Cyber Round-up for 23rd October
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Protecting the healthcare industry from cyberattacks is more important than ever, and the biggest threat to them is people, with research showing that more than 90% of advanced cyberattacks start with phishing emails. Since employees are the biggest risk to the industry, security awareness training is essential; by educating your users on phishing attacks and scams, they are much less likely to interact with an email that leads to an attack. Training alone though is not enough, an email security gateway should be used to detect suspicious links and attachments, this could eliminate the possibility of human interaction which is ideal for uneducated users. More details on how the healthcare industry can protect against cyberattacks can be found here.
British Airways suffered a data breach in 2018 which saw the payment card information of 400,000 users stolen. Investigations found that the company had been storing credit card details with no encryption since 2015, and as a result they have been charged with the largest fine ever issued by the UK’s Information Commissioner’s Office (ICO). The £20 million fine comes as a result of numerous other security mistakes that were discovered in the aftermath of the breach, including “a failure to enforce the use of multi-factor authentication” and “a failure to prevent the exploitation of a Citrix vulnerability”. Although this was the largest fine ever handed out, it is nothing compared to the £183 million they were originally facing; however, the sum was reduced significantly due to the impact of COVID-19.
Sandbox Interactive, the developers of fantasy video game Albion Online, have announced to their player base that they have suffered a data breach. The hackers managed to gain access to parts of the forum’s user database, which contained usernames and salted / hashed passwords. All players have been advised to change their passwords immediately as the stolen database has been listed for sale. The vulnerability that was exploited to access the database has reportedly been patched, and Sandbox have confirmed that “a full security review” is under way.
Check Point Research have released their Q3 Brand Phishing Report, which shows that Microsoft makes up for 19% of all brand phishing attempts this year. The report shows that technology, banking, and social networks were the biggest sectors targeted; it is no surprise that technology tops the list with the rising popularity of remote workers this year. If you are unaware of phishing threats, or wish to know more, you can find a list of the most popular brands here; this also features examples of phishing emails from different companies.
Security researchers have discovered two new phishing operations; one targets Facebook messenger account holders, and the other aims to steal credentials of business services like Office 365. The business focused campaign has reportedly reached “tens of thousands of inboxes”, and has been seen spoofing applications such as Office, Microsoft Teams and Zoom. It appears that clicking the link in the email sends the user to a phishing kit disguised as a log in page; to avoid being blocked in a corporate environment, the attackers use redirects from benign domains (global brands such as Sony.com). Reports suggest that the links can “bypass native security controls offered by victims’ email providers”.
Vulnerabilities & Updates
Adobe has released their latest batch of security updates, which address 20 total vulnerabilities affecting Windows and macOS, 18 of which are considered critical. There are patches available for Adobe Creative Cloud Desktop Application, Adobe InDesign, Adobe Media Encoder, Adobe Premiere Pro, Adobe Photoshop, Adobe After Effects, Adobe Animate, Adobe Dreamweaver, Adobe Illustrator, and Marketo. The critical flaws could allow an attacker to execute arbitrary code on vulnerable systems; we recommend applying the latest updates as soon as possible to protect against these kinds of attacks. A full list of the addressed vulnerabilities can be found here.
WordPress’ security team has taken action against a newly discovered SQL injection flaw that affects the Loginizer plugin. The team immediately patched this bug and considered it serious enough to force a security update for all sites running the plugin. Forcing updates is rare for the WordPress team, and the public isn’t happy about it; however, many security experts believe it was entirely necessary due to the severity of the vulnerability. Loginizer is a very popular plugin, with more than one million installs; this is likely one of the reasons why patching it was such a priority.
And that is it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #114 – 23rd October 2020
Why not follow us on social media:
Ironshare – Security Simplified