Warning to online retailers, Microsoft wins over COVID scammers and activists lose control over stolen police data.
Welcome to Cyber Security Today. It’s Wednesday July 8th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A cybercriminal group has had a lucrative time over the past three years breaking into online retailers and stealing credit and debit card numbers. A security company called Gemini Advisory calls this group Keeper. In a report this week it calculated the gang got into 570 e-commerce sites in 55 countries including the U.S., the United Kingdom, Canada, Brazil, India and Australia since April, 2017. Over 85 per cent of the victim companies ran their online businesses through an e-commerce platform called Magento. Why is this gang so successful? One reason is store owners are slow to install security patches of the Magento software. Security patches prevent criminals from injecting malicious software code that allows websites to be infiltrated. Another reason is companies aren’t doing enough to protect the passwords of administrators. This criminal group also sets up imitation websites to online stores with similar names. For example, a real website might be like closetlondon.com. The fake site is closetlondon.org. So online retailers have to take security more seriously.
In the fight against COVID-19 phishing email Microsoft’s Digital Crimes Unit has won a victory. This week it revealed that a civil court order has allowed it to seize control of an unspecified number of web domains cybercrimals have been using to spread malware that infects Windows computers. In case you don’t know, a domain is a registered website name, like microsoft.com. Although Microsoft didn’t say how many domains it was able to close, it did say the gang behind the attacks were trying to hook customers in 62 countries. The gang created phishing email to look like they came from an employer or a reputable organization. Often business leaders were targeted. The goal was to steal corporate data and redirect money to bank accounts controlled by the attackers. When the attacks started last December the messages were generic, along the lines of ‘please see the attached report.’ But soon after they became pandemic-related messages, like ‘click on this spreadsheet to see information about COVID-19 bonuses.’ Clicking on the links led victims to a site where they had to download an infected app. To avoid being suckered by these and other email scams Microsoft urges everyone to enable two-factor authentication on all business and personal email accounts, and to watch for suspicious email and websites.
Speaking of COVID scams, the U. S. Treasury Department’s Financial Crimes Enforcement Network has issued an advisory to banks, credit unions and other financial institutions to watch for signs from customers of criminal money activity related to the pandemic. These are things like customers saying a person claiming to be from a government agency asked them by phone, email or text for personal or bank account information, perhaps to speed up a stimulus cheque. Another warning sign is a customer’s personal bank account receiving transactions that are different from their history, like suddenly getting overseas transfers of money or the purchase of large sums of cryptocurrency. These and other red flags could be signs the customer is shifting money around for criminals, or, in police slang, being a money mule. Customers may also be unwittingly be a money mule by falling for a scam, the advisory adds. Not all unusual bank account activity is criminal, but financial institutions have an obligation to make inquiries and take action if answers are unsatisfactory.
Finally, two weeks ago I told you about an online archive of stolen U.S. police documents called BlueLeaks, which contained 270 gigabytes of data from 200 law enforcement agencies. Yesterday German police seized that website, which belonged to a group calling itself Distributed Denial of Secrets. The group said it only published the data, which it received from the hacker collective called Anonymous. According to the ZDNet news service, the data is believed to have been stolen from a Houston company that provided web hosting services to U.S. law enforcement agencies.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon