Cyber Round-up for 2nd April
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The Department for Digital, Culture, Media & Sport (DCMS) have released their annual Cyber Security Breaches Survey for 2021. This sixth survey in the annual series continues to show that cyber security breaches are a serious threat to all types of businesses and charities. Among those identifying breaches or attacks, their frequency is undiminished, and phishing remains the most common threat vector. The survey included around 1,419 UK businesses, 487 UK registered charities and 378 education institutions between October 2020 and January 2021.
Cyber insurance company, CNA Hardy, has announced that they have suffered a “sophisticated cybersecurity attack” that has had a big impact on their operations. The data of more than 15,000 company devices was encrypted by the ransomware, which was identified as Phoenix CryptoLocker. The firm has keeping info fairly close to their chest and have not released any further details yet.
The biggest multi-academy school trust in London, the Harris Federation, has been hit by a ransomware attack and the incident has been recorded as “the largest ransomware attack against a UK educational organisation known to date”. This trust runs 48 schools, providing education for more than 36,000 children a year. It is currently not known how badly the attack impacted the Harris Federation, but the NCA and NCSC are currently investigating the breach.
Fashion retailer, FatFace, suffered a ransomware attack in January that cripple their systems. The Conti gang were behind the attack, and initially demanded a ransom of $8M; however, after negotiations they were successfully talked down to $2M, which FatFace decided to pay. Following these negotiations, Conti advised FatFace to begin phishing education for their employees, as well as implementing email filtering and regular penetration testing, to ensure that they do not suffer another attack. The incident has since been resolved and all systems are now operational.
Malware is usually spread on Android devices through fake copycat apps; however, this new campaign sees a powerful spyware disguise itself as a System Update application. Once installed, the spyware connects the device to a Firebase command-and-control server to steal data such as call logs, SMS messages, GPS/network locations and photos. The sophisticated malware is also capable of recording microphone audio and taking a picture using the camera. Please note that this System Update application is not available through the official Google Play Store; to ensure your device is not compromised, avoid installing apps from third-party app stores.
Cyber-security companies have seen a recent rise in extortionware, a new trend in which an attacker embarrasses their victim into paying a ransom. This first came into light when an IT Director’s secret porn collection was discovered, and hackers named him in a public blog post exposing his computer’s file library. The blog was taken down shortly after being published, which suggests that the director has paid the ransom. The company has so far ignored all contact attempts.
Vulnerabilities & Updates
A new flaw that exists in WebKit allows an attacker to craft malicious web content which can lead to universal cross site scripting. Apple believes that this flaw is already being exploited in the wild and have patched it in their latest updates. We recommend updating as soon possible.
This patch is available for: iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and the 7th generation of iPod touch.
And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #135 – 2nd April 2021
Why not follow us on social media:
Ironshare – Security Simplified