ISA is committed to keeping the security community up to date with the latest cybersecurity news.
Gmail spam filtering outage could affect millions
According to reports by Android Police and Forbes, a Gmail delivery outage on June 30 disrupted the mail filtering service on the popular email platform. As a result of the incident, there were widespread reports of undesirable and/or promotional emails slipping into users’ mailboxes.
The problem appears to have started late afternoon (EDT) on June 30, with an outage report from Google on their system status dashboard that they were “aware of a problem with Gmail affecting a significant subset of users.” With a user base estimated to be approximately 1.5 to 1.8 billion worldwide, “significant” suggests that millions of users were affected.
While the delivery problems were reportedly resolved within about five hours, the disruption meant that “some messages were delayed enough that they resulted in delivery without all spam checks completing,” according to a Google response to Forbes after the incident. Google’s spokesperson emphasized that “scans to filter malware and the most egregious spam and harmful content remained fully operational”; however, as a precaution, any emails received during or shortly after the outage window should be checked extra carefully.
Microsoft releases critical Windows patch before “Update Tuesday”
On June 30, Microsoft fast-tracked the release of two Windows patches, CVE-2020-1425 (rated “critical”) and CVE-2020-1457 (rated “important”). The patches affect remote control execution (RCE) vulnerabilities in the way that the Windows Codecs Library handles objects in memory. To exploit the vulnerabilities, a user would need to open a specially designed image file (e.g., a JPG, PNG, or TIF) that carried malware which could in turn execute unauthorized code on a target device.
While Microsoft concedes that there are no workarounds beyond installing the patches, they advise that the likelihood of successful attack is currently comparatively low. The patches will be installed automatically through the Windows Store process, provided that users have this feature activated (check here for instructions on activating auto-updates). Patches are available for Windows 10 and Windows Server 2019.
Users concerned about checking whether the patch has been installed should check “Settings”, “Apps”, “Apps & Features”, then select HEVC, Advanced Options. The secure versions are 1.0.31822.0 and later.
Update: Hackers move against celebrity law firm
In May we reported that New York-based law firm Grubman Shire Meiselas & Sacks (GSMS) had been hit by a REvil ransomware attack. To date, GSMS has refused to pay the reported $42 million (all figures US) ransom, so the hackers have responded by launching the first in a planned series of dark-web auctions of the stolen files. According to a report in Computer Weekly, three lots of files and folders relating to the business dealings of singers Mariah Carey and Nicki Minaj, and basketball player LeBron James were put on the auction block on July 1. The reserve price for each lot is $600,000.
A second set of auctions was planned for July 3, featuring business documents relating to Bad Boy Entertainment Holdings, Inc. (with a ransom demand of $750K), Universal ($1M) and MTV ($1M).
Each auction is planned to run for three months. The payouts are being demanded in the form of monero cryptocurrency, a virtual currency that is reputedly even harder to trace than some other more widely known currencies like Bitcoin.
In mid-May, the law firm issued a statement that “[d]espite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as ransom. We are working directly with federal law enforcement and continue to work around the clock with the world’s leading experts to address this situation.” No further updates have been provided; indeed, even the law firm’s website remains a single landing page bearing the corporate logo.
IBM and Ponemon issue 2020 “Cyber Resilient Organization Report”
IBM Security has released its fifth annual global study on cybersecurity resilience. The report was conducted by the Ponemon Institute on behalf of IBM. This year’s edition provides a particular focus on the importance of cybersecurity incident response preparedness, the use of cloud services, and the effective integration of security solutions.
The report also details the characteristics of “high performing organizations” – those companies that exhibit a superior level of cybersecurity readiness and resilience: implementation and regular review/test of enterprise-wide cybersecurity incident response plans; use of attack-specific incident response plans; investment and implementation of cybersecurity automation, orchestration, and AI/machine learning; threat intelligence sharing with others like peers, industry groups, and government; and executive/board level visibility and buy-in.
IBM is hosting a webinar on July 23 that will review and provide context for the findings in the report.