Cyber Round-up for 24th July
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
CV19, also known as Cyber Volunteers, are working to ‘protect the people who protect our health’. The Covid-19 pandemic hit many companies hard, even their IT systems. Since the outbreak, many hacker groups began targeting healthcare organisations that were vulnerable, specifically hospitals. What started out as cyber security has now grown to include physical security, due to the ongoing theft of healthcare worker’s ID badges and Personal Protective Equipment (PPE). In response to this, CV19 have published a new awareness campaign to ensure key workers are keeping their sensitive possessions safe. They also ran a social engineering assessment, during which the volunteers were able to steal identity badges and gain access to computer systems. If you would like to see their latest awareness campaign or learn more about their work, please visit the CV19 site here.
The United States Department of Justice has taken action against two Chinese hackers who have committed cyber crimes in 11 different countries and targeted hundreds of organisations and government agencies over the last decade. Some of their most recent work was targeting the companies responsible for COVID-19 vaccine development. They have been actively exploiting vulnerabilities in government systems as well, including those containing weapon designs and personally identifiable information. Like certain other nations, China have developed a reputation for their state-sponsored hackers and protection of cyber criminals.
The University of York has launch an investigation after their customer relationship management system provider, Blackbaud, was hit by ransomware back in May. Reports suggest that the data stolen included names, date of birth, student numbers, addresses and contact details; in order to keep the student data safe, Blackbaud paid the ransom and recovered their data. It was confirmed that no payment card information or passwords were stolen, and steps are being taken towards making their systems more secure. Despite this, many are still concerned about trusting that the criminals deleted their stolen data; Unsurprisingly Blackbaud has since stated that keeping their customer’s data secure is a top priority.
The most active botnet of 2019 has returned after going offline back in February of 2020. No activity had been seen since the 7th Feb until this week, when users were reporting a flurry of spam emails containing the new Emotet malware payload. Reports have said that the emails contain either a Word doc attachment, or a URL to download a Word doc; these documents are designed to download and install Emotet if content is enabled by the user. Around 250,000 messages have been seen so far today, and the campaign has only just begun. As always, stay safe and keep your eye out for potential threats. Don’t click anything unless you know it is safe to do so. Our first indication of the return was from Microsoft’s @MsftSecIntel twitter feed, when they warned of the new campaign; read details on the initial warning here.
A new phishing scam has emerged in the UK, which utilises a fake Facebook page, SMS, and email to bait consumers into disclosing sensitive information. The hackers were requesting payment card data from their victims in exchange for a HD TV. The scam has been prominent on Facebook, stating that:
“We have around 500 TVs in our warehouse that are about to be binned as they have slight damage and can’t be sold. However, all of them are in fully working condition, we thought instead of binning them we’d give them away free to 500 people who have shared and commented on this post by July 18.”
At least 100 consumers have fallen for the scam, according to reports as always, we advise you to be cautious when it comes these kinds of scams. Do not give out your details unless you are 100% sure it is safe. If it seems too good to be true its most probably a scam.
Microsoft are currently being sued for violating data privacy policies. Recent reports revealed that they have been sharing customer business data from Office 365 with Facebook’s app developers and partners. Microsoft has regularly said that data will only be shared when necessary, but recent events suggest that they have been sharing with Facebook, even when the customer and their contacts are not Facebook users. After the recent Cambridge Analytica outrage, it is understandable why so many have been uneasy about this breach of trust. A Microsoft spokesperson has addressed the allegations claiming they are false; time will tell.
Vulnerabilities & Updates
Adobe was forced to release an emergency fix for a new batch of critical vulnerabilities that exist in Photoshop, Bridge and Prelude. All the addressed flaws are capable of leading to remote code execution if exploited, which is why they have been prioritised so heavily. We advise updating as soon as possible, and if you are looking for a list of affected versions please see the following article here.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #101 – 24th July 2020
Why not follow us on social media:
Ironshare – Security Simplified