July 12, 2020

2681 words 13 mins read

A whistlestop tour of some of the years biggest cyber security stories

A whistlestop tour of some of the years biggest cyber security stories

Bears, scares and ransomware

       Well, what a year it's been. 2020 kicked off as it meant to go on, with news emerging from China of a new virus which lead to a swiftly imposed lockdown in the city of Wuhan. Looks grim, we thought, but it will probably peter out like previous viruses before it. How wrong we were.

To coincide with our Deskflix Cyber Security event, here’s a look back at t

he last 10 months as covered under Computing’s Security tag. January Travelex’s 2020 got off to a bad start, with a ransomware attack on New Years eve. Not that they admitted that, instead choosing the well-trodden deny, distract and cover up route, and failing to notify the ICO in the process. It then turned out that the company had ignored a warning about insecure Pulse VPN software in September and was in trouble with creditors, after which its fate was seemingly sealed. What followed was a distinctly Hogarthian tale of dissolution and downfall.

After initial denials, it eventually emerged that Travelex had been struck by Sodinokibi ransomware, a name we got very used to seeing in 2020. Other strains including Maze, Ryuk, REvil and Phobos became almost as familiar as SARS-Cov-2. During 2020 we were reacquainted with a variety of bears, including Cozy, Fancy, Energetic and Venomous, and TrickBot a banking malware Trojan and botnet kept turning up like a bad penny. February February introduced another major theme of 2020 - the war on Chinese tech, in particular Huawei. A presence at the heart of the UK’s communications infrastructure for two decades, the Johnson government originally said it was welcome to remain in all but the most sensitive locations, but pressure from the US and backbench MPs led to the first of many U-turns. Chinese app TikTok was also to come under attack from the US. An opening salvo was fired by Reddit CEO Steve Huffman who called the video-sharing app. ‘fundamentally parasitic’ and little more than ‘spyware’. Then there was the police’s use of facial recognition software, which saw seven people wrongfully detained after it screwed up, prompting questions about its accuracy and capabilities, and indeed whether the police should be using it at all. Sports retailer Decathlon spilled 123 million records, including unencrypted employee passwords, and this month’s ransomware victim was Redcar and Cleveland Borough council whose website and payment systems were out of action for three weeks. March March, of course, marked the start of Lockdown I, the furlough scheme and a global race to find a vaccine. And as the world stayed at home, the great scamming game began with numerous attempts to defraud the authorities, trick people into parting with their cash, and with disinformation brokers spreading false stories about Covid-19, including it being linked to 5G. Hackers also tried to breach research institutes and the WHO. In March, we ran our first story of the year about an attack on critical infrastructure, this one concerning the European power grid. More were to follow.

Spring had sprung and the bears were out of hibernation. Venomous Bear, or Turla, targeted websites belonging to Armenia, the same Armenia which is now at war with neighbouring Azerbaijan, incidentally. We also learned that in spite of Microsoft releasing patches to cover some serous vulnerabilities in Exchange Server, eighty-five per cent of instances were still unpatched several weeks later. Oh and those TrickBot guys were back, this time with a new campaign against telecoms firms. Something tells me that won’t be the last we hear of them. Meanwhile, the pox scars on Travelex’s face were becoming harder to cover up with ointment and powder.

April So what happened in April? Zoom happened that’s what. A locked down world desperate to communicate turned to a charismatic hero who’d just ridden into town. But was Zoom to be trusted? Well, no. Zoom’s promises of end-to-end encryption turned out to be so much barroom braggadocio (end-to-end encryption for all would not arrive til October), calls were Zoombombed with porn and racist trolling, and this new friend turned out to be possibly leaking your secrets to Zuckerberg. Meanwhile, crafty bandits were making big money selling Zoom zero-day exploits on the black market.

Encouraged by the stories that Exchange admins couldn’t be bothered to patch their servers, hackers started going after them too, big time. And while China announced some promising vaccine candidates, state-sponsored hackers linked to Vietnam were accused of trying to steal them. Ransomware victim of the month? Cognizant, whose Maze susceptibility would cost it up to $70 million that quarter. May First to fall to ransomware in the not so merry merry month of May was Pitney Bowes, who must have been particularly irritated since the exact same thing happened seven months earlier. Honda also said its networks had been affected by what was thought to be Snake ransomware. Hackers were found to be modifying Ragnarok ransomware specifically to go after an SQL injection zero-day in Sophos firewalls. There were more warnings from intelligence services of attacks on Covid research, and some unusual Madonna memorabilia turned up on the Dark Net. Airlines were not having the best of years and in May, Easyjet confessed to an attack in January that affected the data of up to 9 million customers. June In June, we learned more about TikTok’s kleptocratic capabilities, including mining the iPhone’s clipboard, and Magecart the prolific ecommerce cyber criminals whose victims include BA was discovered to have found new ways to secrete their credit card skimming malware, concealing a script in favicon images' EXIF data. Cybervictim of the month? Ironically it was American spy agency the CIA who found itself on the receiving end of what it often dishes out.

The extent of the Covid-related scamming was revealed in a Citizens Advice report which found that one in three Britons had been targeted by scammers since the start of coronavirus crisis. Reacting to the death of George Floyd in Minnesota, IBM announced that it would no longer be selling facial recognition software, but Amazon’s and Microsoft’s announcements of a pause in sales to the police left much more in the way of wriggle room. July Not exactly security, perhaps, but certainly a story to watch was privacy activist and lawyer Max Schrems' July victory against the US - EU Privacy Shield data transfer mechanism, the one which replaced Safe Harbour, the previous arrangement that the indefatigable Mr Schrems also managed to bring down. Schrems II' is currently being debated in Europe and its final outcome could will have far-reaching implications for data protection. After months of inactivity, Emotet banking malware suddenly sprang back to life and started installing the TrickBot Trojan on infected Windows computers via a fresh spam campaign targeting people in the UK and USA. And in the ongoing Huawei tale, the UK government bowed again to US pressure, or saw the light, depending on your point of view, anouncing a speeding up of the vendor’s removal, much to the annoyance of telecom operators who fear that ripping out Huawei will be hugely expensive and will delay the high speed internet rollout.

In an operation codenamed Venetic, police forces from several countries managed to infiltrate criminal gangs by breaking the encryption used by EncroChat, a supposedly secure messaging tool. 750 arrests were made in the UK with many more collars felt in France and the Netherlands. A cyberattack caused an explosion on an Iranian nuclear facility in July, with the finger pointed at Israel. Cisco Systems released security patches to fix 31 vulnerabilities affecting many of its routers and firewall devices. First ransomware hit of the month was Garmin which reportedly paid a good proportion of the $10 million sum demanded for the attackers to unlock its systems. Another was cloud company Blackbaud, whose services are used by numerous UK universities and the National Trust. Blackbaud paid a ransom after being promised stolen data would be destroyed, but said it was all encrypted anyway so there was little danger of compromise. And Twitter was hacked by a bunch of teenagers who then tweeted from the accounts of Elon Musk, Barack Obama, Joe Biden and Bill Gates. August In August it was revealed that globally, cybercriminals make an estimated 19 billion a year from ransomware, which prompted calls to make paying ransoms illegal. UK companies paid 200 million in ransoms in 2019. Hotel chain Marriott faced a class-action-style lawsuit over a massive 2018 data breach that exposed personally identifiable details of more than 300 million customers. Trading on the New Zealand Stock Exchange NZX was disrupted after it experienced DDoS attacks over a few days originating abroad'. Meanwhile, a Tesla employee was offered a one-million dollar bribe to install malware on the car company’s systems, according to Elon Musk.

And in August the final chapter of Travelex’s sorry saga played out, as parent company Finablr collapsed with a billion dollars worth of debt. Around the same time, 900 passwords for Pulse VPN, whose vulnerabilities were partly resposible for Travelex’s demise, were found on a hacker forum.

September In September, a study by IBM revealed the ransomware problem had been getting significantly worse as the year 2020 had progressed, with cyber crime groups blending ransomware attacks with data theft and extortion. And just in time for students returning, what happened at two universities in Newcastle? You’ve guessed it, a ransomware attack. Watchmaker Swatch was another victim. Meanwhile a leaked Chinese database revealed the country was profiling all sorts of people including the Australian PM, with threat actors from that country also targeting known vulnerabilities in Pulse VPN - the one used by Travelex - as well as F5, Citrix and Microsoft Exchange. Quick plug: In September we boosted our security portfolio, adding AI Enhanced Security to our existing IAM and CASB market intelligence reports in Computing Delta. October Which brings us to October, and what did the season of mist and mellow fruitfulness have in store for us? More bears and more ransomware of course. Energetic Bear was found rummaging through local and state networks in the US like so many bins. Tiring of the pesky bears, the US blacklisted the Triton malware gang, and the EU weighed in with sanctions of its own against GRU bigwigs. Meanwhile, Microsoft had had enough of TrickBot announcing a major offensive to take down its backend infrastructure. BA must be mightily relieved that an expected ICO fine of 138 million for the 2018 Magecart breach was reduced to just 20 million because of the pandemic. Marriott also saw its anticipated fine significantly downsized by the regulator.

This month’s ransomware victims included Carnival Cruises, Hackney Council, and another IT services company, Sopra Steria, which succumbed to a Ryuk attack. Blackbaud the cloud company attacked in July, revealed that - surprise, surprise - not all the stolen data was encrypted, reversing a previous assurance. Could Blackbaud be the next Travelex? We wouldn’t be at all surprised. US agencies CISA and the FBI warned that hospitals were under ‘imminent threat’ of ransomware attack. Many criminal actors had eased off such attacks during the pandemic, but a group called Wizard Spider apparently has no such scruples. And an old favourite, the war on maths' was rekindled once again as governments demanded back doors to encryption that somehow only the good guys would be able to use. Back to the ’90s we go.

Author: john.leonard@incisivemedia.com(John Leonard)

Date: 2020-11-05

URL: https://www.computing.co.uk/analysis/4022650/whistlestop-tour-biggest-cyber-security-stories


How to lead your organisation into a successful future (2020-11-19) Computing Delta is design by CIOs for CIOs and brings you a wealth of independent end user-focused research on areas including Cloud HR Platforms APIs CRM Digital Transformation Business Intelligence RPA and much more Modern CIOs are bombarded by a huge volume of invites requests and information At the same time they are expected to keep on top of an industry which is moving more quickly than ever..
The risks and rewards of evergreen IT (2020-11-17) Evergreen IT will become the default model for new technologies predicts RSA CIO David Germain but securing evergreen systems requires an holistic approach Evergreen IT is a strategy that deliberately seeks to avoid systemic shocks caused the need for sudden budgetary outlays systems becoming unviable partnerships failing or any other significant unforeseen change Instead of five yearly overhauls ..
Discovery! - UK quantum computing technology moves towards commercialisation (2020-11-23) Dr Andrew Fearnside senior associate attorney specialising in quantum technology at patent law firm Mewburn Ellis LLP outlines the latest investments in quantum computing explains how it all works and why we should be excited As part of a wider 1 billion National Quantum Technologies Programme to commercialise UK quantum technologies the UK government has announced 38 new projects that will receiv..
Outbound email data breaches happen every 12 working hours - isn’t it time we stopped that? (2020-11-11) Advances in machine learning have changed email security - which is more important than ever this year When talking about risks related to email phishing is the first thing that springs to mind for most people However this means organisations can often overlook the very real risk that comes from outbound email In fact the ICOs recent quarterly report revealed that misdirected email was the most co..
Google researchers disclose high-severity vulnerability affecting GitHub (2020-11-03) The bug makes GitHub Actions workflow commands vulnerable to injection attacks according to researchers Googles Project Zero researchers have disclosed a high-severity vulnerability in GitHub which they say could allow attackers to remotely execute code on affected systems The bug was discovered by Project Zeros Felix Wilhelm in July The research team then notified GitHub about the flaw in their p..
Scotland unveils strategy to digitise the nation’s planning system (2020-11-26) The government has announced plans to invest 35 million in a digital structure platform over next five years The Scottish government has published a new policy document describing how the countrys planning system can be digitised to get the public involved in the planning process The document pdf entitled Transforming Places Together: Scotlands Digital Strategy for Planning comes shortly after the..
Women in tech: becoming a role model (2020-12-02) As an under-represented group there are fewer role models for women to follow and a lack of clear routes to get them to where they might want to be in the world of science and technology says Anne-Marie Imafidon who co-founded the charity Stemettes in 2013 to help young women and non-binary people to open doors that might appear to be closed to them Since then Stemettes has supported 45000 individ.. Women in tech: becoming a role model
UK considers Huawei ban by September 2021 (2020-11-24) A draft bill proposes tough penalties on firms that breach the ban on Huawei gear The UK government is considering a ban on installing Huaweis 5G equipment as soon as next year to pacify politicians who are pressing for tougher restrictions on the Chinese telecom giant Citing people familiar with the matter Bloomberg reports that the ban could come as early as September 2021 Conservative Party MPs.. UK considers Huawei ban by September 2021
Global smartphone sales fell in Q3'20 (2020-11-30) Coronavirus recovery meant growth was up compared to the second quarter Smartphone makers sold 366 million units worldwide in Q3 2020 down 57 per cent compared to the third quarter of 2019 according to Gartner During the same period vendors sold 401 million units of mobile phones smartphones plus feature phones: a drop of 87 per cent year-over-year YoY Samsung was the top smartphone seller in Q3 w..
British AI chip start-up Graphcore close to adding another $200 million in funding (2020-11-09) New investment will bring Graphcores market valuation to more than $2 billion Bristol-based startup Graphcore which specialises in creating chips for artificial intelligence AI is close to raising around $200 million in a new funding round Citing people with knowledge of the matter Bloomberg reported last week that the firm is currently in talks with investors to help raise new funds that will bri.. British AI chip start-up Graphcore close to adding another $200 million in funding