Weekly cyber news update

 We have put together 10 minutes of an interesting read for you to enjoy, here it is: 
Hackers responsible for cracking the Australian National University’s network

It took just the opening one email to crack the Australian National University’s network, giving sophisticated hackers access to a wealth of information, the email was sent to a senior staff member at the Australian National University (ANU) in November last year. A person working closely with that staff member previewed the email before deleting it — but it was too late.

Merely previewing the email was enough for hackers to steal a username and password that opened the first door into the ANU network.

This wasn’t the first time ANU had been hacked. An earlier cyber attack in 2018 had given ANU what its leader called a “wakeup call”, but that awakening ultimately failed to protect the university from what came next.

ANU vice-chancellor Brian Schmidt noted the report found less information was taken than initially feared but said he was still "stunned" by the incident and apologised to students, staff and alumni.

“It was an extremely sophisticated operation … they were on a mission … the A-team was clearly brought in in this case,”

Information taken from www.news.com.au, read the rest of the report here.

 

All over the world, including the academic sector, cyber criminals are becoming more sophisticated at attempting to steal your data. However in this case it took one simple email.

Staying safe online is easier than you think, find out how to create strong passwords and much, much more here.

If you are concerned about a suspicious email you have received then contact us straight away, even if you are unsure it is worth dropping us an email: grc@infosec.ox.ac.uk.

 

News from the NCSC weekly threat report

Esports tournaments at risk from cyber security threats

Cyber security researchers have warned of the increasing threat to the Esports industry.

This week Trend Micro issued a report, Cheats, Hacks and Cyber attacks, looking at the threats posed to professional online games, tournaments and game companies.

According to the report, there’s “no doubt” the industry will be targeted by malicious actors including:

  • Unscrupulous players looking for advantages over their competitors, creating a market for game cheats in the underground
  • Hackers looking to profit by targeting vulnerable players, push targeted malware, launch distributed-denial-of-service (DDoS) attacks against tournaments and more
  • Other types of threat actors looking to use Esports platforms for political or ideological reasons

The NCSC has published advice and guidance on how to enjoy online gaming securely. With an estimated 1.2 billion of us regularly logging on, signing up and playing online games, we recommend you follow these simple steps to ensure your safety.

 

A simple Android flaw left a billion phones open to phishing attacks

Check Point researchers recently discovered a vulnerability to advanced phishing attacks in a wide variety of Android phones, including models by Samsung, Huawei, LG and Sony, which account for more than 50 percent of the Android market).

In these attacks, a remote agent can trick users into accepting new phone settings that could route all internet traffic through a proxy controlled by an attacker.

The vulnerability relies on a process called over-the-air (OTA) provisioning, which is normally used by cellular network operators to deploy network-specific settings to a new phone joining their network. You may not be familiar with the term OTA provisioning, but you most certainly have seen those SMS messages coming from operators you receive when crossing the borders of a country and landing in a foreign airport, or when changing mobile carriers. These messages are triggered when OTA provisioning occurs.

The vulnerability lies within this process. Because the industry standard for OTA provisioning – the Open Mobile Alliance Client Provisioning (OMA CP) – has limited authentication methods a recipient cannot verify whether the suggested settings originate from his network operator or from a threat actor.

The vulnerable Android devices allow users to receive malicious settings and cannot verify whether the proxy the user is connecting to, is the operator’s or a hacker performing a Man-in-the-Middle attack.Most users wouldn’t hesitate to click on a link delivered by a carrier’s SMS message telling them to configure their device to activate a data plan. Now imagine if it isn’t the carrier, but a hacker on the other end of the link

 

Check Point disclosed these findings to the affected vendors in March. Samsung included a fix addressing this phishing flow in their Security Maintenance Release for May (SVE-2019-14073). LG released their fix in July (LVE-SMP-190006). Huawei is planning to include UI fixes for OMA CP in the next generation of Mate series or P series smartphones. Sony refused to acknowledge the vulnerability, stating that their devices follow the OMA CP specification. OMA is tracking this issue as OPEN-7587.