This month in security: January 2020
The famous Trojan 'Emotet' is back from its Christmas break and is swiftly making its way across the Americas. We take a deeper look at Jeff Bezos’ phone hacking incident, find out how Indonesia busted three suspected e-commerce cybercriminals and discuss the big vulnerability the NSA uncovered in Microsoft Windows. Closer to home, we explore why Australian partners feel abandoned after Symantec acquisition and how the P&N Bank in WA suffered a breach that could impact almost 100,000 customers.
Malicious Trojan 'Emotet' is back from its Christmas break
Emotet, one of the most disruptive kinds of malware in the world, has resurfaced in the U.S, Canada, and Mexico, this time targeting the pharmaceutical sector. We’ve discussed Emotet before and the precautions needed to avoid becoming its next victim.
Australia is no stranger to Emotet; Victorian health services experienced an Emotet-based ransomware attack just a few short months ago. Though Emotet activity was quiet over the holidays, the Americas saw a spike in Emotet email activity in mid-January with nearly three-quarters of a million messages, the biggest volume since April 2019. It looks like the Emotet threat isn’t going anywhere and organisations need to make sure they’re prepared. Given the speed at which it spreads, potentially anyone could become a target.
Learning from the Jeff Bezos Phone Hack
News of Jeff Bezos’s hacked phone has been doing the rounds these days. As the story goes, in 2018, one of the world’s most popular messaging apps was used to deliver malware to the Amazon CEO’s phone. But what actually happened? What can we learn from the incident?
Reports say the hack of Bezos’s phone occurred after he opened a seemingly harmless WhatsApp video he received from the Saudi Crown Prince Mohammed bin Salman. While the facts behind the case are still being debated, The reality is that the technique used—sending infected files via the popular messaging service—is an increasingly common way to spy on high-profile targets. Facebook-owned WhatsApp presents a pretty large attack surface, being used by 1.5 billion people globally, which makes it a tempting target for cyber attackers.
NSA uncovers 'severe' Microsoft Windows vulnerability
In early January, The U.S. National Security Agency announced a "severe" vulnerability in Microsoft's Windows 10 operating system. Microsoft quickly released an update to fix the issue and the U.S. Department of Homeland Security ordered all federal agencies to apply Microsoft’s security patch within 10 days.
According to the research firm which uncovered the flaw, 250 million customer service and support records were exposed online for two days before New Year's Day. The flaw in question was caused by misconfigured security rules which could potentially allow attackers to execute man-in-the-middle attacks or decrypt confidential data. The leaked data would be especially valuable to tech support scammers, who could use the information for phishing or device hijacking scams. It’s never a bad idea to be suspicious of calls or emails claiming to be from a major company.
Three suspected Magecart e-commerce hackers apprehended in Indonesia
Indonesian police arrested three suspected members of an e-commerce cybercrime group that stole customer credentials and payment data from e-commerce websites across Indonesia, Australia, the United Kingdom, the United States, Germany, Brazil, and various other countries. The arrests were the result of Interpol's ongoing anti-skimming operation in southeast Asia.
Partners feel abandoned after Symantec acquisition
Following Symantec’s acquisition by Broadcom and the disbanding of the cybersecurity brand’s self-service licence renewal portal, Australian partners and end-users alike feel like they’ve been left to fend for themselves.
It appears that end users are beginning to feel the fallout from the Symantec acquisition, finding themselves unable to renew Symantec licences via the company’s online self-serve portal. Earlier on, we covered why the acquisition was bad news for the Australian cybersecurity sector. Seeing how only a few ANZ businesses are part of the Global 2000 which Broadcom is targeting, small and mid-sized end-users face a greater risk of being left out in the cold. There is some hope, however. Local partners and third parties that can help with Symantec licensing are already moving in to fill the gap. They can also help evaluate other vendors whose solutions, innovation and support would provide a better, more long-term solution.
P&N Bank in WA suffered a CRM breach that may impact 100,000 customers
The CEO of P&N Bank announced a data breach in December which involved the West Australian bank’s customer relationship system, potentially exposing private customer information that included names, addresses, ages, and account balances. The bank revealed “criminal activity took place around 12 December 2019” during a server upgrade on a third-party hosting service, and is now working closely with WA police and federal authorities to investigate.
With so many platforms and systems working interdependently in our tech ecosystem, it’s inevitable that unexpected vulnerabilities will emerge. The important thing is how we react to them. That’s where both cybersecurity and cyber resilience come in. There’s no way to guarantee 100% cyber safety, but timely action can make all the difference. Organisations need to have crystal clear policies for safeguarding customer data and have protocols to follow in case of a breach.