Cyber Security and Data Breach Threat Round Up: 29 November 2019
Welcome to the second in our series of fortnightly blogs which comprises of information gleaned from the National Cyber Security Centre (NCSC).
These blogs bring together the latest cyber security threat reports. Please feel free to share this information with your own customer base.
In this threat round up…..
Cyber- attacks impact the Labour Party ahead of a UK General Election
On Tuesday 12 November the Labour Party reported that its website has suffered a distributed denial of service (DDoS) attack. Luckily the attack was not successful as the party took the necessary steps to mitigate the incident.
While it is not always possible to stop the risk of a DDoS attack, the NCSC has issued a summary of five practical steps to take to prepare for an attack.
Webex Meeting Invitations Targeted by Phishing Scam
A phishing scam has recently been discovered posing as a WebEx meeting invitation. Victims of the scam received an authentic looking invitation which, when clicked, directed users to a website that downloaded malicious software to their computer. This software, known as the WarZone remote access Trojan, is then able to take over webcams, delete files, download software and log keystrokes.
This scam was able to take hold due to taking advantage of a security flaw on the WebEx website known as an open redirect. This causes failure to properly authenticate URLs. Attackers were able to introduce their own URLs as a result and direct users to a malicious website.
A multi-layered approach is required to help mitigate against phishing attacks, and the NCSC has produced guidance to help organisations improve their resilience and defend against phishing attacks.
Disney+ Accounts Hijacked Within Days of Launch
Thousands of subscribers to the recently launched Disney+ online streaming platform have had their accounts hijacked. Subscribers reported that hackers accessed their accounts and changed the email address and password details, locking them out with their accounts being put up for sale on the dark web.
Cyber security researchers suggest that some accounts were hijacked because people use the same passwords for different sites, some of which may have been previously compromised.
Using the same password for multiple accounts makes the accounts more vulnerable to compromise.
Flaw Revealed in Android Camera App
Google has acknowledged a now-patched security flaw (CVE-2019-2234) in Android phones that enabled third-party apps to bypass the camera permissions by using storage permissions.
Security researchers were able to design and implement an app which exploited the flaw. The researchers proved that basic storage permissions could be used by attackers to access to the users’ camera, and video, remotely record calls, and use the data location information within photos to locate the phone. This could be done even when the phone was locked with the screen turned off.
Keeping your apps and operating systems up to date is an effective way of maintaining security on your devices. The easiest way to do this is to turn on automatic updates, if you can.
To find out more about these threats please visit https://www.ncsc.gov.uk/section/keep-up-to-date/threat-reports.
Ready to join the revolution?
If you are in the cyber or cloud space and want to generate more demand for your existing products and services, Boost Technology Group can help. Our award-winning team can help your cyber and cloud organisation improve your chances of winning business through the provision of specialist demand generation marketing, sales education and sales enablement services.
To find out more contact us and book a FREE discovery call.
Call: 0203 740 4074