06 Jan 2021
Cybersecurity Newsletter
Keeping an eye on cyber news and threats
Happy New Year everyone!
Welcome back, I hope you all had a great Christmas and said goodbye to 2020 in whatever way you saw fit. Before we put that horrendous year behind us I have some major talking points that have occurred since my last article, including the biggest breach of the year, if not the century (and I’m really not exaggerating here) that happened just before Christmas. I know you’re eager to know what it is (you may have heard about it already) so I’ll crack on and get right to it!
Solarwinds Orion hacked
This is the big one, and the more we hear about it the worse it gets. For those of you that are unfamiliar with Solarwinds or the software in question, they are a huge global technology service provider and their network monitoring software Orion is used by major enterprises and governments worldwide.
Just before Christmas attackers managed to gain access to the system Solarwinds use to produce updates to their Orion software and insert malicious code into the latest update. This created a virus that could access everything on any network that installed this update, which was around 18,000 customers including Microsoft, US departments of Homeland Security, State, National Health Institute, Commerce and Treasury, and nuclear programs run by the US Department of Energy and National Nuclear Security Administration.
Who knows how much sensitive data and secrets were stolen? The virus had been there for months before it was discovered. It had extensive reach into infected systems which spanned across many federal departments in the US, accessing source code and users with high system privileges. They got into everything.
The finger is currently being pointed at Russia despite them denying it, but the thought of Russia having such high-level access to US government agencies including their National Nuclear Security Administration is scary stuff. Luckily, although having access, the hackers were unable to make any changes and a kill switch has since been distributed, but the amount of information that has been accessed at such a high level will make this the biggest hack we’ve seen in years.
Cryptocurrency malware draining funds from crypto wallets
A new type of malware has been found that can drain funds from your cryptocurrency wallet. It has been given the name ‘ElectroRAT’ (RAT part refers to Remote Access Tool) and is downloaded from ads in cryptocurrency forums promoting apps for cryptocurrency management.
The malware itself is a trojan, in that when users click the ad to download the app it appears to be genuine software from legitimate app providers, but once installed the malware runs in the background out of sight as ‘mdworker’. ElectroRAT can take screenshots, perform keylogging (recording everything you type), uploading and downloading of files and executing commands. The goal is to steal private keys and drain the funds from the wallet.
My advice here is to never install anything linked from an ad (avoid clicking them at all if possible), always download from the legitimate website and do some research on the application to make sure it is genuine and trusted before downloading.
This week’s top tip – selling old devices
Got a new device for Christmas and planning on selling your old one? Whether it be a laptop, tablet, or phone, all of these devices contain personal data and could put you at a potential security risk if sold second hand without properly wiping them.
These devices hold many of our personal files and accounts and anyone buying it could have access to all of that, including online accounts. Before selling devices second hand, transfer any files you want to keep to another device first and then do a complete factory reset, making sure to remove any files in the process. This is normally a straightforward process found in the settings and will ask you what kind of reset you want to perform. The option you want to choose (after backing up the files of course) is usually ‘delete everything’ or ‘remove all files and settings’ or something similar.
That’s all for now, see you next week.
Mike