Cyber Round-up for 1st October
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
2020 has seen the majority of companies shut down their offices, forcing their employees to work remotely as a result of the pandemic. While remote working has allowed businesses to continue operations it has introduced a whole new list of security issues with it; instant messaging and video conferencing applications have also become a necessity with the lack of face-to-face meetings. The rapid introduction of these technologies meant IT departments have had their hands full. 55% of businesses are now claiming that remote working has left them significantly more vulnerable to cyberattack, with very few focusing on security improvements; this number goes up to 70% when addressing large scale companies with more than 5,000 employees. With the increase in COVID related threats, now is the time to bolster your organisations security.
Facebook recently announced that they are offering grants for businesses affecting by coronavirus; as you can expect, this caught the attention of cyber criminals who immediately began creating phishing schemes. Some attackers adapted their ideas slightly to convince users that everyone was receiving the grant. The bait for this campaign is a fake CNBC article about the grants, with a link to an ‘application’ that requests your personal details. This attempt has a lot of flaws, with numerous errors in grammar, and URLs that are clearly not what they seem. More information on what to look out for in these suspicious phishing attempts can be found here.
Microsoft have revived their previously retired Security Intelligence Reports for 2020. The 88-page report features data from July 2019 to June 2020. The main talking points of the report are cybercrime, ransomware, supply-chain security and nation-state groups, which are touched on in this article. One of the key highlights is the scary realisation that some ransomware attacks are completed in under 45 mins. If you wish to view the report in its entirety, you can find it here, rebranded as the Microsoft Digital Defense Report.
On October 13, 2020, Microsoft Exchange 2010 will reach end of life; this means that this version will no longer receive support or updates. Organisations that are still using Exchange 2010 are highly recommended to upgrade to a supported version as soon as possible, as using end of life technology presents a number of security risks; it is also worth noting that attackers will aim to target those still using this version, as there will be no patches issued for discovered vulnerabilities. This post by Rapid 7 covers the poor state of unsupported Exchange systems in the wild and highlights both the actions to take and considerations for upgrading.
With Windows 7 reaching end-of-life back in January 2020, those still using it are always at risk. Attackers are taking advantage of this with a targeted phishing campaign. The attack involves a malicious email claiming to offer a free Windows 10 upgrade; the link redirects the victim to a fake Outlook login page where their account credentials are stolen. As always, the attacker wants to create a sense of urgency to scare the victim; an interesting way of doing this was shown in this campaign, where the email subject starts with ‘Re:’. This makes the user worried that they have already missed a previous email and urges them to quickly take action. We advise that Windows 7 users be on the lookout for suspicious emails like this and consider upgrading to Windows 10 as soon as possible.
Vulnerabilities & Updates
A flaw that allows an attacker to execute code remotely on Exchange servers was patched 8 months ago, yet more than half of internet exposed servers are still vulnerable. The flaw, that was addressed back in the February Patch Tuesday update, is currently affecting 61% of Exchange 2010, 2013, 2016 and 2019 servers; this is more than 430,000 worldwide. This bug is actively being exploited in the wild, so poses a more severe threat than originally stated. If you have not already, please apply the updates as soon as possible. The original security advisory for this vulnerability can be found here.
The Zerologon vulnerability, which we addressed in last week’s round-up, is now being actively exploited in the wild. This was discovered by Microsoft’s security intelligence team, who claim that the bug is easy to exploit, even for amateur malicious actors. Weaponised proof-of-concept exploit code has been published online; this is free to download, since details of the vulnerability were already disclosed on September 14. More information about the flaw can be found here and, as always, we advise patching as soon as possible.
Finally for this week we just want to leave you with some important advice from the UK’s National Cyber Security Centre. December 2020 will see the end for Adobe’s Flash Player, and once it goes you will not be able to turn it back on.
Enterprises will need to have upgraded their services so that they do not rely on Flash, by the end of 2020.And importantly, to maintain the integrity and security of your systems, you should not disable browser and/or platform updates as a way of continuing to use Adobe Flash Player after 2020.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #111 – 1st October 2020
Why not follow us on social media:
Ironshare – Security Simplified