Cybersecurity Digest #22: 29/03/2021 – 09/04/2021

Cybersecurity News

• The IETF Internet Engineering Council has officially announced TLS 1.0 and TLS 1.1 cryptographic protocols as obsolete due to the security threats they pose. The IETF recommends that all companies, government agencies, and software developers use the current versions of TLS, TLS 1.2 and TLS 1.3, which are considered secure.
• A new practical cybersecurity guide from the National Institute of Standards and Technology (NIST) can help hotel owners reduce the risks to a highly vulnerable and attractive target for hackers: the hotel property management system (PMS), which stores guests’ personal information and credit card data.
• FBI and US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert warning that cyberattackers are actively exploiting Fortinet FortiOS vulnerabilities to compromise systems belonging to government and commercial entities. Fortinet FortiOS, an operating system underpinning Fortinet Security Fabric, is a solution designed to improve enterprise security, covering endpoints, cloud deployments, and centralized networks.
• Security researchers from Intel 471 told about EtterSilent, a flexible malicious document builder used by hackers to implement their criminal schemes. First advertised on a well-known Russian cybercrime forum, the seller offered two types of weaponized Microsoft Office documents (maldocs) to users: one that exploits a known vulnerability in Microsoft Office (CVE-2017-8570) and another that uses a malicious macro.

Cybersecurity Blog Posts

• Narendra Sahoo shared his opinion about the role of encryption in GDPR compliance. He mentioned what data encryption is and explained what the regulation says about encryption requirement.
• Axio have published an article about risk management wake-up call based on webinar led by Lisa Young – Axio’s VP of Cyber Risk Engineering. They state that risk analysis should be performed in relation to a business problem, risk management is an ongoing proactive process of tackling uncertainty and that risk is a balance of things organizations can and can’t control.
• Technology is changing rapidly, and IT teams need IT management tools that are keeping up with this pace of change. John Emmitt in his article told about Endpoint Management and its evolving role in IT.
• Hyperproof Team highlighted third-party risk theme. They have identified 5 areas where third-party risk typically exists: Regulatory/Compliance, Financial, Operational, Reputational and Strategic.

Research and analytics

• According to Check Point Research in the past 6 months, there has been a general increase in the number of attacks involving human-operated ransomware, such as Maze and Ryuk, and there has been a 57% increase in the number of organizations affected by ransomware globally. Worryingly, WannaCry, the wormable ransomware that made its debut four years ago, is also trending again, though it is unclear why. Since the beginning of the year, the number of organizations affected with WannaCry globally has increased by 53%.
• Akamai Technologies analysis has revealed that threat actors continued to double down on DDoS attacks in 2021. Attackers pick up the pace and raise the bar: In 2021 alone, they have already seen more attacks over 50 Gbps than they saw in all in 2019. DDoS attacks are getting bolder and badder and threat actors continue to expand their sights. The analysis showed a 57% increase in the number of different customers attacked year over year.
• To map the most targeted industries, IBM used data insights from 2020 attacks to look at what can be expected in 2021. The data showed finance, manufacturing and energy at the very top of a list of targeted sectors.
• Onapsis and SAP threat intelligence report has shown that critical SAP vulnerabilities being weaponized in less than 72 hours of a patch release and new unprotected SAP applications provisioned in cloud (IaaS) environments being discovered and compromised in less than three hours.
• The Annual Cyber Security Breaches Survey 2021 conducted by UK Government has revealed that cyber security breaches are a serious threat to all types of businesses and charities. Among those that have identified breaches or attacks, around a quarter (27% of these businesses and 23% of these charities) experience them at least once a week. The most common by far are phishing attacks (for 83% and 79% respectively), followed by impersonation (for 27% and 23%).
• Financial Cyberthreats in 2020 Report prepared by Kaspersky experts has shown that cybercriminals can easily adapt to new realities of the changing world. They keep updating their malware with new features and improving the detection avoidance techniques. The general statistics in all the areas we have analyzed (PC and mobile malware, phishing) is on the downward trend, which is a good sign.
• According to Kaspersky Consumer IT Security Risks Report 2021, 53% of respondents that were a target of ransomware (56%) paid the ransom to restore access to data stolen from them. Yet despite paying, 17% who paid the ransom didn’t get their data back.

Major Cyber Incidents

• Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers. MobiKwik also reinsured customers that their accounts are safe and that their financial information is stored in encrypted form.
• Data of 533 million Facebook users including phone numbers, Facebook IDs, full names, birth dates and other information have been posted online. With the Facebook data out in the public it’s safe to expect it to be used for cybercrime.
• Vehicle emissions testing platform Applus Technologies suffered a “malware” attack that caused them to disconnect their IT systems. At this time, Applus Technologies cannot provide a time frame for when they will restore service as State governments require them to go through a rigorous mitigation and testing process.
• The European Commission and several other European Union organizations were hit by a cyberattack, according to a European Commission spokesperson. As revealed by the spokesperson, the “IT security incident” impacted multiple EU institutions, bodies, or agencies’ IT infrastructure.
• Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series — the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update app.
• The Harris Federation, which runs 50 primary and secondary schools in London and Essex, fell victim to a ransomware attack just days after the National Cyber Security Centre put out an alert warning schools, colleges and universities about the “growing threat” of cyber criminals targeting education with ransomware. A ransomware attack has infected IT systems at schools across London, leaving tens of thousands of pupils without access to email or school-issued devices.