Cyber Weekly Flash Briefing 05 June 2020: half of WFH staff cutting security corners, C-Level weak link in security, 80% of firms suffer cloud breach, NSA warn of Kremlin attacks, malware-laced CVs
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
If you’re pressed for time watch the 60 second quick fire video summary of the top cyber and infosec stories from the last week:
Half of employees admit they are cutting corners when working from home
Half of employees are cutting corners with regards to cyber security while working from home – and could be putting their organisation at risk of cyber attacks or data breaches as a result.
The coronavirus pandemic has forced both employers and employees to quickly adjust to remote working – and, often without the watchful eyes of IT and information security teams, workers are taking more risks online and with data than they would at the office.
Analysis by researchers reveals that 52% of employees believe they can get away with riskier behaviour when working from home, such as sharing confidential files via email instead of more trusted mechanisms.
Some of the top reasons employees aren't completely following the same safe data practices as usual include working from their own device, rather than a company issued one, as well as feeling as if they can take additional risks because they're not being watched by IT and security.
In some cases, employees aren't purposefully ignoring security practices, but distractions while working from home are having an impact on how people operate.
Meanwhile, some employees say they're being forced to cut security corners because they're under pressure to get work done quickly.
Half of those surveyed said they've had to find workarounds for security policies in order to efficiently do the work they're required to do – suggesting that in some cases, security policies are too much of a barrier for employees working from home to adapt to.
Read more here: https://www.zdnet.com/article/cybersecurity-half-of-employees-admit-they-are-cutting-corners-when-working-from-home/
C-Level Executives the Weakest Link in Organisations’ Mobile Security
C-suite executives are the people most susceptible to mobile-based cyber-attacks in businesses, according to a new study. The report found that while these executives are highly targeted by cyber-criminals in attacks on organisations, they are also more likely than anyone else to have a relaxed attitude to mobile security.
In the analysis, research from 300 enterprise IT decision makers across Benelux, France, Germany, the UK and the US was combined with findings from 50 C-level executives from the UK and the US. It revealed that many C-level executives find mobile security protocols frustrating, with 68% feeling IT security compromises their personal privacy, 62% stating it limits the usability of their device and 58% finding it too complex to understand.
As a result of these issues, 76% of C-suite executives had asked to bypass one or more of their organisation’s security protocols last year. This included requests to: gain network access to an unsupported device (47%), bypass multi-factor authentication (45%) and obtain access to business data on an unsupported app (37%).
These findings are concerning because all of these C-suite exemptions drastically increase the risk of a data breach. Accessing business data on a personal device or app takes data outside of the protected environment, leaving critical business information exposed for malicious users to take advantage of. Meanwhile, multi-factor identification – designed to protect businesses from the leading cause of data breaches, stolen credentials – is being side-stepped by C-suite execs.
To exacerbate this issue, IT decision makers included in the study overwhelmingly stated that C-suite is the group most likely to both be targeted by (78%), and fall victim to (71%), phishing attacks.
These findings highlight a point of tension between business leaders and IT departments. IT views the C-suite as the weak link when it comes to cyber security, while execs often see themselves as above security protocols.
Read more: https://www.infosecurity-magazine.com/news/executives-weakest-link-mobile/
Majority of companies suffered a cloud data breach in the past 18 months
Nearly 80% of companies have experienced at least one cloud data breach in the past 18 months, and 43% reported 10 or more breaches, a new survey reveals.
According to the 300 CISOs that participated in the survey, security misconfiguration (67%), lack of adequate visibility into access settings and activities (64%) and identity and access management (IAM) permission errors (61%) were their top concerns associated with cloud production environments.
Meanwhile, 80% reported they are unable to identify excessive access to sensitive data in IaaS/PaaS environments. Only hacking ranked higher than misconfiguration errors as a source of data breaches.
Even though most of the companies surveyed are already using IAM, data loss prevention, data classification and privileged account management products, more than half claimed these were not adequate for protecting cloud environments.
Read the original article here: https://www.helpnetsecurity.com/2020/06/03/cloud-data-breach/
NSA and NCSC publicly warn of attacks by Kremlin hackers – so take this critical Exim flaw seriously
The NSA has raised the alarm over what it says is Russia's active exploitation of a remote-code execution flaw in Exim for which a patch exists.
The American surveillance agency said last week that the Kremlin's military intelligence hackers are actively targeting some systems vulnerable to CVE-2019-10149, a security hole in the widely used Exim mail transfer agent (MTA) that was fixed last June.
Because Exim is widely used on millions of Linux and Unix servers for mail, bugs in the MTA are by nature public-facing and pose an attractive target for hackers of all nations.
Read more here: https://www.theregister.com/2020/05/29/nsa_warns_of_gru/
Cisco's warning: Critical flaw in IOS routers allows 'complete system compromise’
Cisco has disclosed four critical security flaws affecting router equipment that uses its IOS XE and IOS software.
The four critical flaws are part of Cisco's June 3 semi-annual advisory bundle for IOS XE and IOS networking software, which includes 23 advisories describing 25 vulnerabilities.
Malware-laced CVs steal banking credentials from users' PCs
If you work for a financial institution that happens to be hiring, be extra careful when downloading and opening CVs - many could be carrying a password-stealing banking malware.
This is according to a new report which identified the new malware distribution campaign in the wild.
According to the report, criminals are sending out emails with the subject lines “applying for a job” and “regarding job”, containing an Excel attachment with a malicious macro. Once the file is opened, the victim is prompted to “enable content”, which triggers the download of ZLoader malware.
ZLoader is capable of stealing credentials from the infected PC, as well as passwords and cookies stored in the target’s browser. With the stolen intel, the attacker could also use the victim’s device to make illicit financial transactions.
Read more: https://www.itproportal.com/news/malware-laced-cvs-steal-banking-credentials-from-users-pcs/
Hackers are targeting your smartphone as way into the company network, mobile phishing up a third in a few months
The number of phishing attacks targeting smartphones as the entry point for attempting to compromise enterprise networks has risen by more than a third over the course of just a few months.
Analysis by cyber security company Lookout found that there's been a 37% increase in mobile phishing attacks worldwide between the last three months of 2019 and the first few months of 2020 alone.
Phishing emails have long been a problem for desktop and laptop users, but the increased use of mobile devices – especially as more people are working remotely – has created an additional attack vector for cyber criminals who are targeting both Android and IOS phones.
Attacks targeting desktop email applications can leave tell-tale signs that something might not be quite right, such as being able to preview links and attachments, or see email addresses and URLs that might look suspicious.
However, this is harder to spot on mobile email, social media and messaging applications because the way they're designed for smaller screens.
Read more here: https://www.zdnet.com/article/cybersecurity-warning-hackers-are-targeting-your-smartphone-as-way-into-the-company-network/
Tens of thousands of malicious Android apps flooding user devices
Tens of thousands of dangerous Android apps are putting mobile users at heightened risk of fraud and cyber attack, a report has claimed.
A mobile security firm identified over 29,000 malicious Android apps in active use during Q1 2020, double the number logged in the same quarter last year (just over 14,500).
The investigation also showed that almost all (90%) of the ten most malicious apps were - or are still - present on the official Google Play Store. This suggests that hackers consistently found ways to dance their way through Google’s vetting system.
In line with this trend, this time period also saw a 55% rise in fraudulent transactions on Android platforms, as well as a spike in the number of malware-infected devices.
Read more here: https://www.techradar.com/news/tens-of-thousands-of-malicious-android-apps-flooding-google-play-store
George Floyd: Anonymous hackers re-emerge amid US unrest
As the United States deals with widespread civil unrest across dozens of cities, "hacktivist" group Anonymous has returned from the shadows.
The hacker collective was once a regular fixture in the news, targeting those it accused of injustice with cyber-attacks.
After years of relative quiet, it appears to have re-emerged in the wake of violent protests in Minneapolis over the death of George Floyd, promising to expose the "many crimes" of the city's police to the world.
However, it's not easy to pin down what, if anything, is genuinely the mysterious group's work.
The "hacktivist" collective has no face, and no leadership. Its tagline is simply "we are legion", referring to its allegedly large numbers of individuals.
Without any central command structure, anyone can claim to be a part of the group.
This also means that members can have wildly different priorities, and there is no single agenda.
But generally, they are activists, taking aim at those they accuse of misusing power. They do so in very public ways, such as hijacking websites or forcing them offline.
Their symbol is a Guy Fawkes mask, made famous by Alan Moore's graphic novel V for Vendetta, in which an anarchist revolutionary dons the mask to topple a corrupt fascist government.
Read the original article: https://www.bbc.co.uk/news/technology-52879000
EasyJet Cyber Attack Likely the Work of Chinese Hackers
The recent high-profile cyber attack that struck British budget airline easyJet may have been carried out by Chinese hackers, new research and multiple sources have suggested.
The cyber attack, which saw the email addresses and travel details of millions of passengers being robbed—as well as the credit card details of some 2,000—was reportedly conducted by the very same group of Chinese hackers responsible for other attacks on a number of airlines in recent months.
Read more: https://www.cpomagazine.com/cyber-security/easyjet-cyber-attack-likely-the-work-of-chinese-hackers/