news200327

FFT news digest Mar 27 2020

Every move...

"My phone, which is satellite-tracked by the Taiwan gov to enforce quarantine, ran out of battery at 7:30 AM. By 8:15, four different units called me. By 8:20, the police were knocking at my door." That was the experience of one Twitter user and it reflects the way in which technology can be used to help control the spread of coronavirus. But privacy activists have voiced concerns that temporary measures could easily become permanent. “When we see emergency measures passed, particularly today, they tend to be sticky,” US whistleblower, Edward Snowden, said in an interview with the Copenhagen International Documentary Film Festival. Such concerns are understandably not a top priority at the moment, but while the world today is upended by an extraordinary crisis, it's worth considering our relationship with technology and the ways in which the information it reveals might be used tomorrow.

Under pressure

Streaming services and collaboration solutions continue to show signs of strain under the pressure of record numbers of users. Microsoft announced more changes to Office 365 to help cope with increasing demand from new and existing customers. These include reducing the video quality of meeting recordings and Sharepoint playback. Microsoft is among companies to have offered free subscriptions to its collaboration tools, but has warned it will consider adjusting these offers, as necessary, "to ensure support of existing customers." Meanwhile, Netflix experienced an outage lasting about an hour in the US and Europe which affected users trying to connect via web browsers. It has not said if this was due to user demand. More creatively, Zoom users are coming up with solutions to defeat the app's feature which can tell whether someone is paying attention during an online meeting. The answer; looping videos.

Scams

More evidence of the importance of being aware of the extraordinary number of cybersecurity scams seeking to exploit the coronavirus crisis. There have been multiple reports of hackers breaking into people's routers and changing settings so that users are diverted to coronavirus-related sites that push malicious software. The attacks have targeted weak administrator passwords on D-Link and Linksys routers. Once access is secured, criminals alter the router's DNS settings to point to servers they control. This means it's vital to make sure you have changed your router's default administrator password to something long and unique. We should also beware of hacked corporate websites and blogs which are being used to direct visitors to a fake Google Chrome update page. The golden rule applies; never follow a link or click on a friendly blue button to do anything important like change a password or update software. Always go directly to the site by typing the address into the browser.

Nation states

Criminals are not the only ones to exploit the coronavirus pandemic. Government-linked hacking groups from Russia, China and North Korea are also up to no good. This is hardly surprising as global news stories are always exploited by nation states seeking access to information and infrastructure. Security firm, QiAnXin, said Russian-sponsored hackers were the first to use a coronavirus lure hidden in documents sent to targets in Ukraine. At the end of February, North Korean hackers used highly-targeted phishing emails to attack South Korean officials. The largest number of attacks are reported to have originated in China. "This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years," FireEye said. The hackers have been trying to exploit vulnerabilities in Citrix Netscaler and Zoho ManageEngine. Other Chinese attacks targeted Vietnam and Mongolia.

Breaches survey

There's been a further rise in the number of cyber attacks in the UK, according to the government's annual Cyber Security Survey. 46% of businesses and 26% of charities reported breaches or attacks over the last 12 months. That's up from 32% and 22% for the previous year. The survey also found there had been a significant increase in the frequency of attacks, with 32% of businesses saying they had experienced breaches or attacks at least once a week. The nature of attacks has changed over the past 3 years, with a fall in the use of viruses or other malicious software and a sharp rise in phishing lures. More positively, there is evidence that senior managers are increasingly aware of the importance of cybersecurity and more staff have been hired to focus on cybersecurity issues. The report says there's more organisations could do in areas such as audits, cyber insurance, supplier risks and breach reporting.

Netflix

There are mass reports from Netflix users that their accounts have been hijacked. Victims are taking to Twitter to complain that they no longer have access to their accounts, and that they can't reach Netflix's customer support. A contributing factor is that the requirement to enter your password on a smart TV means that many people use something simple (because typing it is so fiddly). That means the password is likely to be in databases of stolen credentials which criminals can use to try to find working combinations. Alternatively, the attackers may use malicious software that can record keystrokes, or they may send an email with a link to a fake copy of the real Netflix site. Although it may be inconvenient, it's important to use a strong, unique password, avoid sharing it, and (as above) never follow a link to do anything important like confirm your details or change your password.

In brief

A wide-ranging phishing scam is targeting Three mobile users in the UK. Emails try to persuade users to download an HTML file which urges them to edit their billing information on (naturally) a fake landing page. Cofense

The British Army is reported to have told soldiers that orders issued over WhatsApp are legally binding. Given the extent to which WhatsApp metadata is mined by Facebook, the decision is surprising. The Register

More than half the people in the US who rely most on social media for political news say they have encountered made-up news about COVID-19, according to new research. 45% of social media news consumers said the media had greatly exaggerated the risks of COVID-19. Pew Research

Most organisations are unable to update vulnerable systems quickly enough to protect against critical threats. Research said key obstacles included remote working, inefficient testing, lack of visibility and staffing shortages. Automox

A gruesome error by a UK housing association exposed sensitive information about 3,500 people, including sexual orientation and disability status. The association was trying to update contact details, but sent an email with a spreadsheet which contained the personal data. The Register

At a dreadful time, (unintentional) comedy remains strong. Among items that caught our eye this week were the Texas mayor who forgot to turn off his wireless mic during a bathroom break, and the Italian priest who live-streamed his mass complete with added filters (including a space helmet, glitter, and sunglasses.

Updates

Microsoft: All supported versions of Windows 10 and Windows Server are affected by a new issue that could stop some applications connecting to the internet. The issue affects devices using a manual or auto-configured proxy, especially with a virtual private network. There's no fix at the moment, though Microsoft says rebooting the computer may work.

Microsoft: Anyone still running Windows 7 should be aware of a serious issue with the built-in Adobe Type Manager Library. Microsoft has warned two vulnerabilities could be used to hijack vulnerable computers. There's no simple fix at the moment. Windows 10 installations are also affected, but to a lesser extent.

Apple: Multiple updates across Apple products. iOS 13.4 fixes 30 security issues, but doesn't appear to address ongoing problems with Personal Hotspot. macOS updates for Catalina, Mojave and High Sierra fix 26 issues. There are also updates for watchOS, tvOS, and iTunes for Windows.

Adobe: Emergency update for Creative Cloud Desktop Application to address issue that could be exploited to delete files on Windows machines.

VMware: New update released for Workstation, Fusion, VMware Remote Console and Horizon Client, but concerns remain that security issues have not been fully addressed.

Zyxel: Check network attached storage devices and firewall products have been updated. A known vulnerability is being actively exploited.

HP: Warns that it's essential to update firmware for specific solid state drives which otherwise will cease to work after 40,000 hours of use.

Tor: Version 9.0.7 fixes an issue that could have exposed the identity of users.

Tails: Version 4.4.1 is an emergency release to fix security vulnerabilities in Tor Browser and Tor.