Cyber Round-up for 23rd August
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Every day, attackers attempt 300 million fraudulent sign-ins. This number is constantly increasing, meaning the need for cyber security is going up with it. Despite this, there is one simple action you can take to drastically improve your account security and keep your information secure. We all know that no matter how much you try to enforce good password practice; people always use the simplest passwords. MFA is the solution to this. Multi Factor Authentication applies an added layer of security to your accounts and asks for a randomly generated code from an app on your smartphone; this means that even if your password is cracked, an attacker would also need your phone to access the account. MFA is easier to use and implement than you think, so get securing your accounts today.
On August 16, a coordinated ransomware attack was launched against 23 local government organisations in Texas. Officials have confirmed that no state networks were affected by the attack and they have not yet disclosed if the agencies have paid the ransom. The Texas Department of Information Resources revealed that the ransomware came from a single source and they are still investigating the origin of this attack. This is the biggest coordinated ransomware attack we have seen to date that targets multiple local governments; however, it is not the first. Ransomware has been particularly prominent this year, and this is just another example of the threat affecting all types of organisations. Check out our Blog covering the dangers of ransomware and how to recover.
Earlier this year, Google released a new Chrome extension called Password Checkup, which was designed to tell users if their credentials had been leaked from website databases. Security researchers have analysed the results of the extension and revealed that out of 21 million accounts, 1.5% of logins were performed using compromised credentials. The researchers monitored these results for a 28-day period, during which over 300,000 users logged in using leaked usernames and passwords; worryingly 26% of these users ignored the warnings issued by the extension. It is believed that users are not acting because they either don’t believe the risk, don’t have control of their account or because they are unsure how to reset their password. If you receive a warning regarding leaked credentials, we recommend resetting your password; never assume you’re accounts are safe.
Apple has accidentally reverted patches for a recent vulnerability. The latest version of iOS, 12.4, has reintroduced a flaw that makes jailbreaking up to date iPhones much easier. We have not seen a public jailbreak scheme on iPhones for years, but this recent mistake from apple has caught people’s attention. The dangerous part is that if a device is vulnerable to jailbreaking, it can be hacked just as easily. The jailbreak code has not been publicly released to avoid Apple patching it; reports have shown exploited devices selling for millions of dollars. Until this is patched again in the next update, we recommend caution when downloading apps, as the likeliness of them being malicious is much higher than usual.
Fortnite’s huge global player base makes it the perfect target for attackers. A recent ransomware campaign, known as Syrk, has been affecting users everywhere. This ransomware attack was built using tools available on the internet and works by disguising itself as an aimbot cheat for the game. Players who download the hack will have their files encrypted until payment is made. It was revealed that Syrk is the popular ransomware Hidden-Cry. Hidden-Cry is known for how quickly it deletes files after encrypting them, and how simply they are deleted. Victims can possibly recover their deleted files by following the instructions in the original post. We recommend avoiding all cheats available online, to minimise the risk of being victim to these attacks.
Vulnerabilities & Updates
A backdoor was intentionally placed in Webmin, a Unix administration tool. The backdoor allowed anyone who knew about it to completely take over the target device and execute commands as root. The backdoored version of Webmin was available on the official site for over a year, before being publicly disclosed during the DEF CON 2019 security conference. Affected versions include version 1.890, 1.900 and 1.920. Although 1.890 was the primary version affected by this vulnerability, the other two were found with almost identical backdoor code. The vulnerabilities were addressed in Webmin v1.930 and Usermin v1.780. If you are using Webmin its time to review and update.
Bitdefender researchers have recently discovered a worm-cryptominer that uses a supply chain attack and is delivered via a Potentially Unwanted Application known as DriveTheLife. The attack works by moving laterally and using a variety of unpatched vulnerabilities and advanced tools to compromise victims. The interesting thing about this cryptominer is that it pauses itself if it detects a game running in order to avoid detection. Detailed analysis is included in the original post, including how the attack works and a list of indicators of compromise.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #55 – 23rd Aug 2019