Cyber Round-up for 24th April
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Cybersecurity firm, Cyble, have recently discovered a database containing the profiles of 267 million Facebook users after they found the records for sale on the dark web. In order to notify users of the breach through their notification service, Cyble purchased the records for a total of £500; after further investigation it was confirmed that no passwords were exposed, however user IDs, phone numbers, usernames and email addresses were included. The company are unsure as to how the information was leaked but believe it could be due to a flaw in the Facebook developer API.
Almost 25,000 email addresses and passwords have been dumped online by unknown activists; it was found that these credentials belonged to workers of the National Institutes of Health, the World Health Organisation, the Gates Foundation and many other groups involved in fighting the coronavirus pandemic. The SITE Intelligence Group were the ones who discovered this incident, who are best known for working hard to combat online extremist and terrorist groups. This leaked has highlighted another example of organisations using very poor password practices.
Cognizant, a well-known IT service provider, suffered a ransomware attack this month at the hands of Maze hacker group, however the group denies responsibility. The company has not yet paid the ransom and information regarding the situation is yet to be disclosed; the attack is currently being treated as a data breach, as the Maze group’s MO includes infiltrating a companies network for many weeks and stealing data prior to launching their ransomware, improving the odds of the ransom being paid . Researchers are currently awaiting development of the incident.
Nintendo Switch owners have recently become a target for hackers, as a new wave of attacks allow them to access accounts and make purchases with linked payment methods. The switch features a digital store which can be linked to PayPal, meaning many users have experienced fraudulent attacks resulting in unwanted payments on their accounts. The best way to counteract these attacks is to enable two-factor authentication, this can be found in your Nintendo account settings and provides an added layer of security to prevent attackers from gaining unauthorised access. Two-Factor Authentication requires you to input a one-time code from a smartphone app as well as your password, meaning an attacker cannot break in without possessing your login details and your smartphone.
Email Scams are one of the biggest threats plaguing all users, which is why the NCSC has launched a new ‘Cyber Aware’ campaign, which offers advice and services to help combat the dangers we all face. One of these features is the Suspicious Email Reporting Service, which allows anyone to forward suspicious emails to the organisation so that they can investigate and act on it. This is another great move by the NCSC in the battle to combat the phishing threat, which more recently includes COVID-19 related scams. To use this new services simply forward any suspicious emails to firstname.lastname@example.org and they will be investigated.
Vulnerabilities & Updates
iPhones very rarely get caught out when it comes to attacks, with the last serious case being in Summer 2016. This week, San Francisco based security firm, ZecOps, reported that some of its customers were hit by two zero-day exploits on iOS devices, both using version 13 of the operating system. Exploits against iPhones are some of the most expensive on the market due to how rare they are. It is believed that this is not the only zero-day for iOS, as in the summer of 2019, there were rumors of an unknown hack. Keep in mind that these attacks are targeted and are not committed on a mass scale; the hack targets the default mail app, so if you’re worried remove it from your device.
A few different models of connected home hubs from Fibaro, Elko and Homematic, have been compromised by vulnerabilities present in older versions of their firmware. These hubs, which connect multiple appliances within your home, have been exploited using Man in the Middle (MiTM), remote code execution and information disclosure attacks. Most of the flaws have been fixed by the vendors so it is vital that users ensure their IoT devices are regularly updated.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #88 – 24th April 2020
Why not follow us on social media:
Ironshare – Security Simplified