Cyber Round-up for 1st October
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Payment service provider, Giant Umbrella, were forced to delay salary payments following a suspected data breach. The firm announced last Friday that all operations had been suspended after detecting “suspicious activity” on their network. Giant have confirmed they are doing everything they can to minimise disruption to their payroll schedule and were already able to process “8,000 of the outstanding wage payments”. Operations have not been fully restored yet and some contractors are still reporting delays in their payment.
Traditional cyber attacks are no longer as popular as they once were, with the large majority of compromises stemming from people-focused attacks. Reports from 2020 showed a 300% increase in ransomware attacks, with email as the “primary point of entry”. Phishing and email scams have proven so successful that there are few attacks that don’t start with this. Business Email Compromise has also become increasingly popular with victims losing around $2bn in the last year. As if this was not enough, the rising popularity of Steganography has also been difficult; more than one in three targets of Steganography attacks last year reportedly clicked on a malicious payload. This click rate exceeds anything ever seen before and proves that people need to become more aware of security; with people being the primary target, a strong security culture is more important than ever.
The official Premier League fantasy football platform are currently investigating an incident in which several accounts were compromised and deleted. During their investigation it was confirmed that there was “no breach of their servers” and they have reinstated all affected user accounts. All users are encouraged to practice proper password management and ensure that their accounts and passwords are secure. This was the statement emailed to the users:
Cyber Experts believe that the market for “stolen gamer data” is rising rapidly and is currently in high demand on underground markets. This has led to the introduction of BloodyStealer, a trojan designed to capture cookies, passwords, payment card information saved in browsers and app sessions. All gamers are advised to personally review their account settings and take time to enable two-factor authentication and ensure their accounts are secure.
Vulnerabilities & Updates
QNAP, maker of network-attached storage devices (NAS), have recently released a patch addressing two critical vulnerabilities in their QVR video management system. Exploitation of these flaws could allow an attacker to execute arbitrary code on the victim’s system; both of these were given a severity score of 9.8 out of 10 with a third vulnerability being given a score of 7.2. We advise all QNAP customers to update their systems as soon as possible.
More details on these bugs can be found here.
Researchers have discovered a flaw in Azure Active Directory that allows an attack to brute-force the username and password without detection. Because of this flaw, the failed login attempts are not logged on the server and the attacker can try as many credentials as they want without alerting server admins. Currently, there are no workarounds for this flaw and a fix is not yet available, but details on the nature of the exploit can be found here.
A newly discovered flaw in Apple’s contactless payment feature could allow an attacker to make “large unauthorised contactless payments”, even if the device is locked. Researchers proved the existence of this flaw with a payment of £1000 using a locked iPhone. This flaw only affects devices set up with Visa cards using “Express Transit” mode. The hack involves a piece of radio equipment that tricks the target device into thinking it is dealing with a ticket barrier; this enables the Express Transit feature and allows large transactions to be made at any payment terminal. Of course, for this to work, the victim’s device will need to be stolen and Visa believe the attack is “impractical”; however, we believe this is still a risk.
There is currently no fix, but we advise Apple Pay users who have lost their devices to block Apple Pay or wipe their device via iCloud.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #160 – 1st October 2021
Why not follow us on social media:
Ironshare – Security Simplified