IRM Weekly Cybersecurity Roundup: Vision Direct data breach and more

Microsoft outage a backstep for cybersecurity 

On Monday, people over the world were unable to login to their Microsoft Office 365 accounts for over 15 hours. Despite the multi-factor authentication (MFA) put in place to allow users to login via SMS, app or a phone call, nothing happened after entering the appropriate information.

With many organisations encouraged to use Office 365 for its cloud capabilities, over 80% of Fortune 500 companies use the platform and panic quickly ensued. The issue only affected those who had MFA switched on and were not logged in already.

Microsoft were able to fix the issue by the end of the day but companies were forced to use potentially ‘unsafe’ security practices in the meantime.

You can read more here.

Did you see that hack coming?

Vision Direct has been the latest victim of a data breach which compromised customer data between November 3 and November 8. The online optical retailer revealed that the compromised data included full names, billing addresses, email address, passwords, telephone numbers and card details. They claim that PayPal accounts and saved data were not affected.

The breach is described as “resolved” and the website is working as normal. Vision Direct recommended customers contact their bank providers and “follow their advice”.

You can read more here.

U.S. Department of State used as part of phishing attack

Cyber security experts, FireEye has recently detected a targeted an attack on their customers across “Defense, Imagery, Law Enforcement, Local Government, Media, Military, Pharmaceutical, Think Tank, Transportation, & US Public Sector industries in multiple geographic regions”.

The investigation shows that several email servers were compromised to allow the hackers to send phishing emails. The emails sent were made to look like they were from a US Public Affairs official, were hosted on a convincing landing page and used authentic official forms. All in all, the hackers created a believable user experience for the victim.

Once the victims clicked on the phishing emails, a ZIP archive containing a weaponised Windows shortcut file launched a benign decoy document and a ‘Cobalt Strike Beacon’ backdoor, which blended in with legitimate network traffic.

This attack can be linked to the APT29 phishing campaign from November 2016.

You can read more here.

Can you meet new supplier standards?

The U.S. Department of Defense (DOD) has recently updated its cybersecurity strategy to demand secure products and services from suppliers.

Adding to the list of current measurements (quality, cost and schedule), cybersecurity is going to become the “fourth critical measurement”. Emphasis is put on the fact that we shouldn’t have to pay more for better security. Instead, it’s a consumer and industry expectation that should be met as standard.

In addition, importance is placed on ensuring cybersecurity is a priority at the design stage rather than an afterthought. Whilst this cybersecurity strategy is specific to the US, the same can be witnessed in the UK from the the Department for Digital, Culture, Media and Sport’s recent “Secure by Design” report.

You can read more here.

Fear the worst: the potential cyber-scenarios of the future

CNBC has ranked some of the top cyber-attack scenario concerns for independent cybersecurity specialists.

1. Knocking out basic services – already witnessed by Ukraine’s power grid outage in 2015, a cyber-attack on critical national infrastructure would be hard to recover
2. A financial attack – the fear that a cyber-attack on the financial industry would send customers flocking to banks to pull out funds, pushing the banks into ‘contagion’.
3. Manipulating data – concerns that criminals and nation-states have the ability to change data, such as financial information

You can read more here.

Top cybersecurity trends of 2018 and recommendations for 2019

Accounting and advisory firm, BDO, has collated key cybersecurity trends from this year and has set some recommendations for the year ahead.

Trends include the:

• rise of business email compromise attacks focused on payments to wrongful suppliers,
• growth of spear-phishing emails targeting executives
• increasing cyber-skills gap and shortage of cybersecurity professionals
• expansion of ransomware attacks, especially in the healthcare industry.

Recommendations for 2019 include:

• Conducting email threat assessments to detect malware that may otherwise go undetected
• Practising spear phishing campaigns to raise awareness and raise defences
• Implementing an effective and timely software patch management program, as lack of patch management was the cause for the most significant cyber breaches in the last 2 years

Quick fire updates 

• Getting too personal? – Despite Donald Trump’s repeated disapproval for Hilary Clinton’s use of personal email during the 2016 presidential election, his daughter is now being investigated for a similar thing. Ivanka Trump’s use of private emails for White House affairs is thought to violate federal law. The President claims the story is “fake news”. You can read more here.
• Android users hit with app malware scam – 13 malicious apps made their way onto the Google Play store, leading to many downloads before being detected. One app, which was posing as a driving game, even made its way to the “trending” section of the app store, encouraging more downloads from Android users. The games were developed by “Luiz Pinto” and users have been encouraged to uninstall them immediately. You can read more here.
• TalkTalk hackers jailed – The two hackers responsible for the TalkTalk breach – which affected over 155,000 customer accounts and cost the company over £77 million – have been jailed for 20 months. The duo stole personal information, banking details and sensitive data. The hack cost TalkTalk £400,000 in a fine from the Information Commissioner’s Office for security failings that led to the attack happening. You can read more here.
• Instagram tool exposes passwords – The “Download Your Data” tool – a tool designed pre-GDPR to allow users to view the information that Instagram had collected on them – could have exposed user passwords. Despite the company stating the flaw only affected a “small number” of users, it raises concerns about how the platform is managing data. You can read more here.
• Amazon Black Friday blunder – Amazon contacted some users this week to inform them that their names and email addresses had mistakenly been made publicly visible on its website. The retailer hasn’t confirmed how many users were affected. Despite the issue being fixed, it could lead to phishing emails or account reset attempts. You can read more here.

To receive this blog direct to your inbox every week, sign up to our newsletter.

If you are concerned about protecting your organisation from increasing cyber threats, have a chat with IRM about how we can work with your to rebuild a cybersecurity strategy. Contact us today.