Bypass Google Filters & Launching CSV Malware via Google Sheets

Cybercriminals are using new sophisticated techniques to spread CSV malware via Google sheets instead of using Microsoft Excel sheet which is often used by malicious hackers.

Cyber attackers are day today increasing and the attackers are always one step ahead to launching sophisticated cyber attackers which is very difficult to detect and mitigate.

Basically .CSV files could be opened in MS Excel when you click on a common .CSV file and interprets cells contents.

In this case, the Attacker embedded the malware dropper within the Google spreadsheet to infect the users and its launching via spam emails.

Spreading the malware via Google Spread Sheet is create more trust among the normal peoples without bothering about who send it but security community never trust it.

Google basically implemented the sophisticated gMail and gDrive anti Malware techniques in order to avoid Malware spreading over its amazing technologies by avoiding specific file type (.exe, .dll, .zip, etc etc) over gMail.

But an attacker bypass this Google filter technique and they easily use Google Sheets as a Malware vector. Anyhow, Google has been alerted about this issue but it confirmed that it’s actually an “Intended Behaviour”.

According to the researcher, finally, an attacker could send a clear link over an instant message platform and/or over an email asking to open up a Google Sheets suggesting to the victim to open the spreadsheet locally since “MSExcel compatibility issues”. At that time if the victim downloads the Google sheets and opens up locally (with Microsoft), the attacker might infect her box”

Users need to aware of this kind of serious attacks, avoid to download links if you receive a link to a not working Google Sheets.

IOC:

  • Hashes:
    • 5e561bf9e088f8f2b9c0610fb6f61f6d7655f6a0988a0d304452d8fa73a6a628 (.CSV)
    • cd3d1b4d147a198e1a2b7e3f4370998142bf20cbdfdd3d30cf86d65b5bd40f50 (dropped)

Airbus Data Breach – Hackers Stolen Employee Sensitive & Personal Data

Airbus IT system suffering from a data breach that resulted in unauthorized access of Airbus employees personal & Sensitive Data.

Airbus European Aeronautic Defence and Space Company manufactures and sells civil and military aerospace products worldwide with more than 129,000 Employees.

Experts learned the cyber incidents in their Airbus “Commercial Aircraft business” information systems, but it doesn’t affect the Airbus’ commercial operations.

It was unclear that the operator behind this attack and the Airbus IT security experts are continuously monitoring this incidents.

Also, experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins.

According to the Airbus Press Release, Investigations are ongoing to understand if any specific data was targeted, however we do know some personal data was accessed. This is mostly professional contact and IT identification details of some Airbus employees in Europe.

Also Company contacted with the relevant regulatory authorities and the data protection authorities pursuant to the GDPR (General Data Protection Regulation) .

Airbus instructed to their employees to take the all necessary security precaution for this incident.

Reddit Locks Down Accounts After Security Incident

A large number of Reddit users have been locked out of their accounts as a precaution while the site’s admins investigate potential unauthorized access.

Staffer “Sporkicide” would not disclose exactly how many users were affected by the move, but claimed in a post yesterday that “a large group of accounts were locked down due to a security concern.”

“By ‘security concern,’ we mean unusual activity that did not correspond to the account’s normal behavior that may indicate unauthorized access,” the admin continued.

“The most common explanation for this is the use of very simple passwords or the reuse of credentials across multiple websites or services. If another site is compromised and those lists of usernames and passwords become available, it’s very likely that they will be tried against other popular sites to see if they work and this means that any account where you use the same credential combination is then at risk.”

These credential stuffing attacks, facilitated by automated software which injects breached credentials into other sites to crack accounts, is set to become ever more popular in 2019, according to one security vendor.

“Breached credentials will be actively and heavily used in fraudulent transactions as cyber-criminals take the next logical step after amassing data breach info dumps in past years: using these stolen credentials,”.

However, some of those commenting on the security notice claimed they used strong, site-specific credentials for Reddit. One even suggested the incident could be the result of a session hijacking attack of the same kind that led to the theft of access tokens for 30 million Facebook accounts last year.

Reddit is no stranger to security incidents: last year it suffered a major breach of user data after hackers first cracked staff accounts by intercepting SMS-based two-factor authentication codes.

Sporkicide claimed yesterday that over “the next few hours” affected account holders will be able to reset their passwords.

Reddit accounts are prized as they can be used to push malicious content, exploit other users and make content go viral.

“Reddit is notoriously easy for attackers to manipulate — they don’t require an email to open an account; the signup form only uses basic reCAPTCHA, which has been ineffective for years; and the login form does not appear to use any automation prevention techniques to protect against credential stuffing attacks,” he added.

“Sites like Reddit are a dream for attackers, there are virtually no barriers to entry and the value of trusted accounts on social networks is so high.”

 

SingHealth breach report blames lack of basic security

A report detailing the investigation into the 2018 SingHealth data breach that leaked the medical records of 1.5 million Singapore residents has blamed a lack of basic security hygiene coupled with ill-trained IT staff for the disaster.

The review was written by the Singapore Committee of Inquiry, bearing statements and research from Singapore’s Cyber Security Agency, Ministry of Health, and the Integrated Health Information System (IHiS) .

An investigation was launched after an unknown party accessed the database of SingHealth – Singapore’s largest healthcare organization – between May 1, 2015, and July 4, 2018, taking medical records, national identity numbers, and other personal details.

The attackers took millions of Singapore citizens’ data, as well as repeatedly and specifically targeting the records of Prime Minister Lee Hsien Loong, as suspicions pointed to the work of a nation-state actor.

The review agreed, noting: “The Committee agrees with CSA’s assessment of the attacker as skilled and sophisticated attacker bearing the characteristics of an APT group.”

However it did also note that while it is difficult to prevent an APT (Advanced Persistent Threat – a term commonly ascribed to government-funded hackers), the attack could have been stopped if staff had taken appropriate action.

Indeed, much of the report is dedicated to highlighting the failings in SingHealth’s basic security hygiene.

Administration accounts had not implemented two-factor authentication, systems were not patched or updated, and staff didn’t respond seriously or quickly enough.

“The Security Incident Response Manager (SIRM) and Cluster Information Security Officer (Cluster ISO) for SingHealth, who were responsible for incident response and reporting, held mistaken understandings of what constituted a ‘security incident’, and when a security incident should be reported,” the report read.

There was also a coding vulnerability in the database which hadn’t been patched and likely led to attackers gaining access.

Some suspicious behavior, such as unauthorized access to servers, but noted that they failed to recognize the significance of these attacks and therefore stopping the intrusion.

The committee gave 16 recommendations for the healthcare organization, including a review of current technologies to deem whether they are adequate to defend against a future cyber-attack; improving staff awareness on security measures; tightening control of admin-level accounts; and improving incident response processes.

Routine security checks should also be made to check the robustness of both SingHealth’s own systems and vendor-bought products, the report advised.

IHiS, which created and maintains the software SingHealth uses, also made a commitment to bolster its security defenses following the breach, which it says will be fully implemented by the end of the year.

The 30 cybersecurity stats that matter most

Keeping on top of the most important trends in cybersecurity can be challenging sometimes—not because of a lack of data, but because of the sheer quantity of it. Analysts, vendors, research outfits, and others produce voluminous amounts of data on breaches, malware trends, emerging threats, spending habits, security budgets, compliance efforts, and myriad other topics.

The data can alert you to things you should be looking out for, how your controls and processes stack up against those of peers, where criminals are focusing their efforts, whether you are spending enough, and how your compliance efforts measure up against others. But how do you separate the data that matters from the data that just adds to the noise?

To help you focus on what matters, SCS went through numerous research reports, vendor analyses, and whitepapers and zeroed in on information that either adds fresh insights or updates you on statistics you may already know.

Get up to speed fast with the stats that matter most to information security pros.

Data breaches by the numbers

1,579: Total number of publicly disclosed data breaches in 2018

If it seemed as if more organizations disclosed data breaches last year than ever before, it was only because they did. At 1,579, the number of breaches in 2018 was 44.7% higher than the 1,091 disclosed in 2017. Business organizations—such as those in the retail, hospitality, trade, and utilities sectors—accounted for 55% of breaches, followed by the medical and healthcare industry, with 23.7%

1,946,181,599: Total number of records containing personal and other sensitive data that have been in compromised between Jan. 1, 2018, and Nov 20, 2018

As staggeringly large as that number might appear, it is actually smaller than the more than 4.8 billion records exposed in data breaches in 2018. Two breaches that Yahoo disclosed in 2018 accounted for some 1.5 billion of the records exposed last year, while one disclosed by Myspace accounted for another 360 million records.

75%: Proportion of data breaches caused by external attackers

Contrary to some perceptions, external actors continue to pose a far bigger threat to organizations than do internal ones. Among the external actors, organized cyber-crime groups accounted for more than half (51%) of breaches, while 18% of attacks involved state-affiliated groups. Careless, negligent, and malicious insiders with legitimate access to systems and data caused 25% of breaches.

71%: Percent of India enterprises in a survey of 1,200 companies that reported suffering at least one data breach

More than 7 in 10 of all organizations in India were affected by a data breach in some way over the past few years. Some 46% of Indian organizations experienced a breach incident in the past year, a substantial increase from the 24% that reported one in 2017 and the 20% that said they had suffered a breach in 2018. Worldwide, the numbers are slightly lower, with 67% of the respondents reporting at least one breach.

$3.62 million: Average cost of a data breach in 2018

While breaches became larger, the average cost of a data breach declined 10% in 2018, to $3.62 million. The average cost associated with lost and stolen records containing sensitive information also declined substantially, to $141 from $158 per record in 2016. At the same time, the number of compromised records per breach increased to 24,000.

Detection and incident response

77%: Proportion of respondents in a survey of 2,800 IT professionals who said their organizations do not have a formal cybersecurity incident response plan

Despite heightened concerns over data breaches, more than three-quarters of organizations do not have a formal process for responding to one. Twenty-six percent have only an ad-hoc or informal process, and 27% do not apply their incident response plan consistently across the enterprise.

191 days: The average length of time it takes for organizations to identify a data breach

A more than six-month gap between when a breach happens and when it is first identified might seem awfully slow. But 191 days is actually an improvement on the average of 201 days it took organizations to detect a breach in 2018.

66 days: The average time needed to fully contain a data breach in 2018

The number of days it took for organizations to contain a breach in 2018 ranged from 10 to 164 days, with an average of 66 days. Breaches caused by malicious and criminal attacks generally took longer to contain (77 days) and longer to identify (214 days) than breaches caused by human error (64 and 168 days, respectively).

Topics for top brass

45%: Percent of respondents in a survey of 9,500 executives from 122 countries who said their corporate board participates actively in setting security budgets

For all the talk about security needing to become a board-level issue, many boards still appear to be relatively uninvolved in their organization’s security strategy. Only 39% actively participate in setting security policies, just 36% are involved in the technology selection process, and less than one-third (31%) actively review current security and privacy risks.

87%: Percentage of enterprises that say they require up to 50% more budget for cybersecurity

Organizations are spending more than ever on security. Yet 7 in 10 say they want at least 25% more spending, and 17% want up to a 50% increase. However, only 12% believe they will actually receive a security budget increase of over 25%. The rest clearly will just have to make do with whatever increases they get.

76%: Percent of organizations that would likely increase the resources available for cybersecurity following a breach that causes significant damage

More than three-quarters of organizations said that a significant data breach would be a catalyst for increased spending. But many of those same organizations would be unlikely to increase spending in the event of a breach that causes no harm. Sixty-four percent of organizations say an attack that did not cause harm would not trigger budget increases.

29%: Proportion of respondents in a survey of 9,500 executives from 75 industries in 122 countries who said CISOs bear the responsibility for IoT security

Organizations often deploy IoT devices with little thought about the security implications. Only 34% of the survey respondents, for instance, even plan to assess the potential risks to business security from connecting more devices to the Internet. Yet nearly 3 in 10 feel the security organization should be responsible for securing the IoT environment.

Cyber-attack trends

77%: Percent of attacks on endpoint devices in 2018 that involved the use of fileless malware and exploits

Malware running in memory is a lot harder to detect and stop than malware installed on systems, which is why threat actors have increasingly begun using fileless malware in attacks. Fifty-four percent of the respondents to a survey of 665 IT professionals said their organizations suffered one or more attacks that compromised data and/or infrastructure. Of those attacks, 77% involved fileless malware and exploits.

56%: Percentage of organizations in a survey of 1,300 IT decision makers who identified targeted phishing attacks as their biggest current cybersecurity threat

Of all the threats that organizations face these days, phishing attacks continue to be the biggest for many, with 56% identifying it as their top concern. Other threats keeping security managers awake at night include insider threats (51%), ransomware/malware (48%), and unsecured privileged accounts (42%). Forty-two percent of respondents identified threats to data in the cloud as another big issue.

26.2%: Percent of those targeted by ransomware in 2018 who were business users

The purveyors of ransomware last year turned their focus to businesses in a big way. The WannaCry attacks last May, the NotPetya outbreak in June, and the BadRabbit attacks of October were the biggest ransomware exploits targeted at businesses, but there were several others as well. That made 2018 the year of ransomware for enterprises.

87%: Percent of remote code execution attacks late last year that involved crypto-mining malware

The hijacking of computers for crypto-mining purposes is quickly becoming a major problem for enterprises in much the same way that ransomware became a major threat a couple of years ago. Nearly 90% of all remote code execution attacks last December involved attempts to surreptitiously download crypto-miners.

Cybersecurity budgets and spending

86%: Percent of Indian organizations that plan to increase cybersecurity spending this year

Nearly 9 in 10 companies plan to increase cybersecurity spending this year, up 10% from the 76% that said the same thing in 2018. Worldwide numbers are slightly smaller, with 78% reporting plans to increase spending on cybersecurity, compared to 73% last year.

$96.3 billion: The total organizations worldwide plan to spend on cybersecurity in 2018

Data breach concerns and fears of threats such as WannaCry and NotPetya will drive cybersecurity spending to yet another high this year. The $96.3 billion that organizations will spend on security products and services this year represents an increase of 8% over 2018 and a more than 17% jump over the $82.2 billion that organizations worldwide spent in 2018.

$75.2 billion: Amount that organizations worldwide will spend on infrastructure protection and security services in 2018

Gartner expects IT outsourcing, security testing, and security information and event management to be the fastest-growing segments within the infrastructure protection and services categories this year. The Identity and Access Management segment will see some $4.7 billion in spending this year, and the network security segment will account for $11.7 billion of overall spend.

Compliance and government

74%: Percentage of Indian respondents in a survey of 1,200 organizations that feel adherence to compliance requirements is either “very” effective or “extremely” effective

Notwithstanding the compliance-versus-security debate, nearly three-quarters of organizations in the Indian think that complying with regulatory and industry mandates such as PCI DSS is a great way to improve security. In contrast, a somewhat smaller 64% of organizations worldwide have a similarly positive view about compliance.

88%: Percent of 300 CIOs, CPOs, general counsels, and other senior staff at Indian, companies who reported spending more than $1 million on GDPR compliance

Organizations rushing to meet the deadline for complying with the EU’s General Data Protection Requirements are spending more on ramping up their privacy and security programs. Of the companies that have completed their preparations, 88% said they spent at least $1 million, and 10% said they spent north of $10 million. Among companies still finishing up, 60% expect to spend at least $1 million on GDPR compliance, and 12% will spend more than $10 million.

$15 billion: Proposed budget for cybersecurity in the FY 2019 budget

The proposed amount is a $583.4 million increase over the FY2018 estimate. As usual, more than half of the amount is for the Indian Department of Defense, which last year received $8.5 billion in cybersecurity funding.

52%: Percent of respondents in a survey of 200 civilian and Defense Department IT decision makers who view cybersecurity regulations and mandates as hindering risk management

More than half of IT decision makers in federal agencies view mandates such as NIST’s Risk Management Framework as complicating their cybersecurity efforts, rather than helping them. On the plus said, 55% said that NIST’s Cybersecurity Framework has helped to at least promote a risk management dialog at their organizations.

54%: Percent of IT decision makers at federal agencies who view careless and untrained employees and contractors as posing the biggest security risk

Contrary to perception, careless and negligent insiders often pose a bigger threat to cybersecurity than malicious ones. Concerns over the issue appear to be growing, considering that only 48% cited careless insiders as a security risk in 2018 compared to the 54% who said the same thing in 2018.

Mobile, IoT, and industrial control systems

100%: The percent of organizations from a sample of 850 organizations with at least 500 mobile devices that experienced a mobile attack in 2018

Every organization permitting the use of mobile devices for work experienced some form of an attack, but they didn’t always know it. In fact, organizations were attacked 54 times on average. Not all attacks resulted in breaches.

54%: Percent of respondents in a survey of 359 cybersecurity practitioners who reported at least one security incident involving an industrial control system in the past 12 months

Concerns over catastrophic security failures at organizations with critical industrial control systems appear to be outweighing the number of actual incidents. Even so, more than half have experienced security incidents involving malware, third parties, and other sources.

55%: Percent of industrial organizations that allow third parties such as suppliers, partners, and service provides to access their industrial control network

Despite heightened concerns over third-party risks, more than half of industrial organizations permitted outsiders to access critical systems remotely. Unsurprisingly, organizations allowing third-party access also are 63% more likely to experience a cybersecurity breach versus those that do not permit such access.

40%: Proportion of business leaders in a survey of 9,500 IT professionals who are concerned about a cyberattack on IoT networks and other emerging technologies causing operational disruptions

Despite the potential benefits of automation and robotic systems, many organizational leaders worry about the vulnerability of emerging technologies to cyber threats. In addition to operational outages, data theft is a worry for 39%, and 32% fear that product quality could be affected by a successful cyberattack on emerging technologies.

61%: Percent of organizations that have deployed some level of IoT technologies, and have had to deal with a security incident related to IoT in the past year

Most security incidents involving IoT networks have resulted from actual attacks, such as malware infiltration (24%) and phishing/social engineering attacks (18%). Over 1 in 10 (11%) IoT security incidents involved device misconfiguration issues, 9% involved privilege escalation, and 6% resulted in credential theft.