Weekly Threat Report - 7th December 2018
Three malicious apps have recently been identified and removed from Apple’s app store. The apps had a health theme and purported to check heart rate, calorie count or BMI index. “Fitness Balance”, “Calories Tracker” and “Heart Rate Monitor” were discovered to be fraudulent and have been removed. When the apps asked for a fingerprint scan to access information of interest, the identification method was instead employed to authorise a payment of up to $120. If the user has a credit or debit card linked to an Apple account, the transaction was approved. The apps would then continue to prompt the user to use the finger scanner before continuing to use the app. The scale of losses is unknown.
The existence of these apps in an eco-system generally considered as secure indicates that despite rigorous checks carried out by official app stores, some malicious apps do evade detection. The malicious apps were spotted and have now been removed. When downloading apps, consumers should check reviews and any available information about the app and its developer. You should also be alert to permissions that the app is requesting - these can be checked in the app settings. This scam affects iPhone 8 or earlier models. Newer models have a feature called “Double click to pay” which, when activated, requires users to double click the side button to verify a payment.
Further advice can be found on the Cyber Aware and Get Safe Online websites.
You can also find advice for app developers here on the NCSC website.A week of data breaches…
A number of significant events surrounding breach activity has occurred over the course of the past week. In response to previous breach activity, Uber has been fined £400k by the Information Commissioners Office (ICO) for a breach reported back in 2016. In addition, German social media site Knuddels, was fined €20k by German regulators following a data breach. In one week, a number of new breaches have also been disclosed, such as the personal data of 500 million Marriott/Westin Hotels customers and the personal data of 100 million Quora users.
The volume of data breaches in recent months has been significant so it remains important that individuals and businesses remain vigilant to the threat of breaches. The potential impact on individuals who have had their personal information stolen must not be underestimated. The threat of personal information theft is almost certain to remain and companies that store these details must ensure it is protected against any potential intrusion, for the benefit of their customers and their own reputation.
Designers, developers and operators of online services can find guidance on how to make services harder to compromise here on the NCSC website.
We would also recommend reading our guidance around the phishing threat following data breaches as well as how to protect bulk data.YouTuber fan promotes subscription via printer hack
This week an anonymous individual hacked 50,000 printers, causing them to print out a message that urged people to subscribe to the PewDiePie YouTube channel. PewDiePie was battling with a rival for subscribers in order to retain its status as the most subscribed channel on YouTube.
The printer hacker said they had identified 800,000 printers with open security settings and selected 50,000 to print out support for PewDiePie. The hacker reportedly used a tool called the Printer Exploitation Toolkit (or PRET) to send automated scripts to printers that had IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open over the Internet.
The connections between your networks and the Internet and/or other partner networks, can expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, organisations can reduce the chances of these attacks succeeding.
The NCSC recommends that organisations do not expose printers on their networks without setting up authentications. More generally, the NCSC recommends that users secure devices by changing default passwords and regularly patching.
ASKET Cyber Security Resources