29 November 2019

IRM Weekly Cybersecurity Roundup: Government-backed hacking and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

Google publishes stats against government-backed hacking

The Google Threat Analysis Group (TAG), who work to detect and defeat threats, have published new information on its government-backed hacking research.

Google Logo Government-Backed Hacking TAG

TAG tracks more than 270 targeted or government-backed groups from over 50 countries, who have objectives including destructive cyber-attacks, intelligence collection or spreading coordinated disinformation.

Since July this year, TAG has sent over 12,000 government-backed hacking warnings to users in 149 countries, specifically working with high-risk users such as journalists, human right activists and political campaigners.

Google shares examples of cybercriminal activity uncovered in the last few years, including the “Sandworm” threat group who attempted to deploy Android malware in South Korea and Ukraine with spear phishing emails and malicious attachments.

The announcement also includes their broader efforts around uncovering disinformation, such as the recent Russia-affiliated campaign targeting several nations in Africa. These campaigns used inauthentic news outlets to spread messages promoting Russian interests.

You can read more here.

New Linux version lets pen testers go undercover in public

Linux Windows Desktop FeatureIn the latest release of the Kali Linux penetration testing platform, Kali Linux 2019.4, they have included new features such as a default desktop environment and undercover mode to allow pen testers to go unnoticed doing work in public places.

Usually, technical professionals using Kali will be easily identified due to the Kali dragon seen on the desktop. Thanks to the new script, the Kali theme can be changed to look like the default Windows theme.

You can read more here.

Splunk security tool admits faulty timestamp tracking

Splunk, an analytics and software tool used by many security firms for logging and intrusion detection, has released information about a bug.

The bug means the platform is unable to recognise timestamps from events where the date contains a two-digit year from January 1st 2020. This effectively means that any data which meets this criteria will be indexed with the incorrect timestamp. In addition, since September 13th 2020, unpatched platform instances will be unable to recognise timestamps from events with dates based on Unix time.

Read more about the Splunk platform instance types affected and how what the solution to the issues are here.

Australian Defence department invests $4.5 million in cyber

The Australian Department of Defence has put down $4.5 million in funding for tech companies and academics to invest in its cybersecurity future.

Over a three-year period, the defence agency has asked for industry organisations, universities and researchers to collaborate to create new defence systems. Main topics of interest include cyber artificial intelligence, the human elements, mission assurance and threat counter-measures and effects.

Suppliers chosen to work on the project will enter into a research agreement contract either with Defence Science and Technology (DST) or the CSIRO’s Data61.

You can read more here.

Quick-fire updates

20-35% of banks’ quarterly profit at risk from cyber-attacks: A recent stress test by the Monetary Authority of Singapore has found that a large-scale direct cyber-attack on a bank would cost the organisation between 20-35% of its quarterly profits. Read more here.

Fortinet products shipped with hardcoded encryption keys: Cybersecurity product vendor, Fortinet, have taken over 10 months to remove hardcoded encropion keys from three products exposing customer data. Read more here.