanctioned applications. In which case they pose a significant risk to the security of your data and your business.

Contact us to discuss how you can decrease risk by increasing visibility.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices.

The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.

According to experts, and a statement from the leaker himself, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.

Read more here: https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/

Equifax Breach Settlement Could Cost Firm Billions

Equifax could end up paying as much as $9.5bn following a data breach settlement branded one of the largest in history by its presiding judge.

The credit reporting giant suffered a major cyber-attack in 2017 after hackers exploited an unpatched Apache Struts vulnerability, compromising highly sensitive personal and financial information on around 148 million customers.

Over two-fifths (44%) of the population of the US are thought to have been affected.

This week, a court in Georgia finally approved a settlement in the long-running class action case that followed the breach, which will require Equifax to pay $380.5m, plus potentially an extra $125m, to satisfy claims of out-of-pocket losses.

Read more here: https://www.infosecurity-magazine.com/news/equifax-breach-settlement-could/

WordPress plugin vulnerability can be exploited for total website takeover

A WordPress plugin has been found to contain "easily exploitable" security issues that can be exploited to completely take over vulnerable websites.

The plugin at the heart of the matter, WP Database Reset, is used to reset databases -- either fully or based on specific tables -- without the need to go through the standard WordPress installation process.

According to the WordPress library, the plugin is active on over 80,000 websites.

The two severe vulnerabilities were found on January 7 and either of the vulnerabilities can be used to force a full website reset or takeover.

Tracked as CVE-2020-7048, the first critical security flaw has been issued a CVSS score of 9.1. As none of the database reset functions were secured through any checks or security nonces, any user was able to reset any database tables they wished without authentication.

More here: https://www.zdnet.com/article/wordpress-plugin-vulnerability-can-be-exploited-for-full-website-hijacking/

Oracle Issues Record Critical Patch Update cycle with 334 Patches

Oracle has hit an all-time record for number of security fixes issued in a critical patch update (CPU), providing sysadmins with over 330 in its first quarterly release of the decade.

The enterprise software giant issued 334 patches in total across more than 90 products this week. As such, January 2020 easily beats the previous largest CPU, consisting of 308 fixes in July 2017.

Oracle strongly urged firms to apply the patches as soon as possible, claiming that attacks have had success in compromising customers that failed to update their systems promptly.

Among the products affected by this quarter’s CPU are popular platforms including: Oracle Database Server, which featured 12 new patches including three remotely exploitable; Oracle Communications Applications (25 patches, 23 of which are remotely exploitable); Oracle E-Business Suite (23, 21); Oracle Enterprise Manager (50, 10); Fusion Middleware (38, 30); Java SE (12); JD Edwards (9); MySQL (19, 6); Siebel CRM (5); Oracle Virtualization (22, 3); and PeopleSoft (15, 12).

It’s a busy time of the year for IT administrators. Earlier this week, Microsoft released fixes for scores of vulnerabilities in the last regular Patch Tuesday for Windows 7 and Server 2008.

Read the original article here: https://www.infosecurity-magazine.com/news/oracle-issues-record-cpu-with-334/

Giant botnet has just sprung back to life pushing a big phishing campaign

One of the world's most prolific botnets has returned and is once again attempting to deliver malware to victims via phishing attacks.

Emotet started life as a banking trojan before evolving into a botnet, which its criminal operators leased out to other hackers as a means of delivering their own malware to previously compromised machines.

Such was the power of the botnet that at one point last year it accounted for almost two-thirds of of malicious payloads delivered in phishing attacks.

But after seemingly disappearing towards the end of 2019, Emotet has now returned with a giant email-spamming campaign, as detailed by researchers at cybersecurity company Proofpoint.

Read more here: https://www.zdnet.com/article/this-giant-botnet-has-just-sprung-back-into-life-pushing-a-big-phishing-campaign/

A quarter of users will fall for basic phishing attacks

Slightly more than a quarter of people will fall for a phishing scam that claims to be an urgent message prompting them to change a password, according to statistics gathered by a cyber security testing and training firm.

The security firm studied tens of thousands of email subject lines both from simulated phishing tests and those found in the wild, and found many of the most-clicked emails related either to security or urgent work-related matters.

It revealed its top 10 most effective simulated subject lines to be: Change of Password Required Immediately (26% opened); Microsoft/Office 365: De-activation of Email in Process (14% opened); Password Check Required Immediately (13% opened); HR: Employees Raises (8% opened); Dropbox: Document Shared With You (8% opened); IT: Scheduled Server Maintenance – No Internet Access (7% opened); Office 365: Change Your Password Immediately (6% opened); Avertissement des RH au sujet de l’usage des ordinateurs personnels (6% opened); Airbnb: New device login (6% opened); and Slack: Password Reset for Account (6% opened).

In the wild, subject lines often tended to relate to Microsoft, with emails about SharePoint and Office 365 particularly likely to be opened, as well as notifications about Google and Twitter accounts. People were also likely to fall for emails pretending to be related to problems with a shipping company, with FedEx the most widely impersonated, as well as the US Postal Service.

Read the full article here: https://www.computerweekly.com/news/252476845/A-quarter-of-users-will-fall-for-basic-phishing-attacks

Business Disruption Attacks Most Prevalent in Last 12 Months

Business disruption was the main objective of attackers in the last year, with ransomware, DDoS and malware commonly used.

According to the CrowdStrike Services Cyber Front Lines Report, which offers observations from its incident response and proactive services, a third (36%) of incidents often involved ransomware, destructive malware or denial of service attacks. Crowdstrike determined that these three factors to be focused on “business disruption,” and while an adversary’s main goal in a ransomware attack is financial gain, the impact of disruption to a business can often outweigh the loss incurred by paying the ransom.

Also observed in 25% of the investigated incidents was data theft, including the theft of intellectual property, personally identifiable information and personal health information. IP theft has been linked to numerous nation state adversaries that specialize in targeted intrusion attacks, while PII and PHI data theft can enable both espionage and criminally-motivated operations.

Read more here: https://www.infosecurity-magazine.com/news/business-disruption-attacks/

Quarter of PCs could now be more at risk from ransomware

Last week saw the day when Windows 7 reached end of life. That means that Microsoft will no longer issue regular patches or updates for the famed operating system. From now on, any flaw or vulnerability discovered will remain unpatched, and the machines running the old system will remain at risk.

Any businesses or individuals running legacy and unsupported operating systems will be at a greater risk of ransomware than before.

WannaCry, one of the most devastating ransomwares of all time, was successful mostly because of unpatched systems. Roughly 200,000 devices in 150 countries around the world will be vulnerable to similar malware, now that Windows 7 is no longer receiving security updates from Microsoft.

From this month, a quarter of all PCs are going to fall into this unsupported category so it is vital that any organisations that rely on Windows 7 are aware of the risks and what they need to mitigate them.

Read the original article here: https://www.itproportal.com/news/quarter-of-pcs-could-now-be-more-at-risk-from-ransomware/

5 tips to avoid spear-phishing attacks

Phishing, very briefly defined, is where a cybercriminal tricks you into revealing something electronically that you ought to have kept to yourself.

The good news is that most of us have learned to spot obvious phishing attacks these days.

The bad news is that you can’t reliably spot phishing attacks just by watching out for obvious mistakes, or by relying on the crooks saying “Dear Customer” rather than using your name.

You need to watch out for targeted phishing, often rather pointedly called spear-phishing, where the crooks make a genuine effort to tailor each phishing email, for example by customising it both to you and to your company.

Spear-phishing, where the fake emails really are believable, isn’t just an issue for high-profile victims such as the Burismas of the world.

Acquiring the specific data needed to come up with personalised phishing emails is easier than you might think, and much of the data gathering can be automated.

So here are Sophos’ 5 tips for dealing with phishing attacks, especially if you’re facing a crook who’s willing to put in the time and effort to win your trust instead of just hammering you with those “Dear Customer” emails:

1. Don’t be swayed just because a correspondent seems to know a lot about you

2. Don’t rush to send out data just because the other person tells you it’s urgent

3. Don’t rely on details provided by the sender when you check up on them

4. Don’t follow instructions on how to view an email that appear inside the email itself

5. Don’t be afraid to get a second opinion

Read the full article here: https://nakedsecurity.sophos.com/2020/01/17/5-tips-to-avoid-spear-phishing-attacks/

Organized cybercrime -- not your average mafia

Does the common stereotype for "organised crime" hold up for organisations of hackers? Research from a University in US is one of the first to identify common attributes of cybercrime networks, revealing how these groups function and work together to cause an estimated $445-600 billion of harm globally per year.

"It's not the 'Tony Soprano mob boss type' who's ordering cybercrime against financial institutions," said Thomas Holt, MSU professor of criminal justice and co-author of the study. "Certainly, there are different nation states and groups engaging in cybercrime, but the ones causing the most damage are loose groups of individuals who come together to do one thing, do it really well - and even for a period of time - then disappear."

In cases like New York City's "Five Families," organised crime networks have historic validity, and are documented and traceable. In the online space, however, it's a very difficult trail to follow, Holt said.

Read more here: https://eurekalert.org/pub_releases/2020-01/msu-oc-011620.php

Cybercrime Statistics in 2019

It doesn’t make for cheery reading but a researcher has compiled a list of statistics for cyber crime, here are few choice headlines:

• Cybercrime will cost as much as $6 trillion annually by 2021

• Financial losses reached $2.7 billion in 2018

• The total cost of cybercrime for each company in 2019 reached US$13M

• The total annual cost of all types of cyberattacks is increasing

Read the full article here: https://securityaffairs.co/wordpress/96531/cyber-crime/cybercrime-statistics-in-2019.html

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Week in review 05 January 2020 - Round up of the most significant open source stories of the last week, December breaches, worst passwords, Travelex taken offline, IoT security stinks, Iran revenge attacks expected on US

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to our first blog post of 2020:

List of data breaches and cyber attacks in December 2019 – 627 million records breached

The new year – and new decade – is underway, but before saying goodbye to 2019, ITGovernance had one more monthly round-up to get to.

December saw 90 disclosed data breaches and cyber attacks, with 627,486,696 records being compromised. That’s about a third of the average monthly total, although the number of incidents has climbed steadily throughout the year.

Refer to the original article for the full list of December’s incidents: https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-december-2019

These are officially the worst passwords of 2019

SplashData has released its annual list of the most commonly-used passwords across the world, uncovering that old security habits really do die hard.

The security firm investigated over five million leaked passwords over the past twelve months, and found that many of the most common logins would be easy to guess for even the most incompetent hackers.

In perhaps the most surprising news, "password" has for the first time been knocked out of the top two spots, being replaced by the painfully simple "123456" and "123456789".

SplashData estimates almost 10 percent of people have used at least one of the 25 worst passwords on this year’s list, with nearly three percent using "123456".

Here are the so-called "worst passwords of 2019"

• 123456

• 123456789

• qwerty

• password

• 1234567

• 12345678

• 12345

• iloveyou

• 111111

• 123123

Read the original article here: https://www.techradar.com/uk/news/these-are-officially-the-worst-passwords-of-2019

Hacks and Breaches of 2019: A Year in Review

SecurityBoulevard have a review of the biggest hacks and breaches from 2019, including Fortnite in January, WhatsApp from May, Facebook from April, Amazon Web Services from July and Zynga from September.

Read the full article here: https://securityboulevard.com/2020/01/hacks-and-breaches-of-2019-a-year-in-review/

US based Company shuts down because of ransomware, leaves 300 without jobs just before holidays

An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn't go according to plan following a ransomware incident that took place at the start of October 2019.

Employees of Sherwood-based telemarketing firm The Heritage Company were notified of the decision just days before Christmas, via a letter sent by the company's CEO.

Speaking with local media, employees said they had no idea the company had even suffered a ransomware attack, and the layoffs were unexpected, catching many off guard.

This shows how devastating ransomware attacks can be on businesses of all sizes.

Read the original article here: https://www.zdnet.com/article/company-shuts-down-because-of-ransomware-leaves-300-without-jobs-just-before-holidays/

Travelex site taken offline after cyber attack

The foreign-currency seller Travelex had to suspend some of its services to protect data since the firm suffered from a ‘software virus attack’ on New Year's Eve.

The company has resorted to carrying out transactions manually, providing foreign-exchange services over the counter in its branches.

A spokesman stated the firm is doing all it can to restore full services as soon as possible

More from the BBC here: https://www.bbc.com/news/business-50977582

After latest hack, experts say smart home security systems stink at securing data

Another day, another smart home camera system security hack, this one affecting the Seattle-based company Wyze. First reported by a Texas-based cybersecurity firm and confirmed by Wyze, the hack is estimated to have affected 2.4 million customers who had their email addresses, the emails of anyone they ever shared camera access with, a list of their cameras, the last time they were on, and much more information exposed. Some customers even had their health data leaked.

Wyze is a home camera system similar to Amazon’s Ring that’s more economical: Wyze’s products are about a third of Amazon’s Ring. Both companies have now experienced at least one kind of major breach — either a hack or a leak — that should raise the eyebrows of anyone considering purchasing this type of home security.

Read the full article here: https://www.digitaltrends.com/news/wyze-data-hack-protection/

Iran 'revenge' could come in the form of cyber-attacks, experts warn

The US assassination of Qassem Suleimani has increased the likelihood of protracted cyber-hostilities between the US and Iran could escalate into true cyberwarfare.

With tensions mounting and Iran threatening “severe revenge” over the killing, concerns have arisen that blowback could come in the form of hacking attacks on critical infrastructure sectors, which include the power grid, healthcare facilities, banks and communications networks.

Iran has invested heavily in its cyber-attack forces since the Stuxnet attack in 2010 – which saw the US and Israel degrade Iran’s nuclear capabilities by means of a computer virus. It has demonstrated its capabilities with attacks on US banks and a small dam, and the US has countered with attacks on an Iranian intelligence group and missile launchers.

There is a danger attacks by Iran against the US spread to other targets in the West and we will continue to monitor any developments.

Read the original article here: https://www.theguardian.com/world/2020/jan/03/iran-cyberattacks-experts-us-suleimani

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our new regular ‘Cyber Tip Tuesday’ video blog, here and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Round up of the most significant open source stories of the last week

This week includes tools, tips and resources from around the web.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Traditional user awareness model is doomed to fail

CISOmag have some hard truths around the ways traditional user awareness is training is failing. If current user awareness is still relevant today, why is every security event full of CISOs complaining about users or passwords? After 20 years of user awareness, discussing passwords, and not clicking on links in emails the security industry is still talking about these as if they are new requirements. Where are the results which prove that the current model has worked, and will continue to work?

The full article can be read here: https://www.cisomag.com/traditional-user-awareness-model-is-doomed-to-fail/

 World’s most destructive botnet returns with stolen passwords and email in tow

If you've noticed an uptick of spam that addresses you by name or quotes real emails you've sent or received in the past, you can probably blame Emotet. It's one of the world's most costly and destructive botnets—and it just returned from a four-month hiatus.

Emotet started out as a means for spreading a bank-fraud trojan, but over the years it morphed into a platform-for-hire that also spreads the increasingly powerful TrickBot trojan and Ryuk ransomware, both of which burrow deep into infected networks to maximize the damage they do. A post published on Tuesday by researchers from Cisco's Talos security team helps explain how Emotet continues to threaten so many of its targets.

https://arstechnica.com/information-technology/2019/09/worlds-most-destructive-botnet-returns-with-stolen-passwords-and-email-in-tow/

Microsoft Patches Severe Windows Defender Bug

Microsoft patched a serious flaw in the Windows Defender security utility today that resulted in certain malware scans failing after just a few minutes.

https://www.tomshardware.co.uk/microsoft-patches-windows-defender-bug,news-61709.html

The Top 'Human Hacks' to Watch For Now

Social engineering is as old as mankind. But its techniques have evolved with time. DarkReading.com has info on the latest tricks criminals are using to dupe end users, including Social Media ‘Pretexting’, Vishing and SMiShing.

https://www.darkreading.com/edge/theedge/the-top-human-hacks-to-watch-for-now/b/d-id/1335845

 Akamai speaks out on uptick of Distributed Denial of Service (DDoS) attacks

Akamai released some findings on Wednesday following checks they had conducted on new Distributed Denial of Service vector leverages a UDP Amplification technique known as WS-Discovery (WSD). Without getting too technical UDP (User Datagram Protocol) is an alternative communications protocol to TCP (Transmission Control Protocol), used for establishing low-latency and loss-tolerating connections between applications on the internet). Since UDP is a stateless protocol, requests to the WSD service can be spoofed.

According to the report from Akamai the situation now is such that "multiple threat actors" are leveraging this DDoS method to ramp up attacks.

More: https://techxplore.com/news/2019-09-akamai-uptick-ddos.html

Global cryptomining attacks use NSA exploits to earn Monero

Security researchers tracked a very active threat group launching cryptomining attacks around the world against organizations in banking, IT services, healthcare and more, using exploits from the National Security Agency to spread its malware.

The new threat group, dubbed 'Panda,' was revealed this week in a new report from Cisco Talos. The report’s authors wrote that although the group is "far from the most sophisticated" it has been very active and willing to "update their infrastructure and exploits on the fly as security researchers publicize indicators of compromises and proof of concepts."

The NSA exploits include EternalBlue, which attacks a vulnerability in Microsoft's Server Message Block (SMB) protocol. The researchers first became aware of Panda's cryptomining attacks in the summer of 2018 and have reported that over the past year they've seen daily activity in the organisation's honeypots.

https://searchsecurity.techtarget.com/news/252470925/Global-cryptomining-attacks-use-NSA-exploits-to-earn-Monero

If You Have a Smart TV or IoT Devices, Your Home is Leaking Data.

Researchers at Northeastern University and the Imperial College London have recently conducted a thorough analysis of 81 different IoT products to characterize what services they attempt to connect with, what communications can be inferred from these connections, and the degree of encryption used to protect customers. 72/81 devices have at least one destination that is not a first party (i.e., belonging to the device manufacturer), 56% of the US devices and 83.8% of the UK devices contact destinations outside their region, all devices expose information to eavesdroppers via at least one plaintext flow, and a passive eavesdropper can reliably infer user and device behavior from the traffic (encrypted or otherwise) of 30/81 devices.

More here: https://www.extremetech.com/electronics/298621-if-you-have-a-smart-tv-or-iot-devices-your-home-is-leaking-data?source=opera

Vulnerabilities in IoT Devices Have Doubled Since 2013

Sticking with IoT devices for a minute, a follow-up study into the security of IoT devices has revealed more than twice the number of vulnerabilities as were detected six years ago.

In the 2013 study, researchers at Independent Security Evaluators (ISE) highlighted 52 vulnerabilities across 13 SOHO wireless routers and network-attached storage (NAS) devices made by vendors including Asus and Belkin.

An examination of routers and NAS products by ISE published yesterday has flagged 125 common vulnerabilities or exposures (CVEs). The vulnerabilities captured by the new research could affect millions of IoT devices.

For their latest study, the researchers tested 13 contemporary IoT devices created by a range of manufacturers. Modern versions of several devices tested in the original 2013 study were also studied to determine whether manufacturers had upped their security game.

The reported results were fairly disappointing, with researchers able to obtain remote root-level access to 12 of the 13 devices tested. Among the weaknesses identified were buffer overflow issues, command injection security flaws, and cross-site scripting (XSS) errors.

Read the original article here: https://www.infosecurity-magazine.com/news/vulnerabilities-in-iot-devices/

Some IT teams move to the cloud without business oversight or direction

27% of IT teams in the financial industry migrated data to the cloud for no specific reason, and none of them received financial support from management for their cloud initiatives, according to Netwrix.

Moreover, every third organization that received no additional cloud security budget in 2019 experienced a data breach.

Other findings revealed by the research include:

·         56% of financial organizations that had at least one security incident in the cloud last year couldn’t determine who was at fault.

·         31% of organizations would consider moving data back on premises due to concerns about security, reliability and performance, and high costs.

·         Interest in broader cloud adoption has faded in the financial sector since last year. The number of organizations ready to adopt a cloud-first approach dropped by 16% and the number eager to move their entire infrastructure to the cloud fell by 12%.

https://www.helpnetsecurity.com/2019/09/20/financial-industry-cloud/

Most Small to Medium Sized Business Cyber Attacks Focus on Just Three TCP Ports

Small to mid-sized businesses can keep safe from most cyber attacks by protecting the ports that threat actors target the most. Three of them stand out in a crowd of more than 130,000 targeted in cyber incidents.

A report from threat intelligence and defence company Alert Logic enumerates the top weaknesses observed in attacks against over 4,000 of its customers.

According to the report, the ports most frequently used to carry out an attack are 22, 80, and 443, which correspond to SSH (Secure Shell), the HTTP (Hypertext Transfer Protocol), and the HTTPS (Hypertext Transfer Protocol Secure).

Alert Logic says that these appear in 65% of the incidents, and it makes sense since they need to be open for communication, be it secured or plain text.

As basic guidance, security across all network ports should include defence-in-depth. Ports that are not in use should be closed and organisations should install a firewall on every host as well as monitor and filter port traffic. Regular port scans and penetration testing are also best practices to help ensure there are no unchecked vulnerabilities.

Standard recommendations to reduce potential risk from these ports is to maintain up-to-date and hardened devices, software or services that rely on these ports in order to close attack avenues.

https://www.bleepingcomputer.com/news/security/most-cyber-attacks-focus-on-just-three-tcp-ports/

Facebook announced on Friday that it suspended tens of thousands of apps amid privacy investigation in the wake of the Cambridge Analytica scandal.

The tens of thousands of apps Facebook has removed come from just 400 developers, Facebook said in its blogpost, and millions more have been investigated. The review is ongoing and comes from hundreds of contributors, including attorneys, external investigators, data scientists, engineers, policy specialists, and teams within Facebook, the company said.

https://www.theguardian.com/technology/2019/sep/20/facebook-app-suspension-privacy-cambridge-analytica

Why charities can’t afford to ignore the risk from malware

The world of cyber crime can seem murky and mysterious – cyber criminals are, after all, a faceless threat and charities are focused on the here and now, running their day to day operations and making a difference. But weapons such as malware are indiscriminate, and anyone can be stung. A new article from charitydigitalnews.co.uk aims to shed some light on the world of malware, with help from cyber security experts Avast in the form of a useful Q&A. The site has some other useful resources for charities and non-profits.

https://www.charitydigitalnews.co.uk/2019/09/16/cyber-security-faq-why-charities-cant-afford-to-ignore-the-risk-from-malware/

Black Arrow Cyber Consulting have a number of hours of free consulting time that charities and non-profits can apply to use.

Tools, tips and resources from around the web

How to encrypt and secure a website using HTTPS

The web is moving to HTTPS. SearchSecurity have released a guide to help firms find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data.

More info can be found here: https://searchsecurity.techtarget.com/tip/How-to-encrypt-and-secure-a-website-using-HTTPS

Ransomware: 11 steps you should take to protect against disaster

Falling victim to ransomware could put your vital business or personal data at risk of being lost forever. ZDNet have put together a list of steps that can help bolster your defences.

Read the article for the full list but the usual rules apply; user education and awareness, good patch management and ensuring you have good online and offline backups such that you can recover your data if the worst was to happen.

https://www.zdnet.com/article/ransomware-11-steps-you-should-take-to-protect-against-disaster/

Round up of the most significant open source stories of the last week

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Cyber threats are growing for SMBs but there are some simple solutions

A report by cyber security provider Kaseya shows that the number of small and medium-sized businesses (SMBs) facing cyber attacks is growing every year. Globally, one third of SMBs has experienced at least one attack in the last five years.

There are two very simple things that all organisations should do to help prevent, and recover from, an attack: ensure all software is patched as soon as possible and make regular back-up copies of your computers and servers.

https://www.itproportal.com/news/smbs-are-facing-bigger-security-threats-than-ever-before/

61 billion credential stuffing attacks in 18 months

A report by cyber security software provider Akamai shows 61 billion credential stuffing attacks in 18 months. These attacks are automated using software that is free of charge or low cost.

This is why passwords should never be reused across different sites. Current guidance on passwords from the UK National Cyber Security Centre can be found here https://www.ncsc.gov.uk/collection/passwords.

https://www.cbronline.com/news/credential-stuffing-attempts-akamai

Business email compromise attacks are increasing

The United States’FBI has reported a 100% increase in global losses from Business Email Compromise (BEC) attacks over the past year, with $26B lost over the last 3 years. One US insurance giant reported that BEC attacks are the leading cause of cyber insurance claims.

Business can take relatively simple steps to greatly reduce their risk of falling for a BEC attack. These include using 2-factor authentication (2FA) to prevent an attacker taking control of your email account, and educating employees.

https://searchsecurity.techtarget.com/news/252470554/FBI-says-26B-lost-to-business-email-compromise-over-last-3-years

https://threatpost.com/cybercriminals-adding-sophistication-to-bec-threats/148305/

Cyber attacks on IoT devices up 300% in 2019

Security researchers have identified a 300% increase in attack traffic on IoT devices over the past year. Vendors risk rushing products to market without adequately securing them, leaving them open to being leveraged in attacks. Often these devices do not have updated software to protect against known vulnerabilities that can be exploited by criminals, or the IT department is not aware of them being connected and therefore cannot manage the risk. Make sure your IoT devices have appropriate security features, and that the software is kept up to date. Do not use default passwords, as these passwords are known by criminals who will use them in an attack.

https://www.forbes.com/sites/zakdoffman/2019/09/14/dangerous-cyberattacks-on-iot-devices-up-300-in-2019-now-rampant-report-claims/#48d3a01a5892

Ransomware attacks on Ireland central and local government

This week (15 September 2019) The Times reports that the Irish government’s Department of Communications, Climate Action and the Environment, which is itself responsible for cybersecurity in the country, was the victim of ransomware last year.

All organisations are being attacked by ransomware. Importantly, many organisations that suffer are not the intended victim. Although there are no guarantees that you can prevent an attack, you can easily prepare to quickly recover and resume your business operations by regularly testing your system backup and recovery controls.

https://www.thetimes.co.uk/article/irish-government-admits-ransomware-breach-s8n6nxpgj