CyberSec Watch Report – September 2017

Written by Florian Boudot with the participation of Charles Le Reun.

The comeback from summer holidays has been rough this year for companies, as powerful attacks have successfully been executed on September.

Bluetooth

Billions of devices are Bluetooth enabled, thus billions of devices are vulnerable to the new critical attack named BlueBorne. An attacker can take over any device (smartphone , smart TV, IoT…), spread malware or perform a « Man-In-The-Middle » attack if:

  • Bluetooth is turned on
  • The device range is close enough to of the attacker’s device.

The attacker does not need to be paired with the targeted device to successfully and silently exploit the vulnerability.

If you want to have a better idea of what an attacker can do, you can watch the following video 😉

We strongly recommend to (regularly) patch your devices, and turn-off Bluetooth when it is not needed.

Supply chain attack

One of the most popular PC Cleaner and Optimization tool on the market, CCleaner, has been compromised during its build process. A backdoor component has been added, giving the attacker the ability to extract sensitive data or execute malicious code on the host.

The compromised software was officially released on August 15th but has been detected only four weeks later, which included over 2.27M affected users.

The goal of the attackers is unclear though, as Cisco Talos reported, a very short list of companies may have been specifically targeted.

However, make sure you are not running the version 5.33.6162, even though the threat was effectively eliminated.

Deloitte breach

No one is safe. Not even one of the Big Four accounting firms.

Deloitte revealed, in late September, they had been breached for months between end of 2016 and early 2017. The breach came from a stolen administrator credentials, giving attackers access to the email Platform.

Deloitte’s image has been damaged, but it surely made clear that strong gouvernance and visibility is not easy to implement, and can lead to painful and hurtful breaches.

This month recommendations are:

  • Turn on functionalities such as Bluetooth only when you need them
  • Patch your systems/applications as soon as an update is available
  • Enable double factor authentication for every sensitive accounts you have

You can find your other monthly Cyber Watch Report here: July 2017, August 2017 and October 2017.