Cyber Round-up for 15th October
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Microsoft announced earlier this week that they had “fended off the largest DDoS attack it’s detected, which clocked in at 2.4Tbit/sec.” The attack reportedly targeted the Azure cloud, and came from almost 70,000 different sources, including many countries in the Asia-Pacific region. Microsoft announced that it was the largest attack they had ever encountered, but it may well be the largest attack ever seen anywhere.
More details on the nature of this attack can be found here.
Coinbase users have become the victims of phishing attacks, with cybercriminals using a fake domain to capture one-time passwords for user’s accounts. This domain is set up as a password reset webpage that requests the Coinbase login credentials of the victim. Once a user arrives on the page, the attacker is alerted so that they can be ready for the one-time password to be input. This is one way that criminals are becoming clever with their ways of attacking accounts protected by multi-factor authentication. This domain has since been taken down, but reportedly was quite successful during the time it was in use. We advise all Coinbase users to be very careful when inputting credentials; you should always check that the site is what you think it is. Our recommendation is to use hardware security keys (such as YubiKey) and hardware wallets for protecting your cryptocurrency accounts and assets.
Sunderland University have reported “extensive IT disruption” and are currently working with the police and security experts to investigate what could potentially be a cyber-attack. The University believe the incident has “all the hallmarks of a cyber-attack” and followed up with a statement about how seriously they take the security of their systems, students, and employees. Their website, IT systems and telephone systems are all still out of operation, but face-to-face teaching is still going ahead on campus.
More details on the situation will no doubt surface in the coming weeks.
Cyber criminals based in Russia and its neighbouring countries have been found to be responsible for a high majority of serious ransomware attacks against the UK according to the National Cyber Security Centre. The head of the NCSC, Lindy Cameron, has said that not enough UK businesses and services are prepared for such attacks. Ms. Cameron continued by saying that ransomware will continue to be highly lucrative and attractive to cyber criminals while organizations remain vulnerable and willing to pay. A new defensive initiative has been devised in order to deliver a “sustained, proactive” campaign to interrupt hackers targeting the UK, this will involve a National Cyber Force actively protecting the UK through offensive hacking operations.
One of the world’s biggest hotel chains Meliá has been targeted by cyber criminals as parts of the internal network and web-based servers were took offline. While no ransomware gang has taken credit for the attack, nor has the hotel been listed on any “leak site”, this may be because some ransomware gangs don’t operate publicly. The hotel chain is reportedly now working with Telefonica’s cyber security division to deal with the attack’s aftermath.
Vulnerabilities & Updates
Apple has released their latest patch for iOS and iPadOS, 15.0.2. This patch addresses a zero-day vulnerability that was found to be actively exploited in attacks since its discovery. Exploitation of this flaw could allow an attacker to execute arbitrary code on the target device and has been classed as a critical memory corruption bug. As always, we advise updating to the latest version as soon as possible.
On Tuesday Microsoft released security patches to eradicate 71 vulnerabilities in Windows and additional software and services. Two of the vulnerabilities were considered critical with the following four zero days being patched:
CVE-2021-40449 (CVSS score: 7.8) – Win32k Elevation of Privilege Vulnerability
CVE-2021-41335 (CVSS score: 7.8) – Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-40469 (CVSS score: 7.2) – Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-41338 (CVSS score: 5.5) – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
Patch Tuesday continues to be an integral part of Microsoft’s push for security of its users and services. We advise that these new updates are reviewed and installed at the earliest opportunity.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #162 – 15th October 2021
Why not follow us on social media:
Ironshare – Security Simplified