InfoSec Round-Up: December 6th

iOS Wi-Fi Exploits, School Ransomware & Vaccine Supply Chain Targeted

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Marketing Boss Banned for Nuisance Calls

The now former director of AMS Marketing Limited has been banned from running a business for six years following the company making over 75,000 nuisance calls to numbers across the UK.

Elia Bols, has been disqualified by the Insolvency Service following the Information Commissioner’s Office receiving 32 complaints regarding the conduct of the company under Mr Bols’ direction.

Found to have breached Regulation 21 of the Privacy and Electronic Communications Regulations (PECR), the company was also issued a fine of £100,000 for their multitude of unsolicited marketing calls regarding compensation for road traffic accidents.

Robert Clarke, Chief Investigator at the Insolvency Service, stated on the former company director, “[they] had a complete disregard of protective regulations and thanks to the joint work with the ICO, we have secured a ban which reflects the seriousness of this offence.”

Adding, “when directors of a company do not comply with regulations that are designed to protect the public, we will fully investigate the circumstances and take action where appropriate.”

Lessons for 115,000 Pupils Halted

A ransomware attack against the Maryland school district has cut off more than 100,000 students from access to remote learning, with the public schools urging students and staff to stop using school-issued computers.

Disclosing the attack late last week, Baltimore county, which is the 25^th largest school district in the U.S., is yet to release much in the way of details regarding the incident, referring to it only as a “catastrophic attack on [their] technology system".

Hit the day before the American holiday of Thanksgiving, students have been unable to receive remote teaching since; with one local newspaper reporting it may take weeks for the school district’s computer systems to be fully restored.

As the third ransomware attack in the last three years affecting a major Baltimore organisation, likewise with the strain of ransomware, the demands of the cyber-criminals are also yet to be made public.

In a Sunday update, an official stated on the attack, "Our focus today and for Monday and Tuesday is identifying and addressing student and staff device needs so that instruction can continue.”

iPhone Exploit Allowed Remote Hacking

Security researchers have revealed a flaw in iOS security which could have allowed hackers to gain remote access to iPhones by transmitting malicious files through Wi-Fi signals.

Discovered by Google Project Zero researcher Ian Beer, the flaw would have allowed attackers access to emails, photos, microphones and even cameras, via the company’s Apple Wireless Direct Link (AWDL) technology.

Working alone from home, Mr Beer devoted six months of his time to discover the flaw; a flaw which the researcher found no evidence had been “exploited in the wild” and was reported to Apple back in November of last year and fixed earlier this year.

Made up of a team of security researchers and formed in 2014, Google’s Project Zero’s primary function is to study and find zero-day vulnerabilities in the systems upon which users depend and to “improve the safety and security of the Internet for everyone.”

Speaking on his discovery, Mr Beer warned of the vulnerabilities and dangers of such devices stating, “As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target.”

Hackers Target Vaccine Supply Chain

According to a report by IBM’s threat intelligence task force, hackers have targeted the ‘cold supply chain’ needed to regulate the temperature of Covid-19 vaccine during transportation.

Believed to be the actions of state actors, attackers have impersonated an executive at a company which supplies ultra-cold refrigeration needed for vaccine transportation, mounting a phishing campaign to obtain critical usernames and passwords.

Targeting organisations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance, Gavi’s partners include the WHO, UNICEF and the Bill & Melinda Gates Foundation.

As an attempt to disrupt what is now considered critical infrastructure, IBM believes the campaign began in September of this year, though cannot be sure who is behind the attacks.

Nick Rossmann, IBM’s global lead for threat intelligence, warned that attacks such as this, have the potential to “undermine trust in [vaccines] around the world.” As well as noting of supply chain threats, “these refrigeration companies are not going to have the same security tools that advanced financial institutions have.”