Plain English Cyber in 3 articles, 2 numbers and 1 action.
This week: Criminals are using Google Drive and Dropbox to avoid detection, Microsoft names-and-shames a cyber broker, and Apple announces a Lockdown Mode to defend against sophisticated attacks.
This week’s action: Ask for evidence that your applications are being kept up-to-date.
If you’d prefer to listen to Cyber 3-2-1: This week’s episode is accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.
1: Cyber criminals use Google Drive and Dropbox to avoid detection
Palo Alto Networks recently reported on an increasing number of attacks by Russian cyber criminal gangs that try to avoid detection by storing their malicious documents on cloud services such as Google Drive and Dropbox. For example, in a recent attack, the lure was “an agenda for an upcoming meeting”. The document stored on the cloud service contained a link to a malicious code file, which enabled the attacker to gain access to the victim’s computer system.
The use of cloud services avoids the need for the criminal to attach a file to the phishing email that they send to their intended target, reducing the risk of their target’s email security systems detecting the malicious content.
Read more: https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/ via https://www.ncsc.gov.ie/news/
2: Microsoft names and shames Austrian cyber mercenary firm
Security Week recently reported that “Malware hunters at Microsoft have caught an Austrian hack-for-hire company exploiting zero-day flaws in Windows and Adobe software products in “limited and targeted attacks” against European and Central American computer users. [..] The software giant said the Austria-based DSIRF falls into a category of cyber mercenaries that sell hacking tools or services through a variety of business models and double up by performing hack-for-hire targeted attack operations. [..] The hacker-for-hire industry has been in the spotlight all year with the big tech vendors – Microsoft, Facebook, Apple and Google – leading the pushback with research reports naming-and-shaming private mercenary hacking teams.”
Read more: https://www.securityweek.com/microsoft-catches-austrian-company-exploiting-windows-adobe-zero-days
3: Apple’s Lockdown Mode reminds us that security usually involves a trade off with convenience.
Given the increasing number of cyber attacks that succeed as a result of known security vulnerabilities in the devices and applications that we all use, it was inevitable that someone would release a restricted version of their platform, reducing the number of things the device can do and thus reducing the number of ways that the bad guys can gain access to the device. That someone appears to be Apple.
According to a recent press release, a new ‘Lockdown Mode’ will be made available later this year on iOS devices. Targeted at individuals who feel they are likely to be targets of sophisticated cyber attack, it will disable a lot of the convenient functionality built in to the iOS operating system, as a lot of this convenience opens up doorways that sophisticated attackers are taking advantage of. Functionality such as link preview, incoming invitations and video calls from unknown numbers will be disabled.
To compete against hack-for-hire firms such as the one named by Microsoft recently, Apple has also stated that they will pay a reward of up to $2m if someone finds a way to get around Lockdown Mode and tells Apple about what they have discovered.
Security usually comes at the expense of convenience, and Lockdown Mode sounds like it will reduce some of the convenience that many of us may have gotten used to. But if it helps high value targets to protect themselves from sophisticated attacks, I am sure many will choose security over convenience.
Read more: https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
The percentage of ransomware attacks in the last 12 months that succeeded because the attackers used known software vulnerabilities to gain access into their victims’ computer systems, according to a report by Unit 42 and recently reported by CSO Online.
Read more: https://www.csoonline.com/article/3669476/ransomware-email-compromise-are-top-security-threats-but-deepfakes-increase.html
The percentage of firms that said they were driven to the brink of bankruptcy as a result of a cyber attack, according to a Hiscox survey anf reported by We Live Security recently.
Read more: https://www.welivesecurity.com/2022/07/04/cyberattacks-real-existential-threat-organizations/ via Secure The Village
1: Check your software updates
Given the increasing number of attacks that succeed because the bad guys take advantage of known security gaps in the applications that we have on our devices, it is important to ensure that all applications are kept up-to-date. This includes the device’s operating system (e.g. Windows, MacOS, iOS, Android), internet browsers, Microsoft Office, Zoom, and especially Adobe Acrobat (which seems to be a frequent target for cyber attackers).
If you rely on an IT provider to manage your computer devices, ask them about how they are proactively keeping all of these things up-to-date. Even better, ask them to provide you with some sort of report on a regular basis (I suggest monthly) which demonstrates that the software is being kept up-to-date. It’s amazing how just asking for evidence can reveal gaps in your defences.