September 2023 Newsletter

Posted By: Mark Saturday 14th October 2023 Tags: , , , , , , , , , , , , ,

This month: Electoral Commission hack reveals Cyber Essentials certification failure; we visit the autumn TeesExpo; a warning about years-old bugs that are still targeted by cyber criminals; the Ministry of Defence falls victim to a data breach; the new iPhone gets a USB-C connector, plus we’re looking to hire some new technicians.

Newsletter Image: Hacked Electoral Commission Failed Cyber Essentials Test

Hacked Electoral Commission Failed Cyber Essentials Test

Back in August of this year, the UK Electoral Commission revealed it had been the victim of a ‘complex cyber-attack’. This security breach began as long ago as 2021, and the Commission admits the hack led to cyber criminals probably accessing the data of 40 million voters.

Cyber Attack Hack Undetected For A Year

They believe the cyber-attack first occurred in August 2021 and went undetected for a year. An Electoral Commission press release said:

The incident was identified in October 2022 after suspicious activity was detected on the regulator’s systems. It became clear that hostile actors had first accessed the systems in August 2021. The Commission has since worked with external security experts and the National Cyber Security Centre (NCSC) to investigate and secure its systems.

In line with requirements under the law, the Commission notified the Information Commissioner’s Office (ICO) within 72 hours of identifying that data on its systems may have been accessed, and has today published a formal notification. The ICO is currently investigating the incident.

However, it has also since been revealed that the Electoral Commission’s systems failed a Cyber Essentials test earlier in 2021 when trying to get certification. Cyber Essentials is a voluntary but government-backed scheme to prove security compliance with a baseline of cyber security best practices. The government requires any supplier bidding for contracts to hold an up-to-date Cyber Essentials certificate if it involves the handling of certain sensitive and personal information.

The commission said they failed the test on two issues of outdated Windows software on some laptops and staff phones. However, those problems were said to be unrelated to the attack, which compromised the company’s email servers.

A Commission spokesperson said:

“We are always working to improve our cybersecurity and systems. We draw on the expertise of the National Cyber Security Centre, as many public bodies do, to continue to develop and progress protections against cyber-threats. We regularly seek guidance and feedback on our systems to deal with the continued risk of cyber-threats as they evolve and take different forms. We welcome these learnings and act on them.”

Not A Good Look

However, The Guardian coverage quotes cyber security experts who believe the failure points to greater failings in the structure.

Alan Woodward, a professor of cybersecurity at Surrey University, said the admission pointed to lax IT security at the organisation. “Failing such basic measures is not a good look.”

Steven Murdoch, a professor of security engineering at University College London, said: “Failing to meet fundamental patching requirements is a pretty good indication that there are deeper problems with management of and investment in information security.”

Get Your Company Cyber Essentials Certified

LaneSystems offers Cyber Essentials and Cyber Essentials Plus Certifications that will give you a clear picture of cyber security levels within your organisation, making sure you have adequate protection against cyber criminals, and showing your customers that you’re serious about protecting their data. Cyber Essentials is voluntary but shows your company is security-aware.

If you’re a business with cyber security needs in Stockton, Middlesbrough, Newcastle, Sunderland, Durham and the surrounding areas in the North East of England, contact us today about keeping our data safe.

Newsletter Image: We're Hiring

We’re Hiring

LaneSystems currently has a couple of openings for a Field Technician and a Service Desk Technician.

Field Technician Vacancy

Are you a tech-savvy problem solver with a passion for providing exceptional on-site and remote IT support? Join our dynamic team as an IT Field Technician, where you will be a vital part of our successful support team. With a diverse client portfolio spanning industries such as engineering, construction, accountancy, and auto mechanical engineering, you will have the opportunity to deliver outstanding IT support directly at client locations and remotely. In addition to resolving IT faults and queries, you will also support 3rd line technicians in project work, contributing to the success of our team. This permanent, full-time position offers exciting growth opportunities, requiring strong technical expertise, excellent communication skills, and the ability to excel in a customer-oriented environment. Embrace the challenge, thrive in your role, and become part of our exceptional team!

Check out the full Field Technician details on our website.

Service Desk Technician

Join our expanding support team as a Service Desk Technician and embark on an exciting career journey! As the first point of contact for our diverse client portfolio in industries like engineering, construction, accountancy, and auto mechanical engineering, you’ll provide top-class IT support. This permanent, full-time role involves troubleshooting IT faults and queries over the phone and via remote support tools. You’ll also prepare and deliver PCs/Laptops and troubleshoot hardware issues. If needed, you’ll assist our 2nd and 3rd line support teams in their projects. We’re seeking confident professionals who can handle unfamiliar technologies and software while delivering exceptional customer service. As a Service Desk Technician, you’ll work with cutting-edge hardware and software, ensuring minimal downtime for our clients. With your friendly and professional approach, you’ll interact with end-users, providing outstanding support and maintaining our reputation for excellence.

Check out the full Service Desk Technician details on our website.

You can apply for either of these positions by submitting your CV and a covering letter to recruitment@lanesystems.co.uk.

Newsletter Image: LaneSystems At Autumn TeesExpo

LaneSystems At Autumn TeesExpo

On September 28th, LaneSystems attended the Autumn Teesside Expo held at Wynyard Hall.

Michel and the team were busy catching up with old friends, welcoming new clients, and, answering questions related to our IT services and the world of cyber security in general. We’ll be returning to the next TeesExpo, due in March 2024, and look forward to seeing you there.

And, if you missed the exhibition, and can’t wait until next year to sort out your IT support and Cyber Security needs, get in touch to have a chat. If you’re a business in the North East of England — Teesside, Tyne & Wear, County Durham, Northumberland, North Yorkshire, etc — and serious about managing & securing your precious data, we can help.

Newsletter Image: Years Old Microsoft bugs Still Target of Cyber Criminals

Years Old Microsoft bugs Still Target of Cyber Criminals

In the ongoing fight against cyber-attacks you’d be excused for thinking the latest, newest, bugs and vulnerabilities are your focus to stay cyber safe. However, it’s worth noting that your systems should be constantly under review and checked for older, potentially forgotten about, unpatched system vulnerabilities that are still being exploited by cyber criminals.

Microsoft, being the leader in wide-ranging business operating systems, and the accompanying hardware and software solutions, is always the top target for nefarious behaviour. That vast ecosystem offers a huge number of bugs and exploits for the cyber criminals to focus their efforts upon. If you’re not keeping up to date with known vulnerabilities and dealing with them appropriately then you’re open to the dangers of hackers stealing your data, infecting you with malware, encrypting it in ransomware attacks, and other nasty problems. Old bugs are still as important to mitigate as new, and many a company still falls victim to cyber-attacks exploiting years-old dangers.

Agent Tesla RAT Exploits 5-Year-Old Bug

For example, Help Net Security reports that a recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote code execution.

Fortinet researcher, Xiaopeng Zhang says:

“Despite fixes for CVE-2017-11882/CVE-2018-0802 being released by Microsoft in November, 2017 and January, 2018, this vulnerability remains popular amongst threat actors, suggesting there are still unpatched devices in the wild, even after over five years.”

A recent Qualsys report highlights the problem of old threats causing issues to current organisations with inadequate cyber security protocols. Of the twenty most targeted vulnerabilities, the most recent one is two years old.

Top Twenty Most Targeted Vulnerabilities

1. CVE-2017-11882: Microsoft Office Memory Corruption Vulnerability

Vulnerability Trending Over Years: 2018, 2020, 2021, 2022, 2023 (79 times)

It was exploited by 467 Malware, 53 Threat Actors, and 14 Ransomware and was trending in the wild as recently as August 31, 2023.

2. CVE-2017-0199: Microsoft Wordpad Remote Code Execution Vulnerability

Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (59 times)

It was exploited by 93 Malware, 53 Threat Actors, and 5 Ransomware and was trending in the wild as recently as September 4, 2023.

3. CVE-2012-0158: Vulnerability in Windows Common Controls Could Allow RCE

Vulnerability Trending Over Years: 2013, 2020, 2021, 2023 (33 times)

It was exploited by 63 Malware, 45 Threat Actors, 2 Ransomware and was trending in the wild as recently as August 31, 2023.

4. CVE-2017-8570: Microsoft Office Remote Code Execution Vulnerability

Vulnerability Trending Over Years: 2018, 2020, 2023 (25 times)

It was exploited by 52 Malware 11 Threat Actors and was trending in the wild as recently as September 2, 2023

5. CVE-2020-1472: Zerologon – An Unauthenticated Privilege Escalation to Full Domain Privileges

Vulnerability Trending Over Years: 2020, 2021, 2022, 2023 (56 times)

It was exploited by 18 Malware, 16 Threat Actors, 11 Ransomware and was trending in the wild as recently as September 4, 2023.

6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya

Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times)

It was exploited by 12 Malware, 10 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 1, 2023.

7. CVE-2012-1723: Java Applet Field Bytecode Verifier Cache Remote Code Execution

Vulnerability Trending Over Years: 2023 (6 times)

It was exploited by 91 Malware, 8 Threat Actors, 41 Ransomware and was trending in the wild as recently as August 17, 2023.

8. CVE-2021-34473, CVE-2021-34523, CVE-2021-31207: Microsoft Exchange Server RCE (ProxyShell)

Vulnerability Trending Over Years: 2021, 2022, 2023 (39 times)

It was exploited by 12 Malware, 20 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 2, 2023.

9. CVE-2019-11510: Pulse Secure Pulse Connect Secure SSL VPN Unauthenticated Path

Vulnerability Trending Over Years: 2019, 2020, 2023 (53 times)

It was exploited by 13 Malware, 18 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 4, 2023.

10. CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability

Vulnerability Trending Over Years: 2021, 2022, 2023 (77 times)

It was exploited by 10 Malware, 26 Threat Actors, and 5 Ransomware and was trending in the wild as recently as September 4, 2023.

11. CVE-2014-6271: Shellshock – Linux Bash Vulnerability

Vulnerability Trending Over Years: 2014, 2016, 2017, 2020, 2021, 2022, 2023 (70 times)

It was exploited by 18 Malware, 1 Threat Actors, and was trending in the wild as recently as September 2, 2023.

12. CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability

Vulnerability Trending Over Years: 2018, 2020, 2023 (30 times)

It was exploited by 21 Malware, 10 Threat Actors, and 7 Ransomware and was trending in the wild as recently as September 4, 2023.

13. CVE-2013-0074: Microsoft Silverlight Could Allow Remote Code Execution

Vulnerability Trending Over Years: 2023 (8 times)

It was exploited by 62 Malware 50 Ransomware and was trending in the wild as recently as August 20, 2023.

14. CVE-2012-0507: Oracle Java SE Remote Java Runtime Environment Vulnerability

Vulnerability Trending Over Years: 2023 (10 times)

It was exploited by 66 Malware, 3 Threat Actors, and 42 Ransomware and was trending in the wild as recently as July 26, 2023.

15. CVE-2019-19781: Citrix ADC and Citrix Gateway – Remote Code Execution (RCE) Vulnerability

Vulnerability Trending Over Years: 2020, 2022, 2023 (60 times)

It was exploited by 11 Malware, 12 Threat Actors, and 10 Ransomware and was trending in the wild as recently as September 4, 2023.

16. CVE-2018-0802: Microsoft Office Memory Corruption Vulnerability

Vulnerability Trending Over Years: 2021, 2022, 2023 (19 times)

Exploited by 29 Malware 24 Threat Actors, and was trending in the wild as recently as September 2, 2023.

17. CVE-2021-26855: Microsoft Exchange Server Authentication Bypass (RCE)

Vulnerability Trending Over Years: 2021, 2023 (46 times)

It was exploited by 19 Malware, 22 Threat Actors, and 9 Ransomware and was trending in the wild as recently as September 2, 2023.

18. CVE-2019-2725: Oracle WebLogic Affected by Unauthenticated RCE Vulnerability

Vulnerability Trending Over Years: 2019, 2020, 2022, 2023 (53 times)

It was exploited by 10 Malware, 4 Threat Actors, 9 Ransomware and was trending in the wild as recently as September 4, 2023.

19. CVE-2018-13379: Fortinet FortiGate (FortiOS) System File Leak through Secure Sockets Layer (SSL)

Vulnerability Trending Over Years: 2020, 2021, 2023 (41 times)

It was exploited by 6 Malware, 13 Threat Actors, 6 Ransomware and was trending in the wild as recently as August 30, 2023.

20. CVE-2021-26084: Atlassian Confluence Server Webwork OGNL Injection RCE Vulnerability

Vulnerability Trending Over Years: 2021, 2022, 2023 (35 times)

It was exploited by 8 Malware, 6 Threat Actors, and 8 Ransomware and was trending in the wild as recently as September 2, 2023.

As The Register urges: please, people, update your software and install patches in a timely manner. Let’s not keep making it any easier for criminals.

Get cyber safe today! If you’re worried about your company’s vulnerability to cyber threats old and new, get in touch to arrange a review of your systems.

Newsletter image: UK Military Data Accessed Via Obsolete Rig

UK Military Data Accessed Via Obsolete Rig

The problems of old, insecure, out-of-date hardware and software has been brought in to focus by the recent theft of sensitive Ministry of Defence data via a third party business.

Last month, the Lockbit cybercrime gang was able to breach the systems of Zaun, a supplier of high security fencing used by military bases, via an old Windows 7 PC running on their network. The notorious ransomware gang leaked thousands of documents on the dark web.

Rogue Windows 7 PC

Zaun released a statement about the “sophisticated cyber attack”:

On 5th – 6th August, Zaun was subjected to a sophisticated cyber-attack on our IT Network by the LockBit Ransom group. Our own cyber security prevented the server from being encrypted. West Midlands Regional Cyber Crime Unit are aware of the attack. We have been able to continue work as normal with no interruptions to service.

In an otherwise up-to-date network, the breach occurred through a rogue Windows 7 PC that was running software for one of our manufacturing machines. The machine has been removed and the vulnerability closed.

NCSC And ICO Notified

Labour MP, Kevan Jones, who sits on the cross-bench Defence Committee, said:

“This is potentially very damaging to the security of some of our most sensitive sites. The government needs to explain why systems were so vulnerable. Any information which gives security arrangements to potential enemies is of huge concern.”

The breach has been reported to the National Cyber Security Centre, as well as the ICO, while the West Midlands Regional Cyber Crime Unit is conducting an investigation.

Windows 7 is long out of date in critical services. Extended Security Updates for Windows 7, which was released in 2009, finally came to an end in 2023. Mainstream support ended in 2015, and extended support finished in 2020. It is vital to keep your systems audited for support cycles and have a plan in place to make changes when necessary for continued cyber security integrity.

Newsletter Image: iPhone 15 Launches with USB-C Connector

iPhone 15 Launches with USB-C Connector

As expected, the release of the iPhone 15 sees the end of the Lightning connector, after 11 years of use, replaced with a USB-C port.

While the USB-C is not altogether new to Apple devices — Macbooks and iPads have been fitted with them for years — the phone was a holdout for their proprietary connector. This change has effectively been forced upon Apple by a 2022 EU law requiring all electronic devices to share a common charging connector — namely the USB-C — by the end of 2024.

As reported by the BBC, the EU common-charger rule covers a range of “small and medium-sized portable electronics”, according to the EU, including:

  • mobile phones
  • tablets
  • e-readers
  • mice and keyboards
  • GPS (global positioning system) devices
  • headphones, headsets and earphones
  • digital cameras
  • handheld videogame consoles
  • portable speakers.

Any wired cable charging for these devices, by any manufacturer selling their items in Europe, will have to be via the USB Type-C port.

This standardising for recharging and transferring data across any device is supposed to be more convenient for the end user, and more environmentally friendly by helping to cut down on electronic waste. The EU claims a saving of “up to €250m [£213m] a year on unnecessary charger purchases” along with cutting 11,000 tonnes of annual waste.

Is USB-C faster than Lightning?

CNET reports it can be, depending on what generation of USB specifications the USB-C hardware in question follows. USB-C cables and ports that follow the current-gen, USB 3.2 specifications> can support file transfers as fast as 20 gigabits per second, and the upcoming USB 4 specifications could bump that up as high as 120 gigabits per second. Lightning hardware limits transfer speeds at 480 megabits per second, or just 0.48 gigabits per second.

However, the new USB-C port on the iPhone doesn’t support USB 4 or even USB 3.2. It caps things at USB 2 speeds, which limits transfers to… 480 megabits per second. Yep, the new USB-C iPhone 15 has the exact same max transfer rates as all of the Lightning iPhones that came before it.

So, the benefits of faster transfer speeds should be seen in future generations. And it at least brings the device in line with other Apple offerings.