Tag Archives: cybercrime

Google and Microsoft products accumulated the most vulnerabilities in H1 2021

Cybercriminals are constantly attempting to exploit vulnerabilities that affect as many people as possible to maximize their profit opportunities. 

According to the recent Atlas VPN team findings, Google and Microsoft accumulated the most vulnerabilities in the first half of 2021. Although not all exposures can cause critical damage, hackers could exploit some of them for severe attacks. 

HSE cyber-attack: Irish health service still recovering months after hack -  BBC News

Google had 547 accumulated vulnerabilities throughout the first half of 2021. Exploiting Google products like Chrome is popular among cybercriminals. Next up, the second most exposures were found in Microsoft products — 432. State-sponsored threat actors from China abused Microsoft Exchange Server vulnerabilities to carry out ransomware attacks. 

Microsoft accuses China over email cyber-attacks - BBC News
Microsoft accuses China over e-mail cyber attacks. Image; BBC News

Oracle registered 316 total vulnerabilities in the first six months of 2021. Usually, the exploits are found in Oracle WebLogic Server, which functions as a platform for developing, deploying, and running enterprise Java-based applications. 

Networking hardware company Cisco accumulated 200 vulnerabilities. Lastly, the producer of software for the management of business processes SAP had 118 exploits in total. Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on Microsoft and Google vulnerabilities: “Exploiting vulnerabilities in Google or Microsoft products allow cybercriminals to probe millions of systems. While the tech giants are doing a fair job of keeping up with exploits and constantly updating their software, people and organizations need to follow suit and keep up with the updates to prevent further exploitation.”

Vulnerability tiers 

Exploits that can be turned into a severe attack get more attention from cybercriminals and companies themselves to fix the flaw as soon as possible. In the first half of 2021, there were 1,023 vulnerabilities found with a risk tier of 10.

One of the exploits that applied to such a tier is CVE-2021-22986, with a score of 9.8. National Vulnerability Database (NVD) issued risk tier 9 to 927 vulnerabilities. At this tier, exploit CVE-2021-28111 stood out with a score of 8.8. NVD recorded most vulnerabilities at a risk tier of 8 — 2,164. A notable exploit was CVE-2021-24092, with a score of 7.8. Finally, NVD recorded 501 vulnerabilities at risk tier 7. While second-most vulnerabilities — 1,765 — were found at tier 6. 

google-and-microsoft-accumulated-the-most-vulnerabilities-in-h1-2021

top brands impersonated most in phishing attacks

Criminals continue to impersonate well-known brands to trick people into giving up their personal information. 

According to the data presented by the Atlas VPN team, Crédit Agricole, a French financial group, was by far the most used brand in phishing attacks in H1 2021. The brand was linked with 17,755 unique phishing URLs, followed by social media giant Facebook with 17,338 and Microsoft with 12,777.

The figures are based on Phisher’s Favorite Top 25 H1 2021 report by Vade, which looks at the 25 most impersonated brands in phishing attacks from January 1, 2021, to June 30, 2021. 

Multi-platform messaging service provider WhatsApp is the second social media brand to make the top ten list. It was taken advantage of in 8,727 phishing attacks. Meanwhile, French bank La Banque Postale occupies the fifth spot with 7,180 attacks.

Other brands in the top ten list include multinational telecoms company Orange (4,047), the world’s largest online retailer Amazon (3,501), multibillion-dollar media, entertainment, and communications company Comcast (3,116), digital payment service provider PayPal (2,601), and American national bank Chase (2,537).

Most phishing assaults were perpetrated in Brazil, followed by Russia and Indonesia.

Financial brands were criminals’ favorite

Generally, cybercriminals choose highly-trusted brands in their phishing campaigns. However, brands in certain industries were more favored than others.

Financial service brands were particularly popular in phishing attempts due to the rise in digital payments and growing reliance on online banking during the pandemic. They accounted for 36% of URL phishing attacks in H1 2021. 

Cybercriminals spoofed well-known financial brands such as Crédit Agricole, La Banque Postale, PayPal, Chase, Wells Fargo, Square, HSBC, and Banque Populaire to lure out sensitive information from unsuspecting victims.

Social media companies were also heavily impacted. Social media brand impersonation accounted for over a quarter (26%) of all brand phishing attacks in the first half of this year. Apart from Facebook and WhatsApp, Instagram and LinkedIn were common choices for criminals.

Next up is the cloud sector. Cloud companies like Microsoft, Netflix, Adobe, and DocuSign were involved in 17% of URL phishing attacks. Meanwhile, 11% of phishing assaults targeted e-commerce and logistics companies, such as Amazon, DHL, Rakuten, Apple, and eBay.

The remaining 10% of brands spoofed in URL phishing attacks were internet and telecommunication companies, such as Orange, Comcast, Yahoo, SFR (9%), as well as government organizations (1%). 

Tips to avoid phishing scams

  • Keep your browser up to date. Look out for browser updates. They are released regularly and may contain security patches for vulnerabilities that were discovered on the browser. Cybercriminals often launch attacks to exploit known security vulnerabilities. Therefore it is essential to install any browser updates as soon as they become available. 
  • Inspect the website’s URL. Carefully inspect the website’s URL before taking any action. Criminals use visually similar characters such as lower case “L” and capital “I” to deceive people into thinking they are on a legitimate website. 
  • Look for an SSL certificate. Make sure the portal address starts with HTTPS (not with HTTP) and has a green padlock symbol before the web address. This means that the website has an SSL certificate, and the connection is encrypted. 
  • Beware of grammar mistakes. Scammers rarely hire professional writers to check their copy-cat website’s content for errors. If a website is riddled with spelling mistakes, there is a high chance it is not legitimate. 
  • Check if the website has been flagged. You can use URL checkers to see if the website has already been flagged. You can find many tools for this purpose by searching “Check URL safety” in Google.
  • Use Tracker Blocker. Take advantage of the Atlas VPN Tracker Blocker tool, which stops third-party trackers and blocks malicious websites for a safer browsing experience.

Current State of Cybersecurity Doesn’t Work

“You pay your money, as the saying goes, and you take your chances.” says Falkowitz, CEO of Area 1 Security. “More and more these days, it seems like this ‘policy’ is the rule rather than the exception, in everything from health care insurance to the commuter parking lot. Even though you’ve paid for the product or service, no one’s really responsible for some reason when you suffer damages while consuming whatever it is you bought. Or worse yet, you somehow find that whatever you bought doesn’t really do what you bought it for. And there’s an asterisk somewhere in the fine print to explain why. Unfortunately, nowhere is this more prevalent than in today’s cybersecurity industry.”

Despite the billions spent on cybersecurity we continue to suffer the most debilitating and expensive breaches imaginable, and some that cannot be imagined under any circumstances. Yet experts predict the worst is still to come. Cybercrime has moved from data theft and website defacement to a trajectory that includes data manipulation, data loss and eventually, if something is not done to change the economics of being a bad guy on the internet, threats to the stability of society itself.

“Cybersecurity companies seem to be content to collect their millions with the caveat that they can’t really offer protection in exchange,” continues Falkowitz. “Their customers likewise collect mountains of data on their customers and are appropriately contrite when that data is stolen or misused but the apology is not accompanied by compensation. Even the government can’t protect itself, or its citizens even if they’re attacked by another nation-state.”

Phishing

The excuses and the explanations are familiar: Cybersecurity is too complicated. Hackers are too clever. Attacks are unprecedented.

“Nonsense. Every bit of it.” says Falkowitz. “Cybersecurity is no more complicated than hundreds of other things we do routinely, from sending astronauts into space or open heart surgery. Hackers are human, just more persistent about how to fool the rest of us. And attacks are based on the same tried and true methods—phishing—they’ve been using for decades.”

Oren J. Falkowitz is the co-founder and CEO of Silicon Valley’s Area 1 Security. Oren held senior positions at the NSA and United States Cyber Command (USCYBERCOM) where he focused on Computer Network Operations & Big Data and is a predominant cybersecurity industry thought-leader committed to keeping high-level national security conversations relevant.  For the Silo, by Jennifer Vickery. 

Supplemental- What exactly is phishing?