Cyber Weekly Flash Briefing 24 July 2020: Cyber crime up 23% Over Past Year, Nearly 50% of employees have made a serious security mistake at work, 99.9% of Hacked Microsoft Accounts Don’t Use 2FA
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Cybercrime Jumped 23% Over Past Year, Says ONS
Cybercrime offenses reported by individuals and businesses have risen 23% over the past year, according to the Office for National Statistics (ONS).
The UK government body explained that 26,215 incidents were referred to the National Fraud Intelligence Bureau (NFIB) by Action Fraud in the year ending March 2020.
The year-on-year increase was driven by a large uptick in the two highest-volume “computer misuse” types reported to Action Fraud. “Hacking – social media and email” saw a 55% increase from 12,894 offenses, and “computer viruses/malware” incidents soared by 61% to reach 6745 cases.
The double-digit increase in reported cybercrime came in spite of improvements to “internal case review processes” and an online reporting tool at Action Fraud in October 2018 which meant some offenses previously categorized as computer misuse are now being properly identified as fraud, ONS said.
Why this matters:
Any increase in reported cyber crime is significant, but such a large rise is even more alarming and demonstrates that firms and individuals need to make sure they are treating these threats seriously.
Read more here: https://www.infosecurity-magazine.com/news/cybercrime-jumped-23-over-past-year#disqus_thread
Nearly half of employees have made a serious security mistake at work
Distraction and burnout can lead to serious mistakes when working online
New research from an email security firm has revealed that almost half (43%) of employees in the US and UK have made mistakes at work that have resulted in cyber security repercussions for themselves or their company.
A survey of 2,000 professionals between the ages of 18 and 51 to find out more about why workers make mistakes and how they can be prevented before they end up turning into data breaches.
Of the employees surveyed, a quarter of them confessed to clicking on links in a phishing email at work. The research also found that employees between 31 and 40 years of age were four times more likely than employees over age 51 to click on a phishing email. At the same time, male employees were twice as likely to do so than their female coworkers.
Why does this matter:
Cyber and Information Security is fundamentally a human problem, not an IT problem, and all the IT controls in the world are worth very little if humans bypass them or fail to follow safe working practices. Ensure your users, at all levels, are aware of the role they play in securing your organisation and make sure they receive adequate and suitable training.
99.9 Percent of Hacked Microsoft Accounts Don’t Use 2FA
Two-factor authentication (2FA) is the single most effective method of preventing unauthorised access to an online account as number from Microsoft prove.
Microsoft tracks over 1 billion active accounts monthly, which is nearly 1/8 of the world’s population. These generate more than 30 billion monthly login events. Every login to a corporate O365 account can generate multiple login entries across multiple apps, as well as additional events for other apps that use O365 for single sign-on.
If that number sounds big, bear in mind that Microsoft stops 300 million fraudulent sign-in attempts every day. Again, that’s not per year or per month, but 300 million per day.
In January 2020, 480,000 Microsoft accounts—0.048 percent of all Microsoft accounts—were compromised by spraying attacks. This is when an attacker runs a common password (like “Spring2020!”) against lists of thousands of accounts, in the hopes that some of those will have used that common password.
Sprays are just one form of attack; hundreds and thousands more were caused by credential stuffing. To perpetuate these, the attacker buys usernames and passwords on the dark web and tries them on other systems.
Then, there’s phishing, which is when an attacker convinces you to log in to a fake website to get your password. These methods are how online accounts are typically “hacked,” in common parlance.
In all, over 1 million Microsoft accounts were breached in January. That’s just over 32,000 compromised accounts per day, which sounds bad until you remember the 300 million fraudulent login attempts stopped per day.
But the most important number of all is that 99.9 percent of all Microsoft account breaches would have been stopped if the accounts had two-factor authentication enabled.
Why this matters:
Two-factor authentication (2FA) is the single most effective method of preventing unauthorised access to online accounts, remediating (or preventing) approximately 95% of attacks. That this simple step, normally available free of charge from online account providers, is so effective means it should be implemented wherever and whenever possible.
Read more here: https://www.howtogeek.com/681419/watch-out-99.9-of-hacked-microsoft-accounts-dont-use-2fa/
Adobe issues emergency fixes for critical vulnerabilities in Photoshop, Bridge, Prelude
Adobe has released an out-of-band emergency security update for Photoshop, Prelude, and Bridge.
On Tuesday, a week after issuing the firm's standard monthly security update, Adobe published security advisories revealing a total of 13 vulnerabilities, 12 of which are deemed critical.
Five vulnerabilities have now been resolved in Photoshop CC 2019 -- versions 20.0.9 and earlier -- and Photoshop 2020 -- versions 21.2 and earlier -- on Windows machines.
All of these vulnerabilities are considered critical, as if exploited, can lead to arbitrary code execution.
Why does this matter:
Vulnerabilities in software are exploited by attackers, patching these vulnerabilities means the vulnerabilities cannot then be exploited. Updates should always be installed as soon as possible to prevent them from being used in attacks.
Read more: https://www.zdnet.com/article/adobe-issues-emergency-fixes-for-vulnerabilities-in-photoshop-prelude/
Blackbaud Hack: Universities lose data to ransomware attack
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked a cloud computing provider.
Human Rights Watch and the children's mental health charity, Young Minds, have also confirmed they were affected.
The hack targeted Blackbaud, one of the world's largest providers of education administration, fundraising, and financial management software.
The US-based company's systems were hacked in May and it has been criticised for not disclosing this externally until July and for having paid the hackers an undisclosed ransom.
In some cases, the data was limited to that of former students, who had been asked to financially support the establishments they had graduated from. But in others it extended to staff, existing students and other supporters.
The institutions the BBC has confirmed have been affected are:
· University of York
· Oxford Brookes University
· Loughborough University
· University of Leeds
· University of London
· University of Reading
· University College, Oxford
· Ambrose University in Alberta, Canada
· Human Rights Watch
· Young Minds
· Rhode Island School of Design in the US
· University of Exeter
In some cases, the stolen data included phone numbers, donation history and events attended. Credit card and other payment details do not appear to have been exposed.
Why does this matter:
Every entity, business, organisation and individual is at risk from ransomware, the bigger the organisation the more point of entries exist but this does not mean this is not a major threat to smaller businesses too. Nearly all these attacks stem from a user clicking on a link in a phishing email so make sure your staff are adept at spotting phishing emails.
Amazon Prime phishing scam returns - here's all you need to know
Shoppers warned of phone and email attacks against Amazon Prime users
Shoppers using Amazon Prime have been warned about a major phishing scam which appears to have resurfaced across the country
The scammers target victims via an automated telephone call claiming that they have opened an Amazon Prime account and that they should "press one" to cancel the transaction.
Doing so will connect the call to a fraudster posing as an Amazon customer service representative who then informs the recipient of the call that their subscription was purchased fraudulently due to a supposed "security flaw" on the targeted person's computer. The bogus Amazon representative then asks for remote access to the recipient's computer, supposedly to fix the security breach. Remote access gives control access allowing the scammers to steal personal information, including passwords and banking information.
There is also an email version of the same scam.
The email version of this scam sees the victim receiving a message stating they have started an Amazon Music subscription charged at £28.99 per month. The email then asks the recipient to click a link if they want to cancel the subscription and receive a refund - but the page they are taken to in order to input their card details and receive the refund will instead send their details to fraudsters.
Why does this matter:
Scammers only need a small number of people they target to fall for the scam for it to be profitable for them, so unfortunately these types of scams are not going to go away any time soon. Make sure you keep up to date with the latest and emerging scams and make sure relatives who might fall victim to these scams are also aware that these types of attacks are happening all the time so to exercise caution if they receive calls or emails of this nature.
Read more here: https://www.techradar.com/uk/news/amazon-prime-phishing-scam-returns-heres-all-you-need-to-know
Phishing attacks concealed in Google Cloud Services
Cyber criminals are increasingly concealing phishing efforts behind legitimate resources.
A lie is best concealed between two truths, an old saying goes, and it seems hackers are using this wisdom to better hide their phishing efforts.
Cyber security researchers are warning of a phishing campaign that utilises Google Cloud Services and offers legitimate PDF whitepapers to victims that give away their login credentials.
According to the researchers, it all starts with a PDF document uploaded to Google Drive, containing a link to a phishing page. The landing page requires the user to log in with their Office 365 or organisation email.
After the victim gives away their login credentials, they are redirected to a genuine PDF report published by a “renowned global consulting firm.”
Why does this matter:
Since the phishing page is hosted on Google Cloud Storage, the user might not become suspicious. Hackers are swarming around the cloud storage services that we rely on and trust, making it much tougher to identify actual phishing attacks. Traditional red flags of a phishing attack, such as look-alike domains or websites without certificates, won’t help us much as we enter a potential cyber pandemic. Users of Google Cloud Platform, even AWS and Azure users, should all beware of this fast-growing trend and learn how to protect themselves. It starts by thinking twice about the files you receive from senders.
Read more here: https://www.itproportal.com/news/phishing-attacks-concealed-in-google-cloud-services/
Analysts Detect New Banking Malware
A new strain of banking malware dubbed BlackRock has been detected by researchers
An investigation into its origins has revealed BlackRock to be derived from the Xerxes banking malware. Xerxes was in turn spawned out of the LokiBot Android banking Trojan, first detected around four years ago.
The source code of the Xerxes malware was made public by its author around May 2019, making it possible for any threat actor to get their hands on it. Despite the code's availability, researchers found that the only Android banking Trojan based on Xerxes' source code that is currently operating appears to be BlackRock.
Why this matters:
This malevolent malware steals credentials not only from banking apps but also from other apps designed to facilitate communication, shopping and business. In total, the researchers found 337 Android apps were impacted, including dating, social networking and cryptocurrency apps.
Read more here: https://www.infosecurity-magazine.com/news/analysts-detect-new-banking/#disqus_thread
Hackers wipe out more than 1,000 databases, leaving only the word 'meow'
Over 1000 unsecured databases have been permanently deleted, leaving only the word “meow” behind.
The attack saw a database that had details of the UFO VPN. UFO VPN, and other products from seemingly the same company, had recently been in the news for exposing user information.
Information exposed include unencrypted account passwords, location information, and IP addresses of user devices and VPN servers.
The VPN, and others like it, claimed that it was not logging user details. Reports alleged that this was not the case.
The attack seems to have come from a bot, according to Forbes, as the attack script overwrites database indexes with random numerical strings and the word ‘Meow’.
Why does this matter:
Unsecured databases are wide open to attackers and not only can the contents be read and information gleaned used in other attacks they can also, as was the case in this attack, be deleted, losing all data.
Is your smart home hosting malware attacks?
It’s not only computers that can be compromised by hackers, almost any electronic device can be compromised – including your smart home gadgets.
Researchers have discovered a new family of malware called Mozi that has been quickly spreading online since last year and appears to have been designed specifically to attack low-power smart devices. Once installed, the malware tries to make contact with other infected devices, adding itself to a botnet (a collection of other compromised devices).
Infected device continues to operate normally however the devices constantly ‘listening’ for instructions from the botnet. The botnet has been designed to launch Distributed Denial of Service attacks (DDoS) that can be used to attack and crash online services and websites. Once activated, your infected devices will be used by hackers to participate in large DDoS attacks.
Some variants can also steal data, or execute additional code, allowing hackers to gain control of your network.
As the malware evolves, the list of affected devices will undoubtedly grow.
Why does this matter:
Almost any electronic device can be compromised to serve malware, be co-opted into taking part in distributed denial of service attacks or otherwise be exploited or used as a point of entry into a network. As more and more of these devices appear in our homes and offices many people do not realise they are significantly increasing their potential attack surface.
Read more: https://www.pandasecurity.com/mediacenter/mobile-news/smart-home-hosting-malware/
Russian cyber attacks an 'urgent threat' to national security
Russia's cyber attack capabilities -- and its willingness to use them -- pose an "immediate and urgent threat" to the UK's national security, according to a report from a committee of MPs.
The long- delayed Russia report from the UK parliament's Intelligence and Security Committee (ISC) describes how it sees Russia's abilities to use malicious cyber activities to further its aims.
"Russia's cyber capability, when combined with its willingness to deploy it in a malicious capacity, is a matter of grave concern, and poses an immediate and urgent threat to our national security," the report said.
Why does this matter:
Given the immediate threat that Russia poses to UK national security, it is concerning that there is no clear coordination of the numerous organisations across the UK intelligence community working on this issue. The risks posed by Russia, and other nation states such as China, Iran and North Korea should not be understated or ignored.
Read more here: https://www.zdnet.com/article/russian-cyberattacks-an-urgent-threat-to-national-security/