Welcome to Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
Computer Fraud back on the Rise
Computer fraud through Social Engineering techniques has been around for quite some time, but there seems to have been a spike in its use over the past few months. Both home and Small to Medium business users are being targeted by foreign actors, who call up the victim pretending to be from the call centre of legitimate organisations (such as Internet Service Providers (ISP) etc.) with the goal of enticing important or personal information from them.
A common example we have witnessed recently, is where an actor reporting to be from a known UK ISP, tries to convince the victim that their Internet service or associated Wi-Fi network has been compromised by an attacker and is being used for malicious activity. By inciting fear or uncertainty into the victim, they then move to gain their personal information. In some cases, they also promise to the help the victim recover from the compromise requesting information that will allow access to their network or equipment.
These social engineering techniques are the first steps for the actors which can then result in computer network compromise, computer fraud and identity theft.
Please always be vigilant with telephone calls such as these, genuine companies do not behave this way. If someone calls you and says that there is something wrong with your computer, or you can not confirm they are who they say they are, end the call straight away. If in doubt just Hang Up!
If you think you have been a victim of fraud, the UK Police force have established the Action Fraud website that provides an easy online method to report any instances of fraud and cyber crime.
Microsoft Security updates & the Death of the Password
This week the Microsoft Ignite conference was the platform for a number of security announcements in their product lines, with the headline being the Password free access to a whole bunch of MS applications.
A number of security updates were announced which included; the introduction of Microsoft Threat Protection, a new end to end detection and protection solution; significant updates to Microsoft Secure score, which includes further integration with cloud products such as Azure AD and Intune MDM; enhanced features and controls for Intune MDM; enhancements to the MS Compliance Manager; and of course, the ability to access MS services without a password.
Microsoft’s goal to remove the use of passwords has been ongoing for a while now, and this announcement now shows that they have made significant steps to making this a reality.
Poorly configured passwords that can be easily exposed are one of the prime causes of system compromise and data loss today, so something does need to change. Microsoft’s answer to this, at least initially, is to allow users of their services to abolish the use of passwords, replacing them with the use of the Microsoft Authenticator mobile application.
Windows 10 and Office 365 users will now have the option to switch to using Authenticator to login to their devices and services. Once this is enabled the user will enter their username and a notification will be sent to the Authenticator app on their iOS or Android phone, which will then need to be approved before access is granted. Approval is achieved through the mobile phones built-in authentication methods of facial recognition, fingerprint ID or PIN number.
Microsoft’s VP for Security states in his blog: “Using a multi-factor sign-in method, you can reduce compromise by 99.9 percent, and you can make the user experience simpler by eliminating passwords. No company lets enterprises eliminate more passwords than Microsoft. Today, we are declaring an end to the era of passwords.”
Although this is positive step forward, with the general take up of multifactor authentication and these authenticator apps still being very low, if and how quick this new password free method will be adopted remains to be seen. Is this the start for the death of the password, only time will tell.
VPNFilter Round 3
Talos, the fighting force of threat intelligence behind all Cisco security products, have issued their latest update on the in-depth investigation into the VPNFilter malware that has targeted in excess of 500,000 network devices throughout this year.
VPNFilter is a modular piece of malware that has multiple stages to its infection and capabilities, that has resulted in the compromise of network hardware around the globe. The malware has predominantly targeted small office home office equipment by manufacturers such as MicroTik, Netgear, Linksys and TP-Link. The biggest concern with VPNFilter is its stage 2 destructive capability that can erase the devices firmware and render it unusable.
Talos in conjunction with other members of the Cyber Threat Alliance have been monitoring and investigating the activities and impact of the malware since early this year. They have released two previous posts, one in May that breaks down the initial analysis and the second in June that provided further updates on this threat.
This third-round post provides an update on the multistage aspects of the malware, which has uncovered an additional seven modules that greatly expands its malicious capabilities.
These newly discovered modules include a Denial of service utility, HTTP inspection, network mapping function, network traffic forwarding and a reverse TCP VPN, that provides all the tools the actors need for complete network compromise.
This post is a very technical breakdown of the malware so is not for everyone.
If you suspect you have an infected device it is recommended that you perform a factory reset, upgrade to the latest firmware and then reboot the device in order to remove this malware.
Kernel bug hits multiple Linux distros
Researchers at Qualys have discovered a new Kernel bug dubbed ‘Mutagen Astronomy’ that impacts 64-bit Kernel versions between 2007 and July 2017 in the Red Hat, Debian and CentOs Linux distributions.
This vulnerability marked as CVE-2018-14634 has a CVSS Score of 7.8 and is classified as Important. Through direct access to the server an actor can exploit a buffer overflow flaw that results in a local privilege escalation.
Qualys reported that proof of concept exploits are available for this vulnerability so it is advised that updates are carried out quickly. Recommendations to mitigate or workaround this issue can be found at the links below:
That’s it for this edition but please tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailList
You can also follow us using the social media links provided.
If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReview
Ironshare – Security Simplified
Edition #10 – 28th September 2018