CYBER SECURITY THREAT INTELLIGENCE REPORT – WEEK ENDING 28 NOV 2020

MobileIron Remote Code Execution Vulnerability (CVE-2020-15505):

APT nation state groups and cyber criminals are attacking the networks of UK organisations by exploiting MobileIron remote code execution vulnerability CVE-2020-15505. This critical vulnerability affects MobileIron Core and Connector products and could allow a remote attacker to execute arbitrary code on a system. The MobileIron website lists the following versions as affected:

• 10.3.0.3 and earlier
• 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0
• Sentry versions 9.7.2 and earlier
• 9.8.0
• Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier.

A proof of concept exploit became available in September 2020 and since then both hostile state actors and cybercriminals have attempted to exploit this vulnerability in the UK. These actors typically scan victim networks to identify vulnerabilities, including CVE-2020-15505, to be used during targeting (T1505.002). In some cases, when the latest updates are not installed, they have successfully compromised systems. The healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected.

The Cybersecurity and Infrastructure Agency (CISA) in the US has also noted that APTs are exploiting this vulnerability in combination with the Netlogon/Zerologon vulnerability CVE-2020-1472 in a single intrusion.

BlackFriday Consumer Fraud & Scams:

New research states that 84% of consumers are willing to share their personal details during Black Friday sales in a bid to save money. The research shows that majority of shoppers are willing to send personal data such as email addresses and telephone numbers to take advantage of bargains they receive or see online. As many people have experienced additional financial strain due to the COVID-19 pandemic, the desire to save money has increased significantly and criminals are, therefore, more likely to exploit these desires. Further insights from the study show:

• just 17% would only shop from well-known brands to avoid security risks
• only 33% refused to use a website that looks illegitimate
• 29% said they were aware that unknown brands offering major discounts could result in significant security risks
• just 25% were aware that the frequency of scams increased during Christmas and other sales periods and would not risk sharing data for a discount.

Covid-19 Patient Data Breach:

The personal and health information of more than 16 million Brazilian COVID-19 patients has been leaked online after a hospital employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub this month. From cancelled conferences to disrupted supply chains, not a corner of the global economy is immune to the spread of COVID-19.

Among the systems that had credentials exposed were E-SUS-VE and Sivep-Gripe, two government databases used to store data on COVID-19 patients. E-SUS-VE was used for recording COVID-19 patients with mild symptoms, while Sivep-Gripe was used to keep track of hospitalized cases. The two databases contained sensitive details such as patient names, addresses, ID information, but also healthcare records such as medical history and medication regimes.

The data leak came to light after a GitHub user spotted the spreadsheet containing the passwords on the personal GitHub account of an employee of the Albert Einstein Hospital in the city of Sao Paolo. The end user later notified Brazilian newspaper Estadao, which analyzed the data and notified the hospital and the Brazilian Ministry of Health.