Month: April 2020

Apple Email App Vulnerabilities Found in Over Half a Billion Devices

Apple Email App Vulnerabilities in iPhone and iPad were reported by ZecOps, a mobile security forensics company on April 20, 2020.  These vulnerabilities have existed since the release of iPhone 5 in September of 2012.  The vulnerabilities allows attackers to remotely infect a device by sending emails.    Attacks inserted into emails can allow remote code execution by consuming device memory resources.

ZecOps also reported that attackers may have used these vulnerabilities against a Fortune 500 organization, “an executive from a carrier in Japan” and “a journalist in Europe”.  It concluded that these attacks were conducted by “an advanced threat operator”.

Apple Debates Exploitation of Flaws

Although Apple has acknowledged the vulnerabilities, it has countered claims that that these flaws were exploited.  An Apple representative was quoted by Reuters as stating  that “these issues do not pose and immediate risk to our users”.  A patch is planned to be released to remedy the issues.  A beta update has already been released.

Possible Interim Security Measures

It can be surmised that if attacks are occurring that they will increase in frequency until patches are released.  Therefore, it may be advisable to access emails on effected devices until the required updates are available.  This news is unfortunately developing at a time when larger numbers of people are working remotely and are accessing business emails in a potentially unsafe manner.   

Apple mobile devices have generally had a good reputation for security and are used by many businesses.  There have however, been previous flaws that have exposed user data.  Because no platform is free from such flaws business IT departments should carefully select email apps and protocols to protect vital data.

CVG Strategy

Studies have shown that a majority of businesses have not achieved a sufficient cybersecurity maturity level.  This is especially distressing considering that the level of cyber attacks are growing and that businesses are primary targets.  CVG Strategy is committed to helping businesses secure their vital data.  We can assist businesses in establishing effective Information Security Management Systems (ISMS) through the implementation of ISO 27001.  Contact us with your questions.

U.S. Government Provides Guidance on North Korean Cyber Threat

Guidance was provided on the North Korean cyber threat by the U.S. Departments of State, the Treasury, Homeland Security, and the Federal Bureau of Investigation on April 15, 2020.  North Korea, formally known as the Democratic People’s Republic of Korea (DPRK) continues to pose a significant threat to the international financial system through an increase in malicious cyber activities.  Many of these cybercrimes are being utilized to generate funding for DPRK development of weapons of mass destruction and ballistic missile programs.  Of special concern is DPRK’s increased ability to to conduct destructive activities on critical infrastructure.

Financial Theft and Money Laundering

In its 2019 mid-term report the UN Security Council 1718 Committee Panel of Experts (POE) found that the DPRK was using increasingly sophisticated cyber techniques to attempt in the theft and laundering of as much as $2 billion dollars in that year.  These findings are consistent with U.S. Department of Justice allegations released in March of 2020.  These activities were targeted at digital currency exchanges.

Other DPRK Cyber Crimes

The DPRK has conducted a number of extortion campaigns.  In some instances, DPRK cyber actors have demanded payment from victims under the guise of long-term paid consulting arrangements in order to ensure that no such future malicious cyber activity takes place.  These cyber actors have also been hired guns in the hacking of websites for extortion purposes.

Cryptojacking has been an activity engaged in by the DPRK.  This is accomplished by compromising a computer and steal its computing resources to mine digital currency.  The POE reported several instances in which infected computers mined assets and transferred digital currency to servers at the Kim Il Sung University in Pyongyang.

The DPRK Rap Sheet

The DPRK has had a long dark history of cyber crime.  The list below includes some of the more notable operations:

• Sony Pictures cyber attack in November 2014 in retaliation for the film “The Interview”.
• Bangladesh Bank Heist in February of 2016 where the DPRK allegedly stole $81 million.
• WannaCry 2.0 ransomware that infected computers in hospitals, businesses, schools, and homes in over 150 countries in 2017
• FASTCash Campaign which has targeted ATMs in Asia and Africa since 2016.
• Digitial Currency Exchange Hack in April of 2018 where the DPRK stole nearly $250 million through digital currency transactions.

Countering the Threat

In its report the U.S. Government agencies have listed numerous measures to counter the DPRK threat include raising the awareness of the gravity and scope of the problem.  The single most important thing that must be accomplished however, is the adoption and promotion of cybersecurity best practices.  As mentioned in a previous post businesses around the world including the United States have not attained appropriate levels of cyber strategy and execution.  In a survey of businesses undertaken by the insurance provider Hiscox in 2019, 74% fell into the Novice classification for cybersecurity.

CVG Strategy

CVG Strategy knows the importance of effective cybersecurity and is committed to helping businesses create effective Information Security Management Systems (ISMS) to protect their sensitive information and vital assets.  Contact us to see how we can help you.

 

Cybersecurity Vulnerabilities Exploited During Coronavirus Crisis

Businesses are being strained during the Coronavirus epidemic and Cybersecurity Issues are on the rise.  Cyber criminals and hostile nation states are wasting little time in exploiting the vulnerabilities this crisis has created. 

Remote Work Protocols

Working remotely has been growing at an exponential rate.  While cybersecurity can be maintained in a remote work scenario, adequate protocols must be in place.  Because many businesses have suddenly been thrust into this arena those protocols may not have been adequately established.   This has increased the chances of remote employees using unsecured Wi-Fi or personal devices when accessing sensitive data.

Educating and Training Employees

Proper training at regular intervals is essential for any Information Security Management System (ISMS).  Establishing coherent and effective protocols and policies does little good if the members of an organization are unaware of them or don’t know how to implement them.  Because any weak link can defeat the best cybersecurity program, proper practices should be everybody’s number one priority. 

FBI Warnings on Coronavirus and Cybersecurity Issues

During this Coronavirus (COVID-19) crisis the Federal Bureau of Investigation has advised businesses to carefully consider the safety of their data when selecting tools that provide communication over the internet.  It is important to consider the possibility of eavesdropping on virtual meetings, theft of data, or other malicious activities.  The FBI has seen an increase in activity of this sort including a practice called Zoom-bombing where video conferencing tools have been disrupted by pornography and threatening language.

Business Email Schemes

Additionally, Coronavirus and Cybersecurity Issues are giving rise to a large variety of email schemes.  These include emails that appear to be from persons inside an organization or persons outside of the organization that a company conducts business with.  The FBI advises that businesses be particularly on the look out for the following:

• The use of urgency and last-minute changes in wire instructions or recipient account information;
• Last-minute changes in established communication platforms or email account addresses;
• Communications only in email and refusal to communicate via telephone;
• Requests for advanced payment of services when not previously required; and
• Requests from employees to change direct deposit information.

FBI Recommended Cybersecurity Practices

Do:

• Select trusted and reputable telework software vendors; conduct additional due diligence when selecting foreign-sourced vendors.
• Restrict access to remote meetings, conference calls, or virtual classrooms, including the use of passwords if possible.
• Beware of social engineering tactics aimed at revealing sensitive information. Make use of tools that block suspected phishing emails or allow users to report and quarantine them.
• Beware of advertisements or emails purporting to be from telework software vendors.
• Always verify the web address of legitimate websites or manually type it into the browser.

Don’t:

• Share links to remote meetings, conference calls, or virtual classrooms on open websites or open social media profiles.
• Open attachments or click links within emails from senders you do not recognize.
• Enable remote desktop access functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) unless absolutely needed.¹

CVG Strategy

CVG Strategy is committed to helping businesses with their cybersecurity concerns during this COVID-19 crisis.  We can assist businesses create and support Information Security Management Systems.  We provide businesses with services for ISO 27001, NIST 8000-171, and CMMC certification.  Contact Us to see how we can help you.