Cyber Security Roundup for November 2017

One of the most notable data breaches disclosed this month was by Uber, given the company attempted to cover up the breach by paying off hackers. Over a year ago the transport tech firm was said to have paid £75,000 to two hackers to delete 57 million Uber account records which they had stolen. Uber revealed around 2.7 million of the stolen records were British riders and drivers. As a UK Uber rider, this could mean me, I haven't received any notification of the data breach from Uber as yet. The stolen information included names, email addresses, and phone numbers. Uber can expect enforcement action from regulators on both sides of the pond, the UK Information Commissioner's Office (ICO) said it had "huge concerns" about the breach and was investigating.

Jewson, Cash Converters, and Imgur all reported losing data due to hacks this month, while Equifax has reported suffering significant negative financial losses following their high profile hack of personal customer data. Equifax reported their net income had dropped by £20 million due to the hack, and their breach bill was coming in at a whopping £67 million.

November was a very busy month for security patches releases, with Microsoft, Apple, Adobe, Oracle, Cisco and Intel releasing a raft of patches to fix critical vulnerabilities. Apple even had to quickly release an emergency patch at end of November to fix a root access flaw reported in macOS High Sierra version 10.13.1. So just keep patching everything IT to ensure you and your business stays ahead of enterprising cybercriminals, the Equifax breach is a prime example of what can go wrong if system patching is neglected.

November also saw Open Web Application Security Project (OWASP) finally released an updated version to its Top Ten application vulnerabilities list, which is a ‘must know’ secure coding best practice for all software developers and security testers, especially considering that Akamai reported web application attacks had increased by 69% in the third quarter of 2017. Look out for an updated OWASP Top Ten IBM DeveloperWorks Guidance from me in December to reflect the updated list.

NEWS

• Uber paid off Hackers to delete the Stolen Data of 57 Million People
• OWASP Top Ten 2017 Released: App Development Best Practice & Top Vulnerabilities
• Equifax's Net Income down £20m and £67m Costs Post Data Breach
• Jewson tells Customers their Data may have been Stolen
• Cash Converters hit by Security Breach
• Web Analytics may Jeopardise User Information and GDPR Compliance
• US charges members of elite Chinese Hacking Unit APT3
• Imgur Discloses years-old Data Breach that Compromised 1.7 Million Users
• Hackers 'fool' iPhone X Face ID with a Simple Mask
• Tether Crypto-Currency Operator Reports $31m Raid
• Microsoft releases 20 Critical Security Updates for IE/Edge, Office, & Windows
• Adobe releases fixes for 83 Security Vulnerabilities in Acrobat and Flash
• Apple Addresses KRACK exploits in iOS and macOS Updates, and an Emergency Patch
• Cisco: Critical Vulnerability in 12 types of Voice OS-based Products
• Oracle issues emergency patch for JoltandBleed bug in Tuxedo Middleware
• Windows, Mac and Linux all at Risk from Flaws in Excel File Reader Library
• US CERT issues warning on ASLR vulnerability in Windows 8 & 10
• Intel Management engine Vulnerabilities Expose Millions of PCs to Attack

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

• APT28's latest Word doc Attack Eliminates needing to Enable Macros
• DDoS attacks have doubled in the six months, up 91% in the First Quarter of 2017
• New Mirai variant back on the Radar after New Exploit Code Published
• Cobalt Malware leverages recently Patched 17-year-old Microsoft Flaw

REPORTS

• Akamai Q3 State of the Internet Security Report: WebApp Attacks up 69%

Cyber Security Roundup for October 2017

State-orchestrated cyber attacks have dominated the media headlines in October, with rogue state North Korea and its alleged 6,800 strong cyber force blamed for several cyber attacks. International intelligence scholars believe the North Korean leadership are using cyber warfare to up the political ante with their ongoing dispute with the United States. The North Koreans, as well as terrible security practices, were directly blamed by the UK National Audit Office for the recent NHS WannaCry attack (despite North Korea denying it). North Korea was also reported to be implicated in the stealing US War Plans from South Korea, and for a spear phishing campaign against the US Power Grid. The possible Russian manipulation of the US election with cyber attacks and rogue social media campaigns is still a story not going away, while the Chinese are alleged to be behind the data theft of Australian F-35 fighter jet, in what is described as an 'extensive' Cyberattack. The finger was pointed at Iran for the recent Parliamentary Emails cyber attacks in the UK, meanwhile, EU governments venting their cyber concern, warning that Cyber Attacks can be an Act of War.

Stephen Hawking caused controversy in both the science and tech industry last year when he said Artificial Intelligence could be a serious threat to human existence, could the plot of The Terminator really come to fruition? Perhaps so, as it was reported that AI had already defeated the Captcha Security Check system. Personally, I believe both AI and Quantum Computing will pose significant new threats to cybersecurity space in the next decade.

A far higher number of personal records were compromised in the Equifax data breach than was previously thought, with millions of UK citizens confirmed to be impacted by the US-based credit checking agency hack. Equifax’s now ex-CEO provided an interesting blow-by-blow account of the cyber-attack at a US government hearing, even though Equifax technical staff were specifically warned about a critical Apache Struts (web server) patch, it was ignored and not applied, which in turn allowed hackers to take full advantage of vulnerability to steal the Equifax data on mass. To make matters even worse, the Equifax consumer breach help website was found to be infecting visitors with spyware.

Yahoo revealed all 3 Billion of its user accounts had in fact been breached, in what is truly an astonishing mammoth sized hack, biggest in all history, so far. Elsewhere on the commercial hacking front, Pizza Hut's website was reported to be hacked with customer financial information taken, and Disqus said a 2012 breach it discovered in October exposed the information of 17.5 million its users from as far back as 2007.

It was a super busy month for security vulnerability notifications and patch releases, with Microsoft, Netgear, Oracle, Google, and Apple all releasing rafts of critical level patches. A serious weakness in the wireless networking WPA2 protocol was made public to great fanfare after researchers suggested all Wifi devices using WPA2 on the planet were vulnerable to an attack called Krack, which exploited the WPA2 weakness. Krack is a man-in-the-middle attack which allows an attacker to eavesdrop or redirect users to fake websites over Wifi networks secured using the WPA2 protocol. At the time of writing most wireless access point vendors and operating system providers had released patches to close the WPA2 vulnerability, and there have been no known exploits of the vulnerability reported in the wild.

BadRabbit is a new strain of ransomware which is emerging and is reported to be infecting systems and networks in Russia and the Ukraine at the moment. BadRabbit is the latest network self-propagating malware, like NotPeyta and WannaCry, to use the NSA EternalRomance hacking tool. A massive new IoT botnet was discovered, its continued growth is fuelled by malware said to be more sophisticated than previous IoT botnet king, Mirai. Russian based threat actor group APT28 is said to be targeting the exploitation of a recently patched Adobe vulnerability (CVE-2017-11292), in using a malicious Microsoft Word attachment, so ensure you keep on top of your system patching and always be careful when opening email attachments. 

Finally, the UK National Cyber Security Centre (NCSC) released its first annual report, as it seeks to improve cybersecurity across the UK. Among NCSC achievements cited in the report are:

• The launch of Active Cyber Defence, credited with reducing average time a phishing site is online from 27 hours to 1 hour
• Led UK response to WannaCry
• Advice website with up to 100,000 visitors per month
• Three-day Cyber UK Conference in Liverpool
• 43% increase in visits to the Cyber Security Information Sharing Partnership (CiSP)
• Produced 200,000 physical items for 190 customer departments via UK Key Production authority to secure and protect communications of Armed Forces and national security
• 1,000 youngsters on CyberFirst courses and 8,000 young women on CyberFirst Girls competition.
• Worked with 50 countries, including signing Nato's MoU

NEWS

• Equifax Data Breach Scale Increased / Caused by not Patching Apache Struts
• Equifax Credit Assistance Website Infected with Spyware
• NHS Cyber 'WannaCry' Attack Could Have Been Avoided With 'Basic' Security - NAO
• Yahoo Reveals all 3 Billion of its User Accounts were Breached
• Russian Hackers used Kaspersky software to gain info on U.S. Intel
• North Korea behind NHS WannaCry Attack after stealing US Cyber Weapons - Microsoft
• WannaCry: North Korea Denies Involvement in Ransomware Attack 
• North Korea Hacked South's Secret Joint US War Plans
• North Korea Spear Phishing Campaign aimed at U.S. Power Grid
• Data on Australia F-35 fighter jets stolen in 'Extensive' Cyberattack
• Indian Government and Corporate Credentials found for sale on the DarkNet
• Hackers breached Pizza Hut website, Stole Financial Info of Customers
• Websites Hacked to Mine Crypto-Cash
• Artificial Intelligence Smart Enough to Fool the Captcha Security Check
• Cyber-Attack Threat as important as Fighting Terrorism says GCHQ
• Disqus Breach Exposed Info on 17.5M between 2007-2012
• EU Governments to warn Cyber Attacks can be an Act of War
• Iran is being blamed for a cyber-attack against Parliamentary Emails
• Heathrow Investigates after Security and Anti-Terror Data found on USB stick
• Vulnerabilities in WiFi WPA Protocol - Krack Attack
• Microsoft release 28 Critical Security Updates for IE/Edge, Office, JET, Skype & Windows
• Oracle patches 252 bugs, increase in E-Business Suite and PeopleSoft flaws
• Netgear Patches 50 Vulnerabilities, 20 rated as High Risk
• Google Patches 7 Flaws in Dnsmasq
• Apple issues New Security Update for macOS High Sierra
• No Adobe Patches this Month

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

• BadRabbit: Latest Malware using the NSA Hacking tool EternalRomance to Propagate
• APT28 joins BlackOasis in exploiting latest Adobe Flash Vulnerability
• Massive IoT Botnet Infects over 1 Million Organisations: More Sophisticated than Mirai

REPORTS

• NCSC First Annual Review: 1,131 Cyber Attacks Reported
• DDoS 2017 Report: Dangerous Overconfidence