Q3 2020 Security Update: Threats Lurk in Seemingly Harmless Places

Everyday activities, such as opening an email, clicking on a link in search engine results or just plugging in a printer, can lead to a security incident or data loss.

cybersecurity-ISV-software

You and your clients may be preoccupied with adapting to remote work and new operations, but, as our quarterly security update shows, you can’t take your eye off the threat landscape.

Ripple20 Discovered

JSOF research lab discovered 19 vulnerabilities in the Treck, Inc. TCP/IP software library. The bugs, dubbed Ripple20, impact hundreds of millions of IoT devices deployed across the whole spectrum of industries, from healthcare and manufacturing to SMB businesses. The vulnerabilities enable cybercriminals to hide malicious code within devices for years. Additionally, as the name implies, an infected device can have a ripple effect, impacting its entire network, supply chain, and beyond.

Action Items

Terry Dunlap, former NSA Offensive Cyber Operator and CSO and co-founder of ReFirm Labs, provides these insights:

    • Ripple20 makes it necessary to know what’s running on each IoT device, the vulnerabilities it has, and how to patch them.
    • End users need to treat IoT with the security and compliance due diligence that they would with their enterprise applications.

Where Did All Those COVID-19 Phishing Attacks Come From?

You and your clients are used to defending against phishing attacks from all over the world, but, according to a report by INKY, the majority of the recent rise in coronavirus-themed phishing attacks were launched from the U.S. According to INKY, 44 percent of these attacks can be traced back to the U.S., 26 percent to Europe, 18 percent to Asia, 9 percent to Africa, and 2 percent to South America. INKY research also found that 65 percent included a malicious link, and 15 percent delivered a malicious attachment.

INKY explains that because firewalls may feature geographical filtering, so attackers may launch their attacks from the U.S. to get around it.

Action Items

    • Review and share the phishing email examples in the INKY report to educate users.
    • Advise users to check sender addresses against their contact lists, even if the email looks legitimate.
    • Inform users that if the email requests going to a website to provide information, don’t click the link—use bookmarks for legitimate sites.
    • Instruct users never to open an attachment from an unknown or suspicious sender.

Subpoena-Themed Phishing Attacks Are Back

Last year, phishers impersonated the UK Ministry of Justice in their fraudulent emails. This year, they’re trying to get users to believe they’re coming from the U.S. Supreme Court.

An Armorblox blog explains that the scheme includes sending a link that is supposedly a subpoena. Phishing email recipients who clicked went through a series of redirects and a CAPTCHA page, and the final page was designed to look like an Office 365 login portal.

Action Items

    • Let your users know attackers only send these phishing emails to a few people, so they may not get flagged as spam.
    • Attackers used a zero-day link, therefore the attack could get past their security solutions.
    • Advise your clients of the importance of a system capable of spotting zero-day exploits.

Clicking on Search Engine Results Isn’t Necessarily Safe

SiteLock’s 2020 Annual Security Review, almost 90 percent of malware-infected websites can still show up in search results. SiteLock estimates that 12.8 million websites are currently infected – so more than 11 million could potentially find their way to search result pages. The company also points out that search engines often try to avoid reporting suspicious activity, since it would mean time and expense for the site’s administrator to investigate it – and it’s often not malicious.

Action Items

    • Bookmark routinely visited sites.
    • Use a security solution that detects and stops users from opening sites infected with malware.

For more security updates and insights, visit DevPro Journal’s Security resources page.


SHARE
Mike Monocello

The former owner of a software development company and having more than a decade of experience writing for B2B IT solution providers, Mike is co-founder of DevPro Journal.