How to safeguard your mobile devices from attack FBI has issued an advisory about
The FBI has issued a warning about a ransomware attack that doesn't rely on the typical scams that you might be familiar with. The Ghost ransomware campaign doesn't try to get you to "click here" via phishing emails or texts. Instead, these attacks are carried out by using code available to the public in an attempt to exploit security vulnerabilities in software and firmware that for one reason or another have yet to be patched. The attackers are able to gain access to internet-facing servers and then attack by deploying ransomware.
To be clear, these attacks don't focus on mobile operating systems like iOS or Android but attack server-side applications like Adobe ColdFusion, Microsoft SharePoint, and Microsoft Exchange Server. The attacks also go after network devices powered by Fortinet FortiOS. Still, if you have your phone or tablet connected to a compromised network or you're visiting a malicious website hosted by a compromised server, attackers could access your sensitive data and wipe out your financial accounts.
"The FBI has observed Ghost actors obtaining initial access to networks by exploiting public facing applications that are associated with multiple Common Vulnerabilities and Exposures. Their methodology includes leveraging vulnerabilities in Fortinet FortiOS appliances, servers running Adobe ColdFusion, Microsoft SharePoint and Microsoft Exchange, commonly referred to as the ProxyShell attack chain."-FBI advisory
The Common Vulnerabilities and Exposures (CVE) codes associated with these attacks don't directly impact the operating systems run on mobile devices. However, they can create vulnerabilities that indirectly affect mobile devices. But don't take this attack too lightly as they are aimed at multiple industries in over 70 countries. The attackers are believed to be running this operation out of China using names besides Ghost such as Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture.
The CVE codes associated with these attacks include:
- CVE-2009-3960
- CVE-2010-2861
- CVE-2018-13379
- CVE-2019-0604
- CVE-2021-31207
- CVE-2021-34473
- CVE-2021-34523
You can see by the CVE numbers that some of these flaws date back to 2009 and 2010. This means that the older vulnerabilities have gone without being patched for as long as 16 years. Ransomware is used to lock important files on a user's device or server. The attacker then demands a ransom to unlock the files. While not as seen as often on mobile devices, ransomware is still a threat to phones and tablets and these attacks take place more often on mobile devices running Android than iOS.
There are things that you can do to help protect your phone or tablet. First on the list is to make sure that you are always running the latest version of your device's operating system. We shouldn't have to tell you that this is the best way to make sure that your device has the latest security patches available to it. In the same vein, make sure that all of your apps are up-to-date. By failing to update your apps, you can be exposing your mobile devices to software vulnerabilities.
While using your device's mobile browser, stay away from suspicious websites and avoid clicking on links. Also, while Ghost doesn't use phishing attacks, don't lower your guard when it comes to these bogus emails, texts, and social messaging posts. Be suspicious of any attempt to get you to reveal passwords and account numbers. You also might employ a Virtual Private Network (VPN) to encrypt your data. Lastly, you never connect your mobile phone or tablet to a public Wi-Fi connection.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: