Cyber Round-up for 16th November
Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
Over the last few weeks, an increasing number of cryptocurrency scams have been seen on the Twitter social media platform, using numerous compromised accounts. These scams try to trick users into handing over a small amount of cryptocurrency (such as Bitcoin), to receive a much larger amount of the currency in return, but all this does is fill the scammers wallets and fund further campaigns.
Scammers are compromising twitter verified accounts that are then used to deliver these scam tweets. The concern here is that Twitter accounts with the Verified (blue & white tick) badge are supposed to provide an element of trust, as it is displayed to indicate that the account has gone through Twitter’s approval process to ensure that the account is authentic.
We first witnessed this when a promoted ‘Ad’ tweet from Elon Musk told the community that he was giving away 10,000 Bitcoin. A closer look at the account confirmed this was actually the verified account of film studio Pathe UK, and the display name and image had been changed to make it look like it was coming from Elon Musk. To really sell it they even retweeted genuine tweets from the Elon Musk’s real account.
This has not been the only instance of this scam; UK retailer Matalan and Google’s G Suite have also had their accounts compromised, and this week we saw Target become the latest victim when their account was briefly hijacked. @Target tweeted:
Early this morning, our Twitter account was inappropriately accessed. The access lasted for approx. half an hour & one fake tweet was posted during that time about a bitcoin scam. We have regained control of the account, are in close contact with Twitter & are investigating now.
Please don’t get drawn into these scams, as they will not increase the size your crypto wallet, they just fund the bad guys to continue these types of campaigns.
To prevent your Twitter accounts from being hijacked, use complex and unique passwords that are not used anywhere else, and ensure that Two Factor Authentication (also called Login Verification) is enabled.
Whether Twitter are doing enough to assist with or prevent these activities is debatable, but they should be looking to put measures in place to further protect their users accounts. Industry experts such as Graham Cluley have suggested the mandatory use of 2FA, which sounds like a great start to us!
High Profile outages for Facebook and Google
Two very high-profile outages occurred on Monday 12th November, for internet giants Facebook and Google. These currently look to be two very different issues, although there were suspicions that these may have been malicious in nature.
Facebook suffered an outage that was experienced across the United States, lasting roughly 30 mins and starting at approximately 1300hrs ET. The outage affected all Facebook services including, WhatsApp and Instagram. USA Today reported that Facebook had confirmed that their outage was due to a scheduled test that ultimately failed, although no further information about this test was disclosed.
Google on the other hand were not so lucky. Their issue caused a denial of service (DoS) for G Suite and Google Search services and lasted for approximately 74 mins. The issue was blamed on a BGP routing misconfiguration made by a small ISP company in Lagos Nigeria, called MainOne. Ars Technica reports that updates to the Internet’s global routing table made by MainOne, meant that hundreds of IP address ranges belonging to Google were advertised as being reachable through their network. Minutes later China Telecom received and accepted the update, advertising to other large Internet Service Providers, such as the Russian based Transtelecom.
These kind of route changes can often go unnoticed, but as traffic destined for Google was redirected to China Telecom, the Great Firewall of China (used to regulate, control and censor Internet traffic within Chinese territories) dropped the traffic at its edge causing the outage.
Currently neither of these incidents appear to be the result of malicious actions, but it does continue to question the security limitations within BGP, the internet’s routing protocol. BGP hijacking is not uncommon and we have seen multiple instances dating back to 2010, where China Telecom briefly redirected internet traffic through China, for what can only be malicious intent.
Its time we moved away from this trust-based model with BGP and got on with fixing these long-standing security problems.
MiSafes Smartwatches puts children at risk
MiSafes’ leading smartwatch for children, has been found to be extremely easy to hack placing thousands of its child users at risk. Security researchers at Pen Test Partners found that children’s movement and activities could be tracked by malicious actors.
GPS sensors and a 2G data connection in the watch allows parents to know their child’s location, can listen in on what the child is doing and also allows the parent to make a call to the child’s watch, all via their smartphone app.
Once compromised, malicious actors are capable of gaining real time locations of children, gain personal information from the device, while also sending messages and making calls that appear to be from the parent.
No advanced hacking skills were required to compromise these watches, just simple use of free online tools and some basic coding ability.
Until the manufacturers of these devices can prove that they have resolved these security issues, Pen Test Partners recommend that you do not use these GPS based watches to track your children.
Microsoft’s November 18 Patch Tuesday
Patch Tuesday, for those not familiar with the name, refers to Microsoft’s monthly security update release day, which typically falls on the second Tuesday of the month. The latest Patch Tuesday includes a total of 53 vulnerabilities, 11 are rated Critical, 40 are rated Important, and the remaining two are rated Moderate and Low.
Included in these Critical Vulnerabilities are several memory corruption vulns that are present in Microsoft Edge, Windows Deployment Service TFTP Server, Internet Explorer, and the VBScript engine that can all result in local and remote code execution.
There are also a number of key vulns rated Important that should not be overlooked. Several remote code execution vulns exist within MS Office products, Outlook & Excel, PowerShell and Internet Explorer. While the Windows Com Aggregator Marshaler can be exploited to gain elevated privileges.
Full details can be found at the link below:
Accompanying the release is an Important advisory for Adobe Flash Player that if exploited can lead to information disclosure and remote code execution. This affects Microsoft Edge and internet explorer browsers as well as Chrome.
Don’t delay, review and get patching now!
And that’s it for this week, please don’t forget to tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailList
You can also follow us using the social media links provided.
If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReview
Ironshare – Security Simplified
Edition #17 – 16th November 2018