Security Summary – January 202031-01-2020 Author: DSwiss
Our short monthly review summarizes important news and blog posts, which focus on IT security, cloud computing and privacy protection.
1. More than 50% of internet users affected by cybercrime
Bitkom found that around 55% of internet users in Germany were affected by cybercrime last year, in the majority of cases by malware on end devices (46%). The second most frequent event was the unsolicited disclosure of data to third parties (26%), followed by fraud in private shopping or online sales (19%). Moreover, 12% of online bankers were either cheated or had their bank account details misused.
2. Cybersecurity Index 2020: Employees represent the highest vulnerability to corporate security
In Germany, 75% of surveyed security managers see their own employees as a weak point in their security strategy. Cybercriminals increasingly rely on social interactions in order to gain access to the company through employees. However, 42% of the interviewed companies claimed there was no consistent awareness of digital dangers.
3. Phishing emails with fake Apple bills
Cybercriminals send emails with fake order confirmations and invoices for purchases allegedly made in the Apple Store. A PDF attached to the emails contains a link to a fake Apple-style website. In order to cancel the alleged order on this page, the user is asked to upload photos of their credit card and ID along with a selfie before being redirected to the real Apple website.
4. Austrian Foreign Ministry: Cyber-attack from Russia?
According to ORF, state representatives from Russia appear to be behind a cyber-attack on Austria's foreign ministry that lasted several weeks. The Turla Group is suspected to be responsible for the attack, but the Department of State is refusing to disclose details. The ORF did however provide a detailed report of the Turla group’s typical course of action and pointed out that the group tends to remain active long after it successfully enters a network. It only becomes active when Moscow begins to search for certain information.
5. Browser monitoring and sale of user data
The anti-virus software manufacturer Avast uses a browser plug-in to monitor the online behavior of its users, selling the collected data via a subsidiary called Jumpshot. Its customers include mega-corporations such as Google, Microsoft and McKinsey, sometimes paying millions of dollars for access to the user data. Jumpshot records user clicks and movements, including YouTube videos and searches, among other things.
6. Access to the data of around 250 million Microsoft support customers
Throughout almost the entire month of December, an internal database for customers of Microsoft support was exposed online without protection due to an incorrectly configured security rule. After the error was reported on December 31, Microsoft backed up the servers on the same day. Most records did not contain any personal information, as this is removed by default. However, non-“standard” data may not have been removed. The affected customers were informed, it is not known whether or not the data was misused.
7. Password leak for more than 500,000 servers, routers and IoT devices
In mid-January, a well-known hacker forum published an extensive list of Telnet credentials for more than 510,000 servers, home routers and smart devices in the Internet of Things category. According to a security expert, the list is very valuable to experienced attackers, even if, for example, the IP addresses are no longer up to date. Usually, incorrectly or insecurely configured devices cluster in the networks of certain internet service providers. Using the IP addresses in the list, cybercriminals can identify such Internet providers and thus search for current IP addresses in their networks.
8. Anonymous admins of prominent Facebook pages exposed at short notice
In early January, following an update, admins, those responsible for creating or editing posts on a Facebook page, were made visible for a few hours, despite the fact they were supposed to be anonymous. Admins of several prominent Facebook pages were "exposed". Although this might make you smile, in this case it can also be dangerous: anonymity protects Facebook users if, for example, they discuss political or civil society issues on a Facebook page and thereby create opponents or are looked upon critically by certain people.