Cyber Round-up for 19th June
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A Specialist CIA Division that creates high level hacking tools, hadn’t taken the necessary protective measures and has suffered an attack. Reports suggest that it was the worst data loss in the history of the agency, and many secrets were stolen. A lot of the reports regarding the situation are redacted, however it was confirmed that sensitive cyber tools used to hack into rival networks as well as around 180 gigabytes of data was stolen. Just another example that even those skilled in cyber security can be pwned.
A recent survey by Scottish Crime and Justice, reports that the most common problem that users encounter is virus infections, as well as payment card theft. In addition, 4.5% of people say they’ve been a victim of an email scam. It was found that most victims of cyber attacks do not report incidents; the only cases that are frequently reported are those involving payment cards and bank accounts. These kinds of reports open our eyes to the dangers of cyber attacks and how much they can affect the average user; many people believe they are too insignificant to be attacked. It is important to understand that everyone is at risk, and you should always do what you can to stay safe online.
Cosmetic Company, Avon, has been taken offline following a ransomware attack. The attack reportedly affected the back-end IT systems across multiple countries, including Poland and Romania. The breach was disclosed to the public via a notification to the US Securities and Exchange Commission. The Brazilian-owned company is currently investigating the incident, which was disclosed on June 9th, and have not yet released any further details regarding the ransom. The company reportedly had backups of all their data and are working on restoring their operations.
As viewers return to watch the Premier League this week, the risk of cyberattackers targeting live streams follows. Fans have eagerly awaited the return of football and will likely do whatever they can to stream every game possible, and hackers will be looking to take advantage of this. A wave of phishing attacks, scams and account takeovers are expected to arrive with the restart of English Football. As always, our advice is to be mindful when receiving adverts or emails, specifically those containing links and attachments, use good password practice to secure accounts, along with implementing 2FA where possible.
Apple Mac users have been issued a warning by the security experts at Intego following the disclosure of a malware threat. The threat has been seen active in the wild and disguises itself as a Flash Player installer to spread. This is not a new tactic for malware to use, however it is unusual that it tries to hide its activity from the user and security software. A security researcher confirmed that the flash installer is a bash shell script; the exact nature of this can be found in the post by Graham Cluley. As always, we advise you to take care when downloading software, and ensure that it is actually what you think it is.
Amazon released a report recently about how they have stopped a 2.3Tbps DDoS attack in February of this year. This is apparently the largest DDoS attack ever recorded and they are happy that they managed to mitigate it. The customer targeted was not disclosed, but AWS said that the attack was carried out through the use of hijacked CLDAP servers, which are connectionless versions of LDAP protocol. This protocol has been used by many hackers looking to perform DDoS attacks; however none have ever been this large.
Vulnerabilities & Updates
Homeland Security and CISA ICS-CERT have released warnings of a critical security flaw affecting billions of devices that connect to the internet. There is a set of 19 vulnerabilities for ‘Ripple20’ that can allow remote takeover of target devices without any user interaction. The flaws were found by Israeli cybersecurity company – JSOF; they said that affected devices will impact a number of industries, including medical and healthcare as well as telecom and transportation.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #96 – 19th June 2020
Why not follow us on social media:
Ironshare – Security Simplified