29 March 2019

IRM Weekly Cybersecurity Roundup: Shadowhammer cyber-attack and more

Fancy getting the weekly roundup delivered straight to your inbox? Sign up to the IRM newsletter.

ASUS improve cybersecurity after “ShadowHammer” cyber-attack

The Taiwan-based computer hardware company, ASUS, was hit by a “sophisticated” cyber-attack in January earlier this year. A cybersecurity firm working with ASUS disclosed on Monday that the attack affected around 1 million users and malicious code was implanted into more than 57,000 devices.

Hackers compromised the servers by hijacking the ‘ASUS Live’ update utility which provides BIOS, UEFI and software updates to ASUS devices. They hit the users with a backdoor utility, calling the attack “ShadowHammer” and used authentic ASUS software certificates to install the malware.

ASUS have now released a patch to update their Live Update Utility software. The fix is now included in Version 3.6.8 and they have also released an online book guiding users how to check their systems for compromises.

You can read more here.

RBS recommended flawed security software

Royal Bank of Scotland (RBS) customers have recently been offering customers a free security software called “Thor Foresight Enterprise”. They have recently discovered that the software has a flaw that could put customers at risk of a cyber-attack.

Thor was created by Heimdal Security who named it ‘the next generation protection’ against cyber-threats. It acts as a filter to cut-out common cyber-attacks attempting to steal or lock data away in ransomware.

The cybersecurity firm who discovered the flaw said they were able to gain access very easily. Attackers could gain complete control of the victims’ personal emails, internet history and bank details, highlighting an extremely serious flaw.

Heimdal said the vulnerability affected 50,000 computers during the three weeks it was live. They were quick to respond to the discovery by issuing a fix. They state that no customers suffered any adverse consequences.

You can read more here.

US Government believe Grindr poses ‘national security risk’

Grindr describes itself as “the world’s largest social networking app for gay, bisexual, transgender and queer people.” So why would the US say is poses a national security risk?

Grindr is owned by Chinese gaming tycoons ‘Beijing Kunlun Tech Co Ltd’ and there are concerns over how users’ personal data is handled. These concerns have materialised from a letter by US Senators Edward Markey and Richard Blumenthal. They stated Kunlun exposed highly sensitive and personal information to third party analytic firms without informed consent.

The sensitive information exposed included HIV status, email address, telephone number, precise geo-location, sexuality, relationship status, ethnicity and “last HIV tested date.” Grindr have since said that it has stopped sharing this data with third parties.

Grindr has had multiple issues when it comes to sharing and leaking data, explaining why the US Government has categorised Grindr as posing a national security risk.

You can read more here.

Dutch Waterworks aren’t meeting cybersecurity standards

The Court of Audit has advised the Ministry of Infrastructure and Water management in the Netherlands to make cybersecurity essential when it comes to their tunnels, bridges, locks and flood defences. In their report, they concluded that the waterworks are not sufficiently protected against cyber-attacks.

Despite being linked to computer networks for several years, the Dutch waterworks systems have not been keeping security systems up to date, increasing their exposure to a cyber-attack.

The public works department known as “Rijkswaterstaat” controls cybersecurity measures and stated: “Rijkswaterstaat is not forcing the implementation of the outstanding measures at its own regional organizational units. Cybersecurity is also not yet a fully-fledged part of regular inspections.”

Due to Rijkswaterstaat managing a number of ‘vital’ waterworks and only 60% with cybersecurity measures implemented, the court of audit are concerned that a cyber-attack is likely to go undetected.

You can read more here.

Quick Fire Updates:

HYDRO Aluminium plants cyber-attack cost at least £25.6m – Last week’s roundup covered the cyber-attack on Norwegian aluminium plant HYDRO. The latest update suggests the cost of the attack has accrued to at least £25.6 million. HYDRO are slowly bringing the affected systems back online. Read more here.

EU ignores US call to ban Huawei in 5G rollout – The US has voiced concerns over the technology titan Huawei for sometime, claiming they could be colluding with the Chinese government. The EU has chosen to ignore these concerns, but have recommended a set of security guidelines for the upcoming 5G rollout. Read more here.

Teenager charged with carrying out cyber-attacks on two separate police websites – A 19-year-old named Liam Reece Watts has been charged for two DDoS attacks on Cheshire Constabulary and Greater Manchester Police. Read more here.

To receive this blog direct to your inbox every week, sign up to our newsletter.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.