Cyber Round-up for 21st February
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Back in March 2019, the FBI announced to Citrix that cybercriminals had gained access to their internal network via password spraying. The company have since released a statement saying that they believe the hackers have access and downloaded business documents, including personal and financial data. They recently announced that the hackers were present in their network for 5 months starting October 2018 but are sure that they are no longer present. The data stolen includes social security numbers, passport numbers, payment card numbers and health insurance identification.
One of the world’s leading providers of facility services, ISS World, was a target of a malware attack this week, which has halted all operations within the organisation. As a precaution, all systems were immediately disabled to isolate the incident. The company is working closely with forensic experts to determine the source of the attack and have confirmed that they have not found any sign of customer data being compromised. ISS have released a public statement warning they are still in the process of dealing with the incident and do not yet know when their IT systems will be fully operational.
A US natural gas facility had to shut down their entire pipeline asset for two days following a sever ransomware attack. The unnamed facility said they were in no way prepared for this kind of attack and it has massively affected operations. It is believed that the attacker gained access to the company’s IT network via a spear-phishing attack; this targeted a single office but resulted in multiple other facilities having to shut down as well. This incident has brought the importance of cybersecurity to the forefront of the company’s mind, and they are now interested in implementing an offline backup process.
Researchers have developed a list of the most impersonated brands that are used in phishing attacks and I’m sure it will come as no surprise to anyone that PayPal tops the list. PayPal phishing has an average of 124 unique URLS every day. Another big name in this area is Microsoft, who ranks third in the list due to the overwhelming amount of file sharing phishing attempts. Others high up the list include Facebook, Netflix and many financial/banking services. We advise taking a look at these rankings; keep it in mind next time you receive an email you think looks suspicious.
The official Twitter of FC Barcelona has been taken over by hackers who have been seen posting false tweets on the account. The group responsible for the takeover is called OurMine and have been in the media spotlight over the last few months for their recent activity involving a number of NFL teams. The intention of OurMine is to highlight the flaws in the club’s security measures in an attempt to improve them; it is believed that they gained access through credential stuffing, which uses usernames and passwords leaked in data breaches to attempt to log in. The suggested response to this incident would be enabling two-factor authentication, which most major social media platforms offer, including Twitter.
Vulnerabilities & Updates
A critical security vulnerability has been discovered that is affecting over 700,000 active WordPress sites. This exists in the GDPR cookie consent plugin and is a cross-site scripting flaw that could lead to potential privilege escalation. This vulnerability reportedly affects all sites using the plugin version 1.8.2 and below; we advise updating your plugins to the latest version in order to stay protected against an attack of this kind.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
Why not follow us on social media using the links provided on the right.
Edition #79 –21st February 2020
Ironshare – Security Simplified