Cyber Round-up for 5th June
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The hacker group known as NetWalker has launched a ransomware against Weiz, a village in Austria; the attack has crippled the city’s public services and leaked data from building inspections. Reports from Panda Security suggest that the attack was a result of another COVID-19 themed phishing attack. The ransomware is a newly released version that spreads via VBScripts, which allows it to infect an entire Windows network, not just the machine it initially compromises. Weiz is the home of many big companies that operate worldwide and is considered the economic centre of its region, which is causing disruptions outside of the village too. Officials have not yet confirmed whether they will pay the ransom and investigation is still going on.
Kent Commercial Services, who provide protective equipment for COVID-19, have become the latest victim of ransomware. The attackers encrypted a large portion of the firm’s data, demanding a ransom of £800K in Bitcoin. This attack was particularly harmful, since it disrupts essential operations during the pandemic; however, it was confirmed that no personal information was stolen. The company confirmed that they have not paid the ransom and they are still looking into the incident.
A recent study carried out by Carnegie Mellon University academics found that only a third of users change their passwords after a data breach has been discovered. This number is staggeringly low and proves that most people do not understand the dangers of poor password practice. Out of the 249 participants, only 63 admitted to changing their credentials; of those 63, only 15 did so within 3 months of the breach. Educating users on the importance of password practice is vital; uneducated users are just as big a threat as malware.
Hackers are once again targeting WordPress websites with a new campaign that attacks unpatched plugins. The aim of this campaign is to download configuration files, which allow the attackers to gain access to databases using the credentials. This campaign alone was responsible for 75% of all attempted exploits for plugin vulnerabilities across all WordPress sites. More details can be found in this article by ZDNet, including more information on the nature of the attacks.
The NHS disclosed recently that contact tracers will send text messages to individuals who have reported exposure to coronavirus; this government message requests a lot of personal information to help identify you and those you have been in contact with. As you can probably guess, malicious actors have already seized the opportunity to claim this information for themselves by spoofing government contact tracers. This is unbelievably easy to do according to researchers; however, they will not be disclosing tools or methods to the public.
Vulnerabilities & Updates
Vulnerability researcher Bhavuk Jain has been paid $100,000 following his discovery of a critical flaw which affected the ‘Sign in with Apple’ system. The vulnerability allows a remote attacker to gain access to a user account without authentication, provided they registered via the ‘Sign in with Apple’ option. This critical bug has since been patched by apple. Details on the nature of the attack can be found here.
Critical vulnerabilities have recently been found by security researchers that affects SAP’s Adaptive Server Enterprise software. These flaws could allow an unprivileged user to gain complete control of databases and operating systems. SAP have since patched these 6 critical vulnerabilities and strongly advise users to apply the updates as soon as possible.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #94 – 5th June 2020
Why not follow us on social media:
Ironshare – Security Simplified