Are hackers trolling us all?
Sometimes it seems that way. The frequent breaches against bodies that should have rock-solid cyber security – the UK police and heavy-duty US casinos, for instance – appears to be a statement.
Something along the lines of, ‘We can get them. And that means we can get you, too.’
Two important points to take away from this month’s updates.
1) You must ensure third-party suppliers adhere to high-security standards – because their sloppy practices could come back to haunt you.
2) Phishing can be devastatingly effective and neutralise all of your security protocols. Train your people to recognise this scam.
Here’s all the latest.
UK Police falls victim to ransomware. Again
Just a month after the Police Service of Northern Ireland’s data breach comes news of a ransomware attack affecting Greater Manchester Police (GMP) and Metropolitan Police.
A company that supplied ID cards to both forces and holds private data to various public sector workers was hacked by a ransomware gang. The third-party supplier provides warrant cards (including names, photos, ranks and serial numbers) to the forces.
Over 12,500 GMP staff have been alerted about their personal data being exposed. There is a particular fear about the safety of undercover officers’ identities being revealed.
The incident has prompted serious concern about the data protection practices within the UK’s police forces. The National Crime Agency, the National Cyber Security Centre and the Information Commissioner’s Office are jointly investigating the incident.
Hackers hit MGM jackpot with one phone call
Danny Ocean, George Clooney’s character in Ocean’s Eleven, needed a highly skilled gang of eleven thieves to break into Las Vegas’ secure casinos. All it took a ransomware gang was a ten-minute phone call.
The ALPHV ransomware group has been bragging on underground forums about how easy it was to hack into the world-famous casino conglomerate. “All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk” they claimed.
The call showed social engineering at its most devastating. The MGM employee was lulled into thinking they were speaking to a fellow employee and ended up sharing access information. The hack brought many systems to a standstill with guests reporting slot machines shutting down, and website booking systems crashing.
Barracuda bares its teeth
Barracuda’s Email Security Gateway is meant to protect against phishing, malware and spam. But in a classic case of the wolf turning on its flock, this email protection service itself is now a threat.
The FBI has warned that Barracuda’s email security gateway (ESG) has been compromised by hackers who are using a zero-day (recently discovered) ‘remote command injection vulnerability’ known as CVE-2023 – 2868. In plain language, this vulnerability allows hackers to get persistent access to victims’ emails and conduct email scanning, harvest credentials and exfiltrate data.
Even Barracuda’s own patches don’t seem to be helping. FBI has advised all infected systems to be isolated and all networks scanned immediately.
WinRAR compression tool used to squeeze users
WinRAR is one of the most popular file compression tools in the world. If you’ve ever downloaded or opened a file, chances are you’ve used it.
No surprise then that cyber criminals turned to this platform for a hack. This summer, they exploited a weakness in the processing of the ZIP file format by WinRAR. Consequently, they could infect ZIP archives with malware and distribute them on online trading forums.
Once opened, the malware allowed the crims to cash in on broker accounts. Cyber experts have urged users to update to the latest version of WinRAR (version 6.23) where all bugs have now been fixed.
Whiffy Recon malware knows your location – and that stinks
The curiously named malware Whiffy Recon is being used to track the locations of compromised devices. It seeks out Wi-Fi cards or dongles on compromised systems and then triangulates the infected systems using Google APIs, part of Google Cloud Platform Services.
The translation for the less technically minded among us is this: scammers can infect your system and then use Whiffy Recon to know where you are.
It’s not completely clear what value this information is to criminals, but it could be used for espionage, surveillance or even physical targeting of individuals.
Suggested precautions include reviewing your WLANSVC controls, which handles the connection to and disconnection from wireless local area networks.
Official – ISO 27001 shows we practice what we preach
Intersys recently passed its ISO 27001 three-year recertification audit.
ISO 27001 Information Security Management is an internationally recognised standard for best practice for securely managing data and information assets.
Having this standard shows that an organisation has taken concrete steps to strengthen its data security and is a huge trust signal for industries looking for a reliable IT and cyber security provider.
Our next challenge is to apply for an updated version of the standard (2022), for which full compliance will be needed in 2025.
Find out more here.
Vulnerabilities to watch out for:
AdobeAcrobat and Reader Vulnerability.
Adobe recommends staying up to date with the latest software versions here.
Notepad++ Vulnerabilities
Multiple current vulnerabilities are summarised here.
This vulnerability allows remote attackers to execute arbitrary code on affected installation of the 7‑Zip file archiver.