AttackWise cyber security round-up 1 March 2019

//AttackWise cyber security round-up 1 March 2019

A quiet week in terms of news and threat advisories, but a busy week for vendor security landscape reports. The reports have expected common themes (phishing is effective) but also some significantly different views by industry and techniques used. By definition, the data reflects their customer base not real world industries which really should not be a surprise. If you read just one report, go with CrowdStrike.

In the news app, which was later acquired and incorporated into TikTok, was handed a $5.7m fine because it was knowingly hosting content that had been published by underage users.

Research, reports, opinions

An interesting description on how researchers used fake Facebook groups, and targeted Facebook advertising to infiltrate the military of an unnamed country. The approach could equally be used to compromise commercial targets.

Ring Doorbell is a popular home security device acquired by Amazon. Researchers with BullGuard discovered a way to launch a man-in-the-middle hack against the smart doorbell app, enabling arbitrary surveillance and even inject counterfeit video traffic.

New flaws in 4G, 5G allow attackers to intercept calls and track phone locations.

An interesting description of hackers phishing high traffic Instagram accounts by using flattery.

Vendor news

CrowdStrike has released their 2019 Global Threat report. Two interesting data points; the first is the “breakout time” or time from initial compromise to lateral movement varied between just under 19 minutes and nearly 10 hours. Admittedly these were for nation state hackers. Irrespective the key takeaway is response time, or at least having additional measures to slow down attackers is key to effective defence. The second data point, is the type of technique used; compromise of valid accounts is the most popular technique across initial compromise, persistence, privilege escalation and defence evasion. Perhaps of no surprise that of all the fancy possible techniques, the most simple is the most popular.

Microsoft has released their Security Intelligence Report (SIR). The report does not contain any unique insights but that in itself is of interest.

Rapid 7 has released their Quarterly Threat Report with nice breakdowns by industry (have a look at the Transportation industry data!)

IBM has released their Threat Intelligence Index.

Microsoft has released a public preview of a cloud based SIEM solution called Azure Sentinel. Includes various connectors and an approach for playbook automation.

Microsoft has released a “Threat Experts” service which provides a managed threat hunting service add on to Windows Defender Advanced Threat Protection providing two key services, “Targeted attack notifications” and “Experts on demand”.

Security advisories

Cisco has released an advisory to address vulnerability in its wireless VPN and wireless router products that could allow an unauthenticated, remote attacker to execute arbitrary code.

UK industry events