Cyber Round-up for 6th March
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A new bug has been discovered in Let’s Encrpyt’s CA software, that prevented them from checking CAA records properly. After confirming the bug, the organisation had to suspend distribution of certificates while they worked on a fix. As a result, Let’s Encrypt began revoking certificates this week which will reportedly affect around 3 million customers who will need to get their certificate replaced as soon as possible. The company released a list of the affected domains that you can find in the article on their website; as well as providing a link to check if your certificate is affected. We advise looking into this to determine whether you are impacted. If you are affected simply just follow your normal certificate creation/renewal process to resolve this issue.
Attackers have attempted to gain access to Boots’ customer accounts using stolen passwords; as a result, Boots have taken precautionary actions and suspended use of advantage cards for payment. The company confirmed that none of their systems were compromised and fewer than 1% of customers were affected by the incident. No payment card information was accessed, and points can still be earnt when making purchases, however they cannot be used until the service is back up and running. This incident happened shortly after a similar compromise regarding Tesco Clubcards, in which more than 620,000 clubcards had to be blocked. Both of these incidents are a result of credential stuffing attacks that are possible because customers are reusing username and passwords for multiple online services, leading to the potentially exposure of private customer information.
Online vigilantes have been active recently, and assisted the police in taking down an Indian tech support scam centre. The vigilantes gained access to CCTV footage of the scam centre which led to a successful police raid on the scammers. Many people have questioned the actions of these vigilantes in terms of legality; however their actions were undoubtedly vital in taking down the scamming operation. The article includes footage of the scammers at work which makes you think about both sides of the vigilante’s actions.
A recent report by the FBI states that in the last six and a half years, over $140 million has been payed by Ransomware victims. The rapid rise in these kind of attacks is staggering, and the standout variant recently is Ryuk, which is responsible for generating approximately $61m in 2018/19. It was reported that a large portion of ransoms are payed in virtual currencies, and an estimated $37m reside in bitcoin wallets. Law Enforcement agencies are actively urging victims to avoid paying ransoms as you will not only fund criminal activity, but also may not get your data back. We advise looking into this article, as ransomware is something that threatens businesses of all sizes, not just big corporations.
A new emerging phishing campaign has been found to be distributing the Agent Tesla keylogger malware using Microsoft OneNote. This method of using OneNote allows the attacker to bypass security and detection tools to download malware without interruption; however, this is not the only process involved in the campaign. The attempt begins with an email being sent to the victims containing a OneNote document; attackers devised several intrusion methods based around this scheme which allow them to succeed in evading security measures in email. As always, we advise not opening email links or attachments if you are not certain they are safe.
Vulnerabilities & Updates
A recent surge in WordPress attacks has seen hackers targeting already patched vulnerabilities in hope that admins have not yet applied the required security patches. WordPress is always a big target for cyber criminals due to its unparalleled number of users compared to other website builders; it is also becoming more common that attackers are focusing their attention on WordPress plugin flaws, rather than the site itself. To protect against these frequent attacks, the best thing you can do is apply patches as soon as they are available; a list of all plugins being targeted which includes ‘Flexible Checkout Fields for Woocommerce’, ‘Profile Builder’ & ‘Duplicator’ are in this post, we advise taking a look at it to determine if you are at risk.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
Why not follow us on social media using the links provided on the right.
Edition #81 – 6th March 2020
Ironshare – Security Simplified