The world has been a busy place in the past week. There have been many activities in the cybersecurity domain, with newer methods being deployed to counter old schemes. The virtual world is rife with exploits and counter exploits; Let’s look at some of the cybersecurity headlines from this past week.
Maze Keeps It Going: Old Tactics In A New Bottle
The ransomware Maze has been around for a long time now. However, what technology could not do, a lowly virus did. There has been news that Maze ransomware would be shutting its operations down for at least six weeks.
It is currently trying to squeeze in the last penny from its existing ransomware victim, but the future looks uncertain. According to an associated threat actor involved in the earlier maze ransomware attacks, Maze is shutting its operations down. This has come as a relief to every cybersecurity unit around the world.
However, Maze has been hitting parting shots. It recently dumped 9GB of confidential data of Toledo Public Schools, hacked Fairfax County Public schools’ systems, and took off with employee data and other confidential information.
The shutting down of Maze may be a relief to cybersecurity specialists, but it merely seems the lull before the storm. Maze affiliates have already moved on to a newer system called Egregor, which has the same capabilities as Maze.
The end of one of the vicious ransomware does not mean the end of any threat. It merely suggests that a newer version is ready to be launched.
DDoS Attacks Which Made Headlines In Quarter 3, 2020
This quarter has been a relatively quiet one. There have been no major DDoS attacks that would plunge the world into a crisis. This would in no way mean that the virtual world had suddenly turned saintly. Perpetrators have been busy developing newer skills though there has been no news regarding any earth-shattering cyber innovations.
However, it wasn’t all silence as one might expect. There was an attack on the Docker environment, where another DDoS bot had joined the party. To those who wouldn’t understand the meaning of a DDoS, it is a distributed denial-of-service where there is a malicious attempt to disrupt the normal flow of information. It is usually done by targeting the major protocols (namely TCP, UDP, ICMP, HTTP) through phishing emails and spoofing the traffic source’s IP address.
Some of these attacks have resembled the Mirai attack that had used the vulnerabilities of Comtrend VR-3033 routers.
Other than this, there were a few ransomware attacks where extortion attacks were made for demands ranging from 5BTC to 20BTC, along with the caveat to increasing the intensity of the DDoS attacks.
Password Spray Attacks And Microsoft’s New Machine Learning Model To Counter It
As part of the National Cyber Security Awareness Month (NCSAM) in October, Microsoft has been urging member nations and organizations to improve their cybersecurity standards and invest more in fixing cyber vulnerabilities. Anti-phishing mechanisms have to be restructured since spamming and phishing attempts are becoming more sophisticated.
It did also announce the introduction of a new machine learning model that improved the last model and performed better in identifying sources of malicious intent about password spray attacks.
The earlier model was more of a heuristic apparatus which depended on the core failure mechanism while the new one depends on a list of factors:
- IP Reputation
- Unfamiliar log in properties
- Account deviations
The company has claimed that its new system has 98% precision.
Chinks In The Links: Privacy At Stake
Billions of links are passed on in millions of messages among telephone numbers all over the world. However, a new study revealed that this might have serious security ramifications. These links are usually intended for the recipient and contain sensitive information like financial transactions, bills, and medical records.
Apps generally rely on the servers to generate link previews. That is a gross violation of privacy, warns cybersecurity specialists – many apps do not provide link previews, which is a concern for everybody.
Some of the offenders are Threema, TikTok, and WeChat, which do not provide any link review. As of now, trust is the only thread that holds this premise. But the cyber world is a den of malice, and one can never anticipate the opportunities malicious actors could find in incidences like this to launch phishing campaigns against unsuspecting users.
Mobileiron: A Saga Of Continuous Attack
MobileIron’s Enterprise Mobile Device Management (MDM), a solution used to manage scores of mobile devices, has been under relentless cyber-attacks. There have been reports that several virtual actors have been trying to exploit the bugs in the MDM system and trying to penetrate the company networks.
It all started in September when a researcher posted a Proof of Concept regarding a bug in MobileIron. This talked about the apparent vulnerabilities and how they could be exploited.
The threat has been emanating primarily from DDoS bots and Chinese state-sponsored hacking groups. The three vulnerabilities, namely, CVE-2020-15505, CVE-2020-15506, and CVE-2020-15507, have been identified with the most hits.
Remote Work Environments: Not So Remote Anymore
This year has seen organizations scale up their work from home paraphernalia with great alacrity and speed. This was to keep the wheels of the industry rolling that were hit by the pandemic. Remote working became a byword, and most offices now function from the comforts of the home. However, despite the best efforts, a survey by Cisco found that only a few could scale up their remote operations while most were struggling at various stages.
The pandemic has thrown up more unique challenges in cybersecurity that has kept the cybersecurity specialist in every organization on their toes. Remote working does throw up important questions regarding privacy since working on collaboration tools is the new normal. 60% of the respondents were concerned regarding the same.
Georgia Election Data Under Peril, Ransomware Attack Suspected
Hall County, Georgia, faced the first of many expected malicious attacks on its databases. While it did not impact the process of voting, it was a wake call for local governments to lock their systems down and secure them immediately. There have also been relentless phishing attacks on vulnerable systems.
It is expected that as the election proceeds, there will be more vicious attacks that will aim at dumping sensitive data and extort ransom.
This incident undoubtedly urges for the need to adopt robust anti-phishing service by organizations, especially by the government authorities.
The Triton: A Russian Trojan
August 2017 saw a Saudi Refinery shutting down. Trails found confirmed that the Trojan was ferocious, malicious, and pure evil. Its sole intention was to disable safety systems and cause harm to the refinery.
The US Treasury has imposed sanctions on the Russian CSRI or Central Scientific Research Institute of Chemistry and Mechanics for leading the operation that almost blew the refinery apart. The malware responsible is known as Triton.
Investigators have found that the Trojan would be rendering the internal security systems of the refinery useless. This was a major breach of security, after which a thorough cleansing of the IT systems was held to check for embedded bots, which could later be activated to cause more harm.