Cyber Round-up for 1st November
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The electronics retailer, Currys PC World, was recently targeted by a group of fraudsters who have hijacked their eBay account to carry out a series of scams. With access to the retailer’s account, the group was able to change the payment details of listed items, including the iPhone 11 which is currently in high demand. Those paying for these items via PayPal have had their money stolen from their accounts; this was done using a fake PayPal account set up by the scammers. This attack has affected over 600 customers that made purchases on the weekend of October 19-20. Following this scam, the owners of Currys PC World resolved the issue, and confirmed that all customers affected would be refunded.
Webroot has released its list of 2019’s nastiest malware, including cryptomining campaigns, huge phishing schemes and dangerous ransomware strains. It has been a big year for the constantly evolving ransomware threat, especially for Emotet. Before their extended summer break, they were causing mass disruption across the world; the most prominent of their payloads was Ryuk, which had a massive presence in the first half of 2019. Business Email Compromise has been a big issue this year, and we have seen a massive rise in email hijacking; this type of phishing has become more prominent over recent years. Finally, cryptomining has seen an increase in popularity. The low-risk method of acquiring money has become more frequent in 2019 and has proven more profitable than most other campaigns, while remaining less malicious. The most active cryptomining payload we have seen in use is Hidden Bee, which started out with Internet Explorer exploits and evolved into payloads packed into image files.
As people become more aware of phishing, attackers must find more sophisticated ways to approach their victims. One way they do this effectively is spear phishing; emails personally tailored to an individual, often from someone they know/work with. These types of attacks are particularly profitable when targeting those in the financial industry; this has been an area of focus for most attackers in recent weeks. Security researchers have really been trying to respond to the recent increase in attacks with various prevention methods, and the best defensive measure they recommend is two-factor authentication. More details on spear-phishing included in the original post.
Security firm Red Goat Cyber Security has recently completed a study on the insider threat, showing whether or not professionals would report others if they noticed suspicious activity. The study records the opinions of over 1000 professionals across various industries; they were given different scenarios and were asked how they would react if different types of people were to be involved. The result of this report was that most employees would not know what to do if they noticed suspicious activity due to their organisation not providing them with guidance or training. In response, Red Goat produced some guidance steps on what should be focused on when it comes to reporting insider threats. This list includes the importance of HR in dealing with suspicions; the full report can be found here.
Vulnerabilities & Updates
A mysterious new piece of malware, called Xhelper, has been plaguing Android devices recently; in the last 6 months the malware infected over 45,000 devices and is constantly spreading. Many users have become aware of the problem and deleted the malware from their devices, some have even factory reset just to be safe, however this has not proven successful. It appears the malware can reinstall on the target infected device, even after being factory reset. The application is hidden from users and launches itself from external events, such as installing apps and/or rebooting the device; from this, the device can be connected to the attacker’s remote command and control server where additional malicious programs can be downloaded. This malware is very dangerous and has primarily targeted users in India, though it has been observed in the US and Russia as well. Researchers recommend keeping everything up to date to avoid any exploitable vulnerabilities and be careful when granting permissions; installing a good antivirus application would also be a good idea. More details on the nature of the malware is included in the original post.
Its been a big year full of extremely dangerous vulnerabilities that have plagued our devices throughout 2019. This summary highlights the biggest and baddest flaws and exploits that 2019 has given us. One of the first big vulnerabilities that had users all over the world worried was the secret surveillance flaw in Apple’s FaceTime app. From this, to the major string of WinRar exploits to the iMessage bugs. This end-of-year summary includes everything you need to know about the scariest hacks and vulnerabilities of 2019; details of each individual bug is included in the original post.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #65 – 1st November 2019
Ironshare – Security Simplified