Cyber Weekly Flash Briefing 07 August 2020: INTERPOL warn on alarming pace of cyber crime, Canon ransomware, Garmin paid ransom, TV Licence fraud targets elderly, Netgear won’t patch vuln routers
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
INTERPOL: Cyber crime Growing at an “Alarming Pace” Due to #COVID19
Cyber crime is growing at an “alarming pace” as a result of the ongoing COVID-19 crisis and is expected to accelerate even further, a new report from INTERPOL has found.
It revealed the extent to which cyber-criminals are taking advantage of the increasing reliance on digital technology over recent months. This includes the rapid shift to home working undertaken by many organisations, which has involved the deployment of remote systems and networks, often insecurely.
Based on feedback from member countries, INTERPOL said that during the COVID-19 period, there has been a particularly large increase in malicious domains (22%), malware/ransomware (36%), phishing scams/fraud (59%) and fake news (14%).
Threat actors have revised their usual online scams and phishing schemes so that they are COVID-themed, playing on people’s economic and health fears.
Why this matters:
Increases in malicious activity is always a concern, especially when firms don’t realise how bad the situation is already and fail to grasp how much worse it is getting. Cyber criminals have gone through an industrial revolution and have built criminal organisations to rival some of the biggest legitimate business empires. Increases in threats require and increase in defensive capability, across IT, people and governance, to counter this rising tide.
Read more: https://www.infosecurity-magazine.com/news/cybercrime-growing-alarming-pace/
Capital One fined $80m for data breach
Capital One, one of the top five credit card issuers by balances in the US, has been fined $80m and ordered to improve internal controls after regulators identified a string of failings that allowed hackers to obtain the personal data of more than 106m customers and credit card applicants last year.
The bank was found to have failed to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud, as well as failing to quickly correct deficiencies.
The data breach exposed names, addresses, phone numbers, self-reported income, credit scores and payment history, as well as some people’s social security numbers.
It has become a cautionary tale for banks migrating their data from their own physical IT to the kind of virtual clouds that the Capital One data was hacked from.
Why this matters:
Moving to the cloud can open up new risks and misconfigurations can go undetected until they are exploited by malicious actors. It is important to make sure you know where the weaknesses and vulnerabilities are before someone else does, and this included cloud infrastructure.
Read more: https://www.ft.com/content/a730c6a0-c362-4664-a1ae-5faf84912f20
Canon confirms ransomware attack in internal memo
Canon appears to be latest in a number of large high profile firms in recent weeks to suffer a ransomware attack that has had an impact on numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications. In an internal alert sent to employees, Canon has disclosed the ransomware attack and working to address the issue.
Researchers were alerted by a suspicious outage on Canon's image.canon cloud photo and video storage service resulting in the loss of data for users of their free 10GB storage feature.
However, the final status update was strange as it mentions that while data was lost, "there was no leak of image data." This led BleepingComputer to believe there was more to the story and that they suffered a cyberattack.
Why this matters:
Any firm of any size can fall victim to ransomware and recovering can be time consuming, expensive and cause significant reputational damage. These attacks invariably stem from users clicking on links in phishing emails, something that IT departments and technical controls aren’t capable of defending against on their own.
Read more: https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/
Garmin reportedly paid multimillion-dollar ransom after suffering cyberattack
Following on from Canon being the latest high profile victim, reports indicate that fitness wearable and satellite navigation brand Garmin paid millions of dollars in ransom after an attack took many of its products and services offline last month. The payment was reportedly made through a ransomware negotiation company in order for Garmin to recover data held hostage as a result of the attack.
It was reported last week that Garmin had received a decryption key to access data encrypted by the virus, and that the initial ransom demand was for $10 million.
Why this matters:
If a company had to resort to paying the ransom then it can be inferred that they were unable to recover their data, had insufficient backups or had never tested recovering from backups and when they needed to for real found they were unable. It’s too late to find out when you need something that you don’t have it.
If no firm or individual paid ransoms this problem would go away. For as long as even a small number of firms and individuals pay this will continue to be a massive problem, affecting everyone.
Read more: https://www.theverge.com/2020/8/4/21353842/garmin-ransomware-attack-wearables-wastedlocker-evil-corp
Google: Eleven zero-days detected in the wild in the first half of 2020
According to data collected by Google's Project Zero security team, there have been 11 zero-day vulnerabilities exploited in the wild in the first half of the year.
The current number puts 2020 on track to have just as many zero-days as 2019 when Google security researchers said they tracked 20 zero-days all of last year.
Details about these zero-days have been obtained from a spreadsheet managed by Google security researchers, which the company made public available earlier this year. The spreadsheet contains Google's internal statistics about in-the-wild zero-day usage going as far back as 2014, when the company began tracking said stats.
Why this matters:
Zero-days are vulnerabilities for which fixes have not yet been made available and as such as difficult to defend against. Good security is all about having multiple layers of controls and if you have good procedural, people and governance controls in place this should still go a good way to helping to defend against zero-days.
As soon as security updates are made available they should ideally be tested and applied on all applicable devices as soon as possible to prevent vulnerabilities from being exploited.
TeamViewer flaw could be exploited to crack users’ password
A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation.
TeamViewer is an application that is used primarily for remote access to and control of various types of computer systems and mobile devices, but also offers collaboration and presentation features (e.g., desktop sharing, web conferencing, file transfer, etc.)
Since the advent of COVID-19, enterprise use of the software has increased due to many employees being forced to work from home.
Why this matters:
Credentials stolen from any successful breach are likely to be used in credential stuffing attacks (where the same usernames and passwords are reused) against other sites and services.
Read more: https://www.helpnetsecurity.com/2020/08/06/cve-2020-13699/
Qualcomm chip vulnerability puts millions of phones at risk
Smartphone devices from the likes of Google, LG, OnePlus, Samsung and Xiaomi are in danger of compromise by cyber criminals after 400 vulnerable code sections were uncovered on Qualcomm’s Snapdragon digital signal processor (DSP) chip, which runs on over 40% of the global Android estate.
To exploit the vulnerabilities, a malicious actor would merely need to convince their target to install a simple, benign application with no permissions at all.
Why this matters:
The vulnerabilities leave affected smartphones at risk of being taken over and used to spy on and track their users, having malware and other malicious code installed and hidden, or even being bricked outright. Hopefully a fix will be forthcoming but it looks like it might be months before this fix is widely available.
Read more here: https://www.computerweekly.com/news/252487274/Qualcomm-chip-vulnerability-puts-millions-of-phones-at-risk
Over-75s warned of rise in TV Licence 'phishing' fraud
Over-75s awaiting letters about their new licence fee payments are falling victim to fraudsters, it has emerged.
The BBC has told 4.5 million pensioners to expect a letter from TV Licensing advising them on how to set up payment, as the free scheme for over-75s ended on July 31.
But the corporation has not given an indication of when the communication will arrive or what the wording will be, and in the meantime pensioners are being duped by scam emails which purport to be official.
The National Cyber Security Centre, part of GCHQ, said the number of licence fee “phishing” emails had risen in July, compared to previous months, and it was working hard to block them.
A spokesman said: “It is despicable that criminals are targeting over-75s in this way. TV Licensing would never ask for payment details over an email, so as soon as we were alerted to the scam messages sent in this callous campaign, they were immediately blocked.
Why this matters:
Cyber criminals are unscrupulous and will happily target the most vulnerable members of our society. If you have elderly relatives make them aware of these scams and encourage them not to respond for requests sent via email.
Read more: https://www.telegraph.co.uk/news/2020/08/03/over-75s-warned-rise-tv-licence-phishing-fraud/
Netgear Won’t Patch 45 Router Models Vulnerable to Serious Flaw
Netgear will not patch 45 router models that are vulnerable to a high-severity remote code execution flaw, the router company revealed last week. However, the company says that routers that won’t receive updates are outdated or have reached EOL (End of Life).
The remote code execution vulnerability in question, which was disclosed June 15, allows network-adjacent attackers to bypass authentication on vulnerable Netgear routers – sans authentication. The high-severity flaw affects 79 Netgear Wi-Fi routers and home gateway models – but Netgear says that 45 of those router models are outside of its “security support period.”
Why this matters:
If you are using a Netgear device ensure that it is not in the list of devices that are no longer supported and if necessary replace it with a different router that is supported. If the device you own is still supported you should log into the web interface and ensure that it is updated to the most recent version of firmware to include any security updates.
Many people never update the firmware on their networking devices at home and this means that there can be a significant number of significant security vulnerabilities that have gone unfixed jeopardising the security of any devices connected to that router. If you don’t know how to update home networking devices contact someone who can help you to do this.
Read more: https://threatpost.com/netgear-wont-patch-45-router-models-vulnerable-to-serious-flaw/157977/