Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label cyber incident. Show all posts

Telstra Reacts to Optus Hack with Online Safety Tips for Customers

Since Optus was attacked, the telco constantly reached out to its customers to know if they had been a victim of the data breach, but there are still some customers claiming that they did not receive any official notice from Optus. 

Optus will be covering the number of replacement passports for customers who had their personal credentials leaked during the attack. The Prime Minister of Australia Anthony Albanese stated, “Optus has responded to my request that I made both in the parliament and that Senator Wong made in writing to Optus, they will cover the cost of replacing affected customers' passports." 

Telstra has also sent an informative email to its customers today in response to a large number of questions from their own customers regarding online safety tips. 

Titled "helping to keep you safe", the email from Telstra refers directly to the Optus attack, saying, "Over the past week many of our customers have reached out to us following the Optus cyber-attack with questions about how to stay safe online and to know if their data has been impacted." 

Following the incident, the telco confirmed to their customers that their data is not affected, however, they have "heightened our monitoring and, as cyber-attacks become more regular and scammers become more sophisticated, we all need to remain on alert." 

The following tips have been suggested by the Telco for its customers: 

• Switch on two-step verification with Telstra if you haven't already 
• Remain suspicious of unexpected communications 
• Switch on two-step verification on your bank account and monitor transactions 
• Keep your devices updated 
• Use strong passwords to your accounts 
• Pay attention to what you share on social platforms 

Since Optus was hacked it has taken a week to contact its 9.8 million customers via email, when the press asked Telstra how long it would take them to reach out to their all customers, Telstra's spokesperson said, "We anticipate our customers will receive this communication by close of business today.”

A Matrix Update Patches Serious End-to-End Encryption Flaws

Recently the open source Matrix messenger protocol published security warnings on its platform about two critical-severity vulnerabilities that affect the end-to-end encryption in the software development kit (SDK). 

As per the warning statement, the groups of malicious actors are exploiting these vulnerabilities that could break the confidentiality of Matrix communications. The vulnerabilities also allow the threat actors to run man-in-the-middle attacks that expose message contents in a readable form. 

According to the technical data, the users who were using the matrix-js-sdk, matrix-android-sdk2, and matrix-ios-sdk, like Element, Cinny, SchildiChat, Beeper, Circuli, and Synod.im have been hit by the bugs. However, the platform clarified that clients using a different encryption implementation such as Hydrogen, Nheko, ElementX, FluffyChat, Timmy, Syphon, Gomuks, Pantalaimon) are safe from the attacks. 

The vulnerabilities were reported to Matrix by the researchers of Brave Software, the University of Sheffield, and the Royal Holloway University in London. The group published the technical details of the research findings. 

List of the critical severity flaws discovered by the team

 
  • CVE-2022-39255: Same as CVE-2022-39251 but impacting matrix-ios-sdk (iOS clients). 
  • CVE-2022-39251: Protocol-confusion bug in matrix-js-sdk, leading to incorrectly accepting messages from a spoofed sender, possibly impersonating a trusted sender. 

The same flaw makes it possible for malicious home server admins to add backup keys to the target's account. 

  • CVE-2022-39250: Key/Device identifier confusion in SAS verification on matrix-js-sdk, enabling a malicious server administrator to break emoji-based verification when cross-signing is used, authenticating themselves instead of the target user.
  • CVE-2022-39257: Same as CVE-2022-39249 but impacting matrix-ios-sdk (iOS clients).
  • CVE-2022-39248: Same as CVE-2022-39251 but impacting matrix-android-sdk2 (Android clients). 
  • CVE-2022-39249: Semi-trusted impersonation problem in matrix-js-sdk leading to accepting keys forwarded without request, making impersonation of other users in the server possible. Clients mark these messages as suspicious on the recipient's end,  thus dropping the severity of the bug. 
  • CVE-2022-39246: Same as CVE-2022-39249 but impacting matrix-android-sdk2 (Android clients). 
Furthermore, the report detailing listed two problems that are yet to receive an identification number. One of these problems allows malicious actors access to the home server and the second refers to using AES-CTR. 

University of the Highlands and Islands Deals with a Sudden Cyber Attack

 

A persistent 'cyber incident' occurred at the University of the Highlands and Islands, which disrupted its services and networks on all of its campuses. The UHI network of 13 colleges and academic institutions was restricted to its students on Monday 8th of March, along with the Inverness and Perth colleges. In an advisory to students and staff around 13 sites in the northernmost portion of the UK, 'most facilities' – including their digital training environment at Brightspace – have been affected. The notice put up in the regard read that “All classes currently online because of the restrictions caused by COVID-19 will continue as normal wherever possible. Some students will attend campuses for practical classes as directed by their local course or campus contact.” 
"We are currently working to isolate and minimize impact from this incident with assistance from external partners. We do not believe personal data has been affected," said the university, adding: "The source of the incident is not yet known." 

An e-mail was sent out to the students stating that the apparent intrusion was not compromised by Office 365, Cisco Webex, OneDrive, the Teams, and e-mail services. The same information was also released on the UHI website. Administrators were of the belief that personally identifiable information was not compromised, and they affirmed the same.

Ransomware is a malware that encodes everything and allows victims to read a ranking document. The perpetrators behind such incidents usually claim huge payouts for the decryption key in exchange for decoding the victim's files in Bitcoin or equivalent cryptocurrencies. The actors are often copying the confidential files from the system of the victim and demand a second ransom to prohibit their disclosure; this is an increasingly prevalent variant. 

Notably, UHI's description has a lot in common with early stages of previous ransomware attacks. The standard account is unreported "cyber incidents," unexpectedly knocking out vast sections of IT services around an organization. Incidents of this kind have taken place in the past year with an increasing frequency in insurance, charity, and other businesses along with educational institutions.

The best practices while tackling ransomware are not to deal with the cash demands of the perpetrators. However, the distressed organisations, whose plans can buy the offenders off and clear the attack, are gradually turned towards cyber insurance firms.