1. 99.2% of U.S. Government Android Users Are Using Outdated OS Versions
- Out of the 200 million+ mobile devices being used by local, state, and federal government employees, a majority of said devices run on Android operating systems (OS). Shockingly, only 0.08% of those devices are operating on the newest version of said OS, which exposes those critical devices to over 636 known vulnerabilities.
- Due to this lack of robust security patch hygiene, in concert with the pandemic, U.S. government employees noticed a 20X spike in malicious activities, such as drive-by downloads, phishing, etc.
- According to security experts, examples of actual vulnerabilities discovered by the government include: unauthorized connections to rogue servers in foreign nations; unrestricted access to sensitive file systems; access to device camera and media partitions; and unnecessary permissions that allow apps to view data from other apps on a device.
SME Comments: Threat actors understand that mobile devices are currently being used to conduct critical business operations, more so today than ever before. Therefore, malicious activities are being customized to target specific mobile device operating systems (OS), including Android devices. Most government IT teams tend to wait for long periods of time to test newly deployed application patches or OS updates to ensure compatibility with current computing environments. Unfortunately, such a delay in the implementation of available patches and updates increased the chances of exploitation by about 65%.
2. The Largest Ransomware Demand Hits $30 Million
- Over the past year, ransomware attacks rose by 171%, as cybercriminals continue to exploit gaps in the recent digital transformation that occurred as a result of the COVID-19 pandemic.
- With no signs of slowing down, ransomware payoffs represent large revenue assets for cybercriminals – ransoms paid to cybercriminals have nearly tripled since 2020, as organizations scramble to innovate permanent fixes for ransomware-based vulnerabilities.
- In 2019, security researchers discovered that ransomware attacks targeting organizations across North America and Europe had an average ransom demand of $115,123. However, in 2020 the ransom demand rose to $312,493.
SME Comments: Due to the increasingly poor security posture of most organizations, ransomware attacks are here to stay! As such, basic ransomware tactics, techniques, and procedures (TTPs) are now being coupled with more sophisticated attack methodologies, to increase likelihood of success and impact on a victim’s infrastructure. With greater levels of success, notable ransomware gangs, such as Ryuk, DoppelPaymer, and Egregor have become more emboldened as they collaborate with state-sponsored advanced persistent threat (APT) actors while seeking greater ransom payments.
3. Phishing Sites Bypass Malware Detection With Ease
SME Comments: By avoiding malware detection, threat actors are able to perform several customized attacks, such as lateral movement and/or deploying ‘logic bomb’ malwares into a corporate environment, which are often activated via remote command-and-control infrastructures.
4. Unknown Bug Deletes Files on Microsoft Teams and Sharepoint
- Microsoft Teams and Sharepoint users are reporting that their files are missing from their workstation, and ending up in the recycle bins. These reports arose following the Microsoft outage that occurred on March 15th, 2020 – this outage affected Office 365, Teams, XBox Live, Exchange Online, Sharepoint, and Outlook.
- According to the tech giant, Microsoft, the said outage occurred as a result of a misconfiguration issue with their Azure Active Directory.
- The mysterious factor with this IT event happens to be that system folders remained intact, meanwhile, files were moved to either a user’s cloud-based recycle bin or their PC’s native recycle bin. The fact that this eerie process did not affect folders that were saved on the same database path leaves security experts wondering if a malicious bug affected one of Microsoft’s Azure infrastructure.
SME Comments: It is a known fact that Microsoft’s services have been a target by advanced persistent threat actors, looking to compromise as many corporate users are possible. As such, triggering a bug in one of Microsoft’s configuration processes would not be a far-fetch feat for attackers. At this time, Microsoft has advised all impacted users to resync their files, to restore files back to their appropriate locations – usually, resyncing is carried out by restarting all affected PCs.
5. JPG Files Used to Save Stolen Credit Card Data
- According to security researchers, Magecart attackers have added a new tactic, which includes hiding stolen payment card data using .JPG files. This illusive method allows the financially-motivated cybercriminals to move within a victim’s network without drawing much attention to themselves.
- Magecart cybercriminals facilitated this attack methodology by injecting PHP codes into a file called “./vendor/magento/module-customer/Model/Session.php,” which then allows the malicious code to create a fake .JPG file with enough storage space for stolen alphanumeric values.
- With stolen data conveniently stored within undetected .JPG files, Magecart attackers are able to access and download any stolen information at will because security experts won’t think to suspect a .JPG file on the network.