Cyber Security News Update – Week 35 of 2020

Who are the most targeted brands for scams? Microsoft, Apple and Amazon. Today we have a scam to tell you about for all three. First, Outlook.

The interesting thing about this scam, is the tact the scammers took. “Out are the implied threats, the exclamation points (!!!) and the money ($$$) you might lose if you don’t act right now; in are the happy and unexceptionable ‘here’s a problem that you can fix all by yourself without waiting for IT to help you’ messages of a sort that many companies are using these days to reduce support queuing times.” You can catch more flies with honey than vinegar.

Amazon Scam

Next up is Amazon. “Amazon users, be aware of fake ‘Account Locked’ emails, which claim your Amazon accounts have been locked for security reasons. The fake email messages are being sent by cybercriminals to those who do not have email security service, and the links in them go to phishing websites that steal personal and financial information, go to malicious websites that infect computers or mobile devices with malware, go to fraudulent websites that will ask visitors to complete surveys that the cybercriminals behind the scam will get paid for, or go to websites that ask visitors to buy counterfeit or fake products or services.” You’ve been warned.

Apple Scam

Finally we come to Apple. “The latest Apple-related scam is a variation of this recurring scam in which the scammers call you from out of the blue and tell you your machine has been infected with a virus or is experiencing some other serious problem that needs to be taken care of right away. Now scammers pretending to be Apple reps are calling potential victims to inform them that their iCloud accounts have been breached and they’ll need to gather some information from them in order to get the situation cleared up ASAP. Of course, the person calling isn’t an Apple rep and the potential victims’ iCloud accounts haven’t been breached at all.” Now you’re up to speed on scams.

Phishing Phrontier

One-way hacker go after you is to go directly at you. But a more effective way is to go at you indirectly, via some other website. To that end, we introduce you to the hackers that are using the popular website Canva to attack other users.

From SC Magazine, “Australian design platform Canva unwittingly provided phishing campaigns with graphics, making threat actors’ schemes appear more legitimate as they pilfer credentials through social engineering trickery. Hackers hijacked the graphic design site, owned by the fast-growing company, and used it to leverage other brands like SharePoint, Microsoft Office and DocuSign in their messages.” That’s called coming in through the backdoor.

ATM Breach

File this under “it would have been nice to know this before they resolved the problem.” Too late.

What’s too late? According to Help Net Security, “ATM manufacturers Diebold Nixdorf and NCR have fixed a number of software vulnerabilities that allowed attackers to execute arbitrary code with or without SYSTEM privileges, and to make illegal cash withdrawals by committing deposit forgery and issuing valid commands to dispense currency.” Free money from ATMs? We can only dream about such things.

Body Count

Just because a cruise line is shut down due to the pandemic, doesn’t mean that hackers won’t go after it. And that’s exactly what happened this week to Carnival Cruise Lines.

According to Security Week, “Carnival Corp. says it was the victim of a ransomware attack that likely got some personal information about the cruise company’s guests and employees. The attack accessed an encrypted portion of technology systems for one of the cruise line’s brands and certain data files were downloaded.” It’s no vacation running a vacation company.

University of Utah Breach

The University of Utah can’t catch a break. Last month we reported that the university was hit with a phishing attack that “potentially involved the protected health information of up to 10,000 patients.”

Now a report has come out that the university paid over $450K in ransomware for a different breach. “The attack resulted in the CSBS servers becoming temporarily inaccessible. Both employee and student information were impacted in the attack. The university notified appropriate law enforcement entities, and the university’s Information Security Office (ISO) investigated and resolved the incident in consultation with an external firm that specializes in responding to ransomware attacks.” Might be time to redouble the cybersecurity effort in Utah.

Freepik Breach

Our biggest data breaches of the week is courtesy of the Freepik Company, a company that apparently specialized in free pics. What is the body count this time? How about 8.3 million users.

According to an article in Security Week, “The attackers exploited an SQL injection vulnerability in Flaticon, which allowed them to access user information. The company reveals that for 4.5 million of the affected users no hashed password was leaked, because federated logins (with Google, Facebook and/or Twitter) were used, exclusively. For these users, only the email address was leaked. For 3.77 million users, both the email address and a hash of the password were leaked. 3.55 million of these passwords were hashed using bcrypt, while for the remaining 229,000 salted MD5 was used.” Stay safe out there.

And that’s the week that was.