Monday 1 February 2021

Cyber Security Roundup for February 2021

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, January 2021.

Throughout January further details about the scale and sophistication of SolarWinds suspected nation-state hack came to light. A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks, Qualys and Mimecast all confirming as being targeted in the supply-chain espionage attack. The finger of suspicion is pointing directly at Russia, with the Russian backed hacking group APT29 'Fancy Bear' cited as the culprits by many security researchers and intelligence analysts. US Secretary of State Mike Pompeo and Attorney General Bill Barr both publically stated they believe Moscow are behind the attack, as did the chairs of the Senate and House of Representatives' intelligence committees. 

US government investigators and Microsoft have uncovered additional evidence, confirming the cyberattack started as far back as October 2019, with about 30% of victims having no direct connection to using SolarWinds CISA and the National Security Agency updated guidance to address configuration issues in Microsoft’s Office 365, with Microsoft confirming in a blog post it had “detected malicious SolarWinds binaries in our environment”. Mimecast confirmed a related certificate compromise after they were informed by Microsoft as part of their investigative efforts.

The End of Emotet?
There was positive cybersecurity news in January, with the European law enforcement agency Europol, working together with other international police agencies, to take down the Emotet botnet. Emotet is one of the most popular forms of malware used by ransomware cybercriminals to initially gain access into their victim's networks. Europol said in a statement an undisclosed number of servers, computers and other devices used by Emotet had been seized. Check Point commented on the news "Emotet was among the most popular malware variants seen in 2020, accounting for 7% of the organizations attacked for the month of December and 100,000 users every day as Christmas and New Year’s approached. After similar stints on top in September and October, the trojan saw a dropoff in November before roaring back ahead of the holidays."

The demise of Emotet came too late for Hackney Council, following its October ransomware attack by a suspected cybercriminal group, with the Council's staff and residents personal details found posted on the dark web in January. The Cybersecurity and Infrastructure Security Agency (CISA), part of the United States Department of Homeland Security, launched a new educational campaign encouraging governments, schools and private companies to take steps to protect their systems and data from ransomware. The CISA ransomware guidance is certainly of value to the same groups on this side of the pond, with CISA aptly commenting upon the release of guidance 'Anyone can be the victim of ransomware, and so everyone should take steps to protect their systems.

Cyber Security Careers Advice
I wrote a blog post detailing the Top Ten Cybersecurity Certifications in 2021, which was based on the data from a recent survey of a 90,000+ strong LinkedIn cybersecurity professional group. I also updated the Cyber Security Careers Advice page on The IT Security Expert website.  Also posted on Data Loss Prevention, Artificial Intelligence vs. Human Insight

Bye Bye Flash
Flash Player was finally put to bed by Adobe at the start of the new year after the software giants officially discontinued Flash after years of Flash security problems. Adobe asked users to uninstall the software before it blocked all Flash content from 12 January 2021. 

Flash was first released in 1996, making it possible to operate sophisticated web applications, animations, and games when web browser technology (way before HTML5) was unable and internet connection speeds were slow. Steve Jobs hammered one of the first nails into Flash's coffin ten years ago, openly criticising Flash and banning it from Apple mobile products. On the security front, there has been a whole raft of zero-day and critical vulnerabilities with Flash over the years (e.g.1234), with cybercriminals and nation-state groups pouncing on the countless security flaws to remotely execute malicious code and take over computers. 

Adobe has provided instructions for removing Flash on Windows and Mac computers on its website. It has warned: "Uninstalling Flash Player will help to secure your system since Adobe does not intend to issue Flash Player updates or security patches after the end-of-life date.", so make sure to say your final goodbyes or good riddance, but do double-check you have removed Flash from computers, especially if your computer goes back a few years.

Stay safe and secure.


No comments: