Cyber Security Threat Report - September Digest
We are pleased to present the?September edition of our Cyber Security Threat Report, a space where we highlight the most important and interesting cyber security concerns and developments from the previous month.?
This month the new State of Cloud Security report by Snyk has revealed that 80% of organisations surveyed have experienced a severe cloud security incident in the past year. This should be a wake-up call to all organisations to take security seriously and to get their head out of the clouds...
News
Her Majesty Queen Elizabeth II
With the sad news of Her Majesty Queen Elizabeth II passing earlier this month, we expect an upwards trend of phishing attacks as criminals exploit this unique situation. You should be alert and prepared to warn others against suspicious links and attachments surrounding the subject.??
Uber Hack
On the 15th of September, the mobility app Uber suffered a cyber attack. The attack allowed the hacker insight into internal vulnerability reports, systems, email dashboard, G Suite account, slack server and downloaded internal Slack messages as they shared screenshots of their findings with the public.?
The attacker had been quite upfront in their attack. By conducting a social engineering attack on an employee, accessing the VPN and scanning the intranet, Uber appears to use push notification MFA. People often don’t realise that MFA is also vulnerable to Man in The Middle (MiTM) attacks.?
It has now been identified that the criminal who goes by the alias ‘TeaPot’ has also hacked Rockstar Games (the developer of Grand Theft Auto). Both attacks followed a similar pattern, with social engineering forming an integral part of both.
How would an organisation protect against such an attack? For starters, using 'phishing-resistant' forms of MFA, such as FIDO2, would be an effective approach to preventing these social engineering attacks.?
Speaking on the situation, Dr Joseph Ikhalia had this to say:?
“One of the key takeaways from the Uber hack is organisations need to implement the Observe, Orient, Decide and Act (OODA) loop framework to contextualize real-time cyber threats faster and make appropriate reactive decisions swiftly.
By using the OODA loop, the unpredictability of social engineering threat vectors can be anticipated and contained before they become severe.”??
The North Face Goes South?
In a recent credential stuffing attack, 194,905 North Face customers have been impacted. A credential stuffing attack involves the theft and exploitation of stolen credentials (typically names, emails, addresses and the corresponding passwords). These details can then be used to hack into user accounts – another stark reminder to never reuse passwords across different websites.?
Revolut Data Breach
In another data breach, 50,150 customers of the FinTech company Revolut had their data compromised. Early signs point to social engineering, although the full details of the attack are yet to be revealed.
Samsung Hack – Is Any Phone Safe??
Last month and again, this month we report several malware alerts distributed by Apple. This month, we discuss the Samsung hack. With Samsung admitting that customer personal data has been compromised, it begs the question – are any mobile phone companies taking the necessary steps required to defend against the evolving threat??
New Malware Alerts
领英推荐
Apple
Apple has once again revealed new malware alerts this month. It begs the question – is Apple still the trusted provider that it once was??
CVE-2022-32917 is the second Kernel-related zero-day flaw that Apple has remediated in less than a month.?'Zero-day' is a term for flaws that the company has been aware of for zero days. therefore, having many can indicate that the internal security environment in which they exist is weak.??
Microsoft
This month Microsoft has again identified a new backdoor which allows advanced persistent threat (APT) actors to maintain persistent access to compromised systems. We like this diagram which helps to explain the attack.?
During Microsoft’s Patch Tuesday, five critical remote code executions (RCE) were fixed, alongside the actively exploited zero-day (CVE-2022-37969 - severity rating of 7.8) which, if exploited, could give a criminal system privileges.?
CVE-2022-37969 is a post-exploitation vulnerability, meaning that it can give a criminal system privileges after an attacker has gained access to a target system via other means (such as through social engineering). With Microsoft claiming that the vulnerability was publically disclosed prior to a patch being made available, we expect this vulnerability to have a major impact for months to follow.
WPGateway WordPress Plugin
When exploited, WordPress’ new critical vulnerability, CVE-2022-3180, can give a malicious attacker complete admin rights to the affected website. The WordPress plugin Wordfence is currently working to block attacks targeting the vulnerability.
If you think your site may have been compromised, you can check your users for the name ‘rangex’ and your site access logs for requests to: //wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1.
If these requests are present, they can indicate that your site has been attacked using an exploit targeting this vulnerability. However, it is always best to confirm with an expert.
Events
CYBERISLE 2022?
With less than a month to go for CYBERISLE 2022, we urge you to secure your tickets today to avoid any disappointment.?It is set to be a great day with various lectures, panel sessions, information stations and practical security advice across the day.
Features
‘Low-hanging Fruit’ In Cyber Security – What Is It??
We often talk about the 'low-hanging fruit' in cyber security... but what does this look like within an organisation and how can you address it? Find out here.?
?
What Is a Phishing Attack??
‘Phishing’ as a term is used a lot but what does an attack like this entail? Here, we discuss.?
?
Superyacht Cyber Security and COVID-19?
Two distinct subjects – how can they be related? Matthew Roberts explains.?
Thanks for reading! Be sure to subscribe for updates like this next month. Or, for more content in the meantime, check out our Cyber Blog.?