Cyber Security Today, Jan. 19, 2022 – Box closes MFA vulnerabilities, VPN service used by crooks shut, ransomware stats, and more

Box closes MFA vulnerabilities, VPN service used by crooks shut, ransomware stats, and more.

Welcome to Cyber Security Today. It’s Wednesday, January 19th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Cybersecurity experts agree multifactor authentication is one of the key tools IT departments must adopt to fight intrusions. But it must be set up securely. The cloud file sharing service called Box found out twice recently that the way it did MFA wasn’t secure enough.

One of the best ways to implement MFA is by sending numeric codes to users on a smartphone through an encrypted app like Google Authenticator, Microsoft Authenticator, Authy or Cisco Duo. Sending codes by SMS text is not secure. Box offered SMS text as an option to users for MFA. However, researchers at Varonis discovered the way Box implemented it could be bypassed without having to hack a victim’s phone. If an attacker enrolled as a subscriber with an authenticator app, then entered a victim’s stolen email address and password on the account login page that would trigger a process allowing the attacker to get into the victim’s account. The victim would be unaware since no SMS text was sent. Varonis warned Box about this vulnerability, which has since been closed. By the way, Box also allows users to get their codes through an authenticator app. But last month Varonis also warned Box the way it implemented that was also flawed. Yes, even an authenticator app can be bypassed if it isn’t set up right. In this case an attacker could have un-enrolled a target from the app. Then no extra security code would be sent to a victim. That vulnerability has also been plugged.

Ransomware was in the headlines far too often in the U.S. last year. An analysis of the number of attacks by researchers at Emsisoft gives an idea how of often public sector institutions were hit: Over 2,300 local governments, schools and healthcare providers were victimized by ransomware. That’s a minimum number. Many attacks aren’t reported. Major cities weren’t victims last year. The report suggests perhaps that’s because large municipalities have shored up their defences.

Speaking of ransomware, Italian luxury fashion house Moncler has acknowledged being hit by ransomware in December. This comes after the attackers on Tuesday published personal information of current and former employees they stole from the company, data of customers and some corporate data. Moncler said, no customer credit card numbers were exposed. According to the Bleeping Computer news service, the AlphaV ransomware gang, also called BlackCat, was behind the attack. Moncler said no ransom will be paid.

More on ransomware: A new strain has been seen. Called White Rabbit by some researchers, it was first spotted last month. According to a report this week from Trend Micro, White Rabbit operators not only encrypt data, they also threaten to release or sell stolen corporate data. IT leaders are reminded to deploy cross-layered detection and response defences, and to create playbooks for attack prevention and recovery.

Law enforcement officials in 10 countries including Canada and the U.S. have seized or disrupted the servers running a virtual private network service often used by crooks. The Europol police co-operative said this week the infrastructure of VPNLab.net has been shut. The action was led by German police. The service was popular for cybercrooks because its servers were located in several countries.

Cryptocurrency exchanges are prime targets for hackers. Which means IT defences had better be tough. This week the site crypto.com stopped transactions after detecting unauthorized activity. According to Bloomberg News, several users reported on social media cryptocurrencies had disappeared from their accounts. Users have been told a security update is being pushed out, and they’ll will have to re-set their two-factor authentication. They are also being told all funds are safe.

Finally, crooks continue to take advantage of the COVID-19 pandemic. Researchers at Check Point Software warn there’s a resurgence in counterfeit COVID test and vaccination certificates as more countries demand proof of peoples’ health status for entering businesses, events or crossing borders. The cost of counterfeit test certificates has jumped 600 per cent to between $200 to $600.

That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Follow this Cyber Security Today

More Cyber Security Today