• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Month of May Plagued by Three Major Cyber Attacks

You are here: Home / Security News / Month of May Plagued by Three Major Cyber Attacks

May 2019 has been a month full of controversy and chaos, as three major cyber attacks have been discovered lurking within three major companies: WhatsApp, CISCO and Intel. cyber attack

The WhatsApp Hack

Early in the month, the Facebook-owned messaging app WhatsApp announced that it had discovered malware injected by a hacker firm into target phones, effectively taking over the devices and allowing the hackers to remotely and surreptitiously control the camera and microphone within the phone, and vacuum up all personal and location data. The most concerning aspect of this attack is that it is done by simply placing a phone call to the target phone, and the malware can be installed whether the call is answered or not.

Once the system has been violated, WhatsApp’s famed end-to-end encryption for its 1.5 billion users is rendered worthless. The attack utilises a bug in WhatsApp’s software, most likely a common type known as a buffer overflow. A buffer is where extra data is stored, and hackers can target this system by overburdening the buffer and causing the extra data to ‘overflow’ into adjacent memory space, allowing attackers to either crash the system or gain an invaluable foothold. A researcher for the internet watchdog Citizen Lab, John Scott-Railton described the attack as “a very scary vulnerability”, mainly because “there is nothing a user could have done here, short of not having the app”.

The notorious Israeli spy firm NSO has been named as the culprit, and WhatsApp has all but confirmed this identification. In a statement to CBS News, WhatsApp explained that the hackers had “all the hallmarks of a private company that works with a number of governments around the world”. The company, also known as Q Cyber Technologies, is now facing various lawsuits including those filed by Israeli citizens requesting the government revoke NSO’s export license, and by Mexican civil society figures who have been targeted by the company’s spyware.

Danna Ingleton, Deputy Program Director at Amnesty Tech, emphasises that “NSO have again and again demonstrated their intent to avoid responsibility for the way their software is used”.

The Thrangrycat Attack

Later this month, security provider and research firm Red Balloon came out with information about a deeply concerning exploit they found in products from the American multinational technology conglomerate, Cisco.

Dubbed Thrangrycat, the bug involves two vulnerabilities, the first of which resides in Cisco’s IOS operating system and allows hackers to remotely obtain root access to devices. The second is much more sinister; once the attackers have gained root access, they can then bypass the router’s fundamental security protection, known as the Trust Anchor, potentially compromise the device network and implant a persistent backdoor into many devices. Given the ubiquitous nature of Cisco products, this bug has devastating implications.

Founder and CEO of Red Balloon, Ang Cui explains that they’ve shown that they can quietly and persistently disable the Trust Anchor and then “make arbitrary changes to a Cisco router, and the Trust Anchor will still report that the device is trustworthy”. Cui also states that, although it is highly unlikely individual computers will be impacted by this bug, it nevertheless has “privacy consequences for basically anyone who uses the internet”.

Writer for the New York Times, Sarah Jeong explains that attacks like these suggest we “have to start thinking about privacy as a collective, environmental problem, not something that hits individual people, and certainly not something where the onus is on the individual to protect themselves”.

ZombieLoad

Discovered recently by researchers at the Graz University of Technology in Austria, the ZombieLoad attack is a security flaw found in Intel processors that allows attackers to steal any data that has been recently accessed by that processor.

Once found, ZombieLoad was immediately disclosed to Intel who soon issued code to patch the flaw; although this needs to be implemented by individual manufacturers and installed by users in order to be useful. Currently, researchers are not sure whether the flaw has actually been used by any hackers, but it has been shown to affect almost every Intel chip made since 2011.

Interestingly, ZombieLoad is nothing new to Intel. In fact, it is the fourth of its kind to have taken advantage of a process known as speculative execution. This feature, built into most modern processors, allows processors to pre-emptively execute future commands which grants significant speed increases. In early 2018, the ZombieLoad’s predecessors known as ‘Spectre’ and ‘Meltdown’ took front page in the media, and later in the year another flaw was discovered.

Researchers expect to continue finding flaws in the speculative execution process for years to come, as it leaves gaping vulnerabilities and the fixes so far have been arguably weak. What is more, in order for fixes to work completely, users are advised to turn off Intel CPU hyper-threading which researchers explain will drop CPU performance and speed by 30% to 40%.

The full scale of this vulnerability is yet to be discovered, and the verdict is still out on how dangerous it is. However, it has undeniably grave potential and severe implications for both Intel and its users.

This string of attacks is yet another indication of the increasingly volatile nature of the cyber world, and the imperative for governments, industries and individuals to begin taking cyber security more seriously and to truly understand their interactions with the cyber world. Consumers need to use technology more thoughtfully, and companies need to implement effective and adaptive cyber security policies in order to predict and respond to a huge variety of threats. Learn how you can do this today by contacting Agilient and receiving renowned expert advice from our security specialists.

Author: Elsa Chapple, Agilient Consultant

Tweet
Share

Security News Cisco,  cyber attack,  cyber security,  cybersecurity,  malware,  telecommunications,  Thrangrycat,  WhatsApp,  ZombieLoad

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2022 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692