NCSC Report: Threat Actors From Overseas Pose The Bigger Risk for UK

The National Cyber Security Centre (NCSC) of U.K. recently released its annual review report stating that it neutralized over 600 cyber-attacks in the period between September 1, 2018, to August 31, 2019. Most of the attacks were reportedly launched by threat actors from overseas. “A significant number of incidents continue to come from hostile nation-states,” said Ciaran Martin, the CEO of NCSC. The report also warns that Russia, China, Iran, and North Korea continue to pose strategic national security threats to the UK. NCSC managed to take down 658 cyber incidents while providing support to almost 900 victim organizations and handling almost 1,800 incidents since commencing operations. As per the report, overseas hackers, many of which are nation-state actors, primarily targeted universities, information technology, health care, and transport sectors. The UK NCSC also alerted 56 banks about adversaries’ intent to use cloned cards to steal funds from their customers. The habit of setting weak passwords continues to expose organizations to the risk of hacking. It is a cooperative approach of the NCSC to help safeguard internet users and organizations against attackers. It includes programs such as Web Check, Protective DNS, Takedown Services, and Mail Check. The UK's share of visible global phishing attacks reduced to 2.1% as of August 2019. Of the total 177,335 phishing URLs identified, 98 percent were found to be malicious, and were successfully taken down. Over 60 percent of these were removed within 24 hours of being determined malicious. Urgent findings resolved through Web Check doubled to a level of approximately 500 per month. These are resolved by the users themselves when they receive a notification for potential threats. Now, more than 460 organizations use the Protective DNS service that blocks around 20,000 unique domains at a rate of 6.5 million times hits per month. The NCSC also works in tandem with many public sector bodies and advises the members of Parliament regarding security of UK's critical infrastructure. Through programs such as Academic Centres of Excellence in Cyber Security Research (ACE-CSR), CyberInvest, PhD scholarships, and more, NCSC has partnered with industry and academic organizations as well.

 

Newly discovered ‘Light Commands’ vulnerability can be used to hack Alexa and Siri

Researchers at the University of Michigan and the University of Electro-Communications,Tokyo, have devised a new attack technique against smart voice assistants. The attack technique leverages a new ‘Light Commands’ vulnerability that can be used to remotely hack Alexa and Siri smart speakers. The attack exploits a design flaw in micro-electromechanical systems (MEMS) microphones which convert voice commands into electrical signals. By using this laser light beam (which is in the form of electrical signals), the researchers demonstrated a successful injection of malicious inaudible commands into several voice-controlled devices such as smart speakers, tablets, phones across large distances and through glass windows. The test showed that it is possible to send inaudible commands via laser beam from as far as 110 meters and between two separate buildings. In a real-time scenario, an attacker can misuse the vulnerability to instruct a voice assistant to unlock a door or make any other malicious operations. “We show how an attacker can use light-injected voice commands to unlock the target’s smart-lock protected front door, open garage doors, shop on e-commerce websites at the target’s expense, or even locate, unlock and start various vehicles (e.g., Tesla and Ford) if the vehicles are connected to the target’s Google account,” noted researchers. Researchers said they tested the attack across a variety of devices that use voice assistants including the Google Nest Cam IQ, Amazon Echo, Facebook Portal, iPhone XR, Samsung Galaxy S9, and Google Pixel 2. But they caution that any system that uses MEMS microphones and acts on data without additional user confirmation might be vulnerable. Researchers have demonstrated countermeasures although there is no evidence of mass exploitation of the vulnerability in the wild. The countermeasures include the implementation of the second layer of authentication, acquiring audio input from multiple microphones or even implementing a cover that physically blocks the light hitting the mics.

 

Hackers Are Coming For Medical Devices

The healthcare industry  is being exploited by cybercriminals that not only pose a threat to data but human lives too. The most common types of cyber threats impacting the industry are ransomware, malware, data breaches, DDoS, and cryptojacking. In February 2019, a ransomware attack on the Southeastern Council on Alcoholism and Drug Dependence resulted in them having to notify 25,148 patients that their data was potentially breached. A phishing attack against a Montpellier Medical Center infected more than 600 computers. Because they were using independent internal networks, the virus was prevented from spreading to all of its 6,000 machines. Experts suggest there could be more attacks that have occurred but kept confidential. Patient's life and data safety, and damage to a healthcare provider's reputation are among the consequences of networks being attacked. Attackers are generally benefited by patient's medical data, which they can sell or use for various nefarious purposes including blackmailing, credential stuffing attacks, spear phishing, and more. According to CBS News and Protenus, 222 medical companies reported hacking incidents, affecting more than 11 million patient records in 2018. Patient medical records and credit card data are also being sold on the dark web. Cybersecurity risks extend to patient safety as well. For example, electrical pulses regulating the heart in a pacemaker can be made to show wrong readings. In the current scenario, it is crucial to outfox cybercriminals by protecting connected medical equipment. Medical devices need protection against cyberattacks, from original manufacturer assembly lines to updates in the field. The healthcare industry, which has been slow in adopting technologies, must increase its pace in adopting cybersecurity measures. Here’s how to do it smartly. Secure transactional endpoints: To start with, endpoints must be secured with better knowledge and practices for website, network and database security using digital certificates and online security policies. This includes the process of transferring and storing information, conducting online transactions, recording and securing confidential data. Advancements in email security: Use Secure/Multipurpose Internet Mail Extensions (S/MIME) certificates to secure email communication. This helps protect against phishing attacks and BEC attacks. Some of the top features and technologies that manufacturers, suppliers, and developers in the sector are adopting for connected device security are secure boot, device identity certificates, embedded firewall, secure element integration, secure remote updates, etc. Apart from this, healthcare firms must also increase their efforts in training their staff to appropriately manage and respond to a security incident. Keeping medical devices and information safe from cyberattacks will continue to be a battle since criminals also up their game frequently. They are always improving their techniques, attack vectors, and tools. Staying abreast of the latest cybersecurity trends, adopting modern security solutions, and using smart security procedures and software can save healthcare firms from cyber threats.

 

Singapore-based Telco Singtel and Ninja Logistics fined for data breaches

Singapore’s privacy watchdog, the Personal Data Protection Commission (PDPC), has slapped fines on telecom provider Singtel and Ninja Logistics for potentially exposing personal details of their customers. Singtel has been fined a sum of $25,000 (£14,000) for a data breach that came to light in May 2017. On the other hand, Ninja Logistics has been asked to pay a fine of $90,000 (£52,000) for a data breach that occurred in 2016 and lasted for over a year. The Singtel data breach came to light through an anonymous tip-off to the PDPC in May 2017. The firm was alleged for exposing personal details of up to 330,000 of its customers due to a design flaw in its app. This allowed anyone to see other customers’ accounts, exposing their billing information, names, and addresses. The PDPC said that anyone with working knowledge of how a mobile app communicates with servers could have exploited the vulnerability. "The informant accessed four billing accounts and extracted the customer's name, billing address, billing account number, mobile phone number as well as customer service plans (including data, talk time and SMS usage)," PDPC added, THE STRAIT TIMES reported. PDPC noted that Singtel had hired a third-party vendor for regular security tests on the mobile app and systems. However, the design flaw in question was not detected and this led to the data breach. “Despite having received professional advice to take precautions against such vulnerabilities, the organization omitted to conduct a full code review…and hence failed to discover (the vulnerability) that was exploited in this case,” the PDPC said. The PDPC further added that the vulnerability “is a relatively basic design issue and well-known security risk that a reasonable person would have considered necessary to detect and prevent”. The goods delivery startup, Ninja Logistics has been fined for exposing personal data of up to 1.26 million individuals on its website. From 2016 to 2018, users were able to view details of other customers’ by entering tracking numbers on the order tracking function. This exposed information such as names, addresses, signatures of customers. The PDPC also noted that Ninja Logistics has also unsuccessfully tried to introduce a second layer of authentication which required a part of a customer’s name or mobile number to verify the identity of the person using a tracking number. Both Singtel and Ninja Logistics have admitted and fixed the underlying issue. Singtel has addressed the design flaw by releasing the latest version of the app. Similarly, Ninja Logistics has implemented corrective measures to rectify the matter.

 

Edited and compiled by cyber security specialist James Aguilan.