Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Check your privacy and security settings
Mobile devices and social media outlets are resources many of us use every day. But when was the last time that you reflected on how much personal information you may be disclosing to those resources? The Washington Post offers a convenient portal with guides on checking the privacy settings for some of the most popular device and social media settings, including TikTok, Twitter, Facebook, Apple and Android operating systems, and more. Each section is updated regularly as the features and defaults of each system evolve. Check out the resources and make sure you are comfortable with your privacy settings.
ITRC releases 2021 data breach report
The Identity Theft Resource Center (ITRC) has released the 2021 Annual Data Breach Report, its 16th annual report on data breaches in the United States.
The report reveals that there were 1,862 reported data compromises in the United States in 2021 – a 68% increase over 2020. In fact, in 2021, “there were more cyberattack-related data breaches than there were all forms of data breaches in 2020,” according to ITRC COO James E. Lee.
The report also shows that compromises increased year-over-year in every primary industry sector except the military, which had no publicly-disclosed data breaches last year. The manufacturing and utilities sector saw the largest percentage increase in data compromises, more than doubling the number of incidents in 2020.
The report also documents that ransomware-related data breaches have doubled in each of the past two years: at this current pace, the report concludes, ransomware attacks will pass phishing as the number one root cause of data compromises by the end of 2022.
Swissport hit by ransomware attack
On February 3, Swissport, one of world’s largest airport services companies, was the victim of a ransomware attack on its cargo services division. Swissport confirmed the incident on Twitter, where they posted, “A part of #Swissport’s IT infrastructure was subject to a ransomware attack. The attack has been largely contained, and we are working actively to fully resolve the issue as quickly as possible. Swissport regrets any impact the incidence has had on our service delivery.”
According to a report in FreightWaves, Swissport said that several servers were affected, which caused some systems to be temporarily unavailable. Swissport is isolating servers to avoid the further spread of the problem and restoring systems by switching to unaffected cloud servers.
The attack and/or the remediation efforts appeared to have compromised Swissport’s website temporarily, as visitors to the site received a blank page with the following message: “Back-end server is faulty or not available.” The website was back up and running by February 5, when they tweeted, “IT security incident at #Swissport contained. Affected infrastructure swiftly taken offline. Manual workarounds or fallback systems secured operation at all times. Full system clean-up and restoration now under way. We apologize for any inconvenience.”
There is no word on the ransom demands or the type of ransomware used in the attack.
The Opfikon, Switzerland-based company provides services for cargo handling, security, maintenance, cleaning, and lounge hospitality for 310 airports in 50 countries. In 2019, it handled 282 million passengers and 4.8 million tons of cargo, making it a vital link in the global aviation travel industry chain.
Firmware vulnerabilities expose major computer manufacturers
Researchers at Binarly have reportedly discovered 23 vulnerabilities in the firmware used in devices built by at least 25 global hardware manufacturers including Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, HPE, Siemens, Microsoft, Acer, and Bull Atos. The bugs involve UEFI (Unified Extensible Firmware Interface) software, which creates an interface between a device’s firmware and its operating system, typically handling the startup process, system diagnostics, and repair functions.
In their report, the researchers describe how the flaws could allow a threat actor to disable many hardware security features, install persistent malware, and create backdoors and open communications channels to steal sensitive data.
Of the 23 vulnerabilities, three – CVE-2021-45969, CVE-2021-45970, and CVE-2021-45971 – received a critical severity rating of 9.8 out of 10, while near half of the discovered vulnerabilities could be exploited for privilege escalation.
Insyde Software, the manufacturer of the InsydeH2O UEFI software, has been cooperative with the researchers and has released a detailed chart outlining the status of the bug fixes and the affected hardware platforms. Users of the systems are urged to assess their exposure and take appropriate remediation steps.
Two serious infrastructure bugs reported: are you safe?
The importance of having full visibility into organizational infrastructure software came into sharp focus again this week, with reports of two separate vulnerabilities in “behind-the-scenes” software.
1. Samba – the widely used open-source software has a flaw in its “vfruit” module (used to help provide enhanced compatibility between Windows and Apple products) that could allow an attacker to gain control of an affected system. The Zero Day Initiative provides a detailed analysis and remediation description.
2. Argo CD for Kubernetes – another open-source product, Argo CD is a popular continuous delivery (CD) tool used to deploy applications to Kubernetes platforms. Here too, a bug in the software could give a threat actor remote code execution permissions. Two version updates have been released to address the issue.
Do you know whether your organization uses these components and could be at risk?