While Byte Sized News can’t help you cool off from the blistering summer heat wave going through the United States, it can save security professionals valuable time and fill you in on some of the most important news stories in cybersecurity this week. Which one is more beneficial to you? It’s hard to tell, but I personally think that pairing Byte Sized News with a sun umbrella, a refreshing beverage, or even just some AC is an unbeatable combination.
We’ve got a great installment of Byte Sized News for you this week. There is drama of all scales in the cybersecurity world this week, ranging from large political turmoil and espionage with the Chinese government and a secure boot bypass affecting billions of devices all the way down to a small phishing scam relating to everyone’s favorite streaming service, Netflix.
As always, this series isn’t intended to provide readers with details on every story and topic, but rather to fill busy professionals in on the most compelling developments in the field.
Without further ado, let’s get to this week’s top news stories!
The first article from this week is from the New York Times and talks about a hack on the Vatican that came from China. Earlier this week sources reported that Chinese hackers infiltrated the Vatican’s computer networks in the past three months in an espionage attempt before sensitive negotiations with Beijing began. This discovery was made by Recorded Future, a firm based in Somerville, Mass. This attack relates to the fact that the Chinese Communist Party has been waging a campaign to tighten its grip on religious groups to “Sinicize religions” in the country. China recognizes five religions, but also suspects that these religious groups and worshippers “undermine their control” of the Communist Party and the state. Many Chinese hackers appear to be using cyberattacks in order to perform reconaissance on a number of religious groups, including Buddhists Tibetans, Muslim Uighurs, and Falun Gong practitioners. However, this attack appears to be the first time that hackers working for the Chinese state have been caught hacking into the Vatican.
The next article for this week comes from Threatpost.com. This article details a secure boot bypass vulnerability that has left billions of devices vulnerable to attack. This “BootHole” bug could allow cyberattackers to load malware, steal information, and move laterally on a network. This bug is on the GRUB2 bootloader, which leaves billions of devices vulnerable on both Windows and Linux. This vulnerability is because GRUB2 is the default bootloader for the majority of computing systems. GRUB2’s job is normally to manage the startup process for users, whether that’s presenting menus or automatically transferring control over to an operating system kernel. Secure boots are an industry standard to ensure only approved software and files are launched in the booting process. This standard has created attack vectors for many users. The bug currently sits at an 8.2 rating on the CVSS v3 scale, making it a “moderate” but “important” vulnerability to patch.
Moving on with our next article on the week, we have an interesting one from NICCS.gov. The National Institute for Cybersecurity Careers and Studies (NICCS) is a government agency focused on cybersecurity training, education, and workforce development. This article on their site outlines the “2020 President’s Cup.” This cup is a yearly event that pits government cybersecurity professionals against each other in three rounds of challenges relating to the NICE Cybersecurity Workforce Framework. The goal of the competition according to NICCS is to “find and reward the best and brightest cyber talent in the Federal government.” This competition is open to all members of the Federal workforce and U.S. military. People can sign up individually, or in teams of up to five people. The entire competition will be conducted in a cloud environment with very minimal spec requirements, giving everyone a chance to compete and win. The NICCS describes “ideal teams” as a group with well-rounded and complementary skill sets who are willing to take a “divide-and-conquer” mindset when solving problems.
Our second to last article comes from Dark Reading, and talks about the world’s most popular streaming service — Netflix. This article covers a phishing attempt on Netflix customers stringing from two misleading domains that aimed to steal credentials from users and then redirect them back to Netflix. Researchers from Armoroblox foiled this plan that apparently sent users a billing failure email with a link that would send victims to two spoofed sites in order to steal their credentials and then pass them onto the Netflix site. Because of this clever move, the phish went largely unnoticed by victims. To make matters worse, the attack was aimed directly at users who were working from home due to the COVID-19 pandemic with the goal of exploiting it for their own benefit. The attack is being deemed “ingenious,” because the obtained domains were wyominghealthfairs.com and axxisgeo.com. The combination of these accounts gave hackers a CAPTCHA to increase their credibility and also allowed them to create a Netflix look-a-like page. This phish attempt was foiled with natural-language processing technology (tech that detects patterns and inconsistencies in text). This program detected an unusual sense of urgency from a support email and a lack of communication history with the victims, signaling a faulty email.
Our last article of the week is also from Threatpost, and details a critical bug in the Utilities VPN that has a potential to cause physical damage. This article details bugs in gear from Secomea, Moxa, and HMS Networks that have been affected by remote code-execution flaws. These remote code-executions are incredibly dangerous, as they could impact the physical functioning of critical infrastructure in the oil and gas, water, and electric utility space. Researchers at Calroty found that VPNs used to provide remote access to operational technology (OT) are vulnerable to a wide array of bugs that could cause physical damage or even shutdowns. An analyst from Calroty says that “Apart from connectivity between sites, these solutions are also used to enable remote operators and third-party vendors to dial into customer sites and provide maintenance and monitoring for PLCs and other Level 1/0 devices. This kind of access has become especially prioritized in recent months due to the new reality of COVID-19.” Attackers preying on individuals and businesses in relation to vulnerabilities that came from a reaction to COVID-19 are still running rampant, and it’s true that only you (as either a business or individual) can protect yourself.