Cybersecurity Roundup Series - March 2020

While the world is wrestling with the health crisis, it’s important to remember that cyber security threats haven’t gone away. Having a false sense of security can certainly do more harm than good, especially in the case of vulnerabilities. Being informed is always key in understanding the possibility of being exposed to a vulnerability, regardless of how secure devices or networks seem. Here are some of the latest vulnerability news to make rounds for the month of March:

Smart Lightbulbs May Be Used to Infiltrate Your Network

According to Security Week, researchers at Check Point were able to compromise a Philips Hue lightbulb, allowing them to access a network through ZigBee. ZigBee, which is a communication protocol, allows smart home devices to communicate with each other regardless of manufacturer. Researchers described a scenario where a hacker could gain access to the lightbulb and make it appear “unreachable”, prompting the user to do a reset. Once done, the bridge would add the now-compromised bulb back into the network. Through ZigBee, a hacker can then spread malware, ransomware, or spyware to the network it has now gained access to.

Check Point’s head of cyber research, Yaniv Balmas, says, “It’s critical that organizations and individuals protect themselves against these possible attacks by updating their devices with the latest patches and separating them from other machines on their networks, to limit the possible spread of malware. In today's complex fifth-generation attack landscape, we cannot afford to overlook the security of anything that is connected to our networks."

Check Point reported the issue to Philips, which has since developed and deployed necessary patches. Philips has the patched firmware available on their site and recommends that users update to the latest firmware.

Mac Malware Detections Overtake Windows

A long-time belief has been that iMacs and Macbooks aren’t as susceptible to cyber threats like Windows-based machines. ITPro has recently reported that for the first time, “cyber threats aimed at Macs have outpaced those targeted at Windows PCs.” In Malwarebytes’ State of Malware Report, the anti-malware software company reported that in 2019, they “detected an average of 11 threats per Mac endpoint - nearly double the average 5.8 threats per endpoint on Windows.” The Malwarebytes report also noted that a 400% year-on-year increase in Mac threats since 2018, has made such machines more targeted than Windows computers. A big part of this could be Apple’s increasing market share that makes them more attractive to hackers.

3 of the Top 100 International Airports Pass Basic Security Checks

Research conducted by cybersecurity firm ImmuniWeb showed that only three of the top 100 international airports passed security tests, which included cybersecurity checks on their websites, mobile apps, and storing of sensitive data. The three international airports that successfully passed were Amsterdam Schiphol Airport in the Netherlands, Helsinki Vantaa Airport in Finland, and Dublin International Airport in Ireland.

ImmuniWeb’s test revealed that 97 percent of airport websites contained outdated web software, while mobile apps averaged fifteen security or privacy issues and at least two known vulnerabilities. According to ZDNet, “these issues could be credibly exploited to attack an airport authority, obtain a foothold on vulnerable systems, and then infiltrate an airport’s internal network.”

Did we miss out on any other relevant cybersecurity news in the last month? Let us know in the comments below!