The UK went into lockdown in March due to the coronavirus pandemic, these are unprecedented and uncertain times. Unfortunately, cybercriminals are taking full advantage of this situation, both UK citizens and businesses have been hit with a wave of COVID-19 themed phishing emails, and scam social media and text messages (smishing). Which prompted warnings by the UK National Cyber Security Centre and UK Banks, and a crackdown by the UK Government.
Convincing COVID-19 Scam Text Message (Smishing)
I have not had the opportunity to analyse a copy of the above scam text message (smishing), but it looks like the weblink displayed is not as it appears. My guess is the link is not part of the gov.uk domain, but the attacker has used an international domain name homograph attack, namely using foreign font characters to disguise the true address of a malicious website that is linked.
I was privileged to be on The Telegraph Coronavirus Podcast on 31st March, where I was asked about the security of video messaging apps, a transcript of what I advised is here. Further coronavirus cybersecurity advice was posted on my blog, on working from home securely and to provide awareness of coronavirus themed message scams. It was also great to see the UK payment card contactless limit increased from £30 to £45 to help prevent coronavirus spread.
March threat intelligence reports shone a light to the scale of the cybercriminal shift towards exploiting COVID-19 crisis for financial gains. Check Point Global Threat Index reported a spike in the registration of coronavirus themed domains names, stating more than 50% of these new domains are likely to be malicious in nature. Proofpoint reports for more 80% of the threat landscape is using coronavirus themes in some way. There has been a series of hacking attempts directly against the World Health Organisation (WHO), from DNS hijacking to spread a malicious COVID-19 app to a rather weird plot to spread malware through a dodgy anit-virus solution.
Away from the deluge of coronavirus cybersecurity news and threats, Virgin Media were found to have left a database open, which held thousands of customer records exposed, and T-Mobile's email vendor was hacked, resulting in the breach of their customers and employees personal data.
International hotel chain Marriot reported 5.2 million guest details were stolen after an unnamed app used by guests was hacked. According to Marriots online breach notification, stolen data included guest name, address, email address, phone number, loyalty account number and point balances, employer, gender, birthdays (day and month only), airline loyalty program information, and hotel preferences. It was only on 30th November 2018 Marriott disclosed a breach of 383 million guests. Tony Pepper, CEO at Egress said “Marriott International admitted that it has suffered another data breach, affecting up to 5.2 million people. This follows the well-documented data breach highlighted in November 2018 where the records of approximately 339 million guests were exposed in a catastrophic cybersecurity incident. Having already received an intention to fine from the ICO to the tune of £99m for that, Marriott will be more than aware of its responsibility to ensure that the information it shares and stores is appropriately protected. Not only does this news raise further concerns for Marriott, but it also serves as a reminder to all organisations that they must constantly be working to enhance their data security systems and protocols to avoid similar breaches. It will be interesting to see if further action is taken by the ICO”
Five billion records were found to be exposed by UK security company Elasticsearch. Researchers also found an Amazon Web Services open MongoDB database of eight million European Union citizen retail sales records was left exposed, which included personal and financial information. And Let’s Encrypt revoked over 3 million TLS certificates due to a bug which certification rechecking
March was another busy month for security updates, patch Tuesday saw Microsoft release fixes for 116 vulnerabilities and there was an out-of-band Microsoft fix for 'EternallDarkness' bug on 10th March, but a zero-day exploited vulnerability in Windows remained unpatched by the Seattle based software giants. Adobe released a raft of security patches, as did Apple (over 30 patches), Google, Cisco, DrayTek, VMware, and Drupal.
Stay safe, safe home and watch for the scams.
- How Safe are Video Messaging Apps?
- Working from Home Cybersecurity Guidance
- Coronavirus Cybersecurity: Scams To Watch Out For
- Payment Card Transactions in the UK will be increased from £30 to £45 due to Coronavirus
- Cyber Security Roundup for March 2020
- UK Banks warn on Wave of COVID-19 Themed Text Message ‘Smishing’ Scams
- UK Government Cracks Down on Fake Coronavirus Advice on Social Media and WhatsApp
- Virgin Media leaves Database Open, Thousands of Records Exposed
- T-Mobile Email Vendor Breach Exposes Info on Customers and Employees
- Five Billion Records Exposed in Open ‘Data Breach Database’ by UK-based Security Company’
- New Marriott Data Breach Impacts 5.2 Million Guests
- 8 Million EU Retail Sales Records Exposed on AWS MongoDB
- Blisk Browser left open, 2.9 Million Records Exposed
- Boots halts Advantage Card Payments after Credentials Stuffing Cyber-Attack
- Huawei: Government wins vote after Backbench Rebellion
- Unpatched Windows Zero-Day Flaws exploited according to Microsoft
- Drupal, Google and Cisco Post Security Advisories
- Adobe Patches 41 Vulnerabilities, 22 in Photoshop
- Adobe Patches Critical Flaw in Creative Cloud
- Cisco Fixes Three High-Level bugs, but a Fourth Remains Unpatched
- Apple Releases more than 30 Security Patches
- Zero-day vulnerabilities used against DrayTek Routers and Switches
- VMware Fixed Critical Code Execution Bug in Hypervisors
- MicrosoftIssues Out-of-Band Fix for Leaked ‘EternalDarkness’ Bug
- Hijacked Routers and attempted WHO hacks highlight latest COVID-19 attacks
- Thousands of New Coronavirus-Themed Domains Registered, more than 50% likely to be Malicious
- APT41 Activity Down during China COVID-19 Quarantines; Massive Campaign Undeterred
- Coronavirus Tracking App Locks up Android Phones for Ransom
- Russian Cybercrime Forums have seen selling Malware-Sabotaged COVID-19 map
- TrickBot Banking Trojan introduces RDP Brute Forcing Module
- Necurs Botnet Operation Dismantled; Millions of Malicious Domains Disabled
- Foreign APT groups use Coronavirus Phishing Lures to drop RAT Malware