Cyber Security Watch August 2020
As the lockdown and remote working have become the norm, the attack surface remains high. August saw Amazon Alexa glitches, Zoom security flaws and the New Zealand national stock exchange halted by cyber attacks.
Discover August’s biggest cyber security stories with our monthly digest.
Researchers have found flaws in Amazon Alexa which could allow attackers easy access to personal information by persuading users to click on a malicious link. An Amazon spokesperson commented: “We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems.”
This incident is a reminder of how much personal data these types of devices hold, especially in connection with other smart devices, which puts households at greater risk of attack. Courtesy of Threat Post.
Anti-fraud company Upstream found 53,000 Tecno smartphones containing malicious code had been sold in Ethiopia, Cameroon, Egypt, Ghana and South Africa. The malware automatically registered users to subscription services without their consent after fraudulent requests had been made.
Manufacturer Transsion said malware code, xHelper, was installed into the supply chain without its knowledge. Courtesy of BBC News.
The New Zealand stock exchange was halted for two days following a Distribution Denial of Service (DDoS) attack which overwhelmed servers. The attack impacted NZX network connectivity, and stopped trading several times between Tuesday – Wednesday (25th-26th August). Despite the attack, by the end of the Wednesday, the New Zealand stock exchange was near its all-time high. Courtesy of BBC News.
Over 50,000 fake login pages have been discovered in the first half of 2020 with more than 200 of the world’s most prominent login pages replicated. Names included PayPal with 11,000, Microsoft with 9,500 and Facebook with 7,000. Nearly 5% (2500) of the 50,000+ fake login pages were polymorphic, a malware that changes its features to avoid detection.
Experts have suggested that there is a knowledge gap since the pandemic has begun. With an increased risk of cyber attack, users need to keep ahead of the trends and be educated about the latest scams. Courtesy of Infosecurity.
A security flaw with Zoom meant cyber criminals could access password protected calls within minutes. With limitless times a password could be attempted for meetings, there were over one million possible combinations. External parties could repeatedly access calls quickly and effectively.
Zoom commented that the issue had been mitigated on 9th April, meaning calls were no longer accessible from unauthorised sources. The Independent clarified there was no evidence that the security flaw was used by hackers, but that it would be impossible to find out. Courtesy of The Independent.
Want to stay in the loop? Join our newsletter now.