Cyber Round-up for 13th March
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
One of the world’s biggest botnets, known as Necurs, has infected more than nine million machines over its 8 years of malicious activity, until this week when it was taken down by the Microsoft team and its partners. They reported that this was achieved using the very domain generation algorithm that the network used to communicate with the infected computers; they managed to crack the algorithm and predict their movements to block the infections ahead of time. This brings to an end a mighty botnet that was used for numerous cybercrimes that included ransomware delivery, credential & identity theft, spam and online scams.
Over the last decade, security experts have preached the importance of password rotation policies, but a recent change of mentality has some of those thinking it may not be the way to go. IT professionals will forever be in disagreement over the topic, but more and more people are starting to see the disruption caused by these rotation/expiration policies. Most users have too many accounts to remember unique passwords for, meaning regularly changing them will lead to reuse and will undoubtedly disrupt operations. Regularly expiring passwords, promotes reuse or common passwords, some of the main causes of account breaches, which is why it is vital that users always use unique passwords. We recommend to reduce or even remove the use of password rotation; instead encourage the use of unique hard to guess passwords combined with a password manager; this ensures that you will not forget your credentials and even helps keep them unique by using a password generator.
A malicious site has surfaced that appears to be a clone of the John Hopkins Coronavirus map; the copycat site contains malicious code but has not yet been observed as part of any malicious campaign. The malware found in the site is reportedly a backdoor trojan, capable of evading detection and installing onto a target machine. This is disguised as ‘Corona-Virus-Map.com’, a piece of software that is supposed to display a real time log of the pandemic’s spread; instead it spreads the AZORult malware. As always, take care when installing a program; ensure that it is safe and from a trusted source before you use it. As for the map, the legitimate site is included in this article; please avoid other apps similar to this as they may be malicious.
Palo Alto Networks Unit 42 Research Team have been actively warning organisations of the risks of IoT devices, as recent studies have revealed that 98% of their device traffic is unencrypted, which exposes sensitive and private information. This combined with their reliance on outdated protocols leave IoT vulnerable to a large number of old attack techniques. This article includes the findings of a podcast recording that looks into these risks and highlights the key vulnerabilities within IoT devices. The investigations conducted by the Palo Alto research team is vital, and they described the situation as a ‘ticking IoT time bomb’, which emphasises the importance of securing all your IoT devices.
Vulnerabilities & Updates
Microsoft recently announced the discovery of a new critical vulnerability that exists in version 3.1.1 of their Server Message Block (SMBv3) protocol and allows the attacker to execute arbitrary code on the target server/client. This attack works by setting up a malicious SMB server and then tricking their victim to access it. It was confirmed that this flaw has not been actively exploited in the wild, and guidance has been released on how to disable SMBv3 Compression and reduce the risk of an attack. There is currently no patch availability for this vulnerability. Please see the Microsoft security advisory to learn more about this vulnerability and how you can protect against it.
This edition of Microsoft’s Patch Tuesday features 25 critical vulnerabilities, as well as 91 important and one moderate. Among this month’s critical flaws are a number of remote code execution and memory corruption vulnerabilities existing in Windows, ChakraCore Scripting Engine, VBScript Engine and GDI+. We highly recommend updating as soon as possible to avoid the risk of an attack. Many hackers target vulnerabilities that have already been patched to catch out users who have not yet updated; don’t let this be you.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
Why not follow us on social media using the links provided on the right.
Edition #82 – 13th March 2020
Ironshare – Security Simplified