Cyber Security Today, February 1, 2023 – Microsoft Tracks 100 Ransomware Gangs, Google Fi Customer Data Copied and More
Microsoft Tracks 100 Ransomware Gangs, Google Fi Customer Data Copies, and More
Welcome to Cyber Security today. It’s Wednesday, February 1, 2023. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com and TechNewsDay.com in the US
It is more than 100 threat actors distributing over 50 families of ransomware, according to Microsoft. In a series of tweets this week, it said attackers continue to use phishing and out-of-date applications for first access. However, the use of malvertising as well as fake applications and browser updates for initial compromise is increasing.
Google Fi, which is Google’s mobile network provider, has confirmed that it has suffered a data breach. According to TechCrunch, Google said the unnamed primary network provider for the service approved customer data — including phone numbers and SIM card serial numbers — was copied. No payment card data or passwords were taken. However, the news story said at least one Google Fi customer claimed in a Reddit post that their phone number was hijacked for two hours. That was enough time for the attacker to use the phone to send and receive text messages.
The cyber villains continue is trying to exploit the document signing service called DocuSign to steal employee login information. According to researchers at Armorblox, one of the latest phishing campaigns has a subject line that reads: “Please DocuSign: Approve Document 2023-01-11.” A tip about this being a scam: Although the message appears to come from DocuSign, the full email address of the sender shows that it did not. It’s another example of why IT needs to show employees how to turn on the option to show the sender’s full email address for all messages. The targets of this particular campaign are companies that use the Proofpoint email protection service. Victims who click on the attached document are prompted to log in with their Proofpoint credentials to read the supposed document. Organizations using Proofpoint must warn employees to beware of this scam.
YouTube content creators need to tighten security to avoid their sites being taken over by cryptocurrency scammers. That’s what researchers at Guardio Labs say. Hacking YouTube channels in what is called StreamJacking is not new. What is happening now is that it is being used to spread cryptocurrency scams when the YouTube channel is taken over. Often these messages pretend to be from entrepreneur Elon Musk offering giveaways: Victims are promised a two-for-one exchange of whatever cryptocurrency they send in. What actually happens is that the crook just takes the digital coins. Meanwhile, the owner of the hijacked YouTube channel cannot regain control. This happens because the owner is tricked into giving up their login credentials, often by falling for emails promising hacked software or video game mods. If you fall for an offer to cheat, don’t complain when you get hacked.
Maintainers of open source repositories like PyPI, GitHub and others are reminded that some threat actors are determined to drop poisoned packages of code onto their platforms. Researchers at Checkmarx this week detailed how a group used multiple tactics over four months to insert code that steals victims’ credentials, bitcoin wallets and more. These are developers who downloaded the packages and put them in their applications. Open code repositories need to increase security, while developers need to be more careful when downloading packages.
There is no shortage of reports of hospitals affected by cyber attacks. Here’s more evidence: Kroll, a cyber risk assessment provider, says that of its clients, healthcare was the most breached sector last year. They overtook financial institutions as the most hacked industry. Also during 2022, breaches of industrial services doubled.
Finally, with Super Bowl Sunday less than two weeks away a reminder that crooks will push email and text scams. Officials at BullWall are reminding sports teams and companies to use email authentication procedures to ensure their brand and domains are not counterfeited. Fans should be wary of spaces for tickets, T-shirts and other trinkets that seem too good to be true.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to the Flash Briefing on your smart speaker.