FFT news digest January 28 2022

Exploiting the pandemic

Along with the rest of the cybersecurity community, when the impact of COVID-19 became clear, we warned that the pandemic would provide fertile ground for cyber criminals. Alas, surveys show just how fertile it has been. In the latest, Software Advice found that 62% of small and medium-sized organisations in the UK have experienced an increase in the number of attacks over the past two years.

Common weaknesses include careless employees, poor network security, software bugs, and unencrypted data. Passwords and authentication continue to plague smaller organisations, with 39% of those surveyed admitting to reusing passwords on work accounts. A separate study by Proofpoint found that negligent insiders were the root cause of 56% of incidents, with malicious or criminal motives behind 1 in 4 cases. The 2022 Cost of Insider Threats Global Report lists signs that an organisation might be at risk, including lack of training and use of unapproved cloud storage.

And social media fraud remains a key threat, with the US Federal Trade Commission reporting that more than 95,000 people lost total of $770 million last year. That's up from $258 million in 2020 and $42 million in 2017. Cryptocurrency scams were a key driver behind the increase, but the largest number of reports originated in online shopping fraud where criminals advertised misleading or nonexistent products on social media.

Threats

Email: Exploit broker, Zerodium, has increased the amount it will pay for ways to break into Outlook and Thunderbird, meaning its customers have decided they're key targets. The bounty for Outlook has gone up from $250,000 to $400,000. Do make sure those email apps are up-to-date.

Upgrade: Microsoft has warned Office 365 users to watch out for emails referring to "Q1 bonuses" and asking them to install an app called Upgrade. Doing so will result in requests to give it multiple permissions which will then be used to steal information.

Powerpoint: There's a growing trend to use malicious PowerPoint files to distribute malicious software. They work by exploiting macros, so don't be tempted to enable them. Netskope

Android: Particularly nasty malicious software steals data from your Android device - and then factory resets the device. Cleafy

Instagram: Attackers are hijacking the Instagram accounts of companies and influencers, and demanding a ransom. The scam uses messages that appear to come from Instagram and refer to a copyright infringement (very like the Twitter campaign we reported last week). Secureworks

Card fraud: Very convincing scam leverages text messages and voice calls to steal card details. Marcus Carey

Germany: Businesses are being targeted by the APT27 Chinese-backed hacking group, according to German intelligence. The aim appears to be to steal sensitive information and possibly target customers. BfV

Football: Sites impersonating prestigious clubs including Liverpool and Chelsea were used to tempt users and deliver a range of information stealing tools. Proofpoint

Tax: With tax season beginning in the US and ending in the UK, criminals are seeking to persuade us to use one of their fake apps, which often masquerade as real ones. Help Net Security

Pegasus targets Human Rights Watch

The latest victim of Pegasus spyware is a senior staff member of Human Rights Watch. The New York-based organisation said the tool was used against its Crisis and Conflict director who is based in Beirut and is responsible for several countries, including Syria, Myanmar, Israel and the Palestinian territories, Ethiopia, and Afghanistan. The attack came to light when Apple notified the director that she might be the target of state-sponsored attackers. It appears a zero-click exploit was used, meaning there was nothing that could be done to defend against the attack. The chairman of the NSO Group resigned this week, in a move the company said was not related to the controversy surrounding it.

Cyber Essentials revamped

A reminder that the UK government has introduced significant changes to its cybersecurity certification scheme, Cyber Essentials. The new requirements, brought in on January 24, include revisions to the use of cloud services, as well as home working, multi-factor authentication and password management. Interestingly, home routers are no longer in scope, with firewall controls required to be implemented on user devices instead. That doesn't make much sense given the increase in home-working and the lamentable security flaws in many routers, but Cyber Essentials remains a good foundation for cybersecurity and we will continue to recommend it. Any certificates issued before January 24 will remain valid until they expire. More details are available from IASME which administers the scheme.

Watering holes

Booby-trapped websites are an increasing threat, especially to those at risk of attack from China. In the latest example, ESET identified a new strain of malicious software designed to target macOS devices by exploiting vulnerabilities in Safari. ESET says it was found on a media outlet and a pro-democracy website aimed at Hong Kong residents. In November, Google researchers published details of a similar attack. For anyone researching China-related stories, especially Uighur issues, it's essential to take advice to secure browsing sessions. Needless to say, VPNs or Private/Incognito browsing don't offer any protection.

WhatsApp spying

We advise against the use of WhatsApp for highly sensitive communications, not because the content of messages can be intercepted (it can't), but because of all the other information they contain. Reclaim the Net takes a detailed look at what this information comprises and why platforms like WhatsApp have no choice but to hand it over to the US government. In particular, it examines the cases of seven users located in China. Meanwhile, in one of this week's more bizarre stories, the ABC reports that a Chinese businessman hijacked the Australian Prime Minister's WeChat account. The new account is named "Australian-Chinese New Life" and promises to provide tips to new arrivals from China.

In brief

Geopolitical tensions: The UK National Cyber Security Centre has published advice on what to do at times of heightened international tension. It lists a number of actions which, frankly, are things that should be done anyway.

QNAP: Network-attached storage devices are the target of a new ransomware campaign. QNAP is urging customers to ensure they are secured correctly.

Facebook: Parent company, Meta, is launching one of the world's most powerful supercomputers to increase its capacity to process data, saying it will enable it to process images and video up to 20 time faster than current systems.

Google: Kudos to Google for implementing an early warning system in Google Drive that will alert users of potentially suspicious files that could be used for malware delivery and in phishing attacks.

Generations: Criminals are smart, and so they're targeting different age groups with the devices and platforms they're most likely to use. For older people, that means laptops and desktops. For younger ones, it's smartphones and TikTok. Avast

EV charging: Electrical vehicle charging stations are susceptible to a range of attacks that can be used to target the user, their vehicle, or the station itself. TNW

Errant robot: And a little ray of joy, courtesy of a Cambridge Travelodge. Its assistant manager took to Reddit with the tale of a robot vacuum cleaner and its bid for freedom. "They normally sense the lip at the entrance and turn around but this one decided to make a run for it," he said. It was later found under a nearby hedge. BBC

Updates

macOS: Monterey 12.2 addresses a range of issues, some of them being actively exploited. There are also updates for earlier macOS versions, though these may not be available yet.

iOS: Version 15.3 also aims to fix serious vulnerabilities in the iPhone and iPad operating systems.

Safari: A researcher has provided details of some positively scary bugs in Apple's browser that could have been used to hijack a user's online accounts or control their webcam. The issues have been fixed by a series of updates, so do check your browser is up to date.

Firefox: Version 96.0.3 fixes issues with "telemetry data". Translated, this means Mozilla's browser was reporting information that shouldn't have been sent.

SonicWall: It's vital to to ensure that Secure Mobile Access (SMA) gateways have been updated. Vulnerabilities addressed last month are being actively exploited.

VMware: Customers are being urged to ensure they have updated their Horizon servers to fix critical Log4j security vulnerabilities. These are being exploited in ongoing attacks.

Zimbra: Updates for Zimbra 9.0.0 and 8.8.15.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved