Cyber Round-up for 21st August
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
This is the second in a series of posts that will aim to provide some initial guidance on the fundamentals of cyber security. Here we focus on the topic of Email Anti-spoofing.
Japanese business technology giant, Konica Minolta, was hit by a new ransomware attack that disrupted their operations for a week. The incident started with a series of outages, with customers reporting that their product supply and support site was down; this persisted for almost a week until the company informed users of a breach. Shortly after, the ransom note was revealed, which was found to be linked to a new strain of ransomware called RansomEXX. This same malware was also seen in the attack on the Texas Department of Transportation. The article does not state if the ransom was paid, we only know that their services are now available once again.
Elon Musk recently issued a statement addressing the lack of two-factor authentication on the Tesla mobile app. He has apologised for being ‘embarrassingly late’ and stated that it is currently going through its final validation stage right now. Musk also confirmed that 2FA will be available through SMS or the Authenticator app and is ‘coming soon’. Two-Factor Authentication cannot come soon enough for such a high-profile app. The Tesla app allows drivers to use their phones as a car key, meaning if your device was compromised, your vehicle would be too. Tesla are a bit late to the party when it comes to 2FA and the sooner it is implemented the better.
The world’s largest cruise ship operator, Carnival Corporation, announced the news of a ransomware attack this week. They reported that a portion of their IT systems were encrypted, and the attackers downloaded files from their network. The company have been working closely with law enforcement to investigate the breach and have discovered that the attackers accessed the personal data of guests and employees. No information has been shared regarding the nature of the ransomware, and it is unknown if they paid the ransom. However, they did say that they do not believe the incident will impact future operations.
Earlier this month, SANS revealed that they had suffered a data breach as a result of a phishing campaign. The email scam prompted the user to install a malicious add-in for Office365 which created a forwarding rule. Confidential information was being forwarded to an unknown third-party for an extended period of time until it was discovered and stopped. The company have since released a list of indicators of compromise relating to the recent incident. If you wish to learn more about these, they can be found here.
The South African branch of credit agency Experian has revealed that they were recently affected by a large data breach. The company stated that this happened when they delivered personal details of their customers to a fraudster disguised as a client. Experian have not commented on the exact number of customers that were affected but reports from the South African Banking Risk Centre suggest that around 24 million users were impacted, as well as just under 800,000 local businesses. They have since been working with local law enforcement and have managed to find the attacker responsible for the incident. There has been no confirmation as to what data was stolen, but it is believed that no financial information was involved.
A new fileless botnet has emerged called FritzFrog, and it has hit more than 500 servers already. This malware has only been around since January and is already hard at work infecting a number of well-established universities in both the US and Europe. A report from Guardicore states that ‘in this network with no single point-of failure, peers constantly communicate with each other to keep the network alive, resilient and up-to-date’. This botnet seems to target SSH Servers in particular; if you wish to learn more about the nature of this malware, details can be found in this article.
Vulnerabilities & Updates
Microsoft was forced to release an emergency patch to address two privilege escalation flaws that have been found in the Windows Remote Access service. These vulnerabilities are affecting all supported versions of Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2. CVEs for these flaws can be found in this article, as well as more details regarding the nature of the bugs. As always, we recommend applying this patch as soon as possible to reinforce the safety of your devices.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #105 – 21st August 2020
Why not follow us on social media:
Ironshare – Security Simplified