header image

Cyber Intelligence Briefing: 12 February 2021

Billy Gouveia, Mona Damian 12 February 2021
12 February 2021    Billy Gouveia, Mona Damian

CHALLENGING INSECURITY: A ROADMAP TO CYBER CONFIDENCE

In our latest report, we demystify the drivers of insecurity among cyber security professionals, in so doing, mapping a path to cyber confidence.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.

OVERVIEW

Cyber Threat Intelligence Briefing

Hacker poisons water supply

  • An unknown adversary hacked into a Florida water treatment plant and attempted to increase the acidity of the water to toxic levels. The attack was subverted by a plant operator before it could cause any harm to the public.[1]
  • The adversary used TeamViewer to take control of the terminal. The plant operator discovered the attack after he noticed his mouse moving without his control.

So what? Organisations should ensure that all remote connections to corporate infrastructure require multi-factor authentication and that logs are monitored for suspicious connections.

Google removes two applications due to malicious updates

  • Google Play Store removed a barcode scanning Android app after an update contained a trojan virus.[2] Investigations indicate that the update, deployed to over 10 million users, was the work of the app’s original developer.
  • Google removes popular Chrome extension, The Great Suspender. The browser extension, which suspended unused tabs to decrease memory usage, was sold to an unknown entity in June 2020 and subsequently released a malware-laced update to over two million users.[3]

So what? Ensure your employees only install apps and / or browser extensions that have been reviewed and approved by your IT team.

Ethical supply chain attack successful against 35 tech firms

  • A security researcher breached 35 major tech companies, including Microsoft, Apple, and PayPal, in an ethical supply chain attack.[4] They uploaded malware to open source software repositories which were then automatically distributed to the organisations’ internal applications.
  • The researcher received over USD 130,000 in bug bounties for disclosing the vulnerability.

So what? Consider how a bug bounty program or pen testing can help your organisation uncover vulnerabilities through third-party security researchers.

Ukraine’s police reel-in author of the notorious U-Admin phishing kit

  • An international operation led by Ukraine arrested a 39-year-old man, suspected of authoring U-Admin.[5] This phishing toolkit has been sold on the dark web since 2015, priced between $80 and $800, depending on the version purchased.
  • U-Admin’s use was widespread. Losses attributed to the toolkit are estimated in the tens of millions of US dollars, affecting financial institutions in at least 11 countries. Over 50% of all phishing attacks targeting Australians in 2019 used U-Admin.

So what? The author may be arrested, but the source code is still out there for other criminals to leverage and improve upon. Arm your employees through effective phishing awareness training.

RDP attacks increased by 768% in 2020, but slowed in Q4

  • Remote Desktop Protocol (RDP) compromise increased by 768% between Q1 and Q4 of 2020.[6] The increase is no surprise, given the global shift to remote working.
  • The volume of RDP attacks slowed in Q4 of 2020. Phishing overtook RDP compromise as the primary attack vector for ransomware attacks.[7]

So what? RDP attacks will continue in 2021. Strong password security, multi-factor authentication, and a robust patching strategy are strongly advised.

Use Adobe or Windows? Then it’s time to patch

  • On Patch Tuesday, Microsoft released patches for 56 vulnerabilities, nine of which are marked as ‘critical’.[8] One of these – CVE-2021-1732 – is being actively exploited in the wild.
  • Adobe released a patch for a critical vulnerability (CVE-2021-21017) affecting its widely used software, Adobe Reader. The vulnerability allows an attacker to execute code remotely by overwhelming the application’s process security, in a so-called heap-based buffer overflow flaw.[9]

So what? Installing patches as they become available is a core element of a healthy security strategy.

References:

[1] ‘Remote Hacker Caught Poisoning Florida City Supply’, SecurityWeek, 8 February 2021.

[2] ‘Barcode Scanner app on Google Play infects 10 million users with one update’, Malwarebytes, 5 February 2021.

[3] ‘The Great Suspender Chrome extension's fall from grace’, Bleeping Computer, 6 February 2021.

[4] ‘Researcher hacks over 35 tech firms in novel supply chain attack’, Bleeping Computer, 9 February 2021.

[5] ‘Ukraine’s police arrested the author of the U-Admin phishing kit’, Security Affairs, 9 February 2021.

[6] ‘ESET Threat Report Q4 2020’, We Live Security, 8 February 2021.

[7] ‘Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands’, Coveware, 1 February 2021.

[8] ‘Microsoft Patch Tuesday, February 2021 Edition’, Krebs on Security, 9 February 2021.

[9] ‘Attackers Exploit Critical Adobe Flaw to Target Windows Users’, Threat Post, 9 February 2021.

To discuss this article or other industry developments, please reach out to one of our experts.

Billy Gouveia
Billy gouveia Senior Managing Director Email Billy
Mona Damian
Mona damian Senior Analyst Email Mona

CYBER INCIDENT RESPONSE: PERSPECTIVES FROM INSIDE THE RISK ECOSYSTEM

In our latest report, we examine a cyber incident from the perspective of several key stakeholders.

Download Report