Facebook criticized for being slow to stop COVID-19 misinformation, and how cheap it is to become a cyber criminal.
Welcome to Cyber Security Today. It’s Monday April 20th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast click on the arrow below:
COVID-19 scams and fake news are getting under the skin of social media giants, and they’re doing more about it. Facebook has been fact-checking and putting warnings on tens of millions of posts. Now it’s notifying users if they have liked, reacted to or commented on harmful misinformation about COVID-19 that has since been removed. It could be a coincidence but it comes three days after an advocacy web site called Avaaz complained Facebook’s moves have been insufficient and don’t protect its users. An investigation of 100 pieces of misinformation in six languages on Facebook shows they were shared over 1.7 million times and viewed an estimated 117 million times. By Avaaz’s count, it can take up to 22 days for the platform to downgrade and issue warning labels on such content. That gives ample time for such phony news to go viral. What kind of misinformation? Here’s a few: Black people are resistant to coronavirus. Coronavirus is destroyed by chlorine dioxide. Hairdryers or freshly boiled garlic water can be used for coronavirus prevention. Avaaz said it was encouraged after talking to Facebook’s team a week ago today that the platform will do more, including issuing those retroactive alerts.
Separately Google said it blocks 100 million COVID-19 phishing emails a day.
You might think the most popular things sold on criminal websites are stolen data. You’d be wrong, according to a Baltimore-based security firm called Terbium Labs. It analyzed what’s being sold on three of the largest multi-goods marketplaces on the dark web and found the biggest sellers are how-to guides. Yes, criminals and would-be criminals need instruction manuals on how steal online. These are details like how to open a fraudulent account at a specific bank. The average cost of a single guide is $3.88. A collection of guides sold under a single listing costs $12.99. The report says these guides account for just under half of the data sold on these three sites. The good news is many of these guides have bad advice. The other good news is sophisticated organizations can buy or hire an expert to buy a guide specific to their firm or industry, see what tips are there and alter their business processes to put up a roadblock to potential thieves.
The other half of the data for sale in the three marketplaces is stolen stuff like names, addresses, social security numbers, passwords and credit cards. And stolen data is cheap: The cost of a single personal record, like name, address and email address and social insurance number, can be as low as $1. Credit and debit card numbers can go for as high as $200 a card, but on average they sell for $18 a card.
What do criminals do with the stolen data that’s been bought? The marketplaces also sell tools and templates, like source code for a building a fraudulent mobile app or fake website, for exploiting them. For their part organizations need to invest more in security protection, including multifactor authentication for logins, and employee and security awareness training, to help slash data theft.
IT managers at companies that use the Pulse Secure virtual private network were warned in January to immediately patch their appliances to fix a serious vulnerability. Now the U.S. government’s Cyber Infrastructure Security Agency is warning that patch doesn’t completely close the hole. If an attacker has already gotten in and stolen users’ passwords they will still be able to be hacked. The agency has released a tool that companies can be used to check if they’ve been compromised. If so, all Active Directory passwords need to be changed.
Finally, users of Windows Defender antivirus scanner may find it now crashes during a full scan. That’s because of a little glitch in a recent update. No problem. Microsoft has released another update that fixes the problem. Go to Windows Security, Virus protection and click on Check for updates.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon