Cybersecurity is an important aspect determining the smooth functioning of an organization. The following headlines from the bygone week indicate just how essential adopting cybersecurity tools are
Dutch Police Very Particular About Cybersecurity, Send Warnings to Cybercriminals
The Dutch authorities recently sent out final warning notifications to 29 Dutch nationals for using a distributed denial-of-service (DDoS) website to launch DDoS attacks against anyone they wished to target. The Dutch police sent out these notifications to let the offenders know that their malicious actions won’t go unnoticed to ensure ransomware protection for unsuspecting citizens.
The notice gives them an ultimatum that they will be prosecuted if found indulging in any more illegal activity. The website at the root of all these attacks is minesearch.rip, and it has been on police radar since 2020. Currently, the minesearch website is down for investigation. This isn’t the first time Dutch authorities have stepped in to stop young individuals from going in the wrong direction. Such intrusive and extreme cybersecurity measures are the need of the hour, and the Dutch police’s approach sets an example for nations worldwide.
Siemens And Schneider Electric Release Advisories Patching Vulnerabilities
The industrial giants Siemens and Schneider Electric recently released several cybersecurity advisories patching over 33 and 20 vulnerabilities, respectively. These vulnerabilities affected many of their products. For instance, among the 33 vulnerabilities fixed in the five new advisories of Siemens were patches for arbitrary code execution flaws in its SINEC network management system. In addition, 15 flaws in the ArubaOS operating system of SCALANCE W1750D were fixed. Many of these vulnerabilities were marked as high severity flaws.
Schneider Electric, on its part, fixed 20 vulnerabilities in 6 new advisories, which include 11 Windows flaws in the Conext solar power plant products. Furthermore, flaws in Schneider’s IGSS SCADA system, spaceLYnk, fellerLYnk products, Wiser For KNX, and the ConneXium network manager software were also patched.
NCSC Issues Guidelines for Employees Working on Personal Devices
The National Cyber Security Center recently issued guidelines for employees working on personal devices in the aftermath of the pandemic. The remote working setup popularised by the pandemic continues to persist in many organizations with a bring-your-own-device (BYOD) policy. This culture has attracted many cybercriminals as employees may not adopt the required cybersecurity measures on their devices.
The NCSC advisory discusses whether BYOD is safe for an organization and mentions the possible challenges. These include compliance of devices with enterprise policies and legal obligations, protection of confidential organization files, compatibility with the required OS and device types, etc. The NCSC further suggests that a zero-trust architectural approach can be adopted in organizations where BYOD is deployed.
A cybersecurity report by Bitdefender brings forth some shocking revelations about the security blunders BYOD employees commit on a daily basis. For instance, 27% of individuals use simple passwords like 1234 to lock their devices, whereas 11% do not even lock their phones. 35% of individuals did not use an antivirus, whereas 30% believed their mobile phone doesn’t need an antivirus. Several other myths were uncovered, and one among them was found among 16% of the respondents who said that they always want cybersecurity to be an inbuilt feature in their devices! With such alarming statistics on employees’ awareness of email security or cybersecurity, using the BYOD approach to work is a conscious choice an organization makes!
Beware of Malicious Browser Extensions
Are you familiar with browser extensions that block ads? What about the ones that block ads on the surface but infect devices? Cybersecurity researchers at Imperva recently found a browser extension called AllBlock that blocks ads and runs a malicious script injecting a JavaScript code in Chrome tabs. This code communicates with remote servers to download a payload connected to an ad-injection scam.
The AllBlock scam brings in ads from web pages and other sources linked to affiliates. Google claims that the security of Chrome extensions is essential for them and urges all extensions to avoid engaging in malicious activities, but this AllBlock incident might affect its image. Imperva seems to be taking this AllBlock scam personally and has introduced its chrome application that lets users install the Imperva.com homepage offline and visit previously opened pages.
Rewards Await if You Can Spot Vulnerabilities in Power Platform
As part of the Dynamics 365 and Power Platform Bounty Program, Microsoft is awarding $20,000 in bounty to anyone who can find valid vulnerabilities in the Power Platform. These Power Platform products include Power Automate, Power Apps, Power Portals, and Power Virtual Agent.
This move is just another reflection of Microsoft’s concern for customer data protection. It is willing to pay $500-$20,000 as a bug bounty for the vulnerabilities identified in Power Platform products. Reports suggest that the highest rewards are reserved for remote code execution bugs with critical severity. Microsoft plans on expanding the Dynamics 365 and Power Platform Bounty Program gradually if the reported bugs seem relevant and significant enough.
New Ransomware Operator Detected
Broadcom’s Symantec Threat Hunter Team recently discovered a new ransomware strain called Yanluowang used in highly targeted attacks. The ransomware came to notice when it attacked a high-profile enterprise using the AdFind command line Active Directory. Ransomware gangs usually use AdFind to access information through lateral movement in victim devices and networks.
Soon after discovering the ransomware, the adversaries began deploying it at a faster pace in various organizational systems. In a typical attack, a .txt file is created, which checks the command line. Further, a Windows Management Instrumentation (WMI) is used to see the processes running on remote machines. This data is then logged to processes.txt.
Once in power, Yanluowang acts upon the hypervisor virtual machines and processed precursor tools. It also encrypts files and alters the .yanluowang extension. The ransomware also leaves behind a ransom note titled README.txt for the victim. Although the message threatens victims against approaching law enforcement, affected organizations are advised to take adequate ransomware protection measures.