Security roundup: Cyber attacks via social media, security issues with popular email services, 8Man recruiting UK VARs

This week we find out how hackers are using social media to execute attacks and why Gmail, Outlook, Yahoo and Fastmail are lacking in security.

Gmail, Outlook, Yahoo and Fastmail are lacking in security and reliability

New research from High-Tech Bridge reveals the security and reliability of the most popular free email services, including Gmail, Outlook, Yahoo and Fastmail, is lacking.

The research found that almost all email providers still support depreciated SSLv3.

Earlier this year, the Internet Engineering Task Force declared that SSLv3 must not be used as it is insecure and threatened the confidentiality of encrypted communication, allowing attacks such as POODLE and BEAST. The Task Force recommended moving to the more secure TLS 1.2.

How hackers are using social media to execute attacks

F-Secure Labs has examined how hackers use third party services to coordinate malware campaigns.

“If I had to put it in a nutshell, I’d say that attackers are using certain third party services to help them fly under the radar of corporate security,” said F-Secure Researcher Artturi Lehtiö.

“Many online services use encryption to prevent data from being intercepted and stolen while in transit, but the downside of this is that security measures like firewalls aren’t able to identify malicious traffic. It’s a real challenge for companies, and my research has shown how attackers like The Dukes capitalise on this advantage in their attacks.”

F-Secure’s report specifically highlights how The Dukes were able to use Twitter to communicate with infected machines and direct them to download additional malware. The Dukes were also able to use Microsoft OneDrive as a data exfiltration tool, allowing them to retrieve stolen data without drawing attention to themselves.