Halloween may have come and gone, but from the ashes of Bonfire Night comes a whole new batch of threats.
This week, there’s a surge of exploits affecting outdated browsers, and Windows Remote Desktop has suffered its first large-scale attack. Yet there’s also some good news from our chums at the National Cyber Security Centre.
BlueKeep Is the Grift That Keeps on Griving
BlueKeep, the Remote Code Execution vulnerability that has haunted Windows Remote Desktop Protocol for the past 6 months, has suffered its first large-scale attack.
Cybersecurity expert Kevin Beaumont, who is credited as the man behind the BlueKeep name, began unravelling the threat and shared its process over on his Twitter feed. By setting up a few RDP ‘honeypots’, he saw multiple anomalies occurring in all regions except Australia, suggesting a large-scale attack in process.
Thankfully, this isn’t the WannaCry-scale breach that analysts predicted. In a comparatively tame campaign, the onslaught seems comprised mostly of cryptomining malware. In a blog post, Beaumont explained:
“….it is clear people now understand how to execute attacks on random targets, and they are starting to do it. This activity doesn’t cause me to worry, but it does cause my spider sense to say ‘this will get worse, later’.”
Thankfully, the vulnerability has been patched by Microsoft, but this is an excellent demonstration of how soon an attack can begin – and how large an impact it can have. If you’re using Windows’ RDP, it’s never been more important to check it’s patched and up to date.
Can’t Let Go of Flash or Internet Explorer? Neither Can Capesand EK
Adobe Flash, the all-powerful, once-ubiquitous software behind early-2000s websites and multimedia, is set to have all support discontinued in 2020. Similarly, Microsoft’s Internet Explorer has been superseded by the Edge browser, and support for that will drop as soon as January next year. So we can safely accuse Capesand EK, an exploit kit delivered through malicious advertisements, of going for low-hanging fruit as it targets these two moribund examples of software.
Unlike its targets, Capesand is a spritely new exploit kit found only last month, and analysis suggests it is still in the early stages of development. Interestingly, it has replaced a known exploit kit known as Rig, which was once hiding on the same malicious advertisement; a fake link to a blog on blockchain technologies.
Capesand is still a new threat and very early in development – who knows how much more of a threat it could become? If you’re still using Internet Explorer, now’s the time to move to Microsoft Edge, Google Chrome or Mozilla Firefox, support for which is unlikely to end any time soon. Be mindful of any ads you click on as well – are they renowned, legitimate, or accessible via safer channels?
Finally, a toast to Adobe Flash. Without it, my teenage years would have been bereft of websites such as AlbinoBlackSheep, Newgrounds and WeeblsStuff. The creations uploaded to each of them heralded a golden age of internet animation and made me the man I am today. Godspeed, Flash.
Google Chrome Channels Harry Potter, Banishes Malicious Wizards
It’s time once again to update your Chrome browsers; the CVE-2019-13720 vulnerability has been patched, plugging a hole through which malicious code could creep in. The patch protects against a malicious campaign known as WizardOpium, which injected exploits into the Chrome browser allowing for unauthorised access to a Chrome user’s computer.
WizardOpium is thought to have originated from a Korean-language news website, so it’s unlikely that many of us UK users have been affected. Yet word travels fast in the cybercrime community, and with news of the exploit hitting the mainstream, attacks utilising this same vulnerability are very likely to follow. Check your Chrome version – if you’re running version number 78.0.3904.87 or above, you should be safe from the threat.
And Now, Some Good(ish) News From the NCSC
The NCSC revealed last month that it had successfully thwarted 658 incidents, including nation state attacks.
Presenting the National Cyber Security Centre’s third annual review, CEO Ciaran Martin commented on the centre’s achievements this year, noting that the number of threat indicators they share has increased tenfold to more than 1,000 per month. You can read a host more achievements and statistics on the official report, which you can view here. It’s an intriguing read.
What this demonstrates, however, is that even as the UK’s security specialists are doing a great job, threats are in troubling abundance. As Ciaran himself attests – “…there is of course much work to do”.
Let Mirus do some of that work for you. Subscribe to our weekly Threat Thursday blog, and you’ll be kept up to date every week on the threats to you and your business.
We also offer FREE Cyber Security Health Checks for businesses, so if your security is up for review, get in touch for impartial advice that won’t cost a thing.