08 November 2019

IRM Weekly Cybersecurity Roundup: ISRO cyber-attack announced and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 


ISRO cyber-attack linked to Indian nuclear power plant attack

Last week, we covered the news of the Indian nuclear power station “Kudankulam” hit by a cyber-attack, leaking data online. A report has now revealed the Indian Space Research Organisation (ISRO) was also made aware of a possible cyber-attack, potentially causing a data leak.

ISRO cyber-attack

A US-based cybersecurity company alerted the Indian power plant that a threat actor had breached their master domain controllers. It has emerged that the same malware also threatened ISRO.

The malware has been identified as ‘Dtrack’, a programme that can steal data and give the threat actor or hacker complete control over the affected devices, by exposing its credentials and passwords. The malware was developed by North Korean hacker group called Lazarus.

The ISRO have yet to officially confirm or deny the cyber-attack. You can read more here.


How a laser could infiltrate your smart speaker

Researchers have discovered certain smart speakers, such as the Amazon Echo or Google Home, are vulnerable to laser attacks.

Laser-powered light commands could force your smart speaker to make purchases, open garage doors, unlock cars and more.

The laser has been tested from different lengths away from the smart speaker. The test also noted that even shining the laser through a window, it was still plausible to command the smart speaker.

Researchers found that pointing the laser directly to the microphone of the smart speaker and changing the intensity at a precise frequency, the light would somehow “perturb the microphones membrane” at the same frequency.

This caused the microphone to interpret the incoming light as a digital signal, as if it were sound. You can read more here.


Two companies in Singapore fined for data breaches

Telecom provider, Singtel, and goods delivery start-up, Ninja Logistics, have both been fined for data breaches.

Singtel has been fined $25,000 for a breach in 2017, involving their mobile app design. Users could potentially access 330,000 customer accounts, exposing billing information, names and addresses.

Singapore

Ninja Logistics has been fined $90,000 for leaving 1.26 million individuals data exposed to website users occurring in 2016.

Ninja Logistics users were able to enter different tracking numbers to view information, such as names, addresses and signatures of customers whose deliveries were set as “completed”. No evidence that the exposed personal data had been maliciously collected.

Singtel has addressed its design flaw and administered corrections in the latest version of the app.

Ninja Logistics have corrected their issues by not allowing parcels to be tracked two weeks after delivery, and removing recipients’ names and signatures from its web page from mid-October 2019. You can read more here.


Rogue cybersecurity employee exposes customer data

A rogue employee of the cybersecurity and anti-virus company, Trend Micro, has exposed personal data of thousands of their customers.

It came to light in August 2019, after customers started to receive phone calls from scammers posing as staff at Trend Micro. Approximately 70,000 of its 12 million customers have been affected. The employee in question has now been fired after the company concluded they had “clear criminal intent”.

This situation raises more questions about how organisations remain liable for staff leaks, similar to the exposure at Morrison’s in 2014.  You can read more here.


Quick-fire Updates

45K devices infected with Android dropper app: Xhelper is a malicious android app that is able to hide itself from users, download threats and display advertisements. It can re-install itself after users uninstall it and is designed to stay hidden by not appearing on system launcher. You can read more here.

Privacy flaw in Facebook Groups: Facebook have discovered a new privacy flaw allowing around 100 app developers to access data in groups. The data includes people’s names and photos. You can read more here.

BlueKeep vulnerability exploited in mass-hacking campaign: Security researchers have confirmed that hackers are breaking into unpatched Windows computers using the BlueKeep vulnerability to mine cryptocurrency. You can read more here.


If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM. 

Are you looking to get into a career in cyber? Check out IRM’s job vacancies on our careers page or sign up to our careers newsletter for future roles.