The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.
- Florida water treatment plant attacked: Hacker poisons water supply.
- Popular apps gone rogue: Two products removed from Chrome Web Store due to malicious updates.
- Ethical supply chain attack: Security researcher able to breach 35 major tech companies.
- Phishing: Ukraine’s police reel-in author of the U-Admin phishing kit.
- RDP compromise: Attacks leveraging RDP increased by 768% in 2020, but slowed in Q4.
- Patch Tuesday! Microsoft and Adobe release info on new vulnerabilities you need to patch.
Hacker poisons water supply
- An unknown adversary hacked into a Florida water treatment plant and attempted to increase the acidity of the water to toxic levels. The attack was subverted by a plant operator before it could cause any harm to the public.
- The adversary used TeamViewer to take control of the terminal. The plant operator discovered the attack after he noticed his mouse moving without his control.
So what? Organisations should ensure that all remote connections to corporate infrastructure require multi-factor authentication and that logs are monitored for suspicious connections.
Google removes two applications due to malicious updates
- Google Play Store removed a barcode scanning Android app after an update contained a trojan virus. Investigations indicate that the update, deployed to over 10 million users, was the work of the app’s original developer.
- Google removes popular Chrome extension, The Great Suspender. The browser extension, which suspended unused tabs to decrease memory usage, was sold to an unknown entity in June 2020 and subsequently released a malware-laced update to over two million users.
So what? Ensure your employees only install apps and / or browser extensions that have been reviewed and approved by your IT team.
Ethical supply chain attack successful against 35 tech firms
- A security researcher breached 35 major tech companies, including Microsoft, Apple, and PayPal, in an ethical supply chain attack. They uploaded malware to open source software repositories which were then automatically distributed to the organisations’ internal applications.
- The researcher received over USD 130,000 in bug bounties for disclosing the vulnerability.
So what? Consider how a bug bounty program or pen testing can help your organisation uncover vulnerabilities through third-party security researchers.
Ukraine’s police reel-in author of the notorious U-Admin phishing kit
- An international operation led by Ukraine arrested a 39-year-old man, suspected of authoring U-Admin. This phishing toolkit has been sold on the dark web since 2015, priced between $80 and $800, depending on the version purchased.
- U-Admin’s use was widespread. Losses attributed to the toolkit are estimated in the tens of millions of US dollars, affecting financial institutions in at least 11 countries. Over 50% of all phishing attacks targeting Australians in 2019 used U-Admin.
So what? The author may be arrested, but the source code is still out there for other criminals to leverage and improve upon. Arm your employees through effective phishing awareness training.
RDP attacks increased by 768% in 2020, but slowed in Q4
- Remote Desktop Protocol (RDP) compromise increased by 768% between Q1 and Q4 of 2020. The increase is no surprise, given the global shift to remote working.
- The volume of RDP attacks slowed in Q4 of 2020. Phishing overtook RDP compromise as the primary attack vector for ransomware attacks.
So what? RDP attacks will continue in 2021. Strong password security, multi-factor authentication, and a robust patching strategy are strongly advised.
Use Adobe or Windows? Then it’s time to patch
- On Patch Tuesday, Microsoft released patches for 56 vulnerabilities, nine of which are marked as ‘critical’. One of these – CVE-2021-1732 – is being actively exploited in the wild.
- Adobe released a patch for a critical vulnerability (CVE-2021-21017) affecting its widely used software, Adobe Reader. The vulnerability allows an attacker to execute code remotely by overwhelming the application’s process security, in a so-called heap-based buffer overflow flaw.
So what? Installing patches as they become available is a core element of a healthy security strategy.