Cyber Round-up

Cyber Round-up for 4th September

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

CISA Release Advisory for Uncovering and Remediating Malicious Activity

CISA have published a joint advisory named ‘Technical Approaches to Uncovering and Remediating Malicious Activity’. The Five Eyes intelligence alliance comprising of cybersecurity authorities from Australia, Canada, New Zealand, the United Kingdom, and the United States all contributed to this guide. The technical details in this guide are very informational and would be especially useful if you have the time to read through it. However, the key takeaways will offer a good understanding of incident response procedures, evidence collection and remediating discovered issues. You can view a PDF version of this advisory here.


New Maximum Lifespan Added to SSL/TLS Certificates

Previously, TLS certificates had a maximum lifetime of 27 months (825 days); this was unnecessarily long. This week, a change was implemented to reduce the lifespan down to a maximum of 13 months (398 days). This is a good step forward in terms of improving security, with Apple, Google and Mozilla all agreeing to reject certificates that have passed their expiry date. This is drastically lower than the original 8-10 year lifespan that stood before 2011. Although Certificate Authorities are not too pleased, most browsers have welcomed the change that went live on the 1st of September.


Cybercriminals Attacking Bigger Targets in BEC to Claim Bigger Payouts

The Anti-Phishing Working Group (APWG) is known for releasing quarterly reports on phishing operations. With Business Email Compromise (BEC) becoming increasingly popular over the last few years, this has become a big part of their reporting. In their latest review, it was found that the average sum requested by BEC groups is around $80,000. This seems like a large amount, but it is nothing in comparison to the work of Russian Cybercrime group Cosmic Lynx; on average, the group requests $1.27 million. Their aspirations exceed your regular BEC groups, who are content with smaller payouts. It is interesting to see how things will change in future reports.


SkyKick Banner


Hackers Earn Millions from Stolen Fortnite Accounts

2020 has been a busy year for hackers, with more than 2 billion Fortnite accounts being breached and listed for sale. Researchers discovered that the hackers are earning approximately $25,000 per week from the account sales, and around $1.2 million per year. The value of these accounts is calculated by the rarity of in-game accessories and customisation and are mostly stolen with simple password cracking due to reused/common passwords. ThreatPost have spoken to Fortnite developer, Epic Games, and are currently awaiting further comments regarding the issue.


Apple Deceived by Hackers to Approve Malicious Adobe Flash Player Update

Apple macOS is well known for its feature that requires all distributed software to be checked for malicious content. This prevents harmful applications from being available on the app store; at least it is supposed to. Apple has recently announced that they have made a mistake with this process and accidentally approved software that was found to be malicious. This was a fake Adobe Flash Player update that under the disguise is a version of Shlayer, a common Mac infection. Ensure that you are running antivirus on your machine just in case an app such as this bypasses Apple’s notarisation process.


Cisco Umbrella Trial

Vulnerabilities & Updates

Hackers Target Zero-Day Vulnerabilities in Carrier-Grade Routers

There are currently two unpatched vulnerabilities in the DVMRP feature of IOS XR that is present on most carrier-grade routers. These flaws can both be exploited remotely and allow an attacker to cause memory exhaustion denial of service. Affected devices include ASR 9000, NCS 5500, 8000, and NCS 540 & 560 series routers. Cisco’s security advisory can be found here, if you are in search of mitigation steps, or just more information on the nature of the flaw.


And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.

We hope this makes for light reading during these times of uncertainty.

Stay Safe, Secure and Healthy!

Edition #107 – 4th September 2020

Why not follow us on social media:

Ironshare – Security Simplified