Cyber Round-up for 12th November
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The Cisco Talos team has recently discovered a new campaign controlled by a North Korean state-sponsored APT group, dubbed Kimsuky, specifically targeting South Korea. This malicious campaign combines an information gathering module, a keylogger module and a file injector to deliver the payload; the payload impersonates a benign tool known as Nirsoft WebBrowserPassview and is designed to steal credentials for several sites.
More details on this can be found here.
The stock trading and investment service Robinhood has been the victim of a cyber-attack. A customer support employee has believed to have disclosed their login credentials to a malicious party, which then proceeded to access Robinhood’s data to gather information about its users. The breach resulted in the disclosure of:
- email addresses for 5 million users
- real names for 2 million users
- name, date of birth, and zip code for ~310 users
- extensive personal data for ~10 users
After the breach was discovered Robinhood received a ransom notice from the attacker to pay or risk disclosure of the data. Robinhood did not agree to the ransom and informed law enforcement instead. An email was sent to users believed to be affected by the breach, notifying them that their email might be targeted by phishing scams in the future, as well as useful tips to stay protected.
The UK has seen 1.8 million computer misuse offences from June 2020 to June 2021. This was an 85% increase in comparison to the June 2018 to June 2019 period.
“This was an 85 per cent increase compared with the year ending June 2019, largely driven by a 161 per cent increase in ‘Unauthorised access to personal information (including hacking)’ offences,” said the Office for National Statistics, which owns the survey.
Even with the 1.8 million people estimated to be affected by a breach in the past year the number is likely to be more, as some details are lost or stolen, and unknown or unreported breaches won’t be accounted for till they are discovered.
Scam bots are being utilised to steal two factor authentication codes and one-time passwords. The bots are customised to appear like an automated security call from a bank or other service and ask the recipient to enter private credentials. This attack is simple as an automated voice imitates a legitimate security call such as irregular spending and gets the receiver to enter more details to validate their identity. Our advice is to never enter private information from unexpected or suspicious sounding calls; instead call the service back on a trusted helpline number and ask if the security concern was real before sharing information.
The crypto exchange service Chatex has been sanctioned by the US Treasury Department. This is due to Chatex being associated with ransomware payments, with over half of their known transactions being directly linked to illicit or high-risk activities such as darknet markers and ransomware. Operations for Chatextech and IZIBITS have been suspended while law enforcement investigate the firm’s board owners.
Vulnerabilities & Updates
Microsoft’s Patch Tuesday is here which addresses a number of critical vulnerabilities. You can find our Patch Tuesday blog post here, which covers all of the important details you need to know about this month’s batch of security updates!
A new zero-day vulnerability has been discovered by researchers at Randori that impacts Palo Alto Networks GlobalProtect VPN. Exploitation of this flaw could lead to an attacker gaining unauthorised access to the target network with the ability to execute arbitrary code. This is being tracked as CVE-2021-3064 with a CVSS score of 9.8; any versions before PAN-OS 8.1.17 are affected and we advise updating as soon as possible.
You can find the official Palo Alto security advisory here.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #166 – 12th November 2021
Why not follow us on social media:
Ironshare – Security Simplified