Cyber Security News Update – Week 50 of 2019

If there’s one thing you should be able to trust, it’s an email from someone with a “.gov” domain. As in, they work for the government. Surely, only those in the government can register a .gov top level domain. Right? Wrong!

From an article on KnowBe4, “a researcher said he got a .gov domain simply by filling out and emailing an online form, grabbing some letterhead off the homepage of a small U.S. town that only has a ‘.us’ domain name, and impersonating the town’s mayor in the application.” Huh?

“The researcher chose Exeter, Rhode Island, for the thought experiment, and it appears that the US General Services Administration (GSA) did not contact the town to verify that the request came from them until some days after KrebsOnSecurity informed the GSA that they may have a problem.”

Phishing Phrontier

Dentists are under attack again, but this time it’s not their fault. According to an article on SC Magazine, “More than 100 dentist offices have reportedly been affected by a recent Sodinokibi ransomware attack on a Colorado-based company that provides IT services to the oral-care practices.”

This one is interesting because it wasn’t the Dentists themselves that were compromised, but their IT service provider without proper email security software. Hackers are starting to figure out sometimes it’s easier to come through the back door. In the future, dentists might want to do some due diligence on their IT service provider.

Body Count

It was bound to happen. We expect schools and hospitals and banks and even city governments to get hacked. Afterall, they have lots of personal data to attract cybercriminals. But, automobile makers? What have they go that hackers want? Intellectual property as things turn out.

News comes down this week that both BMW and Hyundai were hacked by a reputed Vietnamese APT group OceanLotus. “As part of their scheme, the hackers reportedly created a fake website that appeared to represent BMW’s branch in Thailand and another phoney site impersonating Hyundai.” Ironically, “Just this past summer, the German Association of the Automotive Industry (VDA) sent e-mail warning members of possible cyberattacks on German car companies.”

Phishing Threatens Chicken

You know you’re in trouble when phishing threatens chicken. According to SC Magazine, “Church’s Chicken suffered a cyberattack that penetrated the payment processing system at some of the chain’s corporate locations compromising payment card information. The restaurants impacted are located in Alabama, Arkansas, Florida, Georgia, Illinois, Louisiana, Missouri, Mississippi, South Carolina, Tennessee and Texas were involved.”

Ransomware Attack on Shakespeare Theatre

This hasn’t been a particularly good week for food or entertainment. Word comes now that “The Shakespeare Theatre of New Jersey was forced to cancel a performance of “A Christmas Carol” earlier this week after a ransomware attack disrupted its database and ticketing system, causing a show reservations nightmare. Making matters worse, the Madison, N.J.-based theater company has lost all of its patron data, including purchase histories and contact information.”

First it’s chicken, now it’s Shakespeare. When will it stop?

Public Service Announcement

So, what should you do if a phishing email makes it into your inbox and you identify it as such?

Step 1: Forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).

Step 2: Report the phishing attack to the FTC at ftc.gov/complaint.

And that’s the week that was.