Coordination, teamwork, and synchronization – being part of a team, something larger than oneself. These seem to be noble endeavors. But what happens when the desire to be a part of this team – especially on a global scale – backfires?
NTT Security presents some examples of this very issue in the July 2018 GTIC Monthly Threat Report – looking deeper into cyber activity surrounding the 2018 FIFA World Cup, collaboration tools being used worldwide which could be leveraged by a malicious – or unintentional – insider, and a vulnerability within Cisco synchronization tools.
Generally speaking, these topics share a similar informality.
The 2018 FIFA World Cup is definitely a party-like atmosphere; millions of people across the globe fervently rooting for their country’s team. These same folks are casually using their devices, perhaps not thinking too much about security.
Similarly, coworkers using collaboration tools, which are sometimes viewed – and used – as a less formal means of keeping in touch or coordinating on a project, could have a similar mindset; security may not be at the forefront, leading users to accidentally (or carelessly) disclose data or sensitive information they normally wouldn’t in another venue.
For the 2018 FIFA World Cup, the NTT Security Global Threat Intelligence Center (GTIC) gathered and analyzed information concerning actual attacks leading up to, and during, the event. GTIC researchers discovered most attacks with a World Cup theme were phishing emails, attempting to trick users into opening malicious documents, perhaps to glean credentials or for financial gain.
In greater detail, GTIC researcher, Terrance DeJesus, noted that malicious file types were mostly .pdf (Adobe) at 51%, followed by .doc (Microsoft Word documents) at 31%, .xlsx (Microsoft Excel files) at 11%, and .rtf (Rich Text Format) at 4%, with other file types rounding out the remaining 3%.
NTT Security researchers weren’t the only ones who noticed this type of activity against those involved or interested in the World Cup; the broader cybersecurity community observed similar activity, and NTT Security partner, Symantec, discovered a World Cup-themed attack campaign targeting Android users.
By the same token, collaboration tools like Skype or Slack could be used casually, without security of use being at the forefront. In fact, a recent study of more than one million employee messages revealed that one in every 118 public communications included confidential information, and one in every 262 public messages included passwords. Spread across millions of users, that starts becoming exposure of significant amounts of what should be private, sensitive information pretty quickly.
And, although not typically used casually, Cisco discovered a critical vulnerability in the Fabric Services component of the NXOS and FXOS software, which allows network administrators to distribute and synchronize configuration data of Cisco devices across a network.
Although patches are available for this threat, it remains to be seen as to whether they will be applied. As always, administrators and users are highly encouraged to apply patches quickly, as attackers will continue to target exploitable entry vectors into a network as long as they can; attackers will take full advantage of those systems which remain unprotected.
Read more about the cyber activity surrounding the FIFA World Cup, the potential exploitation of collaboration tools by insiders, and the Cisco FXOS and NXOS Fabric Services Remote Code Execution Vulnerability in the July version of the team-built (see what I did there?) GTIC Monthly Threat Report.