The bygone week has been eventful in the cybersecurity realm. Here are the major cyber updates from across the globe
Unknown Threat Actor Exploits Vulnerability in BillQuick Web Suite
BillQuick Web Suite is a popular US-based billing system developed by BQE Software and has over 400,000 users globally. Unfortunately, it was targeted by a critical SQL injection bug recently deployed by an unidentified ransomware group. The vulnerability has been dubbed CVE-2021-42258 and allows adversaries to gain initial access to customers’ BillQuick data and infect the windows server with malicious commands. All the adversaries need to do is make login requests using invalid characters.
Cybersecurity researchers had to recreate an SQL injection-based attack to locate the bug. In the process, they discovered eight other unpatched vulnerabilities which could be exploited to gain initial access and conduct code execution. These newly discovered bugs include CVE-2021-42741, CVE-2021-42742, CVE-2021-42344, CVE-2021-42345, CVE-2021-42346, CVE-2021-42571, CVE-2021-42572 and CVE-2021-42573.
Researchers opine that it’s probably a small threat actor behind this recent exploitation as they could not trace the attack back to any known threat group. The good thing is that WebSuite 2021 version 188.8.131.52 fixes the current vulnerability. Users are advised to install the latest security patches at the earliest.
A Historic Arrest Related to the REvil Gang is on the Cards
German investigators recently identified a Russian man going by the fictitious name of Nikolay K to be an important player of the REvil ransomware gang. REvil has caused much nuisance in the cyber world in recent years, and Nikolay K is believed to be one of its core members. Nikolay pretends to be a cryptocurrency investor and trader, and the German police did find evidence of legit crypto-trading. However, they could also track down the phone number linked to Nikolay’s Telegram account, as well as the email address he used to register on more than 60 websites. He has been involved in several crypto transactions related to ransom payments worth over 400,000 Euros.
Reportedly, cybersecurity investigators have linked Nikolay K to Bitcoin ransom payments of the GandCrab ransomware group. And the similarities and strong connections between REvil and GandCrab are widely known and discussed. Unlike many ransomware operators who have maintained a low profile fearing arrests, Nikolay was quite active on social media, boasting of his recent posh holiday on the Mediterranean. Clearly, masking his ties to ransomware operations alone isn’t the best way to conceal his identity.
Ofcom Takes Measures to Protect Brits from Fraudulent Calls
UK-based telecoms regulator Ofcom has recently disclosed its plan of blocking scam calls from abroad that use social engineering to display domestic numbers and thereby loot consumers of over £10m (about $11.6 million) annually. Such fraudulent calls have only increased over the years, and cybersecurity organization Comparitech predicts that this latest move by Ofcom can help reduce such scams considerably.
After analyzing the proportion of Brits receiving fraudulent calls and texts over a quarter, Ofcom took this step and found that 45 million people were at the receiving end of such malicious calls and texts. Consequently, it introduced new cybersecurity measures to one of its networks and shall soon implement the same for other networks as well. Comparitech’s research, on the other hand, revealed that 64% of these fake calls came from foreign countries. The research by both parties suggests that the Ofcom-led plan can prevent around 115 million scam calls per year, thereby saving consumers from losing close to $11 million.
However, email security experts at Comparitech opine that the new Ofcom plan needs to be implemented along with other multi-layered security measures such as call blocking and spam detection applications.
Beware of Free Giveaways on Steam
One of the oldest phishing scams involves skin phishing, and this security threat has surfaced again in recent times. Gamers are receiving all sorts of texts from strangers (on Steam or Discord), giving them free access to knives and skins they no longer need. The links attached to such texts are malicious and lead to account compromises.
Gaming applications like Steam provide users with the option of trading their skins for real or virtual cash. These games often have their in-game marketplaces or trading systems, and the adversaries are targeting these very trading hubs. Malicious actors create fake look-alikes of real trading systems or make their game-themed marketplaces to attract gamers and deploy the malware into their accounts.
Compromised Steam accounts are a treasure trove for adversaries. They often contain thousands of dollars worth of titles, regular cash in Steam wallets, gifts, rare items, and other exotic items owned by the users. Recovering a Steam account from the clutches of the attackers is an arduous task. To keep themselves protected, Steam users must consider adopting the cybersecurity tools and measures listed by Steam. Further, users must never forget that anything that’s given for free online is shady.
HelpSystems Acquires Digital Guardian
American software enterprise HelpSystems recently took over the data loss prevention leader Digital Guardian. This acquisition is supposed to work on providing data protection for endpoints of midmarket and enterprise customers. With the purchase of Digital Guardian, HelpSystems envisions strengthening its data security portfolio by making more managed service capabilities around endpoints available for customers along with enhanced cloud and network data loss prevention. Going forward, Digital Guardian’s CEO Mordecai Rosen will leave the organization, and Connie Stack will lead it. HelpSystems has high regard for Digital Guardian’s services and calls this acquisition a ‘no brainer.’
While Digital Guardian has been leading the way in data loss prevention (DLP), its clients insisted on the enterprise expanding its services to include more cybersecurity features. Thus, this merger with HelpSystems shall help Digital Guardian add to its services by catering to the varied security needs of customers (along with those of the former).
FTC Revokes China Telecom Americas’ License
In line with the decision of six US Executive Branch agencies (namely, the United States Trade Representative and the Departments of Homeland Security, Justice, Defense, Commerce, and State), the Federal Communications Commission (FCC) has recently revoked the license of China Telecom America. This subsidiary of China Telecom Corporation has been given two months to discontinue providing telecommunication services in the United States.
China Telecom Americas provides services to over 135 million broadband and 255 million mobile users in over 100 countries. Reportedly, the restriction of its services in the US comes as a cybersecurity measure to uphold national security. Being controlled and owned by the Chinese government is enough reason for suspending the telecom provider’s license as there have been several instances of cyberattacks being launched by the Chinese to get their hands on US intel.