The Briefing – WK48 2020

Posted 2020-11-27

Curated for business leaders, small business owners and security staffers; The Briefing is a compact summary of noteworthy security stories impacting global business sectors and industries prevalent across the Caribbean Region.

GLOBAL NEWS

Major Power Outage in India Possibly Caused by Hackers:

A major power outage that occurred in October in Mumbai, India’s largest city, may have been caused by hackers. Investigators found multiple suspicious logins into the servers linked to power supply and transmission utilities. It’s believed that manipulation of these servers may have triggered the outage. The activity was traced to several South Asian countries and investigators are trying to determine if it was part of a coordinated effort. The outage occurred in mid-October and it impacted the Mumbai metropolitan area, causing significant disruption to traffic management systems and trains. It took two hours to restore power just for essential services and up to 12 hours to restore power in some of the affected areas.

2FA Bypass Vulnerability Patched in cPanel & WebHost Manager:

cPanel last week released patches to address three vulnerabilities in cPanel & WebHost Manager (WHM), including one leading to two-factor authentication (2FA) bypass. The 2FA bypass issue could allow attackers to perform brute-force attacks on cPanel & WHM. An attacker with knowledge of or access to valid credentials, the researchers say, could bypass the 2FA protections on an account within minutes. The vulnerability is tracked under CVE-2020-27641 and results in an attacker being able to repeatedly submit 2FA codes.

TrickBot Gets Updated to Survive Takedown Attempts:

Following a takedown attempt in October, security researchers are observing multiple updates to Trickbot to increase the botnet’s resilience and improve its reconnaissance capabilities. The newer versions of the Trojan maintain the modules seen in previous versions, thus featuring unmodified capabilities. However, the operators are now using packed modules only, and are also digitally signing update responses, likely in an attempt to prevent future takedowns. The new version of the malware appears to have been used mainly in attacks on systems in Malaysia, the United States, Romania, Russia, and Malta.

CARIBSOC advises organisations to corroborate all data and information as a matter of course when determining impacts to their staff & infrastructure.