More tax scams, more COVID scams and why Microsoft SMB has to be locked down
Welcome to Cyber Security Today. It’s Wednesday March 24th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
More income tax scams in a number of countries are popping up. According to researchers at Abnormal Security one of them is an email that pretends to be from the U.S. Internal Revenue Service with the subject line “Recalculation of Your Tax Refund Payment.” Victims click on the link that says, “Claim your refund now.” One tip this is a scam is that the email is addressed to “Dear Applicant.” The link goes to a very official looking form with an IRS logo the victim is invited to fill out. The goal is to steal all the personal information entered, like a Social Security number, IRS account PIN number and driver’s licence number. That’s another tip-off this is a scam: Why would the IRS need your driver’s licence?
More COVID-19 vaccine and vaccination certificate scams are also appearing. Researchers at Check Point Software say there’s been a sharp increase in ads from crooks on the dark web. The price of a phony bottles of vaccine still runs between $500 and $600. But now there are thousands of ads for them. Also up are the number of ads for fake certificates verifying a person has been vaccinated. These may become valuable if countries demand proof of vaccination for travel, and businesses require certificates before entering a building. Some crooks fake the signatures of doctors on these certificates. Purchasers from these darknet sites will go to to try to sell vaccines and certificates to desperate health clinics, private doctors and ordinary people. Perhaps, the report suggests, governments will have to insist vaccination documents carry a bar code or QR code that can be scanned to validate the authenticity of a certificate.
More data compromises from organizations using the Accellion FTA file transfer software. A criminal gang calling itself Clop has begun publishing screen shots of files it says were stolen recently from the University of Miami and the University of Colorado. Publishing screen shots is usually an attempt at proving the claim of data theft is real as a hacker demands a payment. The gang says it has files including university and student documents. The University of Colorado has acknowledged its Accellion software was compromised. Also this week energy giant Shell admitted it, too, was compromised through its Accellion FTA server.
IT security professionals have a new reason to lock down their Windows Servers: A piece of well-known malware called Purple Fox by researchers has been updated to find new ways of squirming into computers. According to Guardicore Labs, hackers are now trying to enter systems by looking for Windows Servers with an exposed Microsoft Server Message Block network sharing protocol. That’s a capability allowing shared access to files and printers. If it isn’t closed off right an attacker can use a brute force password attack to compromise a network. Almost as bad is that the attackers are using perhaps as many as 2,000 compromised Windows Servers to distribute the malware from. The report says the majority of those servers run relatively old versions of Windows Server with lots of vulnerabilities. Two lessons here: Make sure Microsoft SMB is locked down to close off cyber attacks, and make sure you’re running fully-patched versions of Windows Server to avoid it being secretly exploited to host malware.
Finally, there’s a new version of the Firefox browser available for download. Among other things it improves blocking of third party-tracking capabilities.
That’s it for today. As always links to details about these stories are in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon