Wednesday, July 19, 2017

Cyber Updates - 19th July 2017

Coindash loses $10m in Ethereum cryptocurrency

Coindash, a company developing a Cryptocurrency tracking platform held an Initial Coin Offering this week whereby investors could pay Ethereum and receive "tokens" (like shares in the company) in return. Unfortunately, in their own words: "The moment the token sale went public, the CoinDash website was hacked and a malicious address replaced the CoinDash Token Sale address. As a result, more than 2,000 investors sent ETH to the malicious address." Indications are that a total of $10m worth of Ethereum was stolen as a result of this.

Key takeaways:

  • The CrytoCcurrency industry is in its infancy but when so much money is potentially at stake, it is vital that security is built in to all products and processes from the very start.
  • Crytocurrency theft due to cyber attack is a problem across the industry and it seems likely that potential investors will be putting companies' security under far greater scrutiny.

RCE in Cisco WebEx extension

Tavis Ormandy of Google's Project Zero discovered some vulnerabilities in Cisco's WebEx browser AddIn for Chrome and Firefox which could lead to remote code execution on a user's PC by browsing a web site.

This is not the first time that this has happened and it seems unlikely that it will be the last time.

Key takeaways:

  • Install the updated AddIn across your environment as soon as possible.
  • Consider disallowing this AddIn altogether, disallowing it for users who have no need for it or at the very least disallowing it on more sensitive workstations.

The #NotPetya/Nyetya fallout continues

It is clear that some companies are still suffering from this attack several weeks later. In particular, FedEx has indicated that its TNT operations were particularly badly hit having to return to manual processes in various areas. Similarly, shipping line Maersk was also badly hit and is still trying to restore their operations.

Key takeaways:

  • Make sure you have a comprehensive disaster recovery plan which also considers how long it will take to execute the plan.
  • Don't lose sight of the potential costs of a cyber attack and the subsequent restoration processes. Cyber-insurance may assist with this but check the small print!
  • Good communication and frequent updates (Maersk in particular are being praised for this) will be crucial for maintaining customer confidence.

Petya decryption key released

The author of the original Petya ransomware (not to be confused with the #NotPetya attack which, as the name suggests, was not actually Petya) which hit computers over a year ago has released the master decryption key for files. It seems highly unlikely that anyone still has data around encrypted by this which they have not replaced

Key takeaways:

Josh Grossman
Senior Information Security Consultant and Team Leader