Cyber Round-up for 10th January
Welcome to the first 2020 edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A telemarketing company which was crippled by a ransomware attack in the October of 2019, have had to close their doors and shut down indefinitely, sending home over 300 employees. These employees were not notified until a few days before Christmas, leaving them jobless over the holidays. The company’s CEO spoke out about the incident and announced that they were not aware of the attack and were caught off guard; despite efforts to recover their data, the company was unable to recover and lost hundreds of thousands of dollars in the process. Many companies disregard the importance of cybersecurity and are not aware of how badly these kinds of attacks can affect an organisation; this is a prime example of how a cyber-attack can finish a business and why it is vitally important that all businesses prepare themselves to ensure this doesn’t happen again.
Foreign currency exchange service, Travelex, was forced to take its systems offline on New Year’s Eve following a compromise. According to Travelex, a software virus was discovered that had been affecting some of their systems. More than a week later, the service is still offline and other banks, such as Barclays, HSBC and First Direct, have reported that they are unable to offer online currency services as a result of the Travelex incident. Although reports have not confirmed it this appears to be yet another ransomware attack.
On January 14, Microsoft will be discontinuing support for Windows 7, meaning they will no longer release updates or provide technical assistance for it. This puts anyone using the operating system at risk from vulnerabilities that will no longer be patched. We highly recommend upgrading to Windows 10 before Windows 7 support ends to ensure that you are protected from the flaws of an outdated OS. More details can be found on the Microsoft support site.
Predator the Thief, a well-known information stealer, has recently been updated to feature new capabilities; the update includes phishing documents that are harder for users to detect. The malware was first seen in July 2018, and is known to steal usernames, passwords, cryptocurrency wallets; it can also take control of a victim’s webcam to take photos. The regular updates that the info stealer receives make it harder to track and monitor, and more effective at detecting debuggers and sandboxes. This malware is difficult to deal with; we recommend patching your systems regularly and alerting staff to the risks phishing attacks.
Pulse Secure’s Zero Trust business VPN systems has been compromised and is being actively exploited to install REvil ransomware on the company networks. This was discovered by researcher Kevin Beaumont, who disclosed the critical vulnerabilities to Pulse Secure. Despite patches being released in April of 2019, firms were still not patching in August when 14,528 servers were found to still be running the vulnerable software. As a result of compromising vulnerable systems, attackers were able to install backdoors to gain access if patching occurred. Eight months on from the public being made aware of the serious weaknesses in the Pulse VPN system, 3,826 devices are still open to exploitation.
Vulnerabilities & Updates
Cisco have released patches for three critical vulnerabilities that exist in the Data Center Network Manager platform that is used to manage NX-OS, the operating system used by Cisco Nexus switches. All three are authentication bypass flaws that allow a remote attacker to execute arbitrary code with administrative rights. Cisco confirmed that there are no workarounds for these vulnerabilities but have released software updates addressing them.
The first Android Security Bulletin of 2020 addresses seven new vulnerabilities affecting the Android operating system, one of which is a critical flaw impacting versions 8, 8.1 and 9 of the OS. The flaw allows a remote attacker to execute arbitrary code on the victim’s device; no further details have been disclosed, but researchers suspect that a malicious app installed on the device could potentially abuse the vulnerability. We recommend installing the January security updates as soon as possible.
And that’s it for this week’s round-up, we hope you all had a fantastic Christmas / Holiday season. Please don’t forget to tune in for new instalments every week.
Happy New Year!
Why not follow us on social media using the links provided on the right.
Edition #73 – 10th January 2020
Ironshare – Security Simplified