SECURITY NEWS ROUNDUP

97% of the world’s largest airports have major cybersecurity problems

Note: Each month, the security experts at Archetype SC chime in on trending stories in cybersecurity to help you stay in the know about how to stay safe in your business and in your daily life. For more updates on cybersecurity news as it happens, follow us on LinkedIn, Facebook or Twitter.

Data gathered by ImmuniWeb shows that 97 of the world’s 100 largest airports have security risks present in their operations. Risks range from vulnerable applications, misconfigured cloud environments, dark web exposure, and code leaks.

100% of mobile applications in use by the 100 airports have at least two vulnerabilities and contain at least five external software frameworks. 87% of the airports have data leaks on public cloud repositories.

ImmuniWeb’s founder, Ilia Kolochenko, called the results “alarming.”

“Being a frequent flyer, I frankly prefer to travel via the airports that do care about their cybersecurity. Cybercriminals may well consider attacking the unwitting air hubs to conduct chain attacks of the travelers or cargo traffic, as well as aiming attacks at the airports directly to disrupt critical national infrastructure.”

The three airports that passed all of ImmuniWeb’s tests without detection of a major issue were all located in Europe.

Ransomware group installs vulnerable driver to shut down security software

Ransomware continues to be a lucrative and ever-evolving cyber attack that can cripple an organization. Though the practice of ransomware has boomed in popularity over the past half decade, the first attack came in 1989 against the healthcare industry. In current times, municipalities, schools, and hospitals are key targets for cyber criminals.

British cyber security firm Sophos recently uncovered a pair of ransomware attacks that came from the instillation of a legitimate driver, which was then used to disable security measures and encrypt files without being detected or stopped. In multiple instances of the attack, the ransomware used was RobbinHood, which is generally used against high-value targets.

When informed of the vulnerability being exploited for the attack, Gigabyte, the driver creator, stated that its products were not affected and discontinued the driver.

Machines running Windows 7, Windows 8, and Windows 10 are considered vulnerable to the antivirus disabling technique.

Cloud security questioned with ‘Perfect’ Azure Stack vulnerability

Microsoft confirmed a major vulnerability from late 2019 in which its cloud security in Azure had “a perfect 10.0” flaw. Check Point, a cyber security firm that offers cloud security, targeted popular cloud-based softwares to find vulnerabilities, finding success in WhatsApp, TikTok, Zoom, and Microsoft.

Details of the vulnerability include the ability of any user to break cloud isolation and intercept code or manipulate programs of other users. The isolation of the cloud is what allows multiple users to safely share the same hardware.

Yaniv Balmas, head of cyber research for Check Point, told Forbes the vulnerability “undermines the concept of cloud security. You can’t prevent it, you can’t protect yourself. The only one who can is the cloud provider.”

Microsoft released a patch to fix the issue as part of a “Patch Tuesday” rollout late last year, but did not provide detail on the vulnerability beyond a three sentence statement. Earlier this month, Microsoft released more information on the exploitability of the vulnerability.

SCARY SECURITY STAT OF THE MONTH

27.7%

Bolstering the idea that Cloud environments create a false sense of security, a new report released by McAfee noted a 27.7% increase in cloud related security incidents. The report noted “With 65% of organizations using some form of an infrastructure-as-a-service (IasS) model, organizations need to be aware of the risks that cloud-based options bring and ensure that security is a top priority when deploying them.”

Source: McAfee Cloud Adoption & Risk Report

© Copyright 2019 Archetype SC, Inc.