BRIEFING HEADLINES

SolarWinds Hacked:

A highly evasive attacker leverages SolarWinds supply chain to compromise multiple global victims with SUNBURST backdoor. FireEye has uncovered a widespread campaign, tracked under the as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. FireEye has detected this activity at multiple entities worldwide. The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East. We anticipate there are additional victims in other countries and verticals. FireEye has notified all entities we are aware of being affected.

 

IMO-2021 Marine Cyber Security Regulations Arrive In Jan 2021:

Applying to vessel grossing over 500 tonnes, the guidelines provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities and include functional elements that support effective cyber risk management. The recommendations can be incorporated into existing risk management processes and are complementary to the safety and security management practices already established by IMO.

 

Maritime Dualog Connection Suite Admin Backdoor:

UK based security research company PenTest Partners revealed multiple security vulnerabilities in the Dualog Connection Suite of products, providing data connectivity to industrial marine vessels. The vulnerabilities all facilitated exploitation by Remote Code Execution, with the most severe including undocumented hardcoded backdoor DB account and 2FA challenge coded into local Adobe Flash app.

 

Fake Delivery Notices imitating Amazon, UPS, FedEx Surge During Biggest Online Shopping Season Ever:

In the midst of the multi-layered impacts of the COVID virus, online retail is recording record trade figures; on the back of this is a rise in online fraud & phishing.

A sharp increase in fraudulent delivery messages are appearing to come from Amazon, FedEx, UPS and other major shippers, containing malware or mining for personal information. Cybersecurity firm Check Point Software Technologies found these messages impersonating shippers were up 440% from October to November, and 72% since November last year.

 

Nigeria Implements New SIM Card Registration Rules:

The Nigerian Ministry of Communications and Digital Economy has passed laws that will look to impact the criminal use of mobile numbers. From 16.12.2020, the Nigerian govt suspended the activation of all new SIM cards in the country. Customers have until 30.12.2020 to submit their Nigerian Identification Number to their mobile operators, after which; all mobile numbers in Nigeria without a valid NIN associated will be removed from the networks.

 

Norwegian Cruise Company Hurtigruten Hit by Cyberattack: 

Norwegian cruise company Hurtigruten announced Monday that it had been hit by a major cyberattack involving what appeared to be “ransomware”, designed to seize control of data to ransom it. Tae CEO has stated that the attack has impacted Hurtigruten’s systems worldwide.

 

Vulnerabilities in Medtronic’s MyCareLink Smart 25000 Could Allow Remote Code Execution On Cardiac Devices:

Tracked as CVE-2020-25183, CVE-2020-27252 & CVE-2020-25187 the vulnerabilities allow for authentication bypass, heap memory overflow and execution of unsigned firmware on  a patients implanted cardiac monitoring devices. Healthcare vendor Medtronic has released a new firmware revision to address the vulnerabilities.

BRIEFING ARCHIVE

CARIBSOC advises organisations to corroborate all data and information as a matter of course when determining impacts to their staff & infrastructure.