Cyber Security and Data Breach Threat Round Up: 17 April 2019
Welcome to the seventh in our series of fortnightly blogs which comprises of information gleaned from the National Cyber Security Centre (NCSC).
These blogs bring together the latest cyber security threat reports. Please feel free to share this information with your own customer base.
In this threat round up blog…..
Microsoft Exchange admins urged to immediately patch critical flaw
Cyber security firm Rapid7 has revealed that over 350,000 Microsoft Exchange servers exposed on the internet haven’t been patched against the CVE-2020-0688 post-auth remote code execution vulnerability. This comes despite Microsoft issuing a patch for the vulnerability on February 22nd.
The remote code extension bug can be exploited by hackers to take over Microsoft Exchange servers using the stolen credentials of any associated user. When patching the flaw earlier this year, Microsoft tagged it with an "Exploitation More Likely" exploitability index assessment – suggesting that taking advantage of the flaw would be particularly attractive to hackers.
With 350,000 Exchange servers accounting for over 80% of those exposed on the internet, admins are being urged to ensure that their servers are patched. This should entail verifying the update’s deployment on any server with the Exchange Control Panel (ECP) enabled and checking for any signs of compromise.
Bumper “Patch Tuesday” releases from Microsoft
Amongst the 113 security updates in the April release from Microsoft were patches for 3 zero-day vulnerabilities. This follows a similarly large release of 115 fixes in March.
Using the latest versions of software, applications and operating systems on your devices immediately improves your security. Users should check that their device is set to update automatically.
The current COVID-19 pandemic has also seen Microsoft extend the end of life support for some Windows 10 1809 and Windows 10 1709 products. More information can be found on the Microsoft website.
US issues North Korean cyber threat warning
Officials in the United States have issued new guidance on the cyber threat posed by North Korea.
The report - jointly published by the US Departments of State, the Treasury, Homeland Security, and the FBI - highlights the threat posed by North Korea and gives advice on how to stay safe online.
Americans and their allies have particularly been warned to look out for crypto jacking, extortion campaigns, cyber-enabled financial theft, and money-laundering scams.
It is thought that North Korea is using the funding from cyber-crime to strengthen their military capability, as well as to disrupt the stability of the international financial system.
This report follows on the heels of a joint report between UK and US security officials warning of the rise in COVID-19 related cyber-crime, which was published last week.
Hackers claim to hold European energy giant EDP to ransom
Researchers are reporting that cyber attackers have stolen sensitive files belonging to Energias de Portugal (EDP) using the Ragnar Locker ransomware.
In a new web post, hackers claim that they have downloaded more than 10TB of private information. They threaten to release this information if EDP doesn’t pay a ransom of €10 million.
Screenshots of the data stolen, that are included in the post, indicate that the attackers already have access to a large amount of data. In a ransom note, the attackers claim to have access to confidential information on billing, contracts, transactions and more.
In a statement published by Current+, EDP confirmed that it was hit by a cyber-attack on April 16th and continues to develop its response.
Ragnar Locker is a ransomware that can attack Windows-based systems. Attackers first began using the ransomware in a series of attacks against compromised networks in December of last year.
Ready to join the revolution?
If you are in the cyber or cloud space and want to generate more demand for your existing products and services, Boost Technology Group can help. Our award-winning team can help your cyber and cloud organisation improve your chances of winning business through the provision of specialist demand generation marketing, sales education and sales enablement services.
To find out more contact us and book a FREE discovery call.
Call: 0203 740 4074