Welcome to our latest round-up of news from the technology and hosting world. Here’s what we’ve discovered this week.
Alexa phishing vulnerability
Cybersecurity firm Check Point Research has discovered a phishing scam that enables hackers to access users’ Alexa interactions and install and delete Alexa skills.
According to the company, sophisticated links sent in phishing emails, once clicked, would provide hackers with a complete list of the users’ Alexa skills. It would also provide them with a token that would let them add or delete these skills. Once this had been achieved, the attackers would delete legitimate skills and replace them with malicious alternatives created to open with the same voice commands.
If a victim activated one of those skills, the malicious skills would begin to operate, giving the attackers the ability to access the record of the users’ Alexa’s interactions, potentially enabling personal information to be harvested. Amazon has subsequently removed the vulnerability. No actual attacks are known to have taken place.
World’s most ironic hack?
Bletchley Park, Buckinghamshire, is etched into British history as the home of the World War II code breakers. It is the place where Alan Turing famously developed the ‘Bombe’, an early computer that was able to decode messages sent on the German Enigma machine and which helped change the course of the war.
Ironically, Bletchley Park Trust, which now runs the site as a museum, has become the latest known victim of the Blackbaud ransomware attack. Blackbaud, a US service provider that caters for charity and non-profit organisations, was ransomed earlier in the year. During the attack, the data of hundreds of high-profile clients’, including many universities and well-known charities, was stolen.
In the stolen data were the names, dates of birth, email addresses and donation histories of Bletchley Park Trust’s donors. Financial details, however, were not accessed.
Cold War Linux attacks
According to the FBI and NSA, the Russian military is carrying out cyber espionage attacks against critical US security agencies, including the Department of Defence and industrial companies that manufacture and procure military equipment for the US forces.
The attack employs stealth malware, known as Drovorub, with which the Russians target the Linux-based systems used by these agencies. The advanced, self-hiding malware contains an implant and a kernel module rootkit, together with a file transfer tool and a command and control server. Once deployed, it enables direct communication with the command server so that files can be transferred, commands executed and network traffic diverted.
Fears the Russians may use it to attack a wider range of targets, including private companies, has led the FBI to release advisory guidance. This includes updating to Linux Kernel 3.7 or later, configuring systems to only load valid signature modules and activating UEFI-Secure Boot.
Nissan drives off into the cloud
Nissan is the latest multinational to announce it is migrating to the cloud. Like many other companies in recent months, it sees digital transformation as vital in the post-pandemic market and is using the move primarily to help it reduce costs during the current financial recession.
Car manufacturing has suffered significantly over the last two quarters as people are travelling less and economic uncertainty has impacted car sales. Cloud computing will enable the company to process its growing volumes of data with higher performance and at far less cost than doing so in-house.
Nissan uses application-based, computational fluid dynamics and structural simulation to design cars and test them for aerodynamics and structural issues. It will use the cloud to carry out performance and latency-sensitive engineering simulations, analysing the data for insights that will improve fuel efficiency, reliability and safety.
NatWest introduces AI to insurance market
FreeAgent, a cloud accounting software company acquired by NatWest in 2018, is to work in partnership with insurers Hiscox to offer insurance quotes from within its accounting app. The project will use AI to analyse financial data and identify companies which could benefit from Hiscox’ insurance products. The AI would enable it to personalise policies to meet the requirements of individual businesses based on their financial data.
The partnership believes the creation of tailor-made policies, based on accurate financial data, together will the ability to purchase and manage insurance directly from within the app, will make this highly appealing to the customer. Crucially, as the app will continue to access data throughout the insurance term, it will make it easier to offer more realistic renewal quotes and remove the hassle of the customer having to manually update their details.
Visit our website for more news, blog posts, knowledge base articles and information on our wide range of hosting services.