Cyber Round-up

Cyber Round-up for 18th February

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security. 

In this week’s round-up:

Security News

Governments Cautious Of High Impact Ransomware Increase.

With ransomware attacks becoming more frequent and sophisticated in design it has required governments to act to protect organisations, businesses and individuals. A recent collaboration between United States’ Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC), and the Australian Cyber Security Centre are allowing these organisations to better understand the methods and techniques being used by cyber criminals using ransomware to extort. The report produced by the collaboration concluded that cyber criminals seem to be:

  • Targeting poorly-defended cloud infrastructure to steal data, encrypt information, and – in some cases – deny access to backup systems.
  • Targeting managed service providers (MSPs), impacting all of an MSP’s clients at once.
  • Attacking industrial processes by either affecting connected business systems or developing code to interfere with critical infrastructure.
  • Attacking the software supply chain and using it as a method to access multiple victims through a single initial compromise.
  • Targeting organisations on holidays and weekends, where they might have more impact and there are fewer IT support personnel in place to handle emergencies.


Digital Anxiety More Prevalent In WFH Employees

A new study conducted by F-Secure has concluded that Employees that have worked from home throughout the pandemic are more likely to experience digital anxiety compared to their in-office counterparts. The study looked at how individuals feel about security and privacy on their devices and while using the internet. 67% of remote workers were worried compared to 58% for their counterparts. The issues that were most concerning to the participants in the study were:

  • 65% of those who work from home said the internet is becoming a more dangerous place.
  • 63% of remote workers said concerns about data privacy have changed how they use the internet.
  • 71% of remote workers said they worry that new internet connected devices—such as wearable’s and connected home appliances—could lead to a violation of their privacy.
  • 70% of remote workers felt increasingly uncomfortable connecting to public WiFi due to security risks.


Emotet New Attack Vector Infecting Businesses

A new attack method for the much unloved Emotet Malware has been reported by Unit42. Emotet has been recorded trying to infect devices through the use of malicious email attachments. Emotet can make this email seem more legitimate by thread hijacking that allows the creation of fake replies to emails that seem legitimate. This email contains an attachment to an excel document that contains a macro that users are asked to enable. If enabled it will download Emotet from an attacker owned server onto the device. The attachment in the email are often a zip file that contains a password protected excel sheet – the password will be noted in the email. This is an attempt to bypass email attachment scanning tools as it can’t be read. More detail are available in the above link.


TrickBot Targeting Top Brand’s Customers

The Trickbot trojan has been discovered in a new campaign by cyber criminals, once again attempting to steal login and banking credentials from customers of major organisations. TrickBot has been active previously, however this variant has the ability to – use a new web inject module, spread malware inside a network and steal application credentials that are sent to a command and control server. TrickBot overall has seen more than 140,000 successful infections since early 2021 and researchers noted that it’s back to taking first place in malware prevalence lists.


Windows Server Hotpatching Now Available

Microsoft recently made a big announcement regarding Hotpatching, their newest feature of Azure Automanage for Windows Server. Hotpatching presents a “new way to install updates on a Windows Server 2022 Datacenter: Azure Edition (Core) VM that doesn’t require a reboot after installation.”. The idea of this feature is to maximise availability, allow for faster update deployment and ensure better protection due to the fast installation of updates.

More details on this new feature can be found here.


Vulnerabilities & Updates

Magneto Zero-Day Exploited In The Wild

A new zero-day vulnerability has been detected for Magneto, an open-source application developer and distributor. The same vulnerability is also known to affect Adobe Commerce. The vulnerability is actively being utilised by cyber criminals to run arbitrary code, offering a score of 9.8 out of 10 due to a security weakness in input validation. A patch has been released and any users are advised to update to avoid being exploited.


Zero-Day Actively Exploited In Chrome

Yet another zero-day has been discovered in Chrome and it is being actively utilised by cyber criminals. The vulnerability has not been publicly released but has been declared as a use after free flaw in Animation. The vulnerability has been given a rating of Critical and a patch has been released mitigating the vulnerability. Users are advised to update to the latest version of Google Chrome ASAP.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #179 – 18th February 2022

Why not follow us on social media:

Ironshare – Security Simplified