A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, July 2020.
The standout hack of July 2020, and possibly of the year, was the takeover of 45 celebrity Twitter accounts, in a bid to scam their millions of followers by requesting Bitcoin in tweets.
The high-profile Twitter accounts compromised included Barack Obama, Elon Musk, Kanye West, Bill Gates, Jeff Bezos, Warren Buffett, Kim Kardashian, and Joe Biden. Around £80,000 of Bitcoin was sent to the scammer’s Bitcoin account before Twitter swiftly took action by deleting the scam tweets and blocking every ‘blue tick’ verified Twitter user from tweeting, including me.
While the Twitter hack and scam dominated media headlines around the world, the attack was not the ‘highly sophisticated cyber-attack’ as reported by many media outlets, but it was certainly bold and clever. The attackers phoned Twitter administrative staff and blagged (socially engineered) their Twitter privilege account credentials out of them, which in turn gave the attackers access to Twitter’s backend administrative system and to any Twitter account they desired. It is understood this Twitter account access was sold by a hacker on the dark web to a scammer in the days before the attack, that scammer(s) orchestrated a near-simultaneous Bitcoin scam tweets to be posted from the high profile accounts. On 31st July, law enforcement authorities charged three men for the attack, with one of the suspects disclosed as a 19-year British man from Bognor Regis.
There was a very serious critical Windows vulnerability disclosed as part the July 2020 Microsoft ‘Patch Tuesday’ security update release. Dubbed “SIGRed”, it is a 17-year-old Remote Code Execution (RCE) vulnerability in Windows Domain Name System (DNS), a component commonly present in Microsoft Windows Server 2008, 2012, 2012R2, 2016 and 2019. Disclosed as CVE-2020-1350 it was given the highest possible CVSS score of 10.0, which basically means the vulnerability is “easy to attack” and “likely to be exploited”, although Microsoft said they hadn’t seen any evidence of its exploitation at the time of their patch release.
Given SIGRed is a wormable vulnerability, it makes it particularly dangerous, as wormable malware could exploit the vulnerability to rapidly spread itself over flat networks without any user interaction, as per the WannaCry attack on the NHS and other large organisations. Secondly, it could be used to exploit privilege level accounts (i.e. admin accounts found on Servers). The Microsoft CVE-2020-1350 vulnerability can be mitigated on effected systems by either applying the Microsoft Windows DNS Server Microsoft released patch (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350 or by applying a Registry Workaround (https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability)
As expected, the UK Government ordered UK mobile network operators to remove all Huawei 5G equipment by 2027, and banning their purchase of Huawei 5G network equipment after 31st December 2020. Digital Secretary Oliver Dowden said it follows sanctions imposed by the United States, which claims the Chinese firm poses a national security threat, which Huawei continues to resolutely deny. The ban is expected to delay the UK’s 5G rollout by a year. “This has not been an easy decision, but it is the right one for the UK telecoms networks, for our national security and our economy, both now and indeed in the long run,” he said.
In some media quarters, it was suggested the UK u-turn on Huawei could lead to cyberattack repercussions after Reuter’s said its sources confirmed China was behind cyberattacks on Australia’s critical national infrastructure and government institutions following their trade dispute with China.
Russian Hacking Group (APT 29) was jointly accused of targeting the theft of coronavirus vaccine research by the UK NCSC, the Canadian Communication Security Establishment (CSE), United States Department for Homeland Security (DHS), Cyber-security Infrastructure Security Agency (CISA) and the US National Security Agency (NSA). The UK’s National Cyber Security Centre (NCSC) said the hackers “almost certainly” operated as “part of Russian intelligence services”. It did not specify which research organisations had been targeted, or whether any coronavirus vaccine research data was taken, but it did say vaccine research was not hindered by the hackers. Russia’s ambassador to the UK has rejected allegations, “I don’t believe in this story at all, there is no sense in it,” Andrei Kelin told the BBC’s Andrew Marr Show. While Foreign Secretary Dominic Raab said it is “very clear Russia did this“, adding that it is important to call out this “pariah-type behaviour“.
Yet another big data exposure caused by a misconfigured AWS S3 bucket was found by security researchers, one million files of Fitness Brand ‘V Shred’ was discovered exposed to the world, including the personal data of 99,000 V Shred customers. Interestingly V Shred defended the researcher findings by claiming it was necessary for user files to be publicly available and denied that any PII data had been exposed.
VULNERABILITIES AND SECURITY UPDATES
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/vHgdInWaxc8/cyber-security-roundup-for-august-2020.html