Avoid this Covid-19 map, get Wise about this phoney website, a big payday for crooks and women in cybersecurity.
Welcome to Cyber Security Today. It’s Friday March 13th . I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast click on the arrow below:
Unfortunately, once again I have to warn that criminals are taking advantage of Covid-19 fears to infect computers with malware. Usually it’s by getting victims to click on bad attachments in email, text messages and tweets. But someone has set up a website with an infected map of the world that impersonates a real map from Johns Hopkins University showing countries hit by the outbreak and statistics. They hope people will come across it and email the link to friends and family. Criminals may also be emailing the link to lists of stolen email addresses. But click on the link and victims also get infected with malware that steals passwords and other data.
The bad website is corona-virus-map.com.
The Internet can be a great source of information. But not everything on the Internet is a legitimate resource. At a time when people are hungry for information on a real virus, don’t open attachments.
More evidence you can’t trust everything on the Internet: Criminals have created a look-alike website for the Windows utility called Wise Cleaner. What it does is distribute ransomware called CoronaVirus. You heard that right. If infected a message pops up demanding a small payment of bitcoin or you’ll never get access to your scrambled files. However, some experts at the news site Bleeping Computer suspect what’s really happening is the malware is stealing passwords. If you get hit by this, go to another computer and change all your passwords. If you want Wise Cleaner the real website is www.WiseCleaner.com.
Many online stores use an outside provider to run the payments side of their business. That saves them the money of creating or buying a solution. But if a hacker can infect the provider’s website and make copies of customer credit and debit cards, they can cash in. How much? A report this week estimates a gang raked in $1.6 million by selling stolen payment card information after compromising the e-commerce platform called Volusion last fall. Customers at just over 6,500 online stores were victims. Almost all were Americans. The gang got a lot of credit and debit data in just one month before the attack was detected. Those buying the data presumably quickly tried to make fraudulent purchases.
Remember that $1.6 million? That’s only from selling part of the data the gang skimmed off. More is expected to turn up for sale soon. Anyone with a web site that takes payment card purchases or offers a service to online stores has got to make sure their site is clean. Usually criminals get into websites by hacking passwords.
I was at a conference in Toronto this week for women who are either in or want a career in cyber security. Generally the IT world is dominated by men, even more so by those who work in cyber security. But that doesn’t mean there’s no place for women. Many of the speakers were women who held senior positions in major organizations including Canadian banks and universities, Microsoft, Cisco Systems and Juniper Networks. Their advice: Tech is a rewarding career in general, and with the shortage of cyber security workers people with a variety of skills are in demand. For more see this story on ITWorldCanada.com.
Finally, Microsoft released an emergency software update to fix a hole in Windows 10 and Windows Server. So, even if you downloaded the usual fixes on Tuesday, check Windows Update to make sure this latest patch has been installed.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.