header image

Cyber Intelligence Briefing: 19 March 2021

Billy Gouveia, Mona Damian 19 March 2021
19 March 2021    Billy Gouveia, Mona Damian

CHALLENGING INSECURITY: A ROADMAP TO CYBER CONFIDENCE

In our latest report, we demystify the drivers of insecurity among cyber security professionals, in so doing, mapping a path to cyber confidence.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.

Customer payment data leaked from WeLeakInfo  

  • The online service that sold access to more than 12 billion credentials has suffered a data breach. Payment information from 24,000 customers who paid to access the service has been leaked.[1] 
  • The registration of one of the domains owned by WeLeakInfo expired.  This was then registered by an adversary, who reset the password and consequently gained access to all the data.
So what? Keep track of the expiry date for your organisation’s domain registrations and conduct intelligence gathering to determine if credentials for any of your employees have been exposed. 

Microsoft releases ProxyLogon mitigation tool and suffers an unrelated outage

  • Microsoft released a one-click mitigation tool for its on-premise Exchange Server.[2] The PowerShell script, which checks for vulnerabilities, prevents the initial vulnerability from being exploited and removes malicious artefacts. It is designed for SMEs without a dedicated security team.  
  • Ransomware groups and crypto-miners are also exploiting the ProxyLogon vulnerabilities.[3] Now that the exploit is public, even script-kiddies have been able to launch damaging attacks.  
  • In an unrelated issue, Azure suffered a worldwide authentication outage on Monday.[4] Microsoft said a configuration issue prevented customers from using numerous Microsoft applications, but was remedied by Tuesday morning.  

So whatIt remains imperative to patch on-premise Exchange servers and to check for indicators of compromise. 

New botnet targeting network security devices  

  • new Mirai-based botnet targets network security devices affected by critical vulnerabilities. The botnet currently uses ten publicly available exploits with the number increasing over time.[5] 
  • After compromising a device, the attacker transfers several scripts allowing for propagation of the botnet and various attacks on the system 

So whatEnsure all network security devices are still supported and have the latest security patches to avoid becoming an easy target for an attacker leveraging publicly available exploits. 


Cyber espionage campaign targeting the telecommunications sector 

  • An ongoing cyber espionage campaign targeting the telecommunications sector has been uncovered.[6] The campaign uses a phishing website designed as Huawei’s career page to target telecommunications professionals. 
  • McAfee, who discovered the campaign, assess it may be intended to steal intellectual property related to 5G technology. Organisations in the US, Europe and Southeast Asia have been targeted. 
So what? This incident demonstrates the ongoing threat posed by groups intent on stealing IP relating to emerging technologies. Employ anti-phishing tools to protect your organisation and employees.  

SMS: MFA’s weakest link  

  • Leveraging a flaw in SMS technology, threat actors are able to divert messages to numbers under their control. [7]  This is achieved by abusing legitimate SMS marketing providers’ services. 
  • The cost to divert SMS messages in this way is as little as USD 16.[8] Threat actors simply have to claim that they own the victim’s mobile number, with little requirement to evidence it.  

So whatDon’t rely on SMS messages for MFA tokens. Instead, use a third-party authenticator app. 


Vodafone Spain fined EUR 8.5m for GDPR violations 

  • The Spanish Data Protection Agency (AEPD) fined Vodafone Spain EUR 8.15m over GDPR violations. Since January 2020, Vodafone has been subject to data privacy regulatory action on at least 50 occasions.  
  • In this case, Vodafone violated several data processing and related consent regulations.[9] The firm had transferred data internationally without sufficient protections and repeatedly contacted customers without their prior consent.[10]  

So whatEnsure your organisation maintains complete visibility over how customer and employee data is handled, particularly if you outsource to third party providers.  

 

Cyber Threat Intelligence Briefing


References:

[1] WeLeakInfo Leaked Customer Payment Info, Krebs on Security, 15 March 2021.

[2] Microsoft releases one-click Exchange On-Premises Mitigation Tool, Bleeping Computer, 15 March 2021. 

[3] DearCry ransomware attacks Microsoft Exchange with ProxyLogon exploits’, Bleeping Computer, 11 March 2021. 

[4] Microsoft explains the cause of yesterday's massive service outage, Bleeping Computer, 18 March 2021.  

[5] New botnet targets network security devices with critical exploits, Bleeping Computer, 16 March 2021. 

[6] Hackers spoofed Huawei website to steal 5G information, ITPro, 16 March 2021. 

[7] A Hacker Got All My Texts for $16, Vice, 15 March 2021. 

[8] Can we stop pretending SMS is secure now?, Krebs on Security, 16 March 2021. 

[9] Spanish Data Protection Agency Issues highest Ever Fine, Info Security, 16 March 2021.

[10] Vodaphone Spain fined £7 million for repeated GDPR breaches, IT Pro, 16 March 2021. 

To discuss this article or other industry developments, please reach out to one of our experts.

Billy Gouveia
Billy Gouveia Senior Managing Director Email Billy
Mona Damian
Mona Damian Senior Analyst Email Mona

CYBER INCIDENT RESPONSE: PERSPECTIVES FROM INSIDE THE RISK ECOSYSTEM

In our latest report, we examine a cyber incident from the perspective of several key stakeholders.

Download Report