March Madness
On 21 March Forbes reported on a breach at Russia’s secret intelligence agency. The hackers managed to exfiltrate data from the agency which included ‘a new weapon ordered by the security service’. The weapon is reported to be a tool which executes cyber-attacks that target IOT devices. It is common knowledge that IOT devices are becoming omnipresent in the home and office environments in the first world, providing numerous benefits, including ease of access. Unfortunately, most device manufacturers and users themselves are notorious for implementing low levels of security. Consumers make their purchasing decisions predominantly on price with such equipment without paying much attention to the security features which they simply assume the manufacturers have sorted out. Considering that IOT devices are by definition connected to the internet pretty much 24/7, all users need to reassess their threat level before on one of them becomes part of a botnet or backdoor into their networks.
Source
Beware of Covid-19 coronavirus news items
Social media, instant messaging, email and the internet (as well as TV and radio which by comparison are safe media) are flooded with coronavirus warnings currently, which is understandable. One needs to be aware though that not all these alerts and notifications about the pandemic are legitimate and cyber terrorists have taken notes and disguised their attacks to mimic authentic Covid-19 news. F-Secure observed many of these which are documented in their blog, Coronavirus spam update: watch out for these emails – and Coronavirus email attacks evolving as outbreak spreads.
The Hypponen Factor
Mikko Hypponen, F-Secure’s Chief Research Officer, recently posted a warning on twitter urging ransomware gangs to stay away from medical organisations as the world faces the Covid-19 pandemic to help save lives. Coming from Mikko, one of the world’s pioneers of cyber security research, I wouldn’t take this warning lightly. Criminals aren’t guaranteed to actually stop their activities of course, just because they’ve been warned by someone with Mikko’s status, but at least some of the criminals have a decent streak in them as the Maze ransomware gang pledged to stop attacking hospitals the day after Mikko posted his message.
F-Secure has also released the webinar: Building resilience for the future featuring Mikko Hypponen as the speaker. Mikko addresses concerns and scams seen observed by F-Secure during this world crisis. Watch Here
Zoom takes centre stage as potential attack vector
In the midst of a global quarantine, the Zoom video conferencing tool is making headlines daily as it grows in popularity at an incredible rate. The company had 12.92 million monthly active users (Feb 2020), up 21% since the end of 2019. This would normally be great news for any company, especially in these challenging times, but sadly the increase in its users and share price has been overshadowed by negative publicity about possible security and privacy challenges when using the app. Zoom has certainly become a target for cyber criminals due to its popularity and the company has released statements saying that they are not releasing any additional features currently but focussing all their efforts on upgrading the security of their product in the interests of protecting its users. There’s been a dramatic increase in the amount of registered domain names, including those with the word ‘Zoom’ in the last month with the newly registered domains being used in phishing and scam email campaigns.
The following are Zoom safety tips from F-Secure
Windows SMB version 3 Critical Vulnerability
On March 12, 2020, Microsoft released an out-of-band Windows update to address a critical vulnerability detected in SMBv3. This after the vulnerability discovery was accidentally leaked to the public by security vendors who form part of the Microsoft Active Protections Program. This vulnerability only affects Windows 10, version 1903 and 1909, and Windows Server Core installations, versions 1903 and 1909.
Microsoft Security Update guide with mitigations