Nothing remains static forever; after all, change is the only constant in the world! Naturally, this applies to the world of cyber security as well. Many developments take place in the digital world, especially in the field of Cybersecurity, daily. Since it is humanly impossible to keep track of all these changes, the least we can do, as cyber security enthusiasts, is to stay updated on the most prominent news headlines about cyber and email security services, and all their aspects. To aid you better, here are the top updates on Cybersecurity for this week:
Held in Mumbai on June 6th, 2019, the 8th India Business & Resilience Summit 2019 was organized for several nations to come together and discuss vital issues related to cybersecurity, such as BCM(Business Continuity Management), IT Disaster Recovery, Emergency Response & Crisis Management and Security. The finest brains from India, UK, US, Sri Lanka, Bangladesh, Pakistan, and the Middle East took part in this summit, which was organized by Continuity and Resilience (CORE), and supported by The BCI – UK.
This summit was attended by well over 150 well-known people from the industry, who shared their knowledge and gained perspectives on various BCM projects. The format of the summit included educational sessions (Keynotes, case studies, and panel discussions) followed by networking events (Reception, Lunches, Coffee Breaks and Gala Dinner) and finally, business card exchange session and tabletop displays.
Businesses around the world claim to have unclassified ‘dark data’ in their organizations, because of which attackers found an easy way into their system. A research done by Veritas Technologies – a worldwide leader in enterprise data protection and software-defined storage, found that more than 50% of companies’ data mines remain unclassified and “in the dark,” even as data protection laws and IT security threats grow globally.
This research took into consideration the views of 1,500 IT leaders and data managers, who are employed in 15 countries around the globe, and here are some of its findings:
- Around 52% of data within organizations is untagged or unclassified.
- 61% of respondents claimed that their companies had classified less than half of data, that sits in the public cloud.
- 67% of respondents said they had classified less than half of the data stored on mobile devices.
- Merely 5% of companies in the whole lot reported that all data which is locked in the public cloud is classified.
- And only 6% of respondents said they had classified all data that dwells on mobile devices.
The Internal Revenue Service (IRS) has warned consumers to look out for two new variations of the tax-related phone and e-mail scams that have been recently identified. The phone scam makes use of a pre-recorded message that informs the victim that their Social Security number will be suspended or canceled as he/she owes due taxes. On the other hand, the e-mail phishing scam involves a fake agency – “Bureau of Tax Enforcement” using the same reason to instill fear in the victim’s mind.
Taxpayers have been advised by the Cybersecurity and Infrastructure Security Agency (CISA), to review the IRS Alert and CISA’s Tip on Avoiding Social Engineering and Phishing Attacks, to be better trained for avoiding tax scams throughout the year.
A senior British cybersecurity official said that the standards of cybersecurity at Huawei lag, as compared to rivals. It is apparent that the Chinese Technology firm is aware of its cybersecurity flaws, but has maintained a laid back attitude all along. The world is skeptical of the genuineness of Huawei, and this has been explicitly expressed by the US, which fears that Beijing will take advantage of Huawei’s involvement in the development of 5G networks, to develop its intelligence overseas. The UK too has raised similar concerns, but GCHQ has assured that past risks can be managed, but what needs to be addressed now are the new emerging flaws in the security standards of the company.
It is only after a British government report had come out in March that the company resolved to spend a sum of $2 billion to address the security lapses, but also informed that the results of the process could take up to five years, to be evident. However, Ian Levy, Technical Director of Britain’s National Cyber Security Centre, which is a part of the GCHQ signals intelligence agency, noted that he hadn’t seen any stern action being taken by the company and feels that if they make a formal announcement of their plan, only then it would reassure the world.
Cybercriminals succeeded in stealing nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. A total of 3.2 million Ripple coins (XRP) were seized by the attackers, which equates to around $10 million.
The company GateHub surprisingly did not notice any unusual activity and it is only after the coins were stolen, that they looked into the matter and found out that there has been an unexplainable rise in Application Programming Interface (API) calls using valid access tokens in the recent past, that interestingly, came from a small number of IP addresses.
What has been done?
- Although GateHub claims that it was not a result of any flaw within its system, the company has extended an apology to its users.
- The company has taken the matter very seriously, and the investigation continues for the same, and therefore no official conclusions have been made about the issue.
- The mystery of how the attackers could decrypt the secret keys remains unresolved, but the company has disabled all the access tokens with effect from June 1st, 2019.
After the scammers carried out Google ad infiltration on the Best Buy ads, they have once again, successfully targeted the Google Search Ads. This time around, the target words are “Lowes” and “PayPal”, which are widely searched by people. The exact conditions for carrying out the tech support scam, or the legitimate site used by the hackers, have not yet been figured out but it is speculated that frequency caps have been placed on the periodicity of users being redirected to the scams, in a single day.
When a user searches for the keyword “Lowes,” he/she is redirected to a tech support scam. This legitimate looking ad appears first on the list of the search item results and comes with a real-looking URL: www.lowes.com. Naturally, a user tends to believe what he/she sees on the screen, to be genuine, and hence, they click on the link. However, they are led to a site that determines whether the visitor will be redirected to Lowes.com or the tech support scam, based on several conditions.
What are its effects and measures taken?
- These scams prove to be comparatively more troublesome for Firefox users, whose browsers freeze up and become unresponsive unlike Chrome users, where it is somewhat easier to close the browser.
- These scams are hard to detect as they only show the ads a couple of times until they blacklist the user for some time.
- Google has been informed about this scam, and they have resolved to fix the issue.
Microsoft has issued a red alert for European users, with e-mail addresses written in various European languages. It has announced the impacts of a recent malspam campaign that drops a backdoor Trojan, by abusing an MS Office vulnerability from 2017. A special warning for the European users has been issued because they are most likely to become victims of this malspam campaign.
The functioning of the malspam campaign
Malicious RTF documents are attached to the e-mail, in the scheme of the campaign, that downloads a backdoor Trojan, when opened, without any user interaction. By exploiting the above-mentioned patched Office vulnerability of 2017, the RTF documents download the malicious payload into the user’s system.
Though the backdoor trojan’s C&C server has been taken down since Microsoft issued a security alert, it is advised that users update the November 2017 Patch through security updates, to avoid any vulnerability in the future.
As reported by Chinese networks, most of the cyber-attacks they record, originate from the US. As per an annual report released by China’s National Computer Network Emergency Response Technical Team (CNCERT), more than 14,000 botnet command and control servers (C&C servers), or Trojans based in the US, were controlling 3.34 million computers in the Chinese mainland in 2018. This figure was up 90.8 percent from the C&C server number in 2017.
It recorded further that, 3,325 IP addresses of attacks, were from the United States. When it came to overseas sources of cyber attacks, which were targeting computers and websites in the Chinese mainland, the United States topped the list, according to CNCERT (a non-governmental organization of network security technical coordination formed in 2002)
A new form of cyber-attack developed by adversaries threatens website owners to get their websites blocked forever if they fail to pay 0.3 BTC. Cybercriminals send an e-mail to the website owners, saying that the site’s reputation will be sabotaged by the attacker, by means of sending hundreds of spam and abusive messages to thousands of websites, from their domain. By using the same tactic of instilling fear through fake threats, these attackers then ask the victim to pay a 0.3 BTC ransom, to avoid the website from getting blocked.
However, one must know that doing such a thing will mean severe repercussions for the attacker, and hence, it’s not feasible for them to execute this threat.
What to do if such an e-mail appears in your Inbox?
In case such an e-mail pops up in your mailbox, remember it is just a spam. Do not lose your sanity and give in to those baseless warnings. Think calmly and sensibly, and mark the mail as spam and delete it.
Russia has taken severe measures to give shape to its quest to create a national internet of its own, disoriented from the internet infrastructure followed worldwide. The warning to VPN providers is a testimony to the same. Virtual private network (VPN) service providers have been warned by the Russian government to immediately link their servers to a government-run IT system within 30 days, failing which, would put them on a blacklist. This shall, in turn, make it difficult for citizens to evade any censorship of websites which may have been banned inside a particular country, but were accessible to them via VPNs.
Out of the 10 VPN providers, only one provider – Kaspersky Lab (Moscow based) has complied with the request and the remaining nine companies have said that they shall not comply. A fact to be noted is that the law, enforcing this ban was passed way back in August 2017, but has been disregarded by companies worldwide including Google, which had to pay a fine of 500,000 rubles ($7,530) in December for the same.
What are the consequences for VPN providers?
According to Roskomnadzorn Russia’s telecommunications regulator, the 9 VPN providers, which have failed to comply with the law, will be blocked. The VPN providers, on the other hand, have started preparing for the blockage, and have already shut down their servers in Russia, anticipating a seizure by the Russian authorities.
A VPN provider named Hide My Ass, which is a subsidiary of Avast Antivirus, and provides free antivirus protection to the users, has pulled out its operations from Russian market completely.
Security researcher Armin Razmjou has detected a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim. These two popular and influential command-line text editing applications that come pre-installed with most Linux-based operating systems have a flaw that gives attackers access to your Linux system if you open an innocent looking, but specially crafted file, using Vim or Neovim.
The solution to this vulnerability is to immediately install the updates released by the maintainers of Vim (patch 8.1.1365) and Neovim (released in v0.3.6) to address the issue. It is also advised to disable modelines feature, “modelineexpr” and to use “securemodelines plugin”, instead of Vim modelines.