• Daniel McDermott

    Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.

    Comments:0

    Add comment
Daniel McDermott

This month in security: January 2020

Content

The famous Trojan 'Emotet' is back from its Christmas break and is swiftly making its way across the Americas. We take a deeper look at Jeff Bezos’ phone hacking incident, find out how Indonesia busted three suspected e-commerce cybercriminals and discuss the big vulnerability the NSA uncovered in Microsoft Windows. Closer to home, we explore why Australian partners feel abandoned after Symantec acquisition and how the P&N Bank in WA suffered a breach that could impact almost 100,000 customers.

Content

 

Malicious Trojan 'Emotet' is back from its Christmas break

Emotet, one of the most disruptive kinds of malware in the world, has resurfaced in the U.S, Canada, and Mexico, this time targeting the pharmaceutical sector. We’ve discussed Emotet before and the precautions needed to avoid becoming its next victim.  

Perspective
Australia is no stranger to Emotet; Victorian health services experienced an Emotet-based ransomware attack just a few short months ago. Though Emotet activity was quiet over the holidays, the Americas saw a spike in Emotet email activity in mid-January with nearly three-quarters of a million messages, the biggest volume since April 2019. It looks like the Emotet threat isn’t going anywhere and organisations need to make sure they’re prepared. Given the speed at which it spreads, potentially anyone could become a target.

Learning from the Jeff Bezos Phone Hack

News of Jeff Bezos’s hacked phone has been doing the rounds these days. As the story goes, in 2018, one of the world’s most popular messaging apps was used to deliver malware to the Amazon CEO’s phone. But what actually happened? What can we learn from the incident?

Perspective
Reports say the hack of Bezos’s phone occurred after he opened a seemingly harmless WhatsApp video he received from the Saudi Crown Prince Mohammed bin Salman. While the facts behind the case are still being debated, The reality is that the technique used—sending infected files via the popular messaging service—is an increasingly common way to spy on high-profile targets. Facebook-owned WhatsApp presents a pretty large attack surface, being used by 1.5 billion people globally, which makes it a tempting target for cyber attackers.

NSA uncovers 'severe' Microsoft Windows vulnerability

In early January, The U.S. National Security Agency announced a "severe" vulnerability in Microsoft's Windows 10 operating system. Microsoft quickly released an update to fix the issue and the U.S. Department of Homeland Security ordered all federal agencies to apply Microsoft’s security patch within 10 days.

Perspective
According to the research firm which uncovered the flaw, 250 million customer service and support records were exposed online for two days before New Year's Day. The flaw in question was caused by misconfigured security rules which could potentially allow attackers to execute man-in-the-middle attacks or decrypt confidential data. The leaked data would be especially valuable to tech support scammers, who could use the information for phishing or device hijacking scams. It’s never a bad idea to be suspicious of calls or emails claiming to be from a major company.

Three suspected Magecart e-commerce hackers apprehended in Indonesia

Indonesian police arrested three suspected members of an e-commerce cybercrime group that stole customer credentials and payment data from e-commerce websites across Indonesia, Australia, the United Kingdom, the United States, Germany, Brazil, and various other countries. The arrests were the result of Interpol's ongoing anti-skimming operation in southeast Asia.

Perspective
The group allegedly injected malicious JavaScript "skimming" code known as "GetBilling" into targeted websites, in what is generally referred to as Magecart-type attacks. They hid behind VPNs and used only stolen cards to pay for hosting services and new domains. Even then, authorities were able to determine that the attacks originated from Indonesia. The fact that cybercriminals aren’t bound by national borders just highlights the scale of the danger they represent. You can never be too cautious when shopping online, no matter where in the world you may be.

Partners feel abandoned after Symantec acquisition

Following Symantec’s acquisition by Broadcom and the disbanding of the cybersecurity brand’s self-service licence renewal portal, Australian partners and end-users alike feel like they’ve been left to fend for themselves

Perspective
It appears that end users are beginning to feel the fallout from the Symantec acquisition, finding themselves unable to renew Symantec licences via the company’s online self-serve portal. Earlier on, we covered why the acquisition was bad news for the Australian cybersecurity sector. Seeing how only a few ANZ businesses are part of the Global 2000 which Broadcom is targeting, small and mid-sized end-users face a greater risk of being left out in the cold. There is some hope, however. Local partners and third parties that can help with Symantec licensing are already moving in to fill the gap. They can also help evaluate other vendors whose solutions, innovation and support would provide a better, more long-term solution.

P&N Bank in WA suffered a CRM breach that may impact 100,000 customers

The CEO of P&N Bank announced a data breach in December which involved the West Australian bank’s customer relationship system, potentially exposing private customer information that included names, addresses, ages, and account balances. The bank revealed “criminal activity took place around 12 December 2019” during a server upgrade on a third-party hosting service, and is now working closely with WA police and federal authorities to investigate.

Perspective
With so many platforms and systems working interdependently in our tech ecosystem, it’s inevitable that unexpected vulnerabilities will emerge. The important thing is how we react to them. That’s where both cybersecurity and cyber resilience come in. There’s no way to guarantee 100% cyber safety, but timely action can make all the difference. Organisations need to have crystal clear policies for safeguarding customer data and have protocols to follow in case of a breach.

Editor, Get Cyber Resilient

Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.

Stay safe and secure with latest information and news on threats.
User Name
Daniel McDermott