Cyber Round-up for 8th November
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
In September 2017, Equifax suffered a massive data breach affecting 147 million people in the US and 14 million in the UK. The breach included the birth dates, social security numbers and payment card details of all affected users. This article covers a different, often-missed aspect of a breach; the overwhelming human impact on the staff. Loss of the leadership team, long hours, huge pressure, demand and criticism of the IT & Security teams, being forced to maintain secrecy, and online abuse, all lead to a decline in the mental health of those involved. The Equifax breach should be a lesson to all Companies; focus on all the potential impact areas, including human factors and not just the financial consequences.
Over the last two years, Equifax have responded to the incident by spending $1.25 billion on the transformation of their security capabilities. Equifax are now considered one of the industry leaders in security after the changes made following the breach.
A recent security incident has led to customer’s personal information being leaked to the public. Following the leak, Trend Micro, a global security firm, immediately started to investigate; during the investigation their lead suspect was one of their own employees who had stolen the data with malicious intent. They confirmed in a recent report that there was no external hack involved and the leak was in fact a result of an insider threat. Insider threats are often overlooked but should be seen a major threat to any organisation. The company have sincerely apologized to all who received scam calls from the criminal and responded to the incident very quickly.
Scammers have found a new way to bait their victims into falling for phishing attempts; in a recent campaign, scammers have disguised themselves as the victim’s Human Resources department and tempted them with a pay rise. The email prompts them to open an excel spreadsheet which redirects them to a fake Office 365 login page. These kinds of branded phishing attacks have been very successful against a large number of employees; unless you know what you are looking for, the login page can be very deceiving and often perceived as legitimate. Always be cautious when dealing with emails such as this, and only click on links if you are certain they are from a trusted source. If it sounds too good to be true, your probably right.
Researchers have recently identified a spate of MageCart attacks carried out by multiple groups on the same sites at the same time. This is believed to be the result of a cybercrime-as-a-service operation, in which various groups breach websites using card skimming kits purchased on the internet. After an attack is disclosed, it is likely that multiple groups will attempt to take advantage of it. This was seen on the online store PEXSuperstore; the site was infected with two MageCart skimmers that were completely different. The main similarity that researchers have picked up on is that both attacks targeted Magento-based websites and injected code in similar ways; it is believed that these simultaneous attacks are not intentional, with several groups running multiple campaigns without realizing.
Vulnerabilities & Updates
A new zero-day vulnerability has been found that affects the Google Chrome web browser. The exploit was found by Kaspersky, a Russian cyber security firm, who believe it is being used in a campaign known as ‘Operation WizardOpium’; this campaign is possibly linked to the Lazarus group of attacks. The bug has been flagged as very dangerous, as it allows attackers to execute code when exploited. Google have now released a patch for this vulnerability; we recommend applying this patch as soon as possible. More details on the nature of the bug included in the original post.
And that’s it for this week round-up, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Edition #66 – 8th November 2019
Ironshare – Security Simplified