Follow ISA on LinkedIn to get notified of the latest cybersecurity news.
Classes resume at Lakehead after mid-February cyber attack
Classes resumed for Lakehead University students on February 26, 11 days after a cyber attack shut down many of the Canadian school’s computer systems. Lakehead had extended its winter study break by four days in order to afford the school’s Technology Services Centre (TSC) extra time to investigate and recover from the attack. The extra break was supported by the student population, many of whom signed a petition agreeing to the extension.
The cyber incident was first reported on February 15, when malware compromised numerous Windows file servers and personal computers at Lakehead’s campuses in Thunder Bay and Orillia, Ontario. Access to student and staff Gmail accounts, Zoom video service, Lakehead’s website, the “MyInfo” portal for students, and the university’s “D2L” distance learning platform were restored by February 20, while TSC has continued this past week to recover other affected systems.
The TSC has been posting regular updates via email, on Twitter (at @LakeheadUNews and @LakeheadOrillia), and on the Lakehead Mobile Safety app to keep students apprised of their progress.
The university continues to urge all users to contact the TSC before bringing any university-owned, Windows-based computers to campus, and has issued a reminder to everyone to conduct regular, full scans of systems to probe for malware infections.
The TSC will be enforcing a mandatory one-time password change for all university accounts, insisting on new passwords that are complex and significantly different from any previously-used passwords in order to reduce the risk of the hackers compromising the new credentials.
The incident may have longer-term effects on students: “As course requirements and deadlines differ across programs, individual students may be impacted in multiple and varying ways,” advised Lakehead officials. “Faculties are currently reviewing the situation and students will be updated by program or individual instructors about how concerns relating to assignments, exams and similar issues will be addressed.”
Security patches released for one-billion download app SHAREit
Singapore-based Smart Media4U Technology has released a patch for its SHAREit software, addressing significant security vulnerabilities in the widely-downloaded application. According to the developers, the app has some 1.8 billion users; however, the security bugs only affect the Android version of SHAREit which, according to Google Play Store statistics, has been downloaded more than one billion times.
According to a report in CPO Magazine, the design of SHAREit, which speeds and simplifies the wireless sharing of user data files between Windows, Mac, Android and iOS devices, is reportedly at the heart of the security issues. The software requires extensive device permissions in order to function, accessing device storage, location, microphone, and camera. Further, the installation configuration and permissions granted by the app open the door for potential abuse by third parties.
The security researchers at Trend Micro who first isolated the bugs developed proof of concept (POC) code to demonstrate potential compromise of the app. The POC exposed vulnerabilities that could allow attackers to “steal sensitive data and do anything with the apps’ permission”.
The patch resolves a host of significant vulnerabilities, including:
+ potential use to gain unauthorized access to sensitive information stored by users’ devices;
+ ability to execute arbitrary code with SHAREit permissions with the help of malicious code or app, potentially allowing the threat actors to use it in Remote Code Execution (RCE) attacks; and
+ potential user exposure to man-in-the-middle attacks, allowing attackers to manipulate application resources stored on external storage via code injection.
The researchers reportedly first alerted Smart Media4U in late 2020 to quietly advise them of the bugs in order to allow the developers to patch and release a fix – they received no reaction. Concerned about the potential impact to users because of the number of reported downloads of the app, the researchers chose to publicize the bug in order to inspire a response. The developers fixed the design flaw and released a patch on February 19, 2021, just days after the public disclosure.
If you are a current user of SHAREit, you are urged to patch the application as soon as possible in order to mitigate your security risk. If you no longer use the app, or did not purchase a subscription for a paid membership once the three-day trial version expired, you are urged to delete the app as soon as possible.
Public Interest Registry Launches New Institute to Combat DNS Abuse
The Public Interest Registry (PIR) – best known for managing the “.org” registry – has launched a new DNS Abuse Institute (DAI) to help protect the Internet from DNS-abuse-oriented cyber threats like malware, botnets, phishing, pharming, and spam.
According to their recent press release, the DAI will establish an advisory council and marshal resources in an effort to “bring together leaders in the anti-abuse space to fund research, publish recommended practices, share data, and provide tools to identify and report DNS abuse.”
The DAI will have three areas of focus:
1) Innovation to support best practices and research, and develop solutions to combat DNS abuse;
2) Education to provide resources, support reporting standards, and publish research and case studies; and
3) Collaboration to act as networking forum and a central point for communication among stakeholders (industry, academia, registries and registrars, etc.) to help secure and support DNS security efforts.
Toronto’s Graeme Bunton, who has more than a decade of DNS policy experience, will serve as the DAI’s inaugural director.
“I couldn’t be more excited about the opportunity the DNS Abuse Institute provides for the DNS community. Our years of conversation on this topic have highlighted the need for coordinated action, common understanding, and centralized tools, but until now the mandate and resources didn’t exist. With PIR’s foundational support we’re going to do the hard work of making the Internet a safer place,” says Bunton on the PIR website.
In addition to the new website, the Institute has created an email support line to help registries and registrars with questions relating to DNS abuse issues. The voluntary, confidential program is provided at no cost.
The Institute will hold its first forum on Tuesday, March 16, 2021 from 11:00 a.m. to 12:30 p.m. EST, featuring a panel of DNS experts. Registration for the “State of DNS Abuse: Trends from the last three years and current landscape” virtual discussion panel opens in early March.