Cyber Round-up

Cyber Round-up for 17th June

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security. 

In this week’s round-up:

Security News

Phishing Campaigns Using Reverse Tunnelling and URL Shorteners Evade Detection

Cybercriminals are beginning to incorporate new techniques into their phishing campaigns to make them more successful and harder to detect. The latest trend in phishing is utilising reverse tunnelling and URL shorteners to evade detection; if done correctly, the attacker will leave no trace. These methods involve the misuse of legitimate services to bypass phishing countermeasures and do not require exploitation of a vulnerability. Reverse tunnelling attacks are becoming increasingly popular; this calls for improvement to the monitoring of reverse tunnel services to help detect these techniques and prevent future attacks.


Abertay University Opens £18 Million Cyber Security Centre

Abertay University has been praised for its efforts to improve Cyber Security. Its newly opened Cyber Security centre cost £18M and will be available for use by students, academics, and businesses, with the NHS National Services Scotland cyber-security wing as their first official client. Students at Abertay University will be given the chance to learn cyber security from industry professionals, providing them with the best education available.


2000 Scammers Arrested Along With $50 Million Seized By Interpol

Interpol, an international organization that facilitates worldwide police cooperation and crime control, conducted its “first light 2022” operation. Interpol and 76 supporting countries helped in this operation which focused on organisations conducting social engineering attacks such as telephone deception, romance scams, business email compromise (BEC) scams, and related money laundering. The operation lasted from March 2022 to May 2022 resulting in:

•             1,770 physical locations raided worldwide

•             3,000 suspects identified

•             2,000 operators, fraudsters, and money launderers arrested

•             4,000 bank accounts frozen

•             $50 million worth of illicit funds intercepted


26M Request Per Second DDoS Attack Prevented

This week, Cloudflare announced that they had prevented a new record-breaking DDoS (distributed denial-of-service) attack. At its peak the attack was sending 26 million requests per second from a botnet of more than 5,000 devices. It appears each device was sending approximately 5200 RPS at the height of the attack. Investigations revealed that the customer’s website received a flood of around 212 million HTTPS requests in a 30 second timeframe, making this the largest HTTPS DDoS attack ever seen.


New Linux Malware Is Near Impossible to Detect

Security researchers have identified a new Linux malware that is supposedly “nearly impossible to detect”. The malware, named Symbiote, is unlike most Linux malware; rather than being an executable file, Symbiote is a shared object library that loads itself into all running processes to infect them. This allows an attacker to gain remote access, rootkit functionality, and steal credentials. The evasive tactics used by this malware make it very difficult to detect, and researchers are unsure how frequently it is being used; this also means that standard antivirus tools are unable to detect Symbiote, so all Linux devices are vulnerable.


Vulnerabilities & Updates

Internet Explorer 11 Reaches End Of Life For Some Windows 10 Editions

Internet Explorer was first released in 1995 on Windows Plus! upgrade pack for Windows 95. Multiple upgrades have been made since its initial release with the current version called Internet Explorer 11. Microsoft has reported that Internet Explorer will reach the end of life for some editions of Windows 10. As of 15th June, Internet Explorer will no longer receive feature or security updates making it incredibly important that affected users move to a more secure browser such as Microsoft Edge or Chrome. If users need Internet Explorer to access websites no longer supported by modern browsers the “Internet Explorer mode” in Microsoft Edge will allow users to access websites while using a secure browser.


Ransomware Groups Exploiting Atlassian Confluence Zero-Day

Last month, it was revealed that all supported versions of Atlassian Confluence Server and Data Centre are vulnerable to a new remote code execution zero-day. Since the disclosure of this vulnerability, ransomware groups have begun actively exploiting it in their attacks. An official patch was released on the 3rd of June and all users are recommended to apply the latest patches as soon as possible to ensure protection against an attack.

More details and remediation steps can be found here.


Microsoft Patch Tuesday: June 2022

Microsoft’s Patch Tuesday for June 2022 has arrived, and includes fixes for 55 total vulnerabilities, 3 of which are considered critical. While this is a smaller patch release than we are used to from Microsoft, it still includes some important updates for key software such as Azure, Visual Studio, Office, Windows Defender and more.

More details on this batch of security updates can be found here in Ironshare’s round-up of the June 2022 Patch Tuesday release.

And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.

Stay Safe, Secure and Healthy!

Edition #193 – 17th June 2022        

Why not follow us on social media:

Ironshare – Security Simplified