February 2020 Cyber Security Threats to be Vigilant For

Learning from 6 Focus Threats in February 2020

The threat update from Accelerate provides a consolidated monthly summary of recent business threats that you need to be vigilant for. We are continuously monitoring the emerging threats, vulnerabilities and breaches from key industry security organisations, such as NCSE and Fortilabs. In this month’s threat summary:

Cisco Software Licencing Manager exposed to remote attack
Malware Targets Supply Chain Software & Industrial Control Systems (ICS)
Malicious Emails take advantage of Coronavirus concerns
Dell’s preinstalled business SupportAssist software open to insider threat
Amazon acknowledges threat to IoT Ring Doorbell users by enforcing Two-Factor Authentication
WordPress “GDPR Cookie Consent Plugin” has critical vulnerability, affecting thousands of sites.

1. Cisco Software Licencing Manager exposed to remote attack

A critical flaw in Cisco’s On-Prem Smart Software Licencing Manager has been discovered, allowing remote attackers to access a sensitive part of the system with a high-privileged account. The vulnerability allows the use of a default static password even if the platform is not directly connected to the internet.

The vulnerability only affects systems if the HA feature is enabled, with Cisco issuing a patch this week.

2. Malware Targets Supply Chain Software & Industrial Control Systems (ICS)

The Kwampirs malware is a backdoor trojan used to gain remote access to compromised computers. The trojan collects basic information about the compromised system to determine a high-value target, copying the trojan across open network shares to infect additional systems.

Software supply chain companies are believed to be targeted in order to gain access to the victim’s strategic partners and/or customers, including entities supporting Industrial Control Systems (ICS) for global energy generation, transmission, and distribution. This same malware has also been deployed to attack companies in the healthcare and financial sectors.

3. Malicious Emails take advantage of Coronavirus concerns.

A malicious email campaign targets business users by actively distributing malware through infected word documents, masquerading as an official message from public health centres claiming to provide details on preventative measures against Coronavirus.

Infected computers then go on to deliver malicious spam messages to other targets and to drop other strains of malware onto the infected device.

4. Dell’s preinstalled business SupportAssist software open to insider threat

A high-severity flaw in the Dell SupportAssist software, which comes preinstalled on most new Dell devices running Windows, could be putting your business at risk by allowing an attacker to execute software with administrator privileges.

Dell has confirmed, “A locally authenticated low privileged user could exploit this vulnerability, resulting in the privileged execution software on the device.

5. Amazon acknowledges threat to IoT Ring Doorbell users by enforcing Two-Factor Authentication.

Following reports of Amazon Ring sharing personally identifiable information with third-party analytics firms without disclosing to its customers, it said it would pause its data-sharing and increase its privacy protection by implementing two factor authentication.

Whilst previously offered as an option to customers, the second layer of authentication will now be mandatory for all users.

6. WordPress “GDPR Cookie Consent Plugin” has critical vulnerability, affecting thousands of sites.

A popular GDPR compliance plugin on WordPress, GDPR Cookie Consent, has a critical vulnerability which could enable threat actors to modify content or inject malicious JavaScript code. The plugin is installed and active across 700k WordPress sites, as such it is a prime target for attackers.