Cyber Round-up for 15th May
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The job of a cybercriminal is easier than ever due to the Covid-19 lockdown, and research backs this up. In April alone, there was a total of 404 million malware infections worldwide: this equals around 10 million infections a day. To add to this, around 64% of the attacks were launched against educational services; because of this it is recommended that educational institutions employ IT experts as we approach the exam period.
A long list of celebrities have suffered from a ransomware attack recently that stole their personal data, including contact information and employment contracts. Around 750GB has reportedly been stolen by the criminals. The attack hit a law firm known as Grubman Shire Meiselas & Sacks, whose website is now offline while they deal with the incident. The malware used in the attack has been named REvil; more information regarding the attack can be found in the blog on Naked Security.
One of the most powerful supercomputers in Britain, known as ARCHER, has been exploited by cybercriminals, forcing a system-wide reset for passwords and SSH keys. The attackers targeted the machines login nodes to achieve this attack. This supercomputer was designed as a research resource for incidents with global impact, making it invaluable in times like these. Unfortunately, due to the impact the attack had. All operations have been stopped for this week and will not be available until Friday 15th at the earliest.
A new malware known as ACbackdoor has recently surfaced and reports suggest that it affects Windows and Linux machines. Both variants use the same protocol to talk to its C&C (Command and Control) centre, and share a lot of common features; however, the Linux version of the malware possesses additional capabilities, including process renaming. It also has a much lower detection rate than its Windows counterpart. One of the scariest features is its ability to disguise itself as a legitimate process, meaning you cannot really trust anything. We still do not know who is behind the distribution of the malware, but more details can be found in the post on Cybsploit.
Due to the severity of Covid-19, healthcare organisations have resorted to building new hospitals to care for more patients; cybercriminals have seen this as an opportunity and the companies responsible for construction have become a big target. Reports show that the attacks suffered have not been too harmful so far. Websites and computer systems have had to be shut down as a result, but day-to-day operations have not been affected much. The NCSC (National Cyber Security Centre) is working hard to combat these cybercriminals and encourages organisations to be especially vigilant during this time.
Vulnerabilities & Updates
This month’s patch Tuesday has finally arrived and it contains fixes for 15 critical vulnerabilities; these include several remote code execution vulnerabilities, as well as a memory corruption flaw in the Internet Explorer web browser. The patch also features updates for 95 important vulnerabilities. As always, we recommend applying these patches as soon as possible, and if you want to learn more about what was addressed this month, links to all CVEs can be found here.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #91 – 15th May 2020
Why not follow us on social media:
Ironshare – Security Simplified