Cyber Round-up for 13th November
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The UK government is currently performing a defence and security review to “boost the nation’s cyber-capabilities”, but Ciaran Martin, the former cyber-chief of the NCSC, is worried that things are going in the wrong direction. The cyberworld appears to be shifting towards more offensive methods of security, while the ex-chief is wishing for more restraint. He believes that the best way to guarantee safety and security is defensive measures, rather than the offensive cyber-weapons that are being utilised by many nations, including the UK. Russia seems to be one of the primary users of these cyber-weapons and have been linked to many attacks over the last few years. Despite this focus from many nations, Martin encourages restraint and claims that weaponizing the internet is a big mistake.
Campari Group, an Italian company known for producing spirits and wines, has suffered a ransomware attack in which 24 of their servers from around the world were compromised. The hackers have reportedly stolen and encrypted 2TB of data and have demanded a ransom of $15 million. A note left for the company states that if the ransom is not paid, then the encrypted data will be released to the public and/or sold to criminals. There is currently no further information, and it is unclear if the group plans to pay the attackers; what we do know is that Campari appears to be rebuilding its services with dramatically increased security. Research into the incident has shown that it could be linked to the recent attack against game developer, Capcom. Capcom have displayed notices on their website stating that many services, including email systems and file servers are impacted.
Expect updates as soon as more information is released.
Ghimob is a new banking trojan specifically created for Android devices; the malware can spy on 153 applications and steal data from them. Security firm Kaspersky has been looking into this new banking trojan, and they believe it was developed by the group behind the Astaroth Windows malware. Please note that this malware is being distributed via email and malicious sites; these methods redirect the user to a site, where they are prompted to download a fake version of legitimate application, such as WhatsApp or Google Docs. As always, we strongly recommend downloading applications from the official Play Store and avoiding third-party stores.
Microsoft have warned of a new trend, in which attackers advertise fake Microsoft Teams updates to deploy malicious payloads. A recent security advisory shows that the ads contain a link that leads to a site controlled by the attackers; this downloads a payload that executes a PowerShell script that loads the malware. The link also installs a legitimate version of Microsoft Teams to avoid suspicions from the victim. This campaign takes advantage of companies who are working remotely and rely on video conferencing software such as Microsoft Teams. Please ensure that you download Teams from the official site, and do not trust third party sources.
Vulnerabilities & Updates
Microsoft’s latest batch of security updates has arrived in their November 2020 Patch Tuesday. This includes fixes for 112 security flaws, including a zero-day vulnerability that exists in the Windows kernel; this reportedly affects all current supported versions of the operating system. The patch also addresses 24 remote code execution flaws in Excel, Sharepoint, Exchange Server and more. As always, we recommend updating as soon as possible.
Microsoft Security Update Guide can be found here.
And that is it for this week’s round-up, please don’t forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #117 – 13th November 2020
Why not follow us on social media:
Ironshare – Security Simplified