Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Over the past few years, we have seen a shift in how weshould be approaching Password Security, and with the death of the passwordstill years away, we must focus on educating users with good practice guidance,while delivering technical controls that simplify the whole process for ourusers.
Overall the industry felt that with the average businessuser now having close to 200 passwords, there was a real need to look atsimplifying both the guidance provided, and how we enforce the use ofpasswords.
Barely a few days go by where we are not hearing about thelatest high-profile data breach, and unfortunately a large portion of theseevents are caused by bad password security.
In the past we have tried to tackle this problem purely froma technical standpoint, and by implementing increasingly complex restrictions,us techies have made life more difficult for our users and ourselves.
Combining these password complexities, with anever-increasing number of online services that need an account, has led tousers trying to simplify things themselves. Users have resorted to using badpractice such as writing passwords down, using weaker more memorable passwords,and reusing the same passwords for multiple accounts.
The guidance provided here is not meant to be the silverbullet that solves all your password problems, but through continued educationand practice, we can make significant improvements and reduce the risk to ourbusiness and personal accounts.
Mayflex, a West Midlands based leading supplier of convergedIP solutions including infrastructure, networking and electronic security, havebeen notifying their customers this week, after receiving reports that severalcustomers had been contacted with a request to change the bank details used formaking payments to Mayflex.
An initial email titled ‘Bank Email Security’ was sent outby Mayflex on the 26th February, warning of fraudulent phone callsthat had been received by a number of customers, asking them to change theMayflex Bank account details they had on record.
In their notification email, Mayflex stated:
“We have recently been notified of some fraudulent activity and we would like to take this opportunity to encourage you to be vigilant about the communications you receive from Mayflex.”
Mayflex have advised to ignore any such calls and if in doubt, customers should refer to the bank account details contained in their invoice.
The notorious Monero crypto-miner Coinhive is shutting down allits operational services on the 8th March 2019.
Coinhive is a browser-based cryptocurrency miner which hasachieved infamy due to being regularly abused by malicious actors. The minerscode can be easily installed on web sites, where it can use all or a portion ofa devices compute resources to mine for crypto coin, for as long as a user isbrowsing the site.
Cybercriminals have taken advantage of Coinhive’s ease of use, by hacking websites and installing the small piece of java script, that when left in place continues to mine Monero coin and adds it to the criminal’s accounts. This malicious practice became known as ‘cryptojacking’ or ‘drive-by mining’.
Coinhive have blamed the shutdown on a huge depreciation inmarket value which has hit them hard and resulted in a reduction in both miningtraffic and profits.
Cisco have released a security advisory for the Small OfficeHome Office RV router range, after a critical vulnerability was discovered inthe routers Web Management interface.
This vuln has received a CVSS rating of 9.8 (10 being the highest level of criticality) and is due to improper input validation, when a user enters data on the web management interface.
An attacker that succeeds in exploiting this flaw, can gain higher level privileges (e.g. admin / root) that allows them to execute code on the underlying operating system of the device.
The following devices in the range are impacted by thisflaw:
Cisco have provided updates to address this vuln, which areavailable via the Software Center on Cisco.com, and as there are no known workaroundsit is advised to update your devices as soon as you can.
Vulnerabilities such as these give us further evidence andsupport why web management interfaces for your network devices should not bereachable from the internet.
Always ensure that you only manage your devices from a trustedmachine on the internal network, and of course keep your devices updated withthe latest software from the vendor.
For further information on this vuln please see the linkbelow.
Cybercrime groups continue to fill their pockets and steal personal information of unsuspecting users, through the use of Magecart, a malicious piece of code used to skim personal info and credit card details from infected websites.
Magecart has been in use for a while now, but really gained notoriety in mid-2018, with numerous large high-profile breaches such as Ticketmaster, British Airways and NewEgg.
What makes Magecart special is that the hackers do not needto compromise the site or infrastructure. By simply adding small lines ofskimming code into existing javascript, or scripts that are called from a third-partysite, user data can be captured and sent to the attackers for criminal gain.
RiskIQ, a cyber-security company that follows and classifiesMagecart groups, has issued a report that shows the activity of a certain groupthey call ‘Group 4’ and how they have had to advance and evolve their operationto a professional level, in order to stay under the radar.
Group 4 are now using a consolidated infrastructure ofdomains and IP address, condensed code, stealth techniques to hide code in knownsafe libraries and constant updates that includes testing to ensure code isoperating as required.
And that’s it for this week, please don’t forget to tune in forour next instalment.
Why not follow us on social media using the links providedon the right.
Ironshare – SecuritySimplified
Edition #31 – 1st March 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
