Hello and welcome to the latest issue of GlobalSign’s weekly cybersecurity wrap-up.
This week has not been marked by major events (not yet anyway, but hey, Friday’s only half over.) What stood out the most this week were stories about Microsoft.
- The company took a stand against hackers by seizing control of several domains that were used in COVID-19-themed attacks against Microsoft customers over the past several months.
- Also, on the subject of phishing, Microsoft posted a warning in a security blog this week about attackers looking to leverage application-based attacks to gain valuable data about organizations.
- Security researchers are warning of a new phishing campaign that uses malicious emails from legitimate SurveyMonkey domains in a bid to bypass security filters. By clicking on a link, users are redirected to a site hosted on a Microsoft form submission page which asks them to enter their Office 365 email and password.
Beyond Microsoft, there’s plenty of other good stuff packed into this week’s report, including a story in CPO Magazine about the massive DDoS June attack that wasn’t.
Wishing everyone a great weekend!
Top Global Security Stories
InfoSecurity (July 9, 2020) SurveyMonkey Phishers Go Hunting for Office 365 Credentials
"Security researchers are warning of a new phishing campaign that uses malicious emails from legitimate SurveyMonkey domains in a bid to bypass security filters.
The phishing emails in question are sent from a real SurveyMonkey domain but crucially have a different reply-to domain, according to Abnormal Security.
'Within the body of the email is a hidden redirect link appearing as the text "Navigate to access statement’ with a brief message ‘Please do not forward this email as its survey link is unique to you"' it explained."
Financial Post (July 8, 2020) Defence department still assessing cyber attack on leading Canadian military college
"Canada’s National Defence department is still assessing the potential damage from a cyber attack on one of the country’s premier military colleges discovered six days ago.
The web site and email systems of Royal Military College in Kingston, Ont. remained offline this morning after what is reportedly a ransomware attack. A spokesperson for the Department of National Defence (DND) today wouldn’t confirm the nature of the attack, only that it started as a phishing incident.
A statement issued to the media by DND said that 'all early indications suggest this incident resulted from a mass phishing campaign.'"
Microsoft Security Blog (July 8, 2020) Microsoft warns organizations of consent phishing attacks
"The global pandemic has dramatically shifted how people work. As a result, organizations around the world have scaled up cloud services to support collaboration and productivity from home. We’re also seeing more apps leverage Microsoft’s identity platform to ensure seamless access and integrated security as cloud app usage explodes, particularly in collaboration apps such as Zoom, Webex Teams, Box and Microsoft Teams. With increased cloud app usage and the shift to working from home, security and how employees access company resources are even more top of mind for companies.
While application use has accelerated and enabled employees to be productive remotely, attackers are looking at leveraging application-based attacks to gain unwarranted access to valuable data in cloud services. While you may be familiar with attacks focused on users, such as email phishing or credential compromise, application-based attacks, such as consent phishing, is another threat vector you must be aware of. Today we wanted to share one of the ways application-based attacks can target the valuable data your organization cares about, and what you can do today to stay safe."
Dark Reading (July 7, 2020) Microsoft Seizes Domains Used in COVID-19-Themed Attacks
"Microsoft has quietly seized control of several domains that were used in COVID-19-themed attacks against its customers over the past several months.
The US District Court for the Eastern District of Virginia had earlier granted the company permission to seize the domains after Microsoft had filed a civil complaint about the attacks causing it "irreparable and ongoing harm."
Tom Burt, Microsoft corporate vice president, customer security and trust, today likened the attacks to a form of business email compromise that targeted customers in 62 countries."
ZDNet (July 7, 2020) Energy company EDP confirms cyberattack, Ragnar Locker ransomware blamed
"EDP Renewables North America (EDPR NA) has disclosed a cyberattack in which ransomware landed on parent company Energias de Portugal (EDP)'s systems, potentially leading to information exposure.
In a letter sent to customers (.PDF), the energy company apologized for the incident but insisted that there is "no evidence" that consumer information was compromised or stolen.
The firm delivers energy to over 11 million customers and operates in 19 countries.
EDP experienced a ransomware attack on April 13. EDPR NA learned of the ransomware infection "for the first time" from its parent company on May 8."
ZDNet (July 6, 2020) US Secret Service reports an increase in hacked managed service providers (MSPs)
"The US Secret Service sent out a security alert last month to the US private sector and government organizations warning about an increase in hacks of managed service providers (MSPs).
MSPs provide remote management software for companies. MSPs can be simple services like file-sharing systems to complete solutions that manage a customer's entire computer fleet.
Most MSP services are built around a server-client software architecture. The server part can be remotely hosted with the MSP inside a cloud infrastructure, or installed on-premise with the client. Usually, getting access to the server component of an MSP grants an attacker full control of all software clients."
Other Industry News
More pre-installed malware has been found in budget US smartphones
Citrix appliance flaws add to recent spate of network security vulnerabilities
Slack vulnerability allowed attackers to smuggle malicious files onto victims’ devices
Criminal charges reveal the identity of the “invisible god” hacker
Cascading Security Through the Internet of Things Supply Chain
Biggest DDoS Cyber Attack on U.S. Just Rampant Social Media Speculation
In Brazil, scammers see the coronavirus as a serious money-making opportunity
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.
