Information Security Report – March 2018

Current Threats and Exploits

  • Crypto Miners Are Sneaking To Your Networks – Despite dropping off a little in the news this month, crypto currency is still a much sought after commodity for many. Attackers are looking to cash in on this to do anything possible in order to make good use of your idle CPU time. In the past we have seen malware, advertising, worms and phishing campaigns aiming to deploy mining scripts or software on unsuspecting victims. It was recently reported that a large number of websites around the world were hijacked with crypto mining scripts as a result of a compromised plugin script. As a result of this, users visiting the site were redirected to execute coinhive mining scripts for the attacker, and although this method is used by advertisers to monetise sites, the incident highlighted the importance of knowing your online supply chain (and where you get your web resource scripts from).
  • Shortened URLs In Phishing – It has been observed in the wild that shortened URLs are increasingly being used again by active phishing campaigns. As a result of this, one of the core user awareness points for phishing of looking at the link is bypassed as most users will recognise and trust shortened URL services (such as Google and Bitly). Typically seen in campaigns targeting web mail credentials, this attack vector poses a significant risk to organisations and emphasises the importance of web content filtering. It is also recommended that users are made aware to be on the lookout for this type of activity.
  • Memcache Denial of Service Attacks – A huge number of Denial of service attacks are being staged from misconfigured internet facing memcache servers. These severs accept easily forged udp packets and this makes them perfect for reflected and amplified denial of service attacks. As this service was not designed to be exposed to the internet it is unlikely that any additional security will be configured, the remediation is to firewall off this service from the internet.

Read more on SANS ISC InfoSec Forums

Recent Breaches

  • Unsecured AWS Once Again Makes News – Poorly secured AWS S3 buckets continue to be a problem. Researchers have notified the LA Times after it was discovered that their unsecured Amazon S3 bucket had been cryptojacked and has been mining Monero cryptocurrency. The LA Times did not correctly configure their S3 buckets and as a result it was publicly writable.

Read more on naked security

Other News

    • Notifiable Data Breaches Scheme Comes into Effect – Australia’s Notifiable Data Breach scheme came into effect this month. This amendment to the Privacy Act enforces businesses under certain conditions to report data breaches to the Office of the Australian Information Commissioner. It is recommended that all organisations become aware of their responsibilities under these changes and update incident response plans as required to include these potential actions. For additional information please engage with your legal and / or privacy team.

Read more on ZDNet

    • Chrome will label HTTP sites as not secure – Starting from July the web browser Google Chrome will label sites visited using HTTP as non-secure. This is a move to hopefully uplift HTTPS adoption and ensure that sites default to the HTTPS version of the website.

Read more on ars TECHNICA

  • Importance of Multifactor Authentication In the Modern Enterprise – Multifactor authentication is a practical way to add security to the logon process by requiring multiple forms of identification as an addition to the username/password sequence. As the number of password exploits continue to increase, enterprises should look into available multifactor tools and integrate them into their infrastructure so as to secure logins and access to resources.

Read more on Search Security