This week’s Knowledge Update talks about a bug in smartphones that could lead to unstoppable malware that could be easily spread, the ‘Destruction of Service’ attacks that have happened in the last couple of months and how Infosecurity magazine states that around 400,000 client bank accounts have been accessed by hackers in one of the largest data breaches in Europe.
Bug in smartphones could lead to unstoppable malware
This story focuses on a recently patched bug that had been found in the chips used to provide wi-fi in iPhones, Samsung Galaxies and Google Nexus phones.
The bug takes advantage of several flaws that exist in the wi-fi chips which allows the attacker to write programs directly onto the chip and seize control of it. Two vulnerable devices simply must be near each other for the virus to spread. The immediate solution for these vulnerabilities is to update business phones’ OS immediately which contains fixes for the flaw.
Organisations which allow Bring Your Own Device policies and allow users to make use of their mobile phones when conducting official tasks, such as email exchange, should ensure that phones are updated with the latest security patches.
‘Destruction of Service’ attacks
Cisco has warned that the recent ransomware attacks such as WannaCry Petya and NotPetya could foreshadow a new breed of attack called ‘Destruction of Service’ (DeOS) attacks. According to the article, “these new DeOS attacks will look to make it impossible for victims to restore affected systems once infected“. Cisco has also claimed that, “the exact make-up of these DeOS attacks will depend on the motivations of the hackers involved and the limits of their creativity and capabilities.”
According to Rob Norris, the head of enterprise and cybersecurity of Fujitsu, “Engagement must start from the top: The C:Suite must understand the risks, ensure their organisation is well prepared and develop a comprehensive plan. Time must also be taken into account to actively test existing networks, spot and quickly address any blind spots in the system and educate the entire workforce on best practice.”
As above, the higher management of an organisation should invest more of their time in cybersecurity to ensure that adequate measures are taken for the safety of the organisation. This includes seeking higher levels of accreditation for the business such as Cyber Essentials Plus and ISO 27001.
Unicredit reveals double breaches affecting 400,000 users
According to Infosecurity Magazine, around 400,000 client bank accounts have been accessed by attackers in one of the largest data breaches in Europe. The error had resulted in some users from an external commercial partner being able to access the bank’s client data.
It is important that organisations take necessary precautions to protect confidential data from leaking due to inadequate controls. Further, if organisations outsource their internal functions to third-party providers it is important that service levels are defined, documented and agreed by both parties. Higher management should also ensure that the agreed controls are implemented by the vendor.