Cyber Round-up for 25th October
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security. Following the theme of cyber awareness month, we have included a section on cyber security education!
In this week’s round-up:
Cyber Security Month
It is a lot easier than you may think to give away sensitive information unwillingly, and this post proves it. There are multiple surveys and interviews included here that show how easy it can be for your passwords to be stolen; a large number of people use personal information such as birthdays and names for their passwords, and in this post you can see how easily an interviewer can figure out passwords. Many people do not understand the importance of account security and leave themselves vulnerable to attacks by simply answering personal questions.
This is another post in John Opdenakker’s Cyber Security Month series which includes more great advice on how to stay safe online.
The National Cyber Security Centre has reported on their efforts to prevent payment card fraud, and in the last year, more than 1 million suspected cases of fraud have been prevented. Over 1,800 cyber-attacks targeting UK citizens and businesses have been thwarted in the first three years of the campaign. A recent report speaking about NCSC’s efforts to protect the public included details on the fraud prevention plan, as well as their attempts to speed up threat awareness and combat malicious phishing sites. Since being set up in 2016, the NCSC has made huge improvements to the UK’s cyber-security strategy and have even uncovered a Russian group that had gained access to an Iranian cyber-gang to launch attacks against UK universities.
Popular VPN provider, NordVPN has responded to suspicions of a breach, and have announced that they were in fact hacked. They have disclosed that an expired internal private key had been exposed, which could potentially allow an attacker to spin out their own servers imitating NordVPN. Despite reports that the provider does not collect or share private data, many are still worried about the hackers having acquired access to sensitive user data. To gain access to the server, the attackers exploited a vulnerable remote management system, which the company was supposedly unaware of. Many are worried about this breach, considering the provider’s promise to ‘protect your privacy online’ and it is believed that various other VPN providers were also hit around the same time.
A new Microsoft phishing campaign has been discovered that appears to primarily target Office365 users. This campaign has proven troublesome due to its complex nature; it appears to target specific users regarding important work-related documents that leads to the compromise of the users accounts. Upon opening the document, the victim is redirected to what looks like a legitimate OneDrive portal where they will be prompted to input their login credentials. There are a few obvious features of the login page that can easily be recognized as fake, such as the web address; however, unless you are looking out for these abnormalities, it is easy to fall for the scam. More details on the nature of this campaign are included in the original post.
A massive data leak of over 2 terabytes of sensitive information has been discovered in the money-saving websites PouringPounds.com and CashKaro.com. The breach includes the bank details, email addresses, plain text passwords, usernames and IP addresses of over 3.5 million people who use the sites. The incident was found by a group of researchers, who found the publicly exposed database on an elastic server that was not password protected. Upon discovering the breach, the researchers contacted PouringPounds informing them, but did not receive a response until over two weeks later. At this point, the database had been exposed for six weeks; this raises the issue that many companies do not respond to breaches as fast as they should, and often allow the situation to escalate before taking action.
Vulnerabilities & Updates
A recently discovered vulnerability in Microsoft SQL Server could potentially allow a remote attacker to take control of a compromised system without the owner knowing. The backdoor, named Skip-2.0, only works after a device has already compromised, as it is a post-exploitation tool; in addition the malware can disable the machine’s logging capabilities and auditing functions to avoid detection, this happens every time the ‘magic password’ is used to connect to any account on the server. All of this allows the attacker to change or delete any content stored on the server without being detected; this exploit has been recognized as the work of Winnti Group, as it uses a variety of their known tools.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #64 – 25th October 2019
Ironshare – Security Simplified