December 2019 / Threat Summary
Your Monthly Roundup
By Daniel Morris
Learning from 6 Focus Threats in December 2019
The threat update from Accelerate provides a consolidated monthly summary of recent business threats that you need to be vigilant for. We are continuously monitoring the emerging threats, vulnerabilities and breaches from key industry security organisations, such as NCSE and Fortilabs. In this month’s threat summary:
- Impact of cyber breach on small businesses
- Microsoft Outlook for Android Bug leaves businesses vulnerable
- WebEx meeting invitations targeted by phishing scam
- T-Mobile breach affects more than a million customers
- Customers with Microsoft RDP Environments left exposed
- Beware the Bogus Windows Update
1. Impact of cyber breach on small business
A report issued by the National Cyber Security Alliance (NCSA) in the US has highlighted the risk to small businesses across the US and UK. A survey of 1,000 SMEs reports that following a Cyber Attack, 10% went out of business, 25% suffered bankruptcy and a further 37% experienced financial losses. Almost half of those surveyed believe they are a likely target for cyber criminals.
2. Microsoft Outlook for Android Bug leaves businesses vulnerable
A Successful exploitation has been identified with Outlook for Android that allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing attacks. Microsoft state that the adversary would need to be authenticated to the same network as the potential victim in order to carry out an attack, but users should ensure that they have the latest version of the app, and update it manually if they haven’t received an auto-update.
3. WebEx meeting invitations targeted by phishing scam
A phishing scam posing as a WebEx meeting invitation has been discovered. This scam took advantage of a security flaws on the Cisco Webex website with victims receiving an authentic-looking invite which aimed to infect computers with malicious software, allowing it to take over webcams, delete files, log keystrokes and download software.
4. T-Mobile breach affects more than a million customers
Over a million T-Mobile customers have been affected following a data breach. The telecoms company confirmed last weekend that the malicious actor had obtained personal data, although financial data and passwords were not stolen.
5. Customers with Microsoft RDP Environments left exposed
A security vulnerability called BlueKeep has been discovered in Microsoft’s Remote Desktop Protocol implementation, which could allow for remote code execution. Hackers appear to search for Windows systems with RDP ports left exposed on the internet, allowing them to deploy the BlueKeep exploit, and then later deploying a cryptocurrency miner. It is recommended that customers immediately apply the latest patches from Microsoft on any affected machines, and where possible disable RDP access to the public internet immediately.
6. Beware the Bogus Windows Update
A malicious spam campaign claiming to be a critical Microsoft Windows update has been identified, arriving with a .jpg file extension, the file is a malicious executable that installs ransomware on the computer. There are some indicators that this email is malicious. It purports to be a Microsoft Update but comes with a spoofed attachment with a one-line text to ‘Please install the latest critical from Microsoft attached to this email’. Those more familiar with Microsoft communications on security updates will easily spot this as fraud, due to the lack of details. The malicious actors know that there are users who believe the deceptive email is a valid update.
Have a question? Ask our technical specialists
