Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
During the last Conservative leadership election, there were concerns over the security of the online voting system. The NCSC reported on this stating that the system “could be vulnerable to outside interference”. This time, the Conservative party chairman has said that they are “satisfied that the online voting system will be secure”. The process seems to be a little different this year, with voters being sent a paper ballot as an alternative; voters are now required to use two security codes sent by mail before being able to vote online. There are still some fears over its security, with the Chief Executive of Oxford Information labs claiming it is “highly unlikely that they will have the resources needed to handle the cyber security satisfactorily”.
By BBC.co.uk
SonicWall are widely known as a trusted publisher of ransomware threat intelligence, and their latest reports show exactly why security professionals are so concerned. SonicWall’s threat data for the third quarter of 2022 shows that there was an average of 1,014 ransomware attempts per customer, with 91% of IT leaders naming financially motivated attacks as their primary concern. There has been a 31% decline in ransomware attempts worldwide when compared to 2021, however this quarter alone exceeds the numbers seen in four of the last 5 years. With how easily executable ransomware attacks are becoming it is very unlikely this volume will decrease any time soon; this shows just how difficult it is to be a security professional in 2022, as the demand for cybersecurity continues to rise.
By prnewswire.com
Interserve, a UK construction group, has been fined £4.4 million for failing to implement adequate cyber security measures, resulting in a significant data breach. Interserve failed to stop a phishing email that an employee downloaded, and subsequent anti-virus alerts were not investigated appropriately causing 283 systems and 16 accounts to be compromised. The attack also stole information on up to 113,000 employees and encrypted all current and former employees’ information; Bank account details, national insurance numbers, ethnic origin, sexual orientation, and religion were included in the stolen data. The Information Commissioner’s Office reported that Interserve used outdated software and protocols, lacked appropriate employee security training, and had insufficient risk assessments. “Leaving the door open to cyber-attackers is never acceptable, especially when dealing with people’s most sensitive information. The biggest cyber-risk businesses face is not from hackers outside of their company but from complacency within their company.” stated John Edwards, the UK information commissioner.
By TheGuardian.com
The Australian Institute of Company Directors faced an embarrassing reality after their live-streamed LinkedIn Cybersecurity event was the victim of a scammer. Due to “technical issues” the event failed to start on time. During this time an account uploaded a link into the comments section imitating a link from Everbrite stating the online event has moved location, upon access the site requested card information to access the new event. The AICD warned about the link and requested viewers not to click links in the chat window and then proceeded to post its link in the chat window. The event was soon cancelled. “The AICD apologises sincerely for the unacceptable issues with the LinkedIn Live event," said AICD Managing Director and CEO Mark Rigotti. "We recognise this experience has fallen well below the high standards our members rightly expect of the AICD.”
By BitDefender.com
Vice Society, formally identified as DEV-0832, has been seen to be using ransomware to target the education sector (primarily in the US) due to weaker security measures in place. Previously Vice Society has used BlackCat and QuantumLocker payloads, but the latest campaign utilises a Zeppelin variant. Their initial method of compromise is thought to be exploiting vulnerable web applications and using compromised accounts. After the ransomware is deployed and the data exfiltrated, a ransom is sent to the victim to pay or face their information being posted on the Vice Society’s [.]onion site. The group has gone to significant degrees to stop remediation methods. Microsoft has reported Vice Society has compromised two domain administrator accounts and had the passwords of over 150,000 users reset, locking out legitimate users before deploying the ransomware.
By Microsoft.com
A North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. The South Korean cybersecurity company S2W has named the malware families FastFire, FastViewer, and FastSpy. “FastFire is disguised as a Google security plugin, the FastViewer malware is disguised as a Hancom Office Viewer, and FastSpy disguises itself as a remote access tool based on AndroSpy.” This was said by researchers Lee Sebin and Shin Yeongjae. Kimsuky is believed to be tasked by the North Korean regime with a global intelligence-gathering mission, disproportionately targeting individuals and organizations in South Korea, Japan, and the U.S.
By TheHackerNews.com
The Cisco Product Security Incident Response Team discovered a pair of vulnerabilities in October 2022, both of which have seen attempted exploitation in the wild. Both flaws exist in the AnyConnect Secure Mobility Client for Windows, which is used as a Secure VPN service for remote work. One of the flaws allows an attacker to exploit the service to execute code with SYSTEM-level privileges, the other is an uncontrolled search path vulnerability and exists in the installer component of the client. Both of these vulnerabilities were addressed in the latest update for AnyConnect; all users are advised to apply this update as soon as possible.
By TheRegister.com
On Monday, Apple released security updates that has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year. Apple has revealed in a advisory that they are aware of reports saying the security flaw “may have been actively exploited.” The bug (CVE-2022-42827) is an out-of-bounds write issue reported by an anonymous researcher and caused by software writing data outside the boundaries of the current memory buffer. This could result in things like data corruption, application crashes, or code execution because of undefined or unexpected results (also known as memory corruption) resulting in subsequent data written to the buffer.
By BleepingComputer.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #209 – 28th October 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
