Weekly Threat Report - 2nd October 2020
QNAP issues new ransomware warning to network-attached storage device users
IT hardware supplier QNAP has warned customers about a new strain of ransomware targeting their network-attached storage (NAS) devices and has urged customers to update the QNAP device firmware (QTS) and photo station application as soon as possible In the security advisory published last Friday, QNAP warned that the AgeLocker ransomware has been reported to target QNAP NAS, Linux, and macOS devices by attempting to encrypt files using the ‘Age’ encryption tool.
We issued an alert with the US Cybersecurity and Infrastructure Security Agency (CISA) in July warning that a strain of malware called QSnatch was targeting QNAP NAS devices without the most up-to-date security patches.
Our assessment found that attacks targeting NAS devices with the QSnatch malware have intensified in 2020 – with infections going from 7,000 devices in October last year to 62,000 mid-June this year.
It’s important to keep applications and devices secure by regularly updating and, where possible, switching on automatic updates. Our mitigating malware and ransomware guidance shows organisations the steps required to defend against malware and ransomware attacks.
Cloud Security: The way forward?
A survey completed by over 200 UK organisations, showed that moving to a cloud-based IT environment had saved them from collapse due to the increased demand for remote working availability as a result of the COVID-19 pandemic.
However, the pandemic has also highlighted the potential weaknesses in IT security, with more than half of the businesses polled seeing an increase in hijack attempts on employee accounts and impersonation attacks becoming harder to detect.
Further analysis from security experts has warned of the increased chance of remote workers falling victim to cyber attacks. This is largely due to inadequate security protection installed on personal devices and home broadband routers or workers becoming ‘distracted’ and clicking on harmful links.
The NCSC has further reading to help answer security concerns about moving to a cloud-based IT solution, guidance to help you determine how confident you can be that a cloud service is secure enough to handle your data and information to increase awareness about email security.
Vulnerabilities Affecting MobileIron Products (CVE-2020-15505)
Security researchers have recently published the technical details behind their discovery of security vulnerabilities affecting MobileIron products.
Specifically, a remote code execution vulnerability (CVE-2020-15505) affects MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 184.108.40.206 and earlier.
The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest version as soon as practicable.
More information on the vulnerability is available to read on the MobileIron website.
Topics Cyber threat