Welcome to Ironshare’s Cyber Round-up, where we take a look back at the events of that last week and handpick some of the news, posts, views, and highlights from the world of Security.
The Information Commissioners Office (ICO), the driving force behind upholding information rights and data privacy, have reported that since the introduction of the General Data Protection Regulation (GDPR) in May of this year, they have witnessed a dramatic 400% increase in disclosed cyber-security incidents.Within the first quarter of this financial year, 414 security incidents were reported to the ICO, jumping from an average of 90 incidents per quarter for the whole of the previous year.This increase coincides with the release of the GDPR which enforced that security incidents must be reported within 72 hours of discovering an attack or breach.In addition, the ICO have highlighted in their report that the main three sectors impacted specifically by data breaches were Health, General Business and Education, while the main victims of other cyber incidents were General Business, Finance & Insurance, and Education.As expected the top attack vector used in these reported incidents was the ‘phishing attack’, followed by the more generic ‘unauthorised access’ and ‘malware’ categories.What is clear from this, is not that there has been a 400% increase in attacks during this period, but that the GDPR is seeing signs of success with its mandated reporting period. That said cyber incidents are continuing to rise at pace, with more data breaches and attacks hitting the news every week.If you do not have an active cyber security strategy in place within your organisation, please get to work on it now, before you become the next victim.https://www.scmagazineuk.com/ico-reveals-400-increase-reports-cyber-security-incidents/article/1496828?bulletin=sc-newswire
Following on from our piece on the PWC Law firms report last week, we came across the Kroll Global Fraud and Risk Report which studies a number of different industrial sectors, analysing the risks associated with Fraud, Cyber and Security incidents.The manufacturing sector has consistently experienced a higher than average percentage of risks associated with Fraud and Cyber Security over the last few years. 86% of manufacturing companies surveyed, stated they had been affected by Fraud and 88% had been the victim of a Cyber Security related incident in the last 12 months.The most common type of fraud reported was in the form of data loss or theft, followed by corruption and bribery. While Virus and worm attacks lead the Cyber risks ahead, of phishing and data breaches.The report also highlights Cyber Security as the key aspect that board members found difficult to remain engaged with or provide meaningful direction to their organisation. Mainly due to complex technology or mechanisms being beyond their understanding.As with a lot of companies, focus is on technology as the major contributor to the success of attacks, which lends to the board issues mentioned above. If we can re-educate our board members in the understanding that, the end-user human element is often the primary cause of such attacks, then maybe they, along with senior leaders, can appreciate the important role they have to play in driving Cyber Security strategy from the top down.This report provides further evidence that no industrial sector or company is immune from the risk of today’s modern cyber-attacks.
The British Airways breach returned to the news late last week, with worrying information that an additional 185,000 customers may have been impacted by the earlier cyber-attack, increasing the scope of the personal information leaked to approximately 565,000 affected passengers.Full credit card information (including CVV numbers and expiry dates), names, billing information and email addresses for 77,000 customers have potentially been compromised. Additionally, personal details and credit card info for 108,000 passengers, this time without CVV, have also been identified.BA claims to not have conclusive evidence that confirms information was actually removed from their systems, but as a precaution they are proceeding as if it is has been.BA now face a huge fine in line with the GDPR, that could be as much as £500m, if the ICO decides to take action. Concerned customers should access the following BA website link for the latest information on what to do if they believe they are impacted.https://www.britishairways.com/en-gb/information/incident/data-theft/latest-information
Researchers at Armis Security have identified two Remote Code Execution vulnerabilities in Texas Instruments Bluetooth Low Energy chips that are found in common Wireless Access Point appliances.Devices affected by these vulnerabilities include Wireless Access Points by Cisco, Meraki and Aruba. Unfortunately, a bigger concern is that these vulnerable chips can also be found in medical devices such as pacemakers and insulin pumps.The first of the two vulns, CVE-2018-16986, exists in the BLE stack, where an attacker that is in the proximity of a vulnerable device, can send a specially crafted BLE frame and trigger a corruption in memory. The attacker is then able to run malicious code and potentially take full control of the device.The second vuln, CVE-2018-7080, exists in the Over the Air Downloads (OAD) feature of the chip’s firmware, and provides a backdoor to the product, simply by sniffing the OAD traffic and capturing the password used. Texas Instruments advises that OAD should be disabled by vendors prior to shipping.Cisco have advised that BLEEDINGBIT is only exploitable on a limited number of devices and is also not present in the default configuration of these devices. The BLE feature and scanning mode must be enabled for their devices to be vulnerable. The Cisco advisory is included below:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap
During the investigation of an active support case, Cisco have identified a Denial of Service vulnerability in their ASA and FTD security appliances, that can cause excessive CPU usage and has the potential to crash and restart vulnerable devices.The vulnerability exists due to improper handling of SIP traffic, and by sending specially crafted SIP requests, the attacker can trigger the issue on affected devices.Software updates to resolve this bug are currently not available, but there are several workarounds that can assist in the meantime, which include disabling SIP inspection and rate limiting SIP traffic.For details on this bug, the vulnerable devices and the workarounds available, please see the Cisco Advisory linked below:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dosAnd that’s it for this week, please don’t forget to tune in for our next instalment.
To keep up to date with our news and posts why not join our mailing list by using the link to subscribe: http://bit.ly/IronMailListYou can also follow us using the social media links provided.If your business needs to improve its security, kick-start your Cyber plans with our Free Cyber Assessment: http://bit.ly/IronFreeCyberReviewIronshare – Security SimplifiedEdition #15 – 2nd November 2018
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
