Cyber Security News Update – Week 22 of 2021

Among the most effective ways to evade the digital world’s endless cybersecurity challenges is staying abreast of the latest attack trends. Towards that end, here we bring you the most significant email security incidents in the past week

Multiple Bugs Found In WiFi Standards

In a frightening security revelation, a Belgium-based cybersecurity researcher has found multiple implementations and design flaws in the WiFi standard used by device manufacturers. These fragmentation and aggregation attacks (FragAttacks) pose a risk for all WiFi devices developed using the WiFi standards commonly used (some of which date back to the 1990s).

The three principal vulnerabilities, CVE-2020-24586, CVE-2020-24587, and CVE-2020-24588, enable an attacker within the radio range of the WiFi device to control and intercept the user’s information. The researcher experimented with over 75 devices, and each of them was vulnerable to at least one attack.

On the other hand, the implementation flaws enable the adversaries to inject a specially crafted frame into an unencrypted WiFi frame and steal user data. The significant bugs include CVE-2020-26144 and CVE-2020-26145. This sure is a scary discovery, but with the right cybersecurity tools and habits such as using strong passwords, having data back-up, etc., these vulnerabilities can be stopped from being exploited.

Japan Mandates Cybersecurity Regulations For Private Sector

As a ransomware protection measure after the recent Colonial Pipeline incident, the Japanese government has introduced new regulations to strengthen its national cyber defense. These regulations shall apply to 44 sectors, including finance, telecommunications, railroads, healthcare, electricity, and government services.  These sectors will have to pay special attention to services and equipment procured from overseas, such as cloud data storage.

In addition, the government will regulate organizations for compliance with these regulations. It will have the authority to restrict them from using foreign equipment which does not meet their security standards. The move comes now for private sectors, but all government undertakings in Japan had boycotted the use of threat-posing foreign equipment (like those from ZTE and Huawei) three years back!

What Makes Hackers To Fast And Threat Detection So Slow?

The reason why ransomware attackers can attack organizations has been revealed. A cybersecurity research team from Palo Alto Networks recently conducted a study on 50 global enterprises and 50 million associated IP addresses. The study showed that if companies take an average of 12 hours to detect a vulnerability, attackers take only one hour! This unbelievably colossal pace gap makes all the difference!

The study further revealed that most vulnerabilities relate to the Remote Desktop Protocol (which is known for being an entry window to admin servers for adversaries), followed by zero-day vulnerabilities, misconfigured database servers, and insecure remote access.

A crippling revelation was that in some instances, the adversaries’ scan frequency comes down to 15 minutes (when there is a remotely exploitable bug in the network) and 5 minutes (when the ProxyLogon bugs were found in Microsoft Exchange Server and Outlook Web Access). Palo Alto Networks suggests that this lag in threat detection occurs because of a flawed vulnerability management process that scans the existing database for vulnerabilities.

Interesting Study Suggests How Long Can Adversaries Hide In A Network

The UK based cybersecurity firm Sophos recently published a report on the average time cyber attackers get within a breached network before being detected. While Sophos says that adversaries get an average of 11 days before being seen (because they have deployed ransomware by then), Mandiant proposes a longer time-to-detection of 24 days on average. Sophos explains the shorter dwell time by suggesting that ransomware attacks are different from mere data breaches.

Going by the Sophos report, we can tell that the adversaries have a decent time of 11 days (264 hours) for all their malicious activities, including data exfiltration, lateral movement, credential dumping, reconnaissance, etc. And they don’t need more than a few minutes or hours for these activities. Therefore, it can be concluded that the attackers get ample time to study a network and its loopholes before being detected.

The Sophos study also highlighted the use of Remote Desktop Protocol (RDP) in most (90%) of the cyberattacks. It also mentioned the most active ransomware gangs in 2020, including Revil, Ryuk, Maze, Dharma, Netwalker, and Ragnarok.

New Chrome Update Helps Change Compromised Passwords Effortlessly

First introduced in 2018, Google’s Duplex technology will now alert users every time Google detects a password compromise and help them to change the password for the particular site with ease. This feature will be available on Google Assistant for Android and iOS, first for users in the US and eventually for other countries.

With the Duplex technology, users will be able to create a strong password for all password compromises that Chrome identifies. This comes as a great addition to users’ cybersecurity tools and can even be used manually.

Four Vulnerabilities Detected In Android

Google’s May 2021 Android Security Bulletin revealed four security vulnerabilities in Arm and Qualcomm, which were previously patched. These vulnerabilities have been exploited as zero days in the wild and named CVE-2021-1905, CVE-2021-1906, CVE-2021-28663, and CVE-2021-28664.

There is no reason to believe the vulnerabilities have been widely exploited: there may have been limited and targeted exploitation. Adversaries could gain complete access to the target device upon exploiting these cybersecurity flaws, but it is uncertain how the process can be carried out. This update comes after Google notified about two vulnerabilities in Qualcomm chipsets (CVE-2020-11261) and Binder (CVE-2019-2215), respectively, back in March.