Follow ISA on LinkedIn to get notified of the latest cybersecurity news.
International Computer Security Day
Monday, November 30 is International Computer Security Day, an opportunity to reflect on the security of your desktop or laptop. Wikihow presents an excellent ten-point checklist to follow to help improve your cybersecurity. If you’re already on top of things, consider others in your life – a child or senior – who might benefit from reviewing the checklist. Your help could make a big difference.
Belgian researchers ethically hack Tesla – again
Researchers from COSIC, a research group from the University of Leuven in Belgium, have discovered serious security flaws in the keyless entry system of the Tesla Model X. The same researchers successfully breached the keyless entry system for the Tesla Model S in two separate documented ethical hacks in 2018 and 2019.
The Belgian researchers first advised Tesla of the new vulnerabilities on August 17, 2020, under the auspices of the electric car manufacturer’s “bug bounty” program. Tesla has compensated the researchers for identifying the issue, and have released security updates to the firmware of Tesla key fobs in the 2020.48 version of the patches, distributed wirelessly in November.
The technical report, released November 24, provides details on how to acquire and configure readily-available parts into a hacking device. The report conceded that, while the equipment is somewhat bulky, it can easily be hidden in a backpack or bag, and is effective from up to 30 metres away from the vehicle under attack. Furthermore, the attack rig isn’t expensive; for less than $200 US, a motivated individual could acquire and configure the equipment to compromise an unpatched Tesla Model S in minutes.
While Teslas generally aren’t what we think of when it comes to IoT devices, the story is a cautionary tale about the potential risks in using or deploying remotely accessible equipment that isn’t fully security hardened or patched.
FBI issues spoofing warning
Concerned by a wave of recent domain registrations containing variations on their name, the FBI has released a bulletin warning users of FBI online resources to be on the lookout for spoofed addresses.
The FBI reportedly observed unnamed persons registering scores of domains spoofing legitimate FBI websites, potentially setting the stage for phishing re-directs or other criminal activities. The bulk of the domains have been shut down, though one of the sites that was still operating as of November 26 enthused “Joe Biden has account [sic] – register yours now” in Chinese on its home page.
This serves as a reminder to double-check the domain or URL of any site you are visiting to confirm that you’re not being misled.
Manchester United Football Club hacked
Legendary UK football club Manchester United was the victim of a cyber attack described as a “sophisticated operation by organised cyber criminals”, according to a statement released by the club on November 20.
“Manchester United can confirm that the club has experienced a cyber attack on our systems… The club has taken swift action to contain the attack and is currently working with expert advisers to investigate the incident and minimise the ongoing IT disruption.”
The club sought to reassure supporters and partners alike, by confirming that the club has “extensive protocols and procedures in place for such an event and had rehearsed for this risk.”
“Our cyber defences identified the attack and shut down affected systems to contain the damage and protect data. Club media channels, including our website and app, are unaffected and we are not currently aware of any breach of personal data associated with our fans and customers.”
Over a week later, however, some systems are still reportedly unavailable and remain at the mercy of the criminals’ ransom demands. Paying off the ransom would surely be a last resort, as the club could face fines of up to £15M for financing criminal activities, in addition to potential U.S. fines (as the Manchester United is listed on the NYSE) as reported by the Daily Mail – all in addition to potential fines in the event that any personal or private data was exposed in the attack.
While this is the most severe incident, Manchester United is not the first professional football team to be targeted by cyber attackers. In July, F.C. Barcelona, the most valuable club in the world, was targeted in an attempt to disrupt an online “non-confidence” vote against Barca president Josep Maria Bartomeu and his board. Crosstown rival Manchester City is still struggling with the fallout of an email breach scandal that cost them millions of pounds in fines and a since-overturned two-year ban from the EPL. Finally, both Barcelona and Real Madrid have suffered Twitter account compromises in recent times as well.
Australian law firm supplier hit with ransomware
Law In Order , an Australian supplier of document and digital services to law firms, suffered a ransomware infection on November 22, an attack that is believed to involve Netwalker malware.
The company confirmed the attack in a statement on its website, which is still only accessible from within Australia in order to shield it from further international attacks. The service company was forced to suspend many of its business operations as it engaged cyber security advisers to assist in the investigation and incident response.
The company said it was still working “to understand the scope and details of the incident, [which] includes the extent to which information has been affected,” continued the statement. The company feared that at least some corporate data had been exfiltrated in the attack, and that they are contacting potentially affected customers in an “open and transparent” manner.
In what is becoming commonplace for corporate cyber attack announcements, the statement included a blanket statement taking something of a this-happens-to-everyone stance regarding the breach: “This year we have seen several high profile cyber security incidents impacting Australian companies and public sector entities,” concluded the bulletin from the service provider.
Hundreds of customers affected by cyber attack at managed.com hosting site
Nearly two weeks after being hit with a suspected REvil ransomware attack, US-based website hosting provider managed.com and some of its services are still down. The cloud service, which has customers in up to 110 countries around the world, suffered a “coordinated ransomware campaign” on November 16, according to a system status report on its website. The status has changed little in the intervening days; as late as November 29, the site still advised that their “technology and security teams have been working around the clock to restore hosted services. We are unable to provide an ETA on restoration of specific customer services, however customers should receive an update once their services are available.”
The scope of the attack has not yet been disclosed. Some customers that were affected early in the incident now appear to have websites up and running once again, but at least some of managed.com’s reference customers quoted on the website were still down as of November 28. According to social media posts from some affected customers, recovery appears to have been from backup versions of customer sites, causing some loss of business data. Fortunately, however, there are still no reports of data exfiltration at this stage.
The initial ransom demand for the attack was approximately US$500,000, which rose to US$1M as of November 24, according to a report in Bleeping Computer. There is no indication that the ransom was paid.
This incident is a reminder of the importance of assessing the cybersecurity of your business partners and third-party suppliers. The outage at managed.com reportedly took out businesses across the United States, including the government services site of Jackson County, Oregon; an online board/committee record-keeping website which itself has hundreds of customers; the Arizona state judicial website. Everyone needs to have a robust incident response playbook ready in the event that you or your key suppliers suffers a cyber attack.