Cyber Round-up for 27th May
Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
An Indian airline recently reported that an attempted ransomware attack halted all flights, leaving many passengers unable to travel home. The airline, SpiceJet, confirmed that many flights were delayed or cancelled as a result of the attack on their infrastructure; however, a recent statement claims that the situation has been contained and the airline is now “operating normally”. There seems to still be a few minor delays for some flights, but the attack does not seem to have had a major impact on business operations.
The 2022 edition of Verizon’s Data Breach Investigations Report featured an assessment of around 24,000 security incidents, including more than 5,000 data breaches. The numbers from this report reveal that ransomware attacks have risen in popularity over the last twelve months, with an increase of 13% compared to 2021.
This report covers a lot more than just ransomware statistics. You can find details on the rest of the report here.
The major automobile manufacturer, General Motors, recently revealed that they had suffered a cyber attack that exposed the personal information of their customers. The incident occurred last month and was identified as a credential-stuffing attack, in which the attacker used username and password combinations discovered in a previous breach. Be aware that General Motors have not suffered a direct breach; credential-stuffing attacks are made possible by users reusing their passwords for multiple unrelated services.
We strongly advise the use of password managers to help keep track of your passwords and avoid reuse. Incidents like this can be completely avoided through good password practice; for guidance and information on best practices, please consult our helpful infographics found here.
More than 142 million customer records were recently stolen from MGM Resorts and were dumped on instant-messaging service Telegram. The files contained around 8.7GB of data, including details of celebrities such as Jack Dorsey and Justin Bieber. It appears that the stolen data contained full names, postal addresses, unique email address and phone numbers, and dates of birth; while no payment details or passwords were stolen, the data could be used for identity theft.
Unit 42, a division of Palo Alto Networks, has been working in collaboration with INTERPOL in an attempt to stop a Nigerian scammer. Since 2015 a scammer going by the name of SilverTerrier has been conducting business email compromises to gather money or assets for their own gain. In May 2021 an operation began to capture this scammer however, they fled Nigeria in 2021 outside the reach of INTERPOL. In March 2022 the scammer returned to Nigeria and was arrested. Email compromises are a rising threat to businesses and should take appropriate actions to secure themselves from such attacks.
A botnet malware called XorDdos has seen a 254% increase in activity over the last 6 months according to Microsoft’s latest research. XorDdos affects devices running Linux distributions and has recently been targeting Docker servers with exposed ports. XorDdos has been used to deploy the Tsunami trojan which then installs XMRig coin miner. The recent rise of XorDdos has led it to be the most prevalent malware targeting Linux systems in 2021, accounting for 22% of all IoT malware observed in the wild.
Vulnerabilities & Updates
Researchers recently discovered a remote code execution flaw in the popular video-conferencing service, Zoom. The vulnerability, affecting Windows, macOS, iOS and Android, is being tracked as CVE-2022-22787 and is said that “User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat using the XMPP protocol”. This would allow a hacker to send a specially crafted package to another user to force their client to connect to a malicious server allowing the hacker to send spoofed messages. Please update Zoom ASAP to prevent potential user and business impact.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #191 – 27th May 2022
Why not follow us on social media:
Ironshare – Security Simplified