Remote working continues to dominate cyber affairs. The battle for Teleconferencing services is escalating. In its 90-day recovery plan, Zoom promises to add 256-bit encryption, allow users to opt out of China connections and is even producing an app offering cryptocurrency rewards to users. Google offers its Meet free until Sept, and Microsoft has added a patch to its Teams, which could have allowed unauthorised access. There has been a record number of phishing attacks, many triggered by fake Covid-19 (CV-19) websites phishing for bank details, fake on-line shops or malware distribution. Germany’s NRW State CV-19 emergency funding website was reportedly impersonated, and tens of millions of Euros stolen by hackers. Google blocks 100K attacks a day, 20K being CV-19 related. UK NCSC has opened a website to report phishing, and immediately removed 2K sites. MS warns of Trickbot malware exploiting CV-19. PDC reports hackers attempting to harvest Cisco WebEx credentials by by-passing its email gateway. Ransomware attacks proliferate, and are now attacking Architect companies, Zaha Adid being major victim. Infrascale reports 48% of SMEs have reported attacks. Cognizant latest victim of MAZE attack. New Eventbot trojan found to be targeting Android banking applications in US and Europe to steal client data. ZecOps reports two ‘zero click’ vulnerabilities in Apple Mail from iOS6 onwards, which give attackers the power to leak, modify or delete emails, although Apple denies that any attack has happened, MacIOS is not vulnerable. Apple has issued two patches after its Safari browser reported to be vulnerable to hijacking of cameras and microphones of iPhones and Macs.
Written By David Palmer OBE