Ironshare Cyber Round-Up 100edition

Special Edition: Highlights of the Cyber Round-Up

Welcome to this special edition of the Ironshare Cyber Round-up where we look back at the biggest events and news, we’ve reported on over the last two years. This week’s Round-Up is the 100th edition, which is why we wanted to do something a little different.


Here are the top events from the last two years that we have covered in previous posts:

Security News

Data Breaches

The one thing we certainly haven’t had a shortage off in the last few years is reports of Data breaches. It now seems like we cannot go a week without a new company being compromised or data being leaked to the internet / dark web.

The breaches have come in all shapes and sizes, with root causes including network compromises, poor security misconfigurations, ecommerce card skimming, or third party supply chain issues.

Marriott Starwood Hotel chains had their networks compromised, reportedly for as long as four years. After a thorough investigation their breach totalled a loss of 383 million records. Including personal, credit card and passport information

Facebook have suffered multiple breaches / data leaks, as a result of partners, supply chains, and unprotected online services/data stores, totalling well over half a billion records. More info below.

Earlier this year tech giant Microsoft exposed 250 million customer records, spanning 14 years’ worth of support data, after an unprotected database was found accessible online.

We believe the Yahoo incident back in 2013 still stands as the biggest breach to date with over 3 billion records involved.

Data Breaches

Source: https://www.informationisbeautiful.net


Vulnerabilities

Like data breaches, vulnerabilities in hardware and software remains one of the key threats, with new disclosures appearing on an almost daily basis.

In October of 2019 multiple vulnerabilities were reported in Pulse Secure VPN services including a critical vuln with a CVSS score of 10. The UK and US intelligence services reported that these were actively being exploited by Advanced Persistent Threat (APT) groups and that patches should be applied immediately.

https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities

https://us-cert.cisa.gov/ncas/current-activity/2019/10/16/multiple-vulnerabilities-pulse-secure-vpn

In late December 2019 a critical bug in Citrix Netscaler and ADC, a product that provides remote access and virtual desktop services, had customers desperately scrambling to patch their systems, after hackers were remotely exploiting it in wild.

Disappointingly, in both cases there are still vulnerable systems out there, that are potentially being exploited.  

In the last two weeks alone we have seen a significant number of critical patches released for disclosed vuln’s, from the likes of Microsoft, Cisco, Citrix, Juniper, Adobe, SAP, and Oracle to name a few.

With the increase in the number of security researchers, searching for vulnerabilities and the continued rise of the use Bug Bounty programs (such as HackerOne and BugCrowd), the number of CVE’s registered and patches deployed are only going to get bigger.

Having a focused regular patching program to ensure that all systems are updated as quickly as possible, is one of the key fundamentals that all organisations can easily do to help keep their environments secure.


Huawei Security Controversy

Over the last couple of years, Huawei has hardly left the spotlight when it comes to the world of cyber. They have been a controversial topic when it comes to the new 5G mobile networks and general security issues. We first addressed this controversy back in December of 2018, when BT decided to remove the Chinese tech firm’s equipment from their 5G networks and cease their mobile network partnership entirely.

This has only escalated since, with Huawei being the target of accusations from the UK and US governments regarding state-sponsored spies and spyware on their products. This was addressed when Microsoft researchers reported a flaw in Huawei MateBook laptops that would allow an attacker to take control and spy on the target device. 18 Months later the tech giant is still a primary focus in the cyberworld; the US have imposed sanctions based on threat posed by Huawei is causing wider repercussions in the west with more news released this week from the UK government stating they will now be banning the use of Huawei 5G kit from their networks.

There still appears to be a divide with some saying the risk can be managed, while others saying it cannot. This saga is undoubtably going to roll on.

BT Kicks Huawei Off 5G Networks: https://www.bbc.co.uk/news/technology-46453425

Huawei Threat to UK Security: https://www.theguardian.com/technology/2019/may/16/huawei-poses-security-threat-to-uk-says-former-mi6-chief

UK & US Discuss Huawei 5G Contribution: https://www.bbc.co.uk/news/technology-51112232

Huawei 5G kit must be removed from UK by 2027 https://www.bbc.co.uk/news/technology-53403793


Facebook Data Leaks

We first reported on Facebook back in October of 2018, when 50 million users were compromised by a zero-day vulnerability that allowed secret login tokens to be stolen. Although no passwords were stolen, this was a big incident. Less than 6 months later, they were back in the spotlight after Apple blocked Facebook on their devices due to their poor data privacy approach.

Their reputation continued to go downhill shortly after this when 540 million user records were exposed online in unsecured Amazon S3 buckets, for the public to freely access. As you can expect, 2019 didn’t get any easier; the social media giant faced a $5 billion fine, once again because of their poor data privacy practices. Facebook has received a lot of criticism recently, and for good reason; their poor security practices have made them one of the biggest focuses of the last two years when it comes to cyber news.

Facebook Data Breach Affecting 50 Million: https://about.fb.com/news/2018/09/security-update/

Apple Blocks Facebook on iOS: https://www.theverge.com/2019/1/30/18203551/apple-facebook-blocked-internal-ios-apps

Facebook Face $5 Billion Fine: https://threatpost.com/facebook-5-billion-ftc-fine/144104/


The Rise and Rise and Rise of Emotet

Emotet has grown to be one of the biggest, most dangerous malware strains in recent history; it has been constantly evolving over the last few years, which we first reported back December 2018. What started out as a banking trojan botnet back in 2014, it evolved to use advanced techniques such as fileless malware, and just a couple of weeks later, began sending out holiday greeting cards via email which, to noones surprise, contained the Emotet trojan payload. By this point, that generic banking trojan had become a distributor of malware and destruction.

After establishing itself as one of the biggest distributors of malware, the Emotet gang disappeared. They took an extended break over the holidays in 2019 and ceased all operations. This was a shock to everyone, but not as big as the shock of their return. It didn’t take long before all operations were back online, and their spam campaign was completely revived.

After another hiatus of several months, Emotet has once again returned, with several indications from multiple sources in the last 24 hours, including tweets from Microsoft, Cryptolaemus and CSIS, that Emotet is back with a bang. No doubt more info will follow in the upcoming days and weeks.

We have found ourselves writing about Emotet numerous times over the last two years; they have been one of the most prevalent threats of recent times in the cyber world, and we won’t be forgetting about them any time soon.

Emotet Holiday Greetings: https://www.ironshare.co.uk/news/cyber-round-up-for-21st-december/

Emotet Returns After Holiday Break: https://www.bleepingcomputer.com/news/security/emotet-malware-restarts-spam-attacks-after-holiday-break/

Emotet Evolution: https://www.ironshare.co.uk/technical/the-emotet-threat-keeps-rolling-on/


British Airways Data Breach

The British Airways Data Breach was not one of the biggest data breaches to date but it certainly grabbed big headlines in the cyberworld. This first came to light in September 2018, when they initially announced they had suffered a breach; 380,000 customers were compromised, including their personal and financial information. The breach was resolved fairly quickly, but this was not the end of the incident. Updates were released weeks after, revealing that the breach was larger than originally expected. It was found that an additional 185,000 customers were affected, and that full credit card information was compromised, including email addresses, billing information and names.

It didn’t take long after the drama had died down for this huge incident to come back into the spotlight. In the July of 2019, British Airways were fined £183 million, which was revealed to be just 4% of their annual turnover. The hacker group behind the British Airways breach, Magecart, was involved in some of the biggest scams and breaches in recent times, which we cover in the section below.

British Airways Initial Breach: https://www.thesun.co.uk/money/7195832/british-airways-hacked-personal-data-bank-details-stolen/

British Airways GDPR Fine: https://www.tripwire.com/state-of-security/featured/british-airways-faces-record-138-million-gdpr-fine-data-breach/


Magecart Campaigns

Magecart have been one of the most active threats over the last few years, and there has been no shortage of news to report on. We first wrote about Magecart back in September 2018, shortly after they were involved in the British Airways and Ticketmaster data breaches when they hit American retailer Newegg. They placed a card skimmer onto the e-commerce website and stole the payment card information of numerous customers.

This wasn’t the only big attack that year; just two months later the hacker group targeted the Vision Direct website. Research discovered that 20% of compromised online stores were likely to be re-infected, and it was discovered that Magecart had infected some stores up to 18 times.

More recently Nutribullet and 8 US City Websites have been the victims of successful Magecart attacks.

Over time, the Magecart group have become more advanced, and do not need to compromise a site to scam customers. They have been responsible for some of the most high profile breaches in the last couple of years, and don’t seem to be going anywhere.

Magecart Development: https://www.bleepingcomputer.com/news/security/magecart-group-evolves-tactics-to-better-steal-your-credit-cards/

Magecart Newegg Breach: https://www.riskiq.com/blog/labs/magecart-newegg/

Vision Direct Breach: https://www.visiondirect.co.uk/customer-data-theft

Magecart Nutribullet: https://threatpost.com/magecart-cyberattack-targets-nutribullet-website/153855/


And that’s it for this special edition round-up, please don’t forget to tune in for our edition later this week.

Stay Safe, Secure and Healthy!

Special Edition #100 – 17th July 2020

Why not follow us on social media:

Ironshare – Security Simplified

CyberAssessment
CyberRound-UpSignUpBanner
Duo Banner