Hello and thanks for visiting our blog again. Here’s the latest on what’s been happening in cybersecurity in the last week.
The Federal Bureau of Investigation (FBI) warned this week that US organizations and individuals are being increasingly targeted in business email compromise (BEC) attacks on virtual meeting platforms. With BEC attacks, the perpetrators target businesses large and small, but also individuals. The end goal is for hackers to compromise business email accounts to extract money (by getting payments redirected to their own bank accounts.) To protect yourself, the FBI suggests using secondary channels or two-factor authentication to verify requests for changes in account information, ensuring the URL in emails is associated with the business/individual it claims to be from, and not sending login credentials or personally identifiable information over email.
Russian-backed hackers have been targeting and compromising U.S.-cleared defense contractors (CDCs) since at least January 2020 to gain access to, and steal, sensitive information giving insight into U.S. defense and intelligence programs and capabilities. Russian hacking groups have breached multiple CDC networks for at least two years. According to a joint advisory issued Wednesday by the FBI, NSA and CISA, the compromised entities have included CDCs supporting the U.S. Army, U.S. Air Force, U.S. Navy, U.S. Space Force, and DoD and Intelligence programs.
A new report from cybersecurity firm Egress says LinkedIn phishing attacks have increased by 232% since the start of February. The scams are tricking users twice: First, by clicking on phishing links in Outlook 365 and then entering their user credentials on fraudulent websites. For example, with typical LinkedIn email messages which could say “You appeared in four searches this week,” scammers are now sending fake emails with the same subject lines, tricking victims into trusting them.
The Internet Society (ISOC) announced a data breach that exposed the login details of 80,000 members. The non-profit, which focuses on keeping the internet open and secure, blamed the leak on a third-party vendor. The breach occurred on an unprotected Microsoft Azure cloud repository, comprising millions of JSON files including, among other things, full names, email and mailing addresses and login details.
Adobe released an emergency advisory on Sunday regarding a zero-day vulnerability affecting users of Commerce and Magento. The flaw, tracked as CVE-2022-24086, has been described as an improper input validation issue that can lead to arbitrary code execution. Adobe says the vulnerability can be exploited without authentication.
Also last week, Emil Frey, one of Europe's biggest car dealers, announced it was hit with a Hive ransomware attack last month. The company says it has “restored and restarted” commercial activity, but it is unclear if customer information was accessed during the attack. According to the VPN Guru blog, “HIVE is one of the most dangerous ransomware groups in the world…The FBI should put the group on their radar since they have attacked at least 28 healthcare organizations around the world last year.”
That’s a wrap for this week. Have a great weekend!
Top Global Security News
Bleeping Computer (February 16, 2022) FBI warns of BEC attackers impersonating CEOs in virtual meetings
The Federal Bureau of Investigation (FBI) warned today that US organizations and individuals are being increasingly targeted in BEC (business email compromise) attacks on virtual meeting platforms.
BEC scammers are known for using various tactics (including social engineering, phishing, and hacking) to compromise business email accounts with the end goal of redirecting payments to their own bank accounts.
In this type of attack, the crooks target small, medium, and large businesses alike, as well as individuals. The success rate is also very high since the fraudsters usually pose as someone the employees trust, like business partners or CEOs.
Bleeping Computer (February 16, 2022) US says Russian state hackers breached defense contractor
Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors (CDCs) since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities.
CDCs are private entities with clearance from the Department of Defense (DoD) to access classified info to bid for contracts or support DoD programs. They have access to information related to DoD and Intelligence Community programs from various areas, including:
- Command, control, communications, and combat systems
- Intelligence, surveillance, reconnaissance, and targeting
- Weapons and missile development
- Vehicle and aircraft design
- Software development, data analytics, computers, and logistics.
ZDNet (February 16, 2022) LinkedIn phishing scams increase 232% since Feb 1: report
Phishing attacks impersonating emails from LinkedIn have grown 232% since the start of February, according to cybersecurity firm Egress.
The company released a report about cybercriminals using display name spoofing and stylized HTML templates to socially engineer victims into clicking on phishing links in Outlook 365 and then entering their credentials into fraudulent websites.
Many people have become accustomed to seeing emails from LinkedIn saying things like "You appeared in 4 searches this week," "You have 1 new message," and "Your profile matches this job."
But now, cybercriminals are using webmail addresses with a LinkedIn display names to send fake emails with the same subject lines.
Portswigger (February 15, 2022) Internet Society data leak exposed 80,000 members’ login details
The Internet Society (ISOC), a non-profit dedicated to keeping the internet open and secure, has blamed the inadvertent exposure of its 80,000-plus members’ personal data on a third-party vendor. The data, which was publicly accessible on an unprotected Microsoft Azure cloud repository, comprised millions of JSON files including, among other things, full names, email and mailing addresses, and login details.
“Based on the size and nature of the exposed repository, we can assume that all of the members’ login and adjacent information was open to the public internet for an undefined period of time,” said cybersecurity firm Clario in a blog post today (February 15).
Helped by independent researcher Bob Diachenko, security researchers from Clario made the discovery and alerted the Internet Society on December 8, 2021. The repository was secured a week later, on December 15. Diachenko told The Daily Swig that the data was probably exposed for at least one month.
Security Week (February 13, 2022) Adobe Releases Emergency Patch for Exploited Commerce Zero-Day
Adobe released an emergency advisory on Sunday to inform Commerce and Magento users of a critical zero-day vulnerability that has been exploited in attacks.
The flaw, tracked as CVE-2022-24086 and assigned a CVSS score of 9.8, has been described as an improper input validation issue that can lead to arbitrary code execution. Adobe says the vulnerability can be exploited without authentication.
The security hole affects the Magento open source and Adobe Commerce e-commerce platforms, specifically versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier. Adobe has developed patches, which are delivered as MDVA-43395_EE_2.4.3-p1_v1.
The software giant says “CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.
ZDNet (February 11, 2022) Europe's biggest car dealer hit with ransomware attack
One of Europe's biggest car dealers, Emil Frey, was hit with a ransomware attack last month, according to a statement from the company. The Swiss company showed up on the list of victims for the Hive ransomware on February 1 and confirmed that they were attacked in January.
"We have restored and restarted our commercial activity already days after the incident on January 11, 2022," a spokesperson said, declining to answer more questions about whether customer information was accessed.
The company -- which has about 3,000 employees -- generated $3.29 billion in sales in 2020 thanks to a variety of automobile-related businesses. It was ranked as the number 1 car dealership in Europe based on revenue and the total number of vehicles for sale.