Weekly CyberTip: Be on the lookout for text message attacks
October is Cyber Security Awareness Month in Canada and around the world. It’s a great opportunity to reflect on how you can raise cyber awareness at home and at work. Canada’s Get Cyber Safe and the U.S.-based Cybersecurity and Infrastructure Security Agency (CISA) CSAM portals offer a wealth of information, and be sure to follow ISA Cybersecurity on the web and on social media for the latest news and resources. Let’s work together to stay cyber safe!
Microsoft adds emergency temporary fix deployment feature to Exchange
Responding to hacking campaigns that have plagued their email platform in recent months, Microsoft is introducing a new security feature for Exchange Server systems. The new feature – called the Microsoft Exchange Emergency Mitigation (EM) service – will automatically install temporary fixes or workarounds that block active exploitation of security vulnerabilities until Microsoft is ready to release official patches.
“Since in the future mitigations may be released at any time, we chose to have the EM service check for mitigations hourly,” the Microsoft Exchange team said in the bulletin. This level of frequency is expected to support a rapid response to zero-day vulnerabilities.
The EM service is available starting with the September 2021 Cumulative Updates (CUs) for Exchange servers, which were released on September 28. While the service will be enabled by default for all Exchange server systems, Microsoft is also providing a way to override this setting and let administrators apply mitigations by hand or by using the Exchange On-premises Mitigation Tool (EOMT).
Full details about the new features are explained in Microsoft’s documentation portal. It is important to emphasize that the temporary fixes provided by EM are just that – temporary. Administrators must still be diligent in applying patches and maintaining currency to their environments.
Combined cache of alleged Clubhouse/Facebook data up for sale
According to a report in CyberNews, a threat actor has combined a dataset of 3.8 billion phone numbers scraped from social media site Clubhouse, with a list of 533 million numbers harvested from Facebook. The merged databases are being offered for sale at $100,000 (all figures USD), with smaller portions of the file available at discounted rates.
Complicating matters is that, early in their launch, Clubhouse required users to share their complete contact lists, meaning that if you know someone with a Clubhouse account, your phone number may have been disclosed to the site and caught up in the current darkweb sale – even if you are not on the Clubhouse platform.
According to the report, the combined trove of data combines names, phone numbers, and social media handles, among other data scraped from the Facebook and Clubhouse websites.
Some analysts fear that the data could be exploited by threat actors to launch credential stuffing and account takeover attacks. The aggregated data also creates opportunities for hackers to attempt social engineering attacks like phishing, smishing, or other impersonation frauds by exploiting the identifying details of individuals in the file.
However, other commentators question the veracity of the claims of the hacker, as at least some of the supposed Facebook data appears to be faked or misrepresented. A posting in Avast outlines the complicated history of the alleged data being offered for sale.
2021 worst year ever for zero-day hacking attacks
According to a report by the MIT Technology Review, at least 66 zero-day exploits have been found in use this year. With three months to go in the year, that’s already twice the number of reports in 2020, and is an all-time record.
A “zero-day exploit” is an attack against a vulnerability in a device or system that was not previously known to the vendor or the general public (such flaws are called “zero-day vulnerabilities”). On the surface, the significant increase in zero-day exploits may sound ominous. Computer crime is a massive industry, and the increased number of successful attacks seems to reflect this.
However, the report suggests that the higher number also indicates that the cybersecurity sector is becoming better at identifying complex attacks, and is doing it faster than ever. Improved defenses have driven hackers to use multiple exploits – instead of just one – to successfully breach their targets. These “exploit chains” often involve a number of zero-day vulnerabilities. A greater emphasis on threat analysis, improved technologies for threat detection, and widespread “bug bounties” for security researchers have combined to unearth more of these zero-days than ever before.
Report: healthcare still under significant pressure from cyber attack
A September 28 report from SC Magazine reminds us that the healthcare sector is still a significant target for ransomware and other cyber threats.
The report reveals that in September alone, over a dozen healthcare providers in the United States made formal reports of having fallen victim to cyber attacks that led directly to the exfiltration of protected health information (PHI).
Recent individual attacks secured tens of thousands of sensitive electronic patient medical records, prescription data, and insurance coverage information – all reportedly stored in unencrypted format – before corrupting target systems with ransomware.