Cyber Security Newsletter Week 3

Microsoft passwordless plans lets users used app-based login

Microsoft has announced users can now delete all passwords from their accounts and instead login using an authenticator app or other solution. The technology giant made passwordless accounts available for business users of its products in March and that system is now being made available to all Microsoft or Windows users. It said "nearly 100% of our employees" were already using the new, more secure system for their corporate accounts. If passwordless login is enabled, users re-logging in to a Microsoft account will be asked to give their fingerprint, or other secure unlock, on their mobile phone. And if access to the authenticator app is lost - for
example, if the phone it is installed on is lost or stolen or a user forgets when upgrading - backup options can be used, such as; Facial recognition, a physical security key and SMS/email codes. Windows users will still be able to use quick-login features such as a Pin code, though. Some rare exceptions will still need passwords, such as Office 2010, Xbox 360 consoles, and Windows 8. or earlier machines.

Solutions :
• Regular Patching
• End-point protection
• Vulnerability scanning 

Cyber Attacks increasingly target Australia’s Infrastructure

Australian Cyber Security Centre report reveals ransomware incidents up 15% as cybercrime losses hit $33bn. A quarter of cyber incidents reported to Australian security officials over the past year have targeted critical infrastructure and essential services, including health care, food distribution and energy. The report says businesses, individuals and other entities had incurred more than $33bn in total losses from cybercrime throughout the year. Cybercriminals sought to exploit the pandemic by encouraging recipients to enter personal credentials to access Covid-related information or services, while unnamed foreign governments targeted the health sector seeking access to intellectual property or sensitive information about Australia’s response to Covid. A breakdown of the severity of cyber incidents in 2020-21 shows there were 14 cases in which federal government entities or nationally significant infrastructure suffered the removal or damage of sensitive data or intellectual property. The ACSC – which is part of the Australian Signals Directorate – received more than 67,500 reports of cybercrime of all types in 2020-21, or one every eight minutes In ransomware attacks, criminals typically lock up the data of a target organisation and then demand payment to decrypt and unlock systems, sometimes threatening to leak stolen data if the request is rebuffed.

Solutions:
• Ransomware Protection
• Vulnerability Scanning
• Update passwords/ Authenticators etc..

Apple rushes to block ‘zero click’ IPhone spyware

Apple has issued a software patch to block so-called "zero-click" spyware that could infect iPhones and iPads. Researchers identified the flaw, which lets hackers access devices through the iMessage service even if users do not click on a link or file. The problem affects all of the technology giant's operating systems. Apple said it issued the security update in response to a "maliciously crafted" PDF file. Had previously found evidence of zero-click spyware. The researchers said that the previously unknown vulnerability affected all major Apple devices, including iPhones, Macs and Apple Watches. Security experts have said that although the discovery is significant, most users of Apple devices should not be overly concerned as such attacks are usually highly targeted.

Solutions:
• Regular Patching
• User Awareness training and consultancy
• Vulnerability Scanning

Details of French visa applicants exposed

The details of more than 8,000 people who applied for French visas have been compromised following a cyber-attack. The attack struck a section of the France-Visas website which attracts around 1.5 million applications per month. The French Ministry of Foreign Affairs and Ministry of Interior announced in a statement that the attack had “been quickly neutralized” but personal details such as names, dates of birth, nationalities and passport numbers had been leaked. No ‘sensitive’ data had been compromised in line with GDPR’s definitions.

Solutions:
• Phishing
• Data protection
• Patching and regular updates

Attackers impersonate DoT in 2 day Phishing scam

Threat actors dangled the lure of receiving funds from the $1 trillion infrastructure bill and created new domains mimicking the real federal site. The campaign – which targeted companies in industries such as engineering, energy and architecture that likely would work with the USDOT – sends potential victims an initial email in which they’re told that the USDOT is inviting them to submit a bid for a department project by clicking a big blue button with
the words “Click Here to Bid.” The date of its creation – revealed by WHOIS – seems to signal that the site was set up specifically for the phishing campaign. If people take the bait and click, they are led to a site “with reassuring-sounding subdomains like ‘transportation,’ ‘gov,’ and ‘secure,'. they were directed to an identical copy of the real USDOT website that the attackers created by copying HTML and CSS from the government’s site onto their phishing site. Though attackers didn’t use any particular new phishing tricks in their campaign, it was the combination of tactics in a new pattern that allowed them to get the emails through secure email gateways.