Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Ransomware: Cybercriminals are adding a new twist to their demands

Ransomware could be getting even nastier: a security firm is warning over a new trend among some ransomware attackers to not just encrypt data, but steal some of it and use it as leverage to ensure a target pays up.

In several recent cases it has been reported that the ransomware gang have not just encrypted data but also threatened to leak the data, too. These attacks elevate the ransomware threat "to crisis level" and organisations should work to immediately improve their security as resorting to backups, the usual best defence against ransomware, won’t protect firms.

https://www.zdnet.com/article/ransomware-cybercriminals-are-adding-a-new-twist-to-their-demands/

New ransomware attacks target your NAS devices, backup storage

Sticking with ransomware for a minute, the number of ransomware strains targeting NAS and backup storage devices is also growing, with users "unprepared" for the threat, researchers say.

Ransomware comes in many forms and guises. The malware variant is popular with cybercriminals and is used in attacks against the enterprise, critical services -- including hospitals and utilities -- and individuals.

Once deployed on a system, the malware will usually encrypt files or full drives, issue its victim with a ransom note, and demand payment in return for a way to decrypt and restore access to locked content.

If backup devices themselves are being specifically targeted in attacks then they cannot be relied upon to recover from. This emphasises the requirement to ensure firms have offline copies of backusp such that backup copies cannot themselves fall victim to ransomware.

If the only backups a firm has are connected to a network and backing up in real time is it increasingly unlikely firms will be able to depend on these backups to get their business back on its feet.

More here: https://www.zdnet.com/article/new-ransomware-attack-targets-your-nas-devices-backup-storage/

New Plundervolt attack impacts Intel CPUs

Academics from three universities across Europe have this week disclosed a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs.

The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor's voltage and frequency -- the same interface that allows gamers to overclock their CPUs.

Academics say they discovered that by tinkering with the amount of voltage and frequency a CPU receives, they can alter bits inside SGX to cause errors that can be exploited at a later point after the data has left the security of the SGX enclave.

They say Plundervolt can be used to recover encryption keys or introduce bugs in previously secure software.

Intel desktop, server, and mobile CPUs are impacted. Including:

• Intel® 6th, 7th, 8 th, 9th & 10th generation CoreTM processors

• Intel® Xeon® Processor E3 v5 & v6

• Intel® Xeon® Processor E-2100 & E-2200 families

Intel has released microcode (CPU firmware) and BIOS updates to address the Plundervolt attack.

More here: https://www.zdnet.com/article/new-plundervolt-attack-impacts-intel-cpus/

The phishing tricks that break through standard email filters

Some phishing emails are easy to spot: the spelling is bad, the spoofed email is clearly a fake, and the images are too warped to have possibly been sent by a reputable brand. If you receive one of these low-quality phishing emails, you’re lucky. Today’s phishing emails are extremely sophisticated, and if you’re not well trained to spot one, you probably won’t.

Email filters have long relied on fingerprint and reputation-based threat detection to block phishing emails. A fingerprint is essentially all the evidence a phisher leaves behind -- a signature that, once identified, will be recognized on future phishing attempts and the phishing email or webpage blocked. Examples of a fingerprint include the header, subject line, and HTML.

Reputation refers to phishing URLs and IPs or domains where phishing emails and webpages originate. An IP or domain that is identified as a sender or host for phishing emails and webpages is, like the fingerprint example above, identified and then blacklisted. The same goes for the phishing URL.

Once a tried and true method to stop phishing, hackers have developed new techniques to get around these outdated methods.

Read more here: https://betanews.com/2019/12/12/phishing-tricks/

Malware variety sees major growth in 2019

New research from security firm Kaspersky has revealed that malware variety grew by 13.7 percent in 2019 and the cybersecurity firm attributes this growth to a rise in web skimmers.

According to the Kaspersky Security Bulletin 2019, the number of unique malicious objects detected by the company's web antivirus solution increased by an eighth compared to last year to reach over 24m due a 187 percent increase in web skimmer files.

Kaspersky also found that other threats such as backdoors and banking Trojans grew while the presence of cryptocurrency miners dropped by more than half.

These trends demonstrate a shift in the type of threats employed by cybercriminals who are constantly searching for more effective ways to target users online.

Read the original article here: https://www.techradar.com/uk/news/malware-variety-sees-major-growth-in-2019

Adobe patches 17 critical code execution bugs in Photoshop, Reader, Brackets

Adobe's December security release includes fixes for 17 critical vulnerabilities in software that could be exploited to trigger arbitrary code execution.

As part of the software vendor's standard security schedule, vulnerabilities have been patched in Photoshop, Reader, Brackets, and ColdFusion.

Firms using any of these products should update them as soon as possible to mitigate these newly announced vulnerabilities.

More info: https://www.zdnet.com/article/adobe-patches-17-critical-code-execution-bugs-in-photoshop-reader-brackets/

The Vulnerability used in Equifax breach is the top network attack in Q3 of 2019

Network security and intelligence company WatchGuard Technologies has released its internet security report for the third quarter of 2019 showing the most popular network attacks.

Apache Struts vulnerabilities -- including one used in the devastating Equifax data breach which tops the list -- appeared for the first time on WatchGuard's list. The report also highlights a major rise in zero day malware detections, increasing use of Microsoft Office exploits and legitimate penetration testing tools, and more.

More details here: https://betanews.com/2019/12/11/equifax-vulnerability-top-network-attack/

Why Ring Doorbells Perfectly Exemplify the IoT Security Crisis

There's been a lot of creepy and concerning news about how Amazon's Ring smart doorbells are bringing surveillance to suburbia and sparking data-sharing relationships between Amazon and law enforcement. News reports this week are raising a different issue: hackers are breaking into users' Ring accounts, which can also be connected to indoor Ring cameras, to take over the devices and get up to all sorts of invasive shenanigans.

More on Wired here: https://www.wired.com/story/ring-hacks-exemplify-iot-security-crisis/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our new regular ‘Cyber Tip Tuesday’ video blog, here and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.