A cunning cyber attack, two email scams, hack at Wishbone and a smartphone take-over
Welcome to Cyber Security Today. It’s Friday May 22nd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To our American listeners, hope you have a great long weekend.
Cyber attackers are cunning. They don’t just sit back and launch automated attacks: They change tactics on the fly. A new report from the security company Sophos gives a scary example that cybersecurity teams should pay attention to. One of Sophos’ products, a firewall for companies, came under attack at the end of April. For those who don’t know, a firewall is one of the earliest defences a computer or server has. Your home PC comes with one that works quietly in the background. In this case the hackers had found a hole in the Sophos business firewall and used it to install malware to help take control of the device. Sophos was able to detect the attack and upload an automatic quick fix to customers. Within hours the attackers were trying a new tactic: Installing Windows ransomware through what they thought were still vulnerable Sophos firewalls. However, the fix that Sophos issued foiled that. I’ve simplified this incident. To read the full report with details there’s a link here. But it serves as a reminder to IT security teams that once a cyber attack starts it may change direction. They have to be prepared, including making sure all Internet-connected devices have the latest security patches.
Another COVID-19 email scam has been discovered. This one pretends to come from the U.S. Treasury Department saying there’s a payment due to you. If you don’t update your personal information by May 30th the money will go to a COVID relief fund. There’s an attachment called Contact Payment. But anyone who clicks on that attachment will have their computer infected with malware. One tip-off this is fraud is the language of the letter is stilted. Another is a spelling mistake in the sender’s email address. And a third is that it’s addressed to “Sir.” This was first reported by SC Magazine.
While there’s no shortage of COVID-related email scams going on, the usual ones keep going. I became aware of another phony PayPal email campaign going around this week. The message says activities on your account have violated terms and conditions. As a result your account has been “limited.” What you have to do is click on the “Resolve Problems” button to verify some personal information. That, of course, is a trick to get you to give up your PayPal password. The tip-offs that this is fraud is the sender’s full email address is obviously not from PayPal. Remember, even though a sender’s address may say “firstname.lastname@example.org” the real address it came from should be beside it. On any email system you should have that capability turned on so you won’t be fooled. There are also obvious grammatical errors in this message. When you get messages like this — we need to verify your information — and you’re worried, don’t click on anything in the email. Go to the website independently and log in.
Users of the Wishbone comparison polling app should quickly change their passwords because someone giving away a stolen database with 40 million records of subscribers. The data includes usernames, email addresses, phone numbers and protected passwords. However, a security firm called ZeroFox says the password protection isn’t the best and can be cracked. It’s the second time in three years the app has been hacked.
I’ve told you before that one way hackers try to get into companies is by taking over their smartphones. They do it by going to their cellphone company and impersonating the victim, pretending their phone has been lost and asking to port the phone number to a new phone. If things go right the criminal can then use the smartphone for remote access to the employee’s company by resetting passwords. A cryptocurrency bank called BlockFi said this week one of its employees was victimized this way. For about 86 minutes the hacker had control of the employee’s phone and tried to get hold of money the company holds for customers. They failed. But it’s another example of how people who hold sensitive jobs or work for companies with sensitive information need to make sure their smartphones can’t be taken over. You do that by having a PIN number on your account so no matter what sob story a crook tells your cellphone company no one can take control of your device. In addition people with bank and cryptocurrency accounts should make sure they are protected with multi-factor authentication in addition to a username and password.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.