Updated: Jan 15, 2021
In this Cyber Weekly Digest we dig into what has been happening in the first week of 2021. Keep reading to find out the latest cyber security news such as the SolarWinds attackers, a new PayPal 'smishing' campaign and how 2.5 million ho. Mobile users are at risk.
In a statement on Wednesday, the US Department of Justice confirmed that malicious activity was detected which involved their Microsoft Office 365 email environment. It is believed that around 3% of the department's Office 365 email inboxes had been accessed. They were able to block the method used by attackers after they found the malicious activity. The statement outlined that it is likely the attackers behind the SolarWinds hack were responsible, which the FBI has said is likely to be a Russian-backed APT group. Other media this week claimed that software vendor JetBrains was involved in the SolarWinds attack; however, JetBrains CEO has denied these claims.
The mobile operator announced this week that hackers had stolen part of its customer database and has been found for sale on dark web forums. The details stolen could allow attackers to carry out SIM-swap attacks, meaning the attacker can receive the victim's calls and text messages. Ho. Mobile has tried to minimise the impact of this breach by offering affected customers a new SIM card free of charge. Ho. Mobile is not the only mobile operator to experience a data breach recently as T-Mobile also announced a breach last week, its fourth incident in three years.
This week, researchers found that more than 100,000 Zyxel firewalls, AP controllers, and VPN gateways contain a hardcoded admin-level backdoor account that can grant attackers access to devices. Researchers stated that this backdoor is a significant risk. It could allow threat actors to create VPN accounts to gain access to internal networks or port forward Internal services to make them remotely accessible and exploitable. Zyxel has released patches which removed the backdoor accounts on firewall devices, and another patch for AP controllers will be released January 8th. However, three different IP addresses were actively scanning for SSH devices and attempting to log in using the Zyxel backdoor credentials.
Researchers discovered the credentials of employees linked to the top 25 gaming firms for sale online. The companies affected have not been revealed, but it is believed that nearly every major gaming company has had credentials found on underground markets over the past two and a half years. The credentials for sale could give attackers access to internal resources.
The new sophisticated smishing campaign pretends to be from PayPal claiming that the victim's account has been permanently limited unless their account is verified by following a link. The phishing page prompts the victim to submit its login details as well as their billing address. Attackers can use this information in various ways, such as identity theft attack and gaining access to other accounts. As SMS phishing campaigns increase in popularity, it is essential to be wary.