It’s something of a quieter week for cyber threats in this week’s Threat Thursday, following last week’s tide of technical terrors.
Still, there’s a major threat to the Internet of Things and a whole new phishing campaign leveraging the BLM movement. Let’s dive in.
The Internet of Things is a Disaster of Exploitable Vulnerabilities. Who Knew?
The race to shoehorn the internet into everything from fridges to toasters continues to infuriate security experts; doubly so following this week’s revelation that billions of internet-enabled smart devices are vulnerable to hacking attempts.
JSOF, an Israeli Cyber Security firm, have detailed a collection of 19 exploits found in multiple Internet of Things devices, including those from such industry heavyweights as hp and Intel. In a mildly infuriating move, they’ve named this collection of exploits ‘Ripple20’, naming it after the year of its discovery and not the number of exploits. I’m unreasonably bothered by this decision.
The exploits derive from a little slice of insecure code, developed by Ohio-based software enterprise Treck. This code can be found in a wide range of IoT devices, billions of which are now already in ‘the wild’, as we say in the biz. Worse yet, any hackers looking to exploit the software can enact some pretty nasty stuff, including complete control of the affected device or running malicious code as they see fit.
JSOF’s report is utterly excellent, featuring all the technical information yet keeping everything as user-friendly as possible. There’s even a video of the exploit in action. You can view it all here.
Personally, I’ve long held the belief that the Internet of Things is a marathon, not a race. There’s a long way to go yet before our homes and businesses can be connected to everything safely and securely. Besides, I’ve thus far lived a healthy life without an internet-connected fridge.
The Black Lives Matter Movement is the Latest Phenomenon to be Exploited By Cyber Criminals
The Black Lives Matter movement continues to make headlines and movement worldwide – so it’s only natural that hackers would want to exploit its popularity.
The current threat campaign uses tactics no different to the Covid-19 phishing emails that have polluted the last three months. Posing as government actors, the emails claim to link to surveys and votes on the BLM movement. The attached document, typically a Microsoft Word file, uses the age-old technique of forcing the victim to enable macros, whereby malicious code unleashes our old friend Trickbot to unleash their credential-stealing payload.
The scheme, unveiled by abuse.ch in a short and simple Tweet, hasn’t been elaborated on much further, save for an update on the Trickbot payload made after the initial discovery. It does helpfully list the malicious URLs and domains, however. Meanwhile, Sophos’ Naked Security website goes into greater detail about the malicious files, including their common filenames and subject lines.
So long as this worldwide movement remains in the headlines, you can be sure that there’ll be plenty more of these opportunistic schemes in coming editions of Threat Thursday.
Just What Your LinkedIn Inbox Needs – More Unappealing Job ‘Opportunities’
As any LinkedIn account owner will tell you, there’s few things more invasive than having your inbox bombarded with promises of ‘exciting opportunities!’ from people you’ve never spoken to.
Well, that scourge of unwanted job offers from suspicious-sounding people is about to become a whole lot worse with a new phishing scheme targeting European aerospace firms. The fake opportunities are sent specifically to the employees of known firms, linking them to malicious documents laced with data-snatching malware in the promise of a sparkling new job opportunity.
The malware used had never been documented before and, coupled with the specific targeting of the aerospace industry, suggests espionage as the motive.
A whopping new white paper from ESET (giving the campaign the glorious title of OPERATION: IN(TER)CEPTION) explains it all. Like JSOF’s report, this one’s an absolute belter. Big, user-friendly but still not lacking in the technical breakdowns, it makes for some interesting reading whatever your knowledge of software.
UK Launches Scam Internet Advertisement Detector
We like to share some good news on Threat Thursday now and then, so it’s a pleasure to see the Internet Advertising Bureau and the Advertising Standards Agency teaming up to bring us a scam advertising alert tool.
The tool, which will gain nul-points for imaginative naming, is called the UK Scam Ad Alert Tool, and what it lacks in punchy nickname it makes up for in user-friendliness and functionality. According to the IABUK webpage:
“Consumers can now report scam ads appearing in paid-for space online to the ASA. It will promptly send an alert to all participating platforms with key details of the scam ad, as well as to publishers where the ad appeared on a publisher owned site. If they locate them, partners will remove the offending ad and suspend the advertiser's account”.
It’s less prevention, more cure, but it’s still a great start to getting those pesky ads off the internet. As we reported only last year, cyber criminal Zain Qaiser made a killing lining internet ads with ransomware, in a scheme that UK investigators went as far as to deem ‘incomparable’ - so don’t discount how many victims a scheme like this could prevent.
Adobe Pulls a Columbo, Provides ‘Just One More Thing’
Having only just appeared in the mighty Patch Tuesday rundown last week, Adobe have come back with a few more late additions and fixes for their software.
These fixes are for Adobe After Effects, Premiere Pro, Audition, Rush and Illustrator, and patch 18 critical vulnerabilities. We’ve listed all the latest version numbers below, so you can make sure you’ve downloaded the newest edition and can crack on with that new movie or masterpiece you’ve been working on in cyber safety.
After Effects: 17.1.1
Premiere Pro: 14.3
And that’s all for this edition - a mercifully slower week after last Thursday’s onslaught of updates and maelstrom of malware.
If you’d rather we bring all the latest cyber security updates to you in future, why not sign up for our weekly updates?
We’ll drop every new edition of Threat Thursday off in your inbox as soon as they become available – simply leave your email in the box on the right ➡️ of this page, and we’ll add you to the mailing list.