A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, January 2021.
Throughout January further details about the scale and sophistication of SolarWinds suspected nation-state hack came to light. A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks, Qualys and Mimecast all confirming as being targeted in the supply-chain espionage attack. The finger of suspicion is pointing directly at Russia, with the Russian backed hacking group APT29 'Fancy Bear' cited as the culprits by many security researchers and intelligence analysts. US Secretary of State Mike Pompeo and Attorney General Bill Barr both publically stated they believe Moscow are behind the attack, as did the chairs of the Senate and House of Representatives' intelligence committees.
US government investigators and Microsoft have uncovered additional evidence, confirming the cyberattack started as far back as October 2019, with about 30% of victims having no direct connection to using SolarWinds. CISA and the National Security Agency updated guidance to address configuration issues in Microsoft’s Office 365, with Microsoft confirming in a blog post it had “detected malicious SolarWinds binaries in our environment”. Mimecast confirmed a related certificate compromise after they were informed by Microsoft as part of their investigative efforts.
The End of Emotet?
There was positive cybersecurity news in January, with the European law enforcement agency Europol, working together with other international police agencies, to take down the Emotet botnet. Emotet is one of the most popular forms of malware used by ransomware cybercriminals to initially gain access into their victim's networks. Europol said in a statement an undisclosed number of servers, computers and other devices used by Emotet had been seized. Check Point commented on the news "Emotet was among the most popular malware variants seen in 2020, accounting for 7% of the organizations attacked for the month of December and 100,000 users every day as Christmas and New Year’s approached. After similar stints on top in September and October, the trojan saw a dropoff in November before roaring back ahead of the holidays."
Flash was first released in 1996, making it possible to operate sophisticated web applications, animations, and games when web browser technology (way before HTML5) was unable and internet connection speeds were slow. Steve Jobs hammered one of the first nails into Flash's coffin ten years ago, openly criticising Flash and banning it from Apple mobile products. On the security front, there has been a whole raft of zero-day and critical vulnerabilities with Flash over the years (e.g.1, 2, 3, 4), with cybercriminals and nation-state groups pouncing on the countless security flaws to remotely execute malicious code and take over computers.
Adobe has provided instructions for removing Flash on Windows and Mac computers on its website. It has warned: "Uninstalling Flash Player will help to secure your system since Adobe does not intend to issue Flash Player updates or security patches after the end-of-life date.", so make sure to say your final goodbyes or good riddance, but do double-check you have removed Flash from computers, especially if your computer goes back a few years.
Stay safe and secure.
- Data Loss Prevention: Artificial Intelligence vs. Human Insight
- The Top Cybersecurity Certifications in 2021
- Cyber Security Roundup for January 2021
- Adobe Flash Player Officially Discontinued After Years of Security Problems
- Microsoft Patches 83 Vulnerabilities, 10 Rated as Critical
- Apple Patches Three New iOS Zero-Days
- Mimecast Confirms Certificate Compromise by SolarWinds Hackers and Re-issues Certificate
- Users of IoT Products from Three Major Vendors at Risk of DoS Attacks, Data Leaks