Cyber Round-up for 22nd May
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
This week, telecommunications firm Verizon released their annual data breach report. This report discusses all their discoveries, including analysis of around 32,000 security incidents and approximately 4,000 breaches. From this data, the firm found that 43% of breaches targeted web applications; this is double what was seen last year. Web applications are one of the easiest ways for an attacker to gain access to a target machine, with 90% of submitted vulnerabilities corresponding to them. If you want to learn more about Verizon’s findings, the full report can be found here.
The UK’s Information Commissioner’s Office are currently investigating a recent data breach affecting 9 million EasyJet customers. According to reports, this attack was ‘highly sophisticated’, and stole the email addresses and travel details of those affected. In addition, 2,208 of these victims also had their payment card details accessed. EasyJet discovered this breach in January, and before now, only those who had their card details stolen were notified. With the investigation fully underway, the firm announced that all affected customers would be informed by 26th May.
The pandemic has brought along a new need for an increase in surveillance technology. An example of one of the advances being made is an autonomous laser that observes crowds of people and assesses them based on risk. These risk factors include social distancing compliance, not wearing a mask and temperature detection. These new technological advances always come during times of crisis; for example, in 2018 there was an increase in gun violence in the US, which gave way to a new gun detection system.
A Nigerian crime ring has been actively committing large-scale fraud against unemployment insurance programs across multiple US states. The well-organised criminals have been more present recently, taking advantage of the COVID-19 pandemic to exploit vulnerable organisations. Unemployment claims have been filed using the social security numbers and personal information of identity theft victims; this indicates that the crime ring is in possession of a database containing personally identifiable information (PII). These attacks have primarily targeted Washington, but have also been seen in North Carolina, Oklahoma, and a few others. More details on this scheme can be found in the post by KrebsOnSecurity.
The FBI have issued a public warning regarding a new ransomware strain that has been deployed on many healthcare organisation’s systems; the malware gets manually installed onto the system after it has been infected by the Qakbot trojan. Reports from the FBI suggest that the decryption tool may not work unless it is modified, even after paying the ransom. This is similar to the Ryuk ransomware which had a similar bug. This malware emerged in March 2020 and has seen a lot of activity since then; it is not expected to slow down any time soon.
TLS Security Protocols were designed to keep you safe and ensure that the data you send and receive preserves its integrity. When these protocols become outdated, you are not only unprotected, but also expose your systems to the unpatched vulnerabilities present within them. TLS 1.0 and 1.1 are now outdated, meaning they no longer receive updates and fixes; upgrading to 1.2 or 1.3 is essential. However, this is not something that can be done quickly, so we recommend looking into this to make sure you are doing it properly.
Vulnerabilities & Updates
Microsoft has released a security advisory addressing a flaw in the Windows DNS Server. This vulnerability allows an attacker to launch a Denial-Of-Service attack. The official report shows details of the nature of the DoS, including recommendations for how to deal with it. We strongly advise applying this patch as soon as possible, as well as looking at this blog for more advice.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #92 – 22nd May 2020
Why not follow us on social media:
Ironshare – Security Simplified