Cyber Security Today, November 23, 2022 – Lessons from the hack of Moldovan officials, another phone scam and an abandoned web server warning
Lessons learned from the hack of officials in Moldova, another phone scam and a warning about an abandoned web server.
Welcome to Cyber Security today. It’s Wednesday, November 23, 2022. My name is Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
Hacked text messages of the Defense Adviser and Minister of Justice of the Government of Moldova in Eastern Europe is being leaked by threat actors. Why should you care? Two reasons: First, the officials used the free Telegram Messenger service. Commenting, John Pescatore of the SANS Institute said this incident shows the risk to any CEO, board member or politician who talks about apps that have “zero revenue models”, or earn revenue through sponsored messages. Second, the government says some of the leaked messages were grossly modified from the originals. Which means that the risk is not only eavesdropping, but issuing false messages that can damage the reputation of your organization. You get what you pay for, and if you don’t pay for anything it could be the level of security.
I have spoken before about employees falling for email scams that don’t initially involve clicking on a malicious link. The email claims that their credit card has been charged for a service or that they owe money for software on their computer. It is an excuse to make the victim a supposed call center to cancel the charge. A fake support person convinces the victim to download malware, either to pay for the load or to remove the software. Known as callback phishing, researchers at Palo Alto Networks have released a report on the latest version of the crooks. The difference with this campaign is that the victim is persuaded to download remote management tools that allow the threat actor to look around the company’s IT network and copy sensitive data. Using legitimate tools is one way to avoid detection. The threat actor then sends a blackmail letter to the organization, demanding money or the copied data will be made public. One defense against this fraud is security awareness training for employees. They must be taught to be wary of messages that create fear or a sense of urgency. They must also be warned not to download anything unless approved by the IT department.
A web server that has been discontinued a long time ago filled with vulnerabilities continues to be discovered around the world, posing dangers to millions of organizations with devices using it. According to Microsoft, the Boa web server is still used by manufacturers of Internet of Things devices for management consoles, as well as by manufacturers of some software development kits. Microsoft continues to see attackers attempting to exploit Boa vulnerabilities. Because this application is not updated, Microsoft encourages IT and security administrators to patch everything else when updates are available and limit the number of IoT devices that connect to the Internet.
Here is another example of how threat actors quickly shift to new tactics when exposed. In July, researchers at a company in Finland called WithSecure released a report on a criminal campaign it calls Ducktail. The goal is to hijack the Facebook Business accounts of companies to install malicious ads. After the alert, the digital certificate that allows the signing of the malware was revoked and the gang went silent. But it has bounced back, using digital certificates purchased from other sources, as well as other tricks to avoid detection. One way companies can protect themselves against this attacker is to strengthen their defenses against the takeover of Facebook Business accounts.
Fantasy sports betting site DraftKings has acknowledged that the accounts of some users were hacked. Less than USD 300,000 was taken from customers’ accounts. The service says its systems were not hacked. It is claimed that the victims were careless, and suspected that their passwords were used on and stolen from other websites.
Some hope to make quick money through cryptocurrency. This makes them easy targets for fraudsters. Here’s two pieces of news to put this into perspective: Two people in Estonia were arrested there after a US grand jury returned an indictment. The pair are alleged to have defrauded hundreds of thousands of people out of $575 million in a fraud and money laundering scheme. They allegedly tricked victims into entering into fraudulent equipment leases in order to share the profits from a cryptocurrency mining service. The service did not exist. And they allegedly got victims to invest in a fake virtual currency bank.
Separately, The Justice Department said it had seized seven domains used in a $10 million cryptocurrency trust scheme. The scheme involved websites posing as the real Singapore International Monetary Exchange. Five victims in the US were duped into investing in what they thought was a legitimate cryptocurrency opportunity.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to the Flash Briefing on your smart speaker.