Weekly Threat Report - 16th November 2018
Smishing, the criminal’s data source in your pocket
According to recent reports, smishing, a technique similar to phishing, but using an SMS message rather than an email, is on the rise. The SMS message, which can be disguised to appear from an official source, will have a link which can download malware or redirect the victim to a malicious website to steal credentials or other personal data.
As smartphones become more popular, and the use of email declines, criminals are turning to smishing to spread malware. A UK bank recently suffered IT issues which resulted in cyber criminals taking advantage of the situation by sending SMS messages purporting to be the bank but containing malicious links to malware.
Security reports suggest that the use of smishing poses greater security concerns as phones can hold more information about individuals than a PC. Furthermore the reports state that, as people believe smartphones are less susceptible to malware than PCs, they may not have the relevant security systems installed, including antivirus which is standard in all PCs.
The NCSC has published advice on how to protect your device from malware.
Popular GDPR-related plugin compromised
According to media reporting, cyber criminals have recently found and exploited a vulnerability in the popular WordPress plugin WP GDPR Compliance. The vulnerability allowed the malicious actors to access WordPress sites and install backdoor scripts.
The vulnerability has now been patched, but according to reports, there are still many WordPress based sites using the non-patched version.
The motivation behind this compromise is not yet clear, but it is likely the hackers intended to use the backdoor as a means of harvesting user credentials which they could monetise at a later date.
If you have a WordPress site, ensure that it is patched by downloading the latest version.
African ISP inadvertently routes internet traffic via Russia and China
On Monday afternoon there was a widely reported outage of Google services in the US. This lasted for 74 minutes and was due to internet traffic being wrongly directed via Russia and China in a situation known as a “BGP Hijack”.
The issue has been linked to the West African Internet Service Provider (ISP) Main One. They announced the issue was down to a misconfiguration error that “leaked” and caused internet traffic to be redirected.
Initial concerns that the attack was malicious in nature were luckily unfounded; although the incident has again raised issues surrounding the vulnerabilities of the Border Gateway Protocol – a legacy, trust-based protocol, responsible for the deciding how traffic is routed across the internet.