Cyber Round-up for 3rd April
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Marriott Hotel Group is unfortunately in the news again for yet another breach of customer information. This latest security incident impacts their franchise chain, where the credentials of two employees were used to access the information of 5.2 million customers, between mid-January and the end of February 2020.
Although investigations are still ongoing, they believe that personal information such as contact details (name, address, phone number), loyalty account information, company, gender, and birthday has been exposed. At this time passwords and credit card information has not been accessed. The official Marriot News Center notice can be found here.
Marriott’s Starwood chain of Hotels became a major headline in November 2018 when they disclosed that half a billion customers had been impacted by a data breach, that lasted 4 years.
In the light of a significant increase in global fraud relating to the COVID-19 pandemic, the Dutch police have taken 10 online shops offline in a move to prevent internet fraud connected with coronavirus.
As the pandemic continues this type of fraud will undoubtably increase over the coming weeks and months, as the bad guys look to profit from the misfortune of others. Some of the 10 fraudulent shops had hijacked the names of well-known shops while others were completely fake.
A US hospitality provider has recently been the target of an incredibly rare BadUSB attack. The attack involves using snail mail (the regular postal service) to send a company an envelope containing a malicious USB thumb drive.
The company also received a fake BestBuy gift card and was told to plug the USB thumb drive into a computer to access a list of items the gift card could be used for. The USB drive was laced with malware and once plugged in, started infecting the machine as well as stealing both personal and financial information. The moral here is you should never use a USB drive unless you know it’s from a trusted source.
In recent years, the modular banking trojan known as Trickbot has evolved to become one of the most advanced trojans in the wild. Trickbot was originally designed to steal sensitive information from a compromised host, but over the years, it has not only expanded that functionality, but also added new features such as the ability to be used as a dropper for other malware.
In this post by Cisco’s Talos Intelligence Threat Research team, they outline the continued evolution of Trickbot, as well as how you can defend against this threat.
In 2019, Business Email Compromise (BEC) maintained its rankings as both the most profitable and the most prominent threat. As of September 2019, loss to BEC attacks eclipsed US$26 billion globally.
In this report, Palo Alto’s Unit 42 research team identify the trends associated with SilverTerrier BEC attacks, highlighting their findings, the first Nigerian commodity tool developer, and providing an overview of actions Palo Alto Networks is undertaking internally and externally to address this threat.
Vulnerabilities & Updates
To improve security for data in transit, AWS will be updating all of their Federal Information Processing Standard (FIPS) endpoints to a minimum Transport Layer Security (TLS) version TLS 1.2 over the next year.
This update will remove the ability to use TLS 1.0 and TLS 1.1 on all FIPS endpoints across all AWS Regions by March 31, 2021. If you are currently using FIPS services in AWS please check out this post to see how you may be impacted, and what you need to do to prepare for the change.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #85 – 3rd April 2020
Why not follow us on social media:
Ironshare – Security Simplified