Cyber Threat Report - 12 May 21
Updated: May 26
Hello everyone and welcome back to the weekly threat report. This week is Patch Tuesday so I've included some news on critical updates to popular operating systems, services and apps. I also provide some statistics on phishing sites that were taken down last year, and I talk about the recent ransomware attack on the US fuel pipeline.
Major US fuel pipeline disrupted by ransomware
Ransomware is hitting headlines once again after a major fuel pipeline to the US was taken out of action when ransomware belonging to DarkSide brought down the network that runs it.
Ransomware attacks have been increasing over the last couple of years and the DarkSide ransomware group are one of the major players in the game, offering what's known as 'ransomware-as-a-service' which is named in a similar fashion to legitimate services such as 'software-as-a-service' where vendors 'rent out' their software to companies to use. In this instance, of course, threat actors rent the ransomware from the creators for a price.
DarkSide consists of two parts - the creators of the malware and their affiliates or 'partners' that are recruited to hack into targets and implement the ransomware.
DarkSide have become quite well known in the cybersecurity world and try to make themselves seem like a legitimate business by donating to charities and releasing press statements about their hacks, particularly if they cause major disruption such as the Colonial Pipeline incident, which has denied fuel to a large portion of the US, causing President Biden to declare a state of emergency in 18 states.
In their most recent press release about this incident, they claim to be apolitical and that they will vet their partners better in future, as they don't want to create problems for society. It's almost like they are trying to normalise their criminal activity.
Patch Tuesday - Hack Wednesday updates
Patch Tuesday - every IT professionals favourite time of the month. I'm kidding obviously because it means we have to go through our systems and check for updates to make sure we patch any potential vulnerabilities, but it's also something everyone should do.
If you want your phones and computers to remain as secure as they can be, it's a good idea to check for updates on the regular, particularly after Patch Tuesday which occurs every second Tuesday of each month.
So, what's been patched this month?
Google has patched yet more vulnerabilities in Chrome (19 to be precise) in its latest update.
Foxit Software has released security updates to fix a remote code execution vulnerability in its PDF reader, which allowed attackers to execute malware using PDF files.
Microsoft has released updates to patch 55 vulnerabilities, including 3 zero-days. Of the 55 vulnerabilities, 4 were critical and 50 important.
Adobe Acrobat has patched a zero-day vulnerability that has been actively exploited, targeting Adobe Reader users on Windows. Adobe has also patched another 43 bugs in their software, including 10 critical in Acrobat.
Fake websites increased 15-fold in 2020
The National Cyber Security Centre (NCSC) took down more than 700,000 fake websites linked to phishing campaigns in 2020, 15 times more than 2019.
11,000 of those were government themed phishing campaigns - double that of the previous year. The most common UK government phishing campaign was HMRC scams.
Since the launch of the suspicious email reporting service, the NCSC received more than 4 million reports leading to the removal of 26,000 scams not previously identified.
The majority of the sites, however, were fake celebrity endorsement scams and fake online shops, contributing more than 400,000 of the 700,000 URLs.
That's all for now, stay safe out there and see you next week!