FFT news digest Jun 25 2021

Ransomware..again

The good news; the first quarter of the year saw a decline in ransomware activity. The bad news; that's only because attackers are getting better at selecting their victims. "We first saw them use ransomware to extract small payments from millions of individual victims. Today, we see Ransomware as a Service supporting many players in these illicit schemes holding organizations hostage and extorting massive sums for the criminals," McAfee said in its June Threats Report.

Cyber criminals are just like burglars; once they've attacked a target successfully, they're very likely to return for a second bite. Cybereason found (R) 80% of organisations that chose to pay a ransom were hit by a second attack, almost half of them from the same group. The survey also suggests it's not uncommon for businesses to close down following a ransomware attack. In the UK, it puts that figure at 34%.

Threatening to publish stolen data is now commonplace, but one group has gone further in its efforts to pressurise ransomware victims into paying up. The Market is emailing competitor companies to offer samples of stolen information and try to scare their victims into handing over the ransom. Bleeping Computer

Threats

Phishing is still on the rise, with the number of such sites almost doubling in the first quarter of this year, according to PhishLabs. And Office365 login details are what the attackers want; they were targeted in nearly half of all credential theft emails.

WD My Book Live: If you own one of these storage solutions, you should disconnect it from the internet immediately. There are widespread reports of devices being remotely reset and files wiped. Western Digital Ars Technica

Trial subscription: Be suspicious if you see an email saying your trial subscription is about to expire. It's an ongoing campaign that in some cases even involves a call centre - and it's designed to persuade you to open a malicious spreadsheet. Microsoft Palo Alto Networks

BEC: Business Email Compromise is a multi-billion dollars business and a threat to every organisation, no matter how small. Cisco Talos has an excellent round up of how it works and how to protect yourself.

WiFi: If you see a WiFi network called “%p%s%s%s%s%n” (or something similar), don't join it! When a researcher did, he found that doing so permanently disabled his iPhone's WiFi functionality. Bleeping Computer

Google Docs: Ingenious attack starts with a link to what looks like a Google Docs file. Clicking on the link opens a fake but realistic Google Docs page and a link to download a Word file. Following that link opens a fake Google logon page. Clever, especially as Google does most of the work. Avanan

Speedy: Research found that once attackers managed to compromise a network, it took just an hour for them to start exploring it. THE DFIR REPORT

Fake ads: Malicious Google ads and web pages are used to lure users fake download sites for for secure messaging applications, such as Signal. eSentire

Cookies: It has emerged that a data breach at games publisher, Electronic Arts, was achieved through buying a stolen cookie. These small text files can enable an attacker to masquerade as a genuine user. It's another reason to protect your devices. Motherboard

Passwords: Want another reason not to use a weak password? A researcher explains how he used one to connect to a VPN and access a local network.

Leaky cloud

As more and more of our clients move data into the cloud, a report highlights the resulting risk that information will be exposed. IDC says almost all (98%) of the companies it talked  to had experienced at least one data breach in their cloud storage over the past 18 months. That compared to 79% for the previous yea . The survey suggests even large organisations are failing to invest enough to protect their cloud assets. We're firm supporters of cloud solutions, but there's no denying that there is a significant overhead in managing them effectively and it's essential to keep this in mind when planning a migration.

Out of control

New research found that 95% of Europeans believe data privacy is important, but barely half of them feel in control of their personal data. Kaspersky's survey of 8,000 Europeans showed Hungarians were most concerned about data privacy, while Danes cared the least. In the UK, almost three quarters of those surveyed said they would be prepared to provide healthcare, movement and contact data in order to return to bars, restaurants, large events and to be able to travel abroad. Kaspersky highlights some basic things we can do to take control of our data, including checking on breaches, deleting unused accounts and investing in a password manager.

BYOD

As Gartner predicts a huge and permanent increase in home-working, a bevy of surveys suggest more focus is needed on securing remote workers. “Our research uncovered a plethora of evidence that shows organisations are not paying enough attention to securing unmanaged personal devices and why the time is now for them to think differently when it comes to securing BYOD [Bring Your Own Devices],” Cybersecurity Insiders said. A separate report looked at remote workers in the US and found most of them were paying at least $100 for security measures to fill the gaps left by their employers.

Surveillance

An international coalition of consumer protection, digital and civil rights organisations and data protection experts has called for a ban on “surveillance-based advertising." "The collection and combination  of  information about us not only violates our right to privacy, but renders us vulnerable to manipulation, discrimination and fraud," according to the very active Norwegian Consumer Council. The call coincided with an announcement by the European Commission that it has begun investigating Google for "possible anticompetitive conduct" in the market for online advertising technology.

In brief

Data Protection: EU states have backed a plan to allow personal data to carry on being transferred to the UK from the end of June. However, the 'adequacy' decision depends on UK law remaining unchanged...and the Westminster government has been talking about altering it. Reuters

Remote control: Owners of smart thermostats in Texas were surprised to find their air conditioning settings changed remotely in an effort to cut energy usage during an extreme heatwave. Motherboard

Water: The extraordinary drought in the the American West has focussed attention on the gargantuan amount of water required to cool the data centres that have been springing up in the region. NBC News

Facial recognition: European data protection authorities have called for a ban on facial recognition in public spaces. Meanwhile, a US company is putting face-tracking screens in the back of Ubers.

Nigeria: After blocking Twitter’s operations, the federal government is pushing forward legislation to control all forms of internet broadcasting and social media in the country. TechCabal

Underground: Mobile coverage will be extended to the whole of London's tube network by the end of 2024. TfL

Smile: A Chinese subsidiary of Japanese camera company, Canon, has installed cameras designed to detect whether employees are smiling - and refuse entry to offices if they're not! Nikkei Asia's report on surveillance in China redefines 'dystopian'.

Mayflower: An autonomous vessel attempted to sail from the UK to the US but lasted only three days before it had to be rescued. Mayflower Autonomous Ship

Updates

Sonicwall: This is really not good. It turns out that a serious flaw in SonicWall's VPN appliances wasn't fixed by an update that was released last year. Another update has now been issued that (hopefully) will resolve the issue.

Google: Has announced an imminent security update to its Drive storage service (which may be connected to the issue described in Threats above). It has warned the change may break links to some existing files and so it's worth reading their announcement. It's unfortunate that the email announcing the change looks very like a phishing message.

Dell: Important update for serious vulnerabilities in the SupportAssist software which is preinstalled on almost all of Dell's Windows devices. This is not a first offence.

Apple: Updates for iMovie, Final Cut Pro, Motion, and Compressor include new features and bug fixes.

Tor: Tor Browser 10.0.18 fixes numerous issues, including a vulnerability that allows sites to track users by identifying the applications installed on their devices.

Lexmark: Multiple updates for Lexmark printers, but a fix for a separator vulnerability in a software installation package is still in the works.

VMware: Update to address high-severity vulnerability in VMware Tools for Windows.

SecureDrop: Version 2.0.0 is a major change with multiple fixes.

Windows 10: If your device is squeaking at you, then you might want to install Microsoft's latest fix!

Windows 11: And finally...Microsoft has revealed details of its new operating system which is likely to be released in the last quarter of this year and will be a free upgrade. For organisations, the key element is that Microsoft plans to split development into two branch; a Windows 10 branch for enterprises that want to delay migration and the full Windows 11 for consumers. Bleeping Computer has a good round-up of what's new.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved