Another warning for Fortinet device users, a movie site scam and don’t be tricked by ads on search engines.
Welcome to Cyber Security Today. It’s Friday May 28th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Another warning is going out to network administrators using Fortinet’s Fortigate firewalls. This one comes from the FBI, which said an advanced threat actor recently “almost certainly” exploited a Fortigate appliance to access a web server hosting a domain of a U.S. municipal government. There have been warnings since April that attackers are exploiting vulnerabilities for the FortiOS operating systems. Those using devices running FortiOS have to make sure they are patched. In addition, administrators should watch for new user accounts on domain controllers, servers, workstations and directories. Setting up new accounts like this is one technique of the municipal hacker. Looking for signs like this, of course, holds for any IT defence strategy.
People hate being victimized by companies. So crooks are taking advantage of their worries by crafting scare campaigns. One of the latest has been seen by Proofpoint. It works like this: Victims get an unexpected email saying their trial period for a service called BravoMovies is about to expire. If they do nothing, they will be billed for a subscription. To cancel service, call this number. Well, who likes automatic billing, especially for something you never ordered. But call the number and the person who answers the phone tells victims to download a spreadsheet from the BravoMovies website. BravoMovies is a fake website set up by crooks with copied movie posters designed to look credible if someone is suspicious. And they should be. That file the victim has to download is infected.
If you can’t cancel something over the phone without giving out a credit card or personal information, it’s a scam. Never download a file to cancel a service. Never download a file from an organization you’ve never heard of.
Finally, here’s another example of why you have to slow down before clicking on and downloading anything. Attackers have been caught recently taking advantage of internet searches for an application called AnyDesk. This is an application that allows someone remote access to another computer. With a lot of people working from home there’s interest in applications like this, particularly from IT departments. Until recently, anyone searching Google for the word “anydesk” would come across a Google ad at the top of the search results for the application. Clicking on the link led to a web page that looked like it was offering a copy of AnyDesk. In fact, anyone who downloaded the file was infected with malware. Security firm Crowdstrike noticed this scam and warned Google. One tip this was a scam was that the download web page had the address “domohop.com.” Sure it also said “anydesk-download,” but you would expect the address would be “anydesk.com.” The reason this scam and others like it work is that the first returns on a Google search can be ads. And in fact they say the word “Ad” beside them. But these don’t necessarily come from real companies. So the way to make sure you go to a legitimate site you are searching for is to beware of any link that has the word “Ad” beside it. Go lower on the list. Google will show the legitimate sites related to your search.
That’s it for now. But later this afternoon the Week in Review edition will be available. Today’s discussion will be on the pros and cons of publicly-releasing ransomware decryptors. Does it help victims or ransomware gangs? Listen on your way home, or on the weekend.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.