Cyber Round-up

Cyber Round-up for 5th November

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

IOS 15, Windows 10 and Google Chrome Breached at Tianfu Cup

Chinese hackers slaughtered big western firms Apple, Microsoft and Google last weekend after the Tianfu Cup (a Chinese hacking contest). The contest pitches hackers against software to find vulnerabilities for a cash prize. Only 3 out of the 15 lined up were able to be impenetrable at the hands of the hackers. Microsoft saw 5 successful exploits involving its Windows 10 operating system, IOS 15.0.2 was breached twice and Google Chrome was also exploited twice. Other successful targets include: Adobe PDF, the Asus AX56U router, Docker CE, Parallels VM, QEMA VM, Ubuntu 20, VMware ESXi and Workstation.


1.6 Million Devices Infected By “Pink” Botnet Malware

Cybersecurity researchers believe they have just discovered the biggest botnet ever seen in the wild. With over 1.6 million devices primarily located in China, the goal of the botnet is believed to launch a Distributed Denial-Of-Service attack. The malware is infecting MIPS-based fiber routers utilising third party services and connecting to Command-and-Control servers, while completely encrypting traffic. The undisclosed vendor is working with the CNCERT/CC to control the outbreak however the owner of the malware is repeatedly updating firmware to defend the infected devices from being purged of the malware.


EU To Support New Cybersecurity Rules

The European Commission updated the Radio Equipment Directive to introduce stricter security standards for radio and wireless equipment. This means that new phones, tablets, fitness, trackers and other IoT devices sold within the EU need to be within this updated standard believed to take effect in mid-2024. This is to update the 2014 regulatory framework that vendors must follow to sell electronic equipment in the EU market.


ETL Grows In Complexity and Impact Analysis

The 9th edition of the ENISA Threat Landscape report realised by the European Union Agency for Cybersecurity has increased its scope of the cybersecurity world. The report which helps establish an annual understanding of the threats, impacts, attacks and other aspects within the cybersecurity world, has now included more focus of the sophistication of modern cyber-attacks as well as more realistic impacts such an attack could have on an organisation. The top 9 threats give in the report are:

•             Ransomware

•             Malware

•             Cryptojacking

•             E-mail related threats

•             Threats against data

•             Threats against availability and integrity

•             Disinformation – misinformation

•             Non-malicious threats

•             Supply-chain attacks


Goole Auto-Enrolling Users In Two Factor Authentication

Googles recent security focus seems to be on its users. The new initiative set out by google is aiming to force all of its users to have two factor authentication. This will make all user accounts more secure by adding an extra layer of sign in authentication. Such additional authentication methods could be a code or sign in confirmation prompt via a smartphone, as well as a physical security key. All accounts flagged for two factor authentication will get an email or notification from google seven days before the requirement is enforced. While some reports have been made of users already being forced to use additional authentication, Google plans to have 150 million accounts using it by the end of the year.


Ransomware Group BlackMatter Shuts Down

The group BlackMatter has official disbanded and shut down its operation. VX-Underground’s twitter account shared a screenshot from BlackMatter to its affiliates that it was closing down due to the pressure of local authorities. This comes after BlackMatter attempted to negotiate payments to corporate victims of its ransomware attacks.


Labour Party Hit With Cyber Attack

A third party firm that handled membership data to the labour party has been attacked, releasing “a significant quantity” of party data. Both the Information Commissioner’s Office and National Cyber Security Centre are investigating the breach to find the culprit and minimise damage. The third party holding the data is still undisclosed but said to have held members, registered and affiliated supporters and other individuals who have provided support.


Vulnerabilities & Updates

Microsoft Exchange Vulnerabilities Exploited In Ransomware Attack

Babuk ransomware is being deployed using servers running Microsoft Exchange, leveraging the ProxyShell vulnerability to place Bubak ransomware on the victim’s environment. This then utilises other vulnerabilities to enumerate its own processes and attempts to disable a number of processes related to data backups. The ransomware demands victims to pay $10,000 USD for the decryption key of victim’s data.  More detailed information can be found on the Talos blog.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #165 – 5th November 2021

Why not follow us on social media:

Ironshare – Security Simplified