Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Cyber Weekly Flash Briefing 12 June 2020: Honda Hit by Ransomware, Crooks hijack "Black Lives Matter" to spread malware, flaw exposes millions of devices, 60% of firms expect attacks by email
Cyber Weekly Flash Briefing 12 June 2020: Honda Hit by Ransomware, Crooks hijack "Black Lives Matter" to spread malware, flaw exposes millions of devices, 60% of firms expect attacks by email
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
If you’re pressed for time watch the 60 second quick fire video summary of the top Cyber and InfoSec stories from the last week:
Honda Hit by Ransomware: Attack Follows Major 2019 Data Breach
Honda has confirmed a cyber attack on its networks that is widely believed to have involved deployment of the “Snake” ransomware.
The £22 billion by market capitalisation automotive giant has admitted that production, sales and development activities are all hit.
Chatter on social networks suggests production globally has been stopped.
The attack comes after Honda last year left an Elasticsearch database exposed to the public, with upwards of 40GB of data relating to the firm’s internal systems and devices spotted by security researchers.
Read more here: https://www.cbronline.com/news/honda-hacked-data-breach
Crooks hijack “Black Lives Matter” to spread zombie malware
Community-focused cyber security website abuse.ch has warned of a malware spreading campaign that is using “Black Lives Matter” to draw victims in.
Sneakily, the crooks have broadened the reach of their attack by keeping their emails short and objective – the crooks very deliberately haven’t taken a social or political position, but have instead invited recipients to comment anonymously on the issue.
Samples seen have their subject, body text, attachment description and filename chosen randomly each time from a list of similar text strings.
Read more here: https://nakedsecurity.sophos.com/2020/06/11/crooks-hijack-black-lives-matter-to-spread-zombie-malware/
Hackers for hire ‘targeted hundreds of institutions’
A hackers-for-hire group dubbed “Dark Basin” has targeted thousands of individuals and hundreds of institutions around the world, including advocacy groups, journalists, elected officials, lawyers, hedge funds and companies, according to the internet watchdog Citizen Lab.
Researchers discovered almost 28,000 web pages created by hackers for personalised “spear phishing” attacks designed to steal passwords, according to a report published on Tuesday by Citizen Lab, part of the University of Toronto’s Munk School.
Read more: https://www.ft.com/content/315aceba-935a-4e70-83c4-1d1fd7cf939b
Is a ‘Cyber Pandemic’ Coming?
For more than a decade, security leaders predicted that a “Cyber Pearl Harbour” or “Cyber 9/11” was coming that would dramatically change society as we know it.
However, over the past few years, these bold predictions that the Internet sky is falling have largely dropped off the map — until this past week under a new name.
The main reason that most cyber prognosticators dropped these scary predictions seemed to be an overdose of Fear, Uncertainty and Doubt (FUD) was bad for business and seemed to be getting old. Like constantly predicting the stock market will crash, people were getting tired of these messages. Rather, most experts started to shift to more of a pragmatic approach to future cybersecurity predictions, with ample research backing up claims.
But this trend quietly changed this past week, under a new name inspired by COVID-19.
While the majority of people were focused this past week on peaceful protests against police brutality and the death of George Floyd, or rioting in some cities, or the surprisingly positive jobs numbers and stock market performance, several well-respected leaders and groups are now predicting that a “cyber pandemic” is coming soon.
Read more here: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/is-a-cyber-pandemic-coming.html
UPnP flaw exposes millions of network devices to attacks over the Internet
Millions of routers, printers, and other devices can be remotely commandeered by a new attack that exploits a security flaw in the Universal Plug and Play network protocol, a researcher said.
CallStranger, as the exploit has been named, is most useful for forcing large numbers of devices to participate in distributed denial of service—or DDoS—attacks that overwhelm third-party targets with junk traffic. CallStranger can also be used to exfiltrate data inside networks even when they’re protected by data loss prevention tools that are designed to prevent such attacks. The exploit also allows attackers to scan internal ports that would otherwise be invisible because they’re not exposed to the Internet.
Billions of routers and other so-called Internet-of-things devices are susceptible to to the attack, however, a vulnerable device must have UPnP, as the protocol is known, exposed on the Internet.
The 12-year-old UPnP protocol simplifies the task of connecting devices by allowing them to automatically find each other over a network.
Read more here: https://arstechnica.com/information-technology/2020/06/upnp-flaw-exposes-millions-of-network-devices-to-attacks-over-the-internet/
Unsecured databases bombarded by cyberattacks
Security researchers often report finding unsecured databases online, waiting to be discovered and exploited. Sometimes, these databases remain unprotected for only a few hours, and on other occasions could sit open for weeks.
New research from Comparitech show that hackers are able to identify and exploit these unprotected databases much faster than businesses might think.
The firm set up a fake user database, which it intentionally exposed via an Elasticsearch instance. Only eight hours later, the database received its first unauthorised request (Comparitech broadly refers to these requests as “attacks”).
Five days later, the database was indexed on Shodan.io (an IoT search engine) and incurred two new attacks within a minute of the event, and 22 in total that day.
Over the course of the 12-day experiment, the database was attacked 175 times.
Read more here: https://www.itproportal.com/news/unsecured-databases-bombarded-by-cyberattacks/
60 percent of organizations expect to suffer attacks by email
Email is still a favourite attack route for cyber criminals a new study reveals, 77 percent of respondents to a survey say they have or are actively rolling out a cyber resilience strategy, yet an astounding 60 percent of respondents believe it is inevitable or likely they will suffer from an email-borne attack in the coming year.
The same threats that organisations have faced for years continue to play out with tactics matched to world events to evade detection. The increases in remote working due to the global pandemic have only amplified the risks businesses face from these threats, making the need for effective cyber resilience essential.
Read more: https://betanews.com/2020/06/09/attacks-by-email/