News Week Ending July 31, 2022


Almost All Business Infrastructure Compromised
by Artie Kaye

Security firm Barracuda surveyed the IT heads of 800 organizations with more than 500 employees.  94% of those surveyed were attacked.  87% had their operations influenced for a day or more.  Things like lack of multi factor authentication (MFA,) manual security updates, and weak network security in general are factors in this.

Making sure your company is practicing good cyber hygiene can have a big impact on how safe your network is.  No one should be on the network that’s not authorized.  MFA can help limit who can gain access.  When a vulnerability is discovered in a piece of network hardware or software, but the patch for it has to be applied manually, it can be overlooked.  Finding out about updates like this and patching devices can take time too, but better the time spent building protection than on damage control.

https://www.zdnet.com/article/the-industrial-internet-of-things-is-still-big-mess-when-it-comes-to-security/

https://www.csoonline.com/article/3666523/barracuda-report-almost-everyone-faced-an-industrial-attack-in-the-last-year.html

https://blog.barracuda.com/2022/07/12/report-the-state-of-industrial-security-in-2022/

Microsoft Macro Blocking in Office
by Artie Kaye

Microsoft Office has been a vector for attack in the past.  One of them being macros that when clicked in the document would perform their functions, usually without the user knowing, and install malware.  A patch was rolled out that turned this function off by default.  A few weeks ago Microsoft reverted the settings, explaining later that they were making adjustments based on input from users.  As of now, it has been reset back to the default off, the safer option for users.  If there are files you need to access that have been restricted by this default off feature, Microsoft has provided information on how to manually restore the functionality, see support link below.

https://support.microsoft.com/en-gb/topic/a-potentially-dangerous-macro-has-been-blocked-0952faa0-37e7-4316-b61d-5b5ed6024216

https://www.zdnet.com/article/microsoft-brings-back-vba-macro-block-in-office/

https://www.pcmag.com/news/microsoft-officially-starts-blocking-office-macros-by-default

Paypal Phishing Scam on WordPress
by Artie Kaye

Security researchers at Akamai have found a new scam which uses compromised WordPress pages to scam users out of more than just their credit cards or money.  The fake PayPal interface will report there is a problem, and that your account may be compromised.  After going through the captcha and login process it asks for a credit card.  Now the process changes from most phishing scams, it will ask for documentation to prove you are who you say you are, including things like passport information. 

This scam looks very official, copying the details of the PayPal site.  If you are ever prompted to login to PayPal while being told that there is unusual activity on your account, do NOT log in.  If you are concerned, check your email for any communications from PayPal.  If there is a message, verify that the address the mail was sent from is from the company proper as email PayPal phishing scams are still going on.  If you feel that you have to log in to make sure that everything is fine, then open a private browsing window or different browser to login and check. 

If you are curious about more in depth information regarding the scam, please check the Akamai blog post linked below.

https://www.akamai.com/blog/security/paypal-phishing-scam-mimics-known-security-measures

https://www.darkreading.com/attacks-breaches/new-phishing-kit-hijacks-wordpress-sites-for-paypal-scam

https://www.techradar.com/news/hacked-wordpress-sites-are-being-boosted-with-paypal-phishing-kit

Amazon Ring
by Artie Kaye

Amazon’s Ring doorbell can record what is going on outside your house.  Police entities are able to request access to what has been recorded without owner’s consent, or even a warrant, so long as they fill out the right form, and someone in Amazon approves it.  Turning on your Ring’s encryption can prevent easy access to your camera’s data, it is not on by default.  However, this function is not present in the wireless Ring products.

https://www.theverge.com/2022/7/14/23219419/amazon-ring-law-enforcement-no-warrant-no-consent

https://www.politico.com/news/2022/07/13/amazon-gave-ring-videos-to-police-without-owners-permission-00045513

https://www.youtube.com/watch?v=Qviqr4XLzeM

FTC Warns Against False Claims of Anonymity
by Artie Kaye

The US Federal Trade Commission has issued a statement that falsely claiming data is anonymized can be construed as deceptive trade practices.  They are leveling the threat of legal action if companies continue to make the claims and not deliver on the anonymity promised.  Knowingly making false statements about products or services is a violation of the FTC Act.  In 2016 a study was carried out, using 54,893 Android users, that found that 95% of them could be identified by the information obtained from choosing any 4 random apps they have used.  Simply put, do not make claims of anonymizing data if the data is not made anonymous.

https://thehackernews.com/2022/07/us-ftc-vows-to-crack-down-on-illegal.html

https://www.pcmag.com/news/ftc-to-crack-down-on-sites-that-claim-your-data-is-anonymized-when-its

https://www.theregister.com/2022/07/12/ftc_anonymized_data/

Data Breach Cost
by Artie Kaye

IBM security, with help from the Ponemon Institute, released a report about the current cost of data breaches.  Information was gathered from 550 businesses across the world.  $4.35 million is the average cost of a data breach, up 12.7% from the 2020 report, and 2.6% from last years.  Some things to take note of from the research.  Of the companies that were attacked with ransomware, 80% of those that paid were hit again with another attack within a few months.  62% of the companies do not have the appropriate staff to maintain healthy cybersecurity.  Many companies also lack proper zero trust implementation, which can cost on average $1.17 million more.

No matter the size of your business, cyber security must be addressed.  Take the steps you need to ensure that your data, your customers, and your company is safe. 

https://newsroom.ibm.com/2022-07-27-IBM-Report-Consumers-Pay-the-Price-as-Data-Breach-Costs-Reach-All-Time-High

https://www.securityweek.com/ibm-security-cost-data-breach-hitting-all-time-highs

https://www.darkreading.com/risk/most-companies-pass-on-breach-costs-to-customers

Firefox Update 103
by Artie Kaye

With this update a couple of bug fixes are worth mentioning.  One involves mouse position spoofing and one dealing with .lnk files.  Both of which could be potentially used to introduce malware.  If using Firefox, please update.

https://www.mozilla.org/en-US/firefox/103.0/releasenotes/

https://nakedsecurity.sophos.com/2022/07/27/mild-monthly-security-update-from-firefox-but-update-anyway/

Malware Ducktail Targeting Facebook Business Pages via LinkedIn
by Artie Kaye

Ducktail is a malware that harvests cookies for active Facebook sessions to gain access to business pages associated with the account.  LinkedIn is a distribution point for the malware, being sent to people who potentially have high level access to said business pages.  Once an account is compromised, information on the business page will be changed to funnel funds and payments to the hacker.  Because this attack relies heavily on social engineering to gain access, observe basic security measures with unknown links and files and do not click, download, or open them.

The full analysis can be found at the WithSecure site linked below.

https://labs.withsecure.com/publications/ducktail

https://www.hackread.com/ducktail-malware-linkedin-facebook-hack-business-accounts/

https://techcrunch.com/2022/07/26/ducktail-facebook-business-hijack-accounts/

New Phishing Scam Mimics Official Login Pages
by Artie Kaye

This phishing scam functions like most email scams.  An email supposedly sent from your company is asking you to update your password.  Hovering over the link provided in the message will show a site not related to the company.  Clicking on it will take you to an almost exact clone of your company’s login page.  From here there are the security features that are used by Google for secure logins.  Some companies require changing of passwords regularly to maintain security, so emails like this can be sent out.  Which is why this phishing attack can be effective.

The best way of handling this kind of email, especially if you believe it might be real.  Don’t click links in email.  Navigate to your company’s site manually and try logging in.  If you’re prompted there, there’s a good chance you need to change the password.  Though, if you are still leery you can contact your company’s tech support and find out if it’s legitimate.

https://www.avanan.com/blog/mirroring-actual-landing-pages-for-convincing-credential-harvesting

https://cybernews.com/security/google-mimicked-in-email-phishing-scam/

https://www.darkreading.com/endpoint/apt-phishing-mirrors-landing-pages-credential-harvesting

Samba Bug
by Artie Kaye

Samba is a toolkit which allows Unix based systems to communicate with Windows.  A bug was found that can allow an attacker to force authorize a password change, giving them access at any level.  The developers have patched this vulnerability, please update to secure against this.

The flaw is listed as CVE-2022-32744.

https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/

https://mybroadband.co.za/news/security/454350-dangerous-samba-bug-could-lock-administrators-out-of-their-domains.html