07 June 2019

IRM Weekly Cybersecurity Roundup: Microsoft cyber-attack and more

Fancy getting the weekly roundup delivered straight to your inbox?

Sign up to the IRM newsletter.

More warning for Microsoft Windows users due to cyber-attack risk

A few weeks ago, Microsoft warned Window users to update their older program versions due to a malware vulnerability.

The US National Security Agency (NSA) has also sent out a warning to update Windows systems due to a flaw known as “Bluekeep” existing in past editions. All customers on affected operations systems (Windows 7 and earlier) should update as soon as possible due to ‘BlueKeep’.

The flaw could leave computers vulnerable to virus infection through automated attacks or by downloading malicious attachments. This also means malicious users could gain complete control of remote systems.

Microsoft executives emphasised there has been no sign of danger from a new cyber-attack and that updating systems will protect the computer users from any threats.

You can read more here.

“Malboard” – a new cyber-attack mimicking keystrokes

A cybersecurity researcher from the University Of Negev has developed a cyber-attack called ‘Malboard’ that can mimic users’ personalised keystroke characteristics.

The cyber-attack has been designed to evade several detection products because it continuously verifies the identity of a user based on their personalised keystroke characteristics.

The process of this cyber-attack involves a USB keyboard which automatically generates and sends malicious keystrokes to mimic the victim’s personalised characteristics.

You can read more here.

20% rise in dark web hacking tool sales to organisations

There has been a substantial rise in listings of malware being sold on the dark web. The malware being sold are targeting businesses and a number of underground vendors, advertising tools that are designed to target particular industries.

Researchers studied underground forums and interacted with around 30 cyber-criminal vendors on forums. In many cases, these sellers had intimate knowledge of networks and cybersecurity protocols.

Over 60% of sellers were offering access to more than ten business networks – in some cases, the credentials were offered for as low as $2. Some services being sold were bespoke to particular networks and were offered for up to $10,000.

CEO of Bromium, a computer software company, encourages large enterprises to keep an eye dark web services to check the safety and security of their organisation’s website.

You can read more here.

Quick Fire Updates:

Hackers leaked sensitive data on Twitter after Baltimore didn’t pay ransom: Last month, Baltimore City were struck by a ransomware attack, cyber-hackers demanded $100,000 in bitcoin to unlock the hijacked files. This week it is believed the hackers have leaked stolen government documents on Twitter. You can read more here.

People are hacking into their Insulin pump as an alternative to delayed innovations: There have been a number of diabetics hacking into their insulin pumps via online instructions to pump the right amount of insulin into their body automatically. You can read more here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.