Plain English Cyber in 3 articles, 2 numbers and 1 action.
This week: Some useful reminders that patches are not just for Windows. And while Carlsberg don’t do social media scams, Heineken is not so lucky.
This week’s action: Take a deep breath and pay attention to the devices around us.
If you’d prefer to listen to Cyber 3-2-1: This week’s episode is accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.
1: QNAP storage devices now being targeted by ransomware
The Record reports that QNAP, which sells Network-Attached Storage (NAS) devices “that it is investigating yet another Deadbolt ransomware campaign targeting users [of its devices]”.
The attacks appear to be targeting QNAP QTS and QTuS hero systems. QNAP has urged customers to update the software on these systems to the latest version as soon as possible. It has been warning customers about this since January.
NAS devices are frequently used in small/medium-sized businesses to store local backups of important files and servers. Ransomware attackers know that the common reason why they don’t get paid a ransom is because their victims can restore files from these backups. So, the devices storing the backups are obvious targets.
2: Sophos Firewall vulnerability used by Chinese to target India, Pakistan and others
The Record reports that “Chinese state-sponsored hackers are targeting organizations and governments in Afghanistan, Bhutan, India, Nepal, Pakistan and Sri Lanka with a now-patched zero-day vulnerability in Sophos Firewall, according to several different cybersecurity companies.”
“Sophos published its own report on the activity [, confirming] that it has observed ‘organizations primarily in the South Asia region’ being attacked.”
Interestingly, the report notes “that multiple state-backed groups from China are exploiting the vulnerability and most likely started exploitation in January”, even though the world only became aware of the vulnerability on March 25th and a software update to address it was released on April 5th.
3: WordPress plugin receives forced security update
Graham Cluley reports that Ninja Forms, a popular plugin used on many WordPress websites, recently received a forced update after the discovery of a critical vulnerability.
According to an analysis by WordFence, a WordPress security company, the vulnerability could allow attackers to take over a website, run whatever code they want and delete whatever files they want.
Apparently, the vulnerability was so serious that WordPress forced the roll out of a software update across all affected WordPress sites, without any communication or consent from website owners.
1: 1 million
The number of websites that actively use the Ninja Forms plugin and so were exposed to a critical vulnerability that could have enabled attackers to take over control of the site.
Read more: https://wordpress.org/plugins/ninja-forms/
The likelihood that a social media campaign that promised free crates of Heineken to fathers on Father’s Day was a scam.
Why would the scammers bother? So they can get your personal contact details, add you to their mailing lists for future phishing emails, and possibly follow up with phone calls or emails to gather even more information about you, like your home address and photo ID to prove you are allowed to receive this non-existent prize.
Carlsberg don’t do scams. But if they did..
1: Updates aren’t just for Windows
We all know that we need to keep the software on our Windows devices up to date. (Don’t we?)
We may also remember the same mantra for our mobile phones and tablets.
But it’s important to also think about the other devices and software that we rely on – For example:
- The software used on our website
- Backup devices, like NAS drives
- WiFi access points
They all run software. They are all targets for cyber attackers. They all need to be kept up-to-date.
So, let’s practice some mindfulness. Take a deep breath. Look around. And pay attention to the devices around us.