Cyber Round-up

Cyber Round-up for 9th April

Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

SEPA Spends £800,000 on Cyber Attack Response

The Scottish Environment Protection Agency was hit by a cyber attack on Christmas Eve, in which the attackers stole around 4,000 digital files. SEPA refused to pay the ransom to retrieve their data, and so the files were released on the internet. Despite not paying the ransom, SEPA have since spent £790,000 to help recover from the attack. £458,000 of this sum was spent on “stabilising the watchdog’s business IT platform”. Despite the amount they have spent, the firm have warned that they may not be fully operational until next year.


Hackers Target Unpatched SAP Installs

Hackers have been seen targeting SAP installations that have not been patched in almost a year. Old vulnerabilities are still being actively exploited due to poor account management, and Homeland Security have issued a warning about it. SAP is one of the most popular software providers, making them a big target for attackers; another example where keeping systems up to date is vital.


500 Million LinkedIn User Accounts for Sale Online

A database of more than 500 million LinkedIn user records has been found for sale online. The stolen records contain email addresses, phone numbers, professional details and links to other social media profiles. The database was listed for sale on a popular hacker forum with a “four-digit $$$$ minimum price”. All LinkedIn users are advised to secure their accounts using MFA, as well as changing any passwords that are used for multiple accounts.



Banking Trojan Targets Latin American Users

Security researchers have discovered a banking trojan that appears to target corporate users, specifically in Brazil. Reports suggest that this trojan has been active since 2019, and has been seen affecting the engineering, healthcare, retail, manufacturing, finance, transportation, and government sectors. The scam features a pop-up window that resembles some of the biggest banks in Brazil, including Santander, Banco do Brasil and Banco Bradesco; the user is then directed to a fake form where their banking credentials are requested. We advise everyone to be cautious of these scams and avoid giving out details.

More details on the malware can be found here.


WhatsApp Sessions Being Hijacked by Fake Netflix App

Google has recently removed a fake Netflix app called FlixOnline from the Play Store. This app has been deploying wormable malware onto devices using WhatsApp. The malware allows the attacker to hijack WhatsApp, read messages and reply to them. This was most commonly used to steal credentials. This app was on the app store for around two months and had more than 500 downloads before being removed. It is unusual for an app of this nature to bypass the play store’s authentication system, and users who had installed it may want to change their passwords if shared via WhatsApp.


Vulnerabilities & Updates

Critical Fortinet FortiOS Vulnerability

Critical vulnerabilities have been found in Fortinet FortiOS that allows an attacker to access network resources by logging into the VPN. APT actors have been seen taking advantage of these flaws to gain access to government, commercial and technology services; this initial access also allows them to carry out future attacks on the target system. The FBI and CISA have collaborated to create a joint security advisory for the recent Fortinet FortiOS vulnerabilities that are being actively exploited.

More details on the Joint Cybersecurity Advisory can be found here.


Cisco Patches Remote Code Execution Bug

Cisco’s latest batch of security updates includes a fix for a critical remote code execution flaw that was affecting SD-WAN vManage Software. Multiple other vulnerabilities were also addressed in this patch, including two high-severity privilege escalation flaws that allow an attacker to gain root privileges on the operating system. Cisco customers are advised to update their systems as soon as possible to ensure they are protected.


And that is it for this week’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #13 – 9th April 2021

Why not follow us on social media:

Ironshare – Security Simplified