Cybersecurity tools are often unable to protect an organization from data theft if the employees aren’t aware of cyber threats, as they remain the first line of defense in today’s threat landscape. The following cybersecurity headlines from this past week have been written to instigate the importance of using robust cybersecurity tools in today’s times, always to remain a step ahead of threat actors and keep yours as well your organization’s information assets from falling into the wrong hands!
Ghost Account Haunts As Nefilim Ransomware
What happens to the account of an employee who leaves the organization or dies? Many companies keep using such ghost accounts to store information and keep services running. It’s a pity that cybercriminals have noticed the operation of these ghost accounts. In a recent Nefilim ransomware attack, the adversaries brought down over 100 systems of an organization and encrypted their files, exploiting one such ghost account.
The research revealed that this account belonged to an employee who expired three months before this cybersecurity incident, but his account remained in use for some services. The adversaries used this account for over a month to exploit the company’s network and steal hundreds of GBs of data. After stealing everything of value, the attackers infected the systems of the organization with the Nefilim ransomware. Well, the dead are safe in their graves, but for those alive, it is advised to replace ghost accounts with service accounts or at least disable interactive logins!
Beware Of Malicious App Spread Through Whatsapp
Family WhatsApp groups probably circulate the maximum forwarded messages, but here’s a forward message to stay away from – The adversaries are using the app’s auto-reply feature to spread malware by using a phishing link that leads users to a phished Playstore webpage and downloads a fake Huawei app. The security flaw was discovered by researchers Lukas Stefanko and ReBensk, who warn that downloading the phony app might cause several security threats.
Any user who skips the terms and conditions and allows the fake app to view notifications, draw over other apps and run in the background enables the adversaries to send unwanted ads, make involuntary subscriptions, spy on the user and steal their credentials. So much for clicking on forwarded WhatsApp links! What’s amusing is that the adversaries can change the link URL whenever they realize that the existing one has been brought down. Cybersecurity tools can stop malware from downloading itself, but when we deliberately give storage and other permissions to apps downloaded from unreliable sources, there is not much ransomware protection services can do!
Apple Warns Of Zero-Day Vulnerabilities
Three zero-day vulnerabilities have been found in iOS, iPadOS, and tvOS. An unnamed researcher recently reported the vulnerabilities dubbed CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 to Apple. Though the details of the security flaws haven’t been revealed, Apple says that the vulnerabilities are now fixed. An attacker who managed to exploit these vulnerabilities could have gained access to remote code execution.
While the CVE-2021-1782 vulnerability let adversaries elevate their privileges (race condition), the CVE-2021-1870 and CVE-2021-1871 vulnerabilities were found in the WebKit browser engine functioning as logic issues. Thankfully for users, Apple has fixed all three vulnerabilities through improved restrictions and locking. Apple users are advised to take cybersecurity measures seriously because there are high chances of the attackers using these flaws to launch watering hole attacks.
Grindr App To Pay $11.7 Million As Data Breach Penalty
Exemplifying what happens to those who disregard cyber norms, the Data Protection Authority of Norway has imposed a fine of $11.7 million on the U.S-based dating app Grindr. Grindr is a dating app for members of the LGBTQ+ community which recently made it to the headlines for sharing sensitive user data with advertising firms.
The app has time till the 15th of February to present its case, post which the DPA will make a final verdict on the case. The Norwegian Consumer Council (NCC) calls the fine imposed on Grindr a historic victory for privacy and a lesson for organizations to treat user privacy and email protection cautiously.
Solarwinds Attack Found Distributing Sunburst Malware
The historical SolarWinds attack that infected over 18k organizations with trojan now has a new dimension of damage linked to it. Many organizations are receiving Sunburst malware as a consequence of the supply chain attack on SolarWinds. Because of the malware, the adversaries will be able to access and misuse the files stored on the victims’ systems. An estimated two thousand domains (related to industrial organizations) spread across Europe, Asia, America, and Africa have been impacted by Sunburst.
This revelation foretells future cyber threats for the involved organizations, and hence they must use email security services and have a robust incident response procedure ready.
UK Watchdogs Warn Of Clone Company Scams
New forms of cyberattacks have gained momentum ever since the COVID 19 outbreak. One such attack spreading across the UK is the clone company scam where the adversaries extract money from those seeking investment opportunities. The Financial Conduct Authority and National Crime Agency have warned the public to beware of clone companies that look exactly like legitimate investment companies. What makes these clone companies seem reliable is the use of the actual company credentials (name, address, FRN, etc.).
Since the first lockdown, investors have collectively lost over $107 million, and this figure will keep rising if investors do not pay heed to the following cybersecurity measures:
- Investors must not believe offers from unsolicited sources, either online or on calls.
- They must seek independent and impartial advice before investing.
Since these clone companies are hard to spot and have successfully conned even experienced investors, the FCA and NCA have released this alert.