Cyber Round-up for 11th December
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A food bank in Philadelphia was recently hit by a business email compromise scam, which has resulted in the loss of almost $1 million. According to reports of this incident, the food bank is currently working on the construction of a new community kitchen, with attackers using this opportunity to pose as the construction company and steal their money. This incident was not discovered until 18 days later, when they found that the legitimate company was still awaiting payment. Last year, $1.7 billion were stolen through business email compromise scams, and they are still as present in 2020. As always be careful when receiving suspicious emails, especially when payments are involved.
Randstad, one of the world’s biggest recruitment agencies, has been hit by the Egregor ransomware. The agency reported that there wasn’t any major impact on their operations but confirmed that data was stolen by the attackers. Randstad, who claim to have 280,000 clients in 38 different countries, became aware of the attack last week and quickly acted to “mitigate the incident while further protecting Randstad’s systems”.
You can read Randstad’s full statement on the incident here.
The European Medicines Agency, who were responsible for approving the recent COVID-19 vaccines, has announced that they have suffered a cyber-attack. This was disclosed via a short statement on their website, which states that they will not release any further details during their ongoing investigation. This comes as no surprise, as many organisations involved with COVID-19 research have been targeted recently, mainly by state-sponsored hacker groups.
Cyberpunk 2077 is one of the most highly anticipated games of all time, so it is no surprise that hackers are taking advantage of gamers who are desperate to get their hands on it. You may have seen advertisements for a ‘free’ copy of the game; however, cybercriminals are using these ads to lure in victims and steal their personal information. We strongly advise you only purchase the game from trusted sellers and avoid any downloads claiming to be ‘free’; if it sounds too good to be true, it probably is.
In 2020, CrowdStrike has investigated around 200 incidents and according to their yearly report, 51% of these were ransomware. 63% of the incidents were financially motivated. The company’s investigations also found that both attackers and defenders have been improving and adapting, with much more sophisticated attacks being used.
If you want to read more about CrowdStrike’s findings, you can read the report here.
Vulnerabilities & Updates
WordPress released their last major patch of 2020 on 8 December, and it includes some important features. With 5.6, WordPress have introduced a new feature that “allows external applications to request permission to connect to a site”. If access is granted, the user can perform actions through an API. Although this is an interesting feature, it opens the possibility of more attacks, specifically focused on social engineering. As you can imagine, it would not be too difficult for an attacker to trick a site administrator into clicking a link pretending to be a permission request. To make this even more dangerous, the newly generated passwords are sent to the requester via a redirect URL, which will make attacks even more difficult to spot for those who are not actively looking. A recent WordFence release addresses this issue; in 7.4.14, application passwords are disabled by default.
Its that time again. Microsoft have released their monthly batch of security updates, addressing 58 vulnerabilities; 10 of which are considered critical. Some of these critical vulnerabilities include a remote code execution flaws in SharePoint, Windows NTFS and Exchange. We advise applying the latest updates as soon as possible to ensure you are protected against attacks.
A full list of disclosed vulnerabilities can be found here.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #121 – 11th December 2020
Why not follow us on social media:
Ironshare – Security Simplified