Cyber Round-up for 12th June
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A trend has emerged among cyber criminals that involves stealing YouTube account credentials, specifically for prominent users with a lot of subscribers. Many criminals have recently developed an interest for these accounts, although the reason is unclear, they are not reluctant to selling these credentials on the dark web. The price of the accounts entirely depends on the number of subscribers and how active they are, the issue around this is how quickly they have to sell due to account owners contacting Google support to get their account back. Reports suggest that this account theft is easier than it should be due to Google’s two-step verification being unsecure.
Security Researchers have recently uncovered the origin of major cybercriminal operations around the world; reports suggest that Dark Basin, a hack-for-hire group, has been behind a large amount of them. They have been known to target institutions on more than six continents, but their primary targets are American nonprofit organisations, specifically those involved in the #ExxonKnew campaign, which suggests that climate change information was kept secret by ExxonMobil for decades. They have also been involved in various phishing attacks and have links to an Indian Tech company known as BellTroX InfoTech Services.
IT services firm, Conduent, has become the latest victim of the Maze ransomware. The organisation provides critical services for more than 500 governments and 100 companies, making this attack’s impact much bigger than expected. Reportedly the ransomware only interrupted operations for a short time after the attack on May 29, and systems have since been fully restored. Apparently, the hit was made possible by a vulnerability in the ADC and Citrix Gateway products which was originally found and disclosed in December 2019. As always, security experts suggest updating systems as soon as possible to avoid situations like this, no matter how big or small your organisation is.
Nintendo warns its users not to reuse passwords following a staggering amount of account compromises. Since April, the video game firm has identified 300,000 accounts that have been compromised by hackers, primarily due to poor password practice and reuse. Reusing passwords is an easy way to get your account stolen, so please ensure that you are not using the same password on multiple accounts, especially those that include sensitive details or payment card information. The most effective way to keep your account secure is to enable two-step verification; this requires you to input a single use unique code from your smartphone when you log in. This means that even if an attacker gets your password, they still cannot gain access.
Vulnerabilities & Updates
Microsoft has released its monthly security patch, which addresses over 120 vulnerabilities affecting various products. The critical flaws include remote code execution in SMBv1, Word for Android and Windows GDI, as well as a few more products. If you want to know more about this patch, details are included in this Talos blog. Microsoft confirmed that none of the vulnerabilities had been exploited in the wild prior to the patch release, but we advise updating as soon as possible.
Proof-of-concept exploit code has been published on Github for a wormable Windows vulnerability. Worms are always extremely dangerous since they have the potential to spread to other machines without user interaction. The exploit that was posted is unreliable but still proves that there is risk present. This flaw affects Windows 10 versions 1903 and 1909 and Windows Server 1903 and 1909; which was also patched in a recent update. We advise all users to apply updates as soon as possible.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #95 – 12th June 2020
Why not follow us on social media:
Ironshare – Security Simplified